diff options
Diffstat (limited to 'src')
33 files changed, 898 insertions, 1165 deletions
diff --git a/src/controllers/Groups.class.php b/src/controllers/Groups.class.php new file mode 100644 index 0000000..9d99d99 --- /dev/null +++ b/src/controllers/Groups.class.php @@ -0,0 +1,11 @@ +<?php + +Router::register('groups/new' , 'Groups', 'new_group'); +Router::register('groups/index', 'Groups', 'index_file'); +Router::register('groups' , 'Groups', 'index_dir'); +Router::register('groups/*' , 'Groups', 'individual'); + +class Groups extends Controller { + public static $illegal_names = array('', 'new', 'index'); + // TODO +} diff --git a/src/controllers/Main.class.php b/src/controllers/Main.class.php new file mode 100644 index 0000000..7651b62 --- /dev/null +++ b/src/controllers/Main.class.php @@ -0,0 +1,9 @@ +<?php + +Router::register('index', 'Main', 'index'); + +class Main extends Controller { + public function index($routed, $remainder) { + $this->showView('index'); + } +} diff --git a/src/controllers/Messages.class.php b/src/controllers/Messages.class.php new file mode 100644 index 0000000..86403ae --- /dev/null +++ b/src/controllers/Messages.class.php @@ -0,0 +1,100 @@ +<?php + +Router::register('messages', 'Messages', 'index'); +Router::register('messages/index', 'Messages', 'index'); +Router::register('messages/*', 'Messages', 'message'); + +class Messages extends Controller { + public static $msgdir; + + public function __construct() { + require_once('MimeMailParser.class.php'); + $this->msgdir = BASEPATH.'/msg'; + } + + public function index($routed, $remainder) { + $parser = new MimeMailParser(); + $messages = array(); + $dh = opendir($this->msgdir); + while (($file = readdir($dh)) !== false) { + $path = $this->msgdir."/$file"; + if (is_file($path)) { + $parser->setPath($path); + + $date_string = $parser->getHeader('date'); + $date = strtotime($date_string); + if (!isset($messages[$date])) { + $messages[$date] = array(); + } + $messages[$date][] = + array('id'=>$file, + 'subject'=>$parser->getHeader('subject'), + 'from'=>$parser->getHeader('from')); + } + } + closedir($dh); + + $this->showView('messages/index', array('messages' => $messages)); + exit(); + } + + public function message($routed, $remainder) { + global $mm; + $uid = $mm->isLoggedIn(); + if ($uid===false || !$mm->getAuthObj($uid)->isUser()) { + $this->http401($routed, $remainder); + return; + } + + $msg_id = $remainder[0];// We can trust the router that this is set + $msg_file = $this->msgdir."/$msg_id"; + if (!is_file($msg_file)) { + $this->http404($routed, $remainder); + return; + } + + @$part = $remainder[1]; + @$subpart = $remainder[2]; + $parser = new MimeMailParser(); + $parser->setPath($msg_file); + + switch ($part) { + case '': + $this->showView('messages/frame', + array('msg_id'=>$msg_id, + 'parser'=>$parser, + 'msgdir'=>$this->msgdir, + )); + break; + case 'body': + require_once('Mime.class.php'); + header('Content-type: '.Mime::ext2mime(PAGE_EXT)); + $map = array('html'=>'html', + 'txt' =>'text'); + echo $parser->getMessageBody($map[PAGE_EXT]); + break; + case 'attachment': + $attachment_id = $subpart; + $attachments = $parser->getAttachments(); + $attachment = $attachments[$attachment_id]; + + $type = $attachment->getContentType(); + $filename = $attachment->getFilename(); + + header('Content-Type: '.$type); + header('Content-Disposition: attachment; filename='.$filename ); + while($bytes = $attachment->read()) { + echo $bytes; + } + break; + default: + array_push($routed, array_shift($remainder)); + $this->http404($routed, $remainder); + } + } + + public function http401($routed, $remainder) { + global $mm; + $this->showView('messages/401', array('uid'=>$mm->isLoggedIn())); + } +}
\ No newline at end of file diff --git a/src/controllers/NewMessage.class.php b/src/controllers/NewMessage.class.php new file mode 100644 index 0000000..e778385 --- /dev/null +++ b/src/controllers/NewMessage.class.php @@ -0,0 +1,37 @@ +<?php + /* +class NewMessage extends Controller { +$cmdline = isset($argv[0]); // called from the command line +@$method = $_SERVER['REQUEST_METHOD']; // What HTTP method was used +if ( ($method=='PUT') || ($method=='POST') || $cmdline ) { + // We're going to be uploading a new message. + + // so uniqid isn't 'secure', it doesn't need to be, it's to prevent + // random collisions. + $tmpfile = "$BASE/tmp/".uniqid(getmypid().'.'); + $infile = ($cmdline?'php://stdin':'php://input'); + $out = fopen($tmpfile, "w"); + $in = fopen($infile, "r"); + while ($data = fread($in, 1024)) + fwrite($out, $data); + fclose($out); + fclose($in); + //apache_request_headers() + require_once('MimeMailParser.class.php'); + $parser = new MimeMailParser(); + $parser->setPath($tmpfile); + $id = preg_replace('/<(.*)>/', '$1', + $parser->getHeader('message-id')); + $id = str_replace('/', '', $id); // for security reasons + $msg_file = "$BASE/msg/$id"; + rename($tmpfile, $msg_file); + + if (!$cmdline) { + $m->status('201 Created'); + header("Location: ".$m->baseUrl().'messages/'.$id); + } + exit(); +} + +} + */
\ No newline at end of file diff --git a/src/controllers/Plugins.class.php b/src/controllers/Plugins.class.php new file mode 100644 index 0000000..597cd19 --- /dev/null +++ b/src/controllers/Plugins.class.php @@ -0,0 +1,19 @@ +<?php + +Router::register('plugins', 'Plugins'); + +class Plugins extends Controller { + public function index($routed, $remainder) { + global $mm; + $uid = $mm->isLoggedIn(); + if ($uid===false || !$m->getAuthObj($uid)->isAdim()) { + $this->http401($routed, $remainder); + return; + } + // TODO + } + + public function http401($routed, $remainder) { + $this->showView('plugins/401'); + } +} diff --git a/src/controllers/Users.class.php b/src/controllers/Users.class.php index 617c57a..9781ab0 100644 --- a/src/controllers/Users.class.php +++ b/src/controllers/Users.class.php @@ -84,8 +84,14 @@ class Users extends Controller { } break; } + + $config_options = array(); + $mm->pluginManager()->callHook('userConfig', &$config_options); + + $vars['config_options'] = $config_options; $vars['user'] = $user; $vars['groups'] = $mm->listGroupNames(); + require_once('ContactMethod.class.php'); $this->showView('users/individual', $vars); } } @@ -179,10 +185,20 @@ class Users extends Controller { } // Change information ////////////////////////////////////////// + global $mm; + $config_options = array(); + $mm->pluginManager()->callHook('userConfig', &$config_options); + + foreach ($config_options as $group=>$options) { + foreach ($options as $option) { + $this->confText($user, $option[0]); + } + } + /* $this->confText($user, 'firstname'); $this->confText($user, 'lastname'); $this->confText($user, 'hsclass'); - + */ // Change contact info ///////////////////////////////////////// global $CONTACT_METHODS; foreach ($CONTACT_METHODS as $method) { @@ -213,7 +229,15 @@ class Users extends Controller { * This will parse POST (really, PUT) data to update multiple users. */ private function update_users() { - // TODO + $attribs = $this->getIndexAttribs(); + foreach ($attribs as $attrib) { + $key = $attrib['key']; + if (isset($_POST[$key]) && is_array($_POST[$key])) { + foreach ($_POST[$key] as $uid => $value) { + $this->setConf($uid, $key, $value); + } + } + } } /** @@ -264,8 +288,9 @@ class Users extends Controller { $editable = $editable && $logged_in_user->isAdmin(); $value = $user->isAdmin(); break; - default: + default: $value = $user->getConf($key); + if ($value===false) $value=''; break; } @@ -273,6 +298,27 @@ class Users extends Controller { 'post_key'=>$post_key, 'editable'=>$editable); } + private function setConf($uid, $key, $value) { + // So, this rocks because we don't have to check permissions, + // the User object does that. + global $mm; + $user = $mm->getAuthObj($uid); + + switch ($key) { + case 'auth_name': + $user->setName($value); + break; + case 'auth_user': + $user->setUser($value=='true'); + break; + case 'auth_admin': + $user->setAdmin($value=='true'); + break; + default: + $user->setConf($key, $value); + break; + } + } function attrib($key, $name) { return array('key'=>$key, 'name'=>$name); @@ -286,6 +332,6 @@ class Users extends Controller { $this->attrib('email','Email'), $this->attrib('auth_name', 'Username'), ); - return $attrib; + return $attribs; } } diff --git a/src/lib/Auth.class.php b/src/lib/Auth.class.php index 4c2a9c6..e49ebf7 100644 --- a/src/lib/Auth.class.php +++ b/src/lib/Auth.class.php @@ -26,6 +26,11 @@ class Auth { return $type; } protected function setType($type) { + $logged_in_uid = $this->mm->isLoggedIn(); + $logged_in_obj = $this->mm->getAuthObj($logged_in_uid); + $is_admin = $logged_in_obj->isAdmin(); + if (!$is_admin) return false; + return $this->mm->setStatus($this->uid, $type); } public function isUser() { diff --git a/src/lib/Database.class.php b/src/lib/Database.class.php new file mode 100644 index 0000000..03c227f --- /dev/null +++ b/src/lib/Database.class.php @@ -0,0 +1,396 @@ +<?php + +class Database { + private $conf; + private $mysql; + private $db_prefix; + + public function __construct($conf_file) { + $this->conf = $conf_file; + } + + // Low-Level SQL functions ///////////////////////////////////////////// + + private function mysql() { + if (!isset($this->mysql)) { + $this->mysql_init(); + } + return $this->mysql; + } + private function mysql_init() { + global $db_config; + require($this->conf); + $this->mysql = mysql_connect($db_config['host'], + $db_config['user'], + $db_config['password']); + mysql_set_charset($db_config['charset'], $this->mysql); + mysql_select_db($db_config['name'], $this->mysql); + $this->db_prefix = $db_config['prefix']; + unset($db_config); + } + private function mysql_table($table_name) { + $mysql = $this->mysql(); + $prefix = $this->db_prefix; + return $prefix.mysql_real_escape_string($table_name, $mysql); + } + private function mysql_escape($string) { + $mysql = $this->mysql(); + return mysql_real_escape_string($string, $mysql); + } + private function mysql_query($query) { + $mysql = $this->mysql(); + return mysql_query($query, $mysql); + } + public function mysql_error() { + $mysql = $this->mysql(); + return mysql_error($mysql); + } + + // High-Level SQL functions //////////////////////////////////////////// + + // The 'auth' table + + public function getUID($username) { + $t = $this->mysql_table('auth'); + $v = $this->mysql_escape($username); + $query = + "SELECT * \n". + "FROM $t \n". + "WHERE name='$v' ;"; + $q = $this->mysql_query($query); + $user = mysql_fetch_array($q); + if (isset($user['uid'])) { + return (int)$user['uid']; + } else { + return false; + } + } + public function getUsername($uid) { + if (!is_int($uid)) return false; + $t = $this->mysql_table('auth'); + $query = + "SELECT * \n". + "FROM $t \n". + "WHERE uid=$uid ;"; + $q = $this->mysql_query($query); + $user = mysql_fetch_array($q); + if (isset($user['name'])) { + return $user['name']; + } else { + return false; + } + } + public function setUsername($uid, $username) { + if (!is_int($uid)) return false; + if ($this->getUID($username) !== false) { + return false; + } + $table = $this->mysql_table('auth'); + $name = $this->mysql_escape($username); + $query = + "UPDATE $table \n". + "SET name='$name' \n". + "WHERE uid=$uid ;"; + $q = $this->mysql_query($query); + return ($q?true:false); + } + public function getPasswordHash($uid) { + if (!is_int($uid)) return false; + + $table = $this->mysql_table('auth'); + $query = + "SELECT * \n". + "FROM $table \n". + "WHERE uid=$uid ;"; + $q = $this->mysql_query($query); + $user = mysql_fetch_array($q); + if (isset($user['hash'])) { + return $user['hash']; + } else { + return false; + } + } + public function setPassword($uid, $password) { + if (!is_int($uid)) return false; + $table = $this->mysql_table('auth'); + + $hasher = $this->hasher(); + @$hash = $hasher->HashPassword($password); + $query = + "UPDATE $table \n". + "SET hash='$hash' \n". + "WHERE uid=$uid ;"; + $q = $this->mysql_query($query); + return ($q?true:false); + } + public function addUser($username, $password) { + $user_exits = $this->getUID($username); + if ($user_exists) { + return false; + } + + $table = $this->mysql_table('auth'); + $user = $this->mysql_escape($username); + $hasher = $this->hasher(); + @$hash = $hasher->HashPassword($password); + $status = 0; + $query = + "INSERT INTO $table ( name, hash , status) \n". + "VALUES ('$user', '$hash', $status) ;"; + $this->mysql_query($query); + $uid = $this->getUID($username); + return $uid; + } + public function getStatus($uid) { + if (!is_int($uid)) return false; + $table = $this->mysql_table('auth'); + $query = + "SELECT * \n". + "FROM $table \n". + "WHERE uid=$uid ;"; + $q = $this->mysql_query($query); + $user = mysql_fetch_array($q); + if (isset($user['status'])) { + return (int)$user['status']; + } else { + return false; + } + } + public function setStatus($uid, $status) { + if (!is_int($uid)) return false; + $table = $this->mysql_table('auth'); + $s = $this->mysql_escape($status); + $query = + "UPDATE $table * \n". + "SET status=$s \n". + "WHERE uid=$uid ;"; + $q = $this->mysql_query($query); + return ($q?true:false); + } + public function countUsers() { + $table = $this->mysql_table('auth'); + $query = "SELECT COUNT(*) FROM $table;"; + $q = $this->mysql_query($query); + $row = mysql_fetch_array($q); + $count = $row[0]; + return $count; + } + public function listGroups() { + $table = $this->mysql_table('auth'); + $query = + "SELECT uid \n". + "FROM $table \n". + "WHERE status=3 ;"; + $q = $this->mysql_query($query); + $groups = array(); + while (($row = mysql_fetch_array($q)) !==false) { + $groups[] = (int)$row[0]; + } + return $groups; + } + public function listGroupNames() { + $table = $this->mysql_table('auth'); + $query = + "SELECT name \n". + "FROM $table \n". + "WHERE status=3 ;"; + $q = $this->mysql_query($query); + $groups = array(); + while (($row = mysql_fetch_array($q)) !==false) { + $groups[] = $row[0].''; + } + return $groups; + } + public function listUsers() { + $table = $this->mysql_table('auth'); + $query = + "SELECT uid \n". + "FROM $table \n". + "WHERE status < 3 ;"; + $q = $this->mysql_query($query); + $users = array(); + while (($row = mysql_fetch_array($q)) !==false) { + $users[] = (int)$row[0]; + } + return $users; + } + + // The 'users' table + + public function findUser($setting, $value) { + $t = $this->mysql_table('users'); + $k = $this->mysql_escape($setting); + $v = $this->mysql_escape($value); + $query = + "SELECT * \n". + "FROM $t \n". + "WHERE k = '$k' \n". + "AND UPPER(v)=UPPER('$v') ;"; + $q = $this->mysql_query($query); + $user = mysql_fetch_array($q); + if (isset($user['uid'])) { + return $user['uid']; + } else { + return false; + } + } + public function getUserConf($uid, $setting) { + if (!is_int($uid)) return false; + $t = $this->mysql_table('users'); + $k = $this->mysql_escape($setting); + $query = + "SELECT * \n". + "FROM $t \n". + "WHERE k='$k' \n". + "AND uid=$uid ;"; + $q = $this->mysql_query($query); + $row = mysql_fetch_array($q); + if (isset($row['v'])) { + return $row['v']; + } else { + return false; + } + } + public function setUserConf($uid, $setting, $value) { + if (!is_int($uid)) return false; + $isset = ($this->getUserConf($uid, $setting) !== false); + $t = $this->mysql_table('users'); + $k = $this->mysql_escape($setting); + $v = $this->mysql_escape($value); + if ($isset) { + $query = + "UPDATE $t \n". + "SET v = '$v' \n". + "WHERE k = '$k' \n". + "AND uid = $uid ;"; + } else { + $query = + "INSERT INTO $t ( uid, k , v ) \n". + "VALUES ($uid, '$k', '$v') ;"; + } + $q = $this->mysql_query($query); + return ($q?true:false); + } + public function getUsersInGroup($groupname) { + $table = $this->mysql_table('users'); + $group = $this->mysql_escape($groupname); + $query = + "SELECT uid \n". + "FROM $table \n". + "WHERE k='groups' \n". + "AND v LIKE '%,$group,%' ;"; + $q = $this->mysql_query($query); + $users = array(); + while (($row = mysql_fetch_array($q)) !==false) { + $users[] = $row[0]; + } + return $users; + } + + // The 'plugins' table + + public function getPluginConf($plugin, $key) { + $t = $this->mysql_table('plugins'); + $p = $this->mysql_escape($plugin); + $k = $this->mysql_escape($key); + $query = + "SELECT * \n". + "FROM $t \n". + "WHERE k='$k' \n". + "AND plugin='$p' ;"; + $q = $this->mysql_query($query); + $row = mysql_fetch_array($q); + if (isset($row['v'])) { + return $row['v']; + } else { + return false; + } + } + public function setPluginConf($plugin, $key, $value) { + $isset = ($this->getPluginConf($plugin, $key) !== false); + $t = $this->mysql_table('plugins'); + $p = $this->mysql_escape($plugin); + $k = $this->mysql_escape($key); + $v = $this->mysql_escape($value); + if ($isset) { + $query = + "UPDATE $t \n". + "SET v = '$v' \n". + "WHERE k = '$k' \n". + "AND plugin = '$p' ;"; + } else { + $query = + "INSERT INTO $t (plugin, k , v ) \n". + "VALUES ('$p' , '$k', '$v') ;"; + } + $q = $this->mysql_query($query); + return ($q?true:false); + } + + // The 'conf' table + + public function getSysConf($key) { + $t = $this->mysql_table('conf'); + $k = $this->mysql_escape($key); + $query = + "SELECT * \n". + "FROM $t \n". + "WHERE k='$k' ;"; + $q = $this->mysql_query($query); + $row = mysql_fetch_array($q); + if (isset($row['v'])) { + return $row['v']; + } else { + return false; + } + } + public function setSysConf($key, $value) { + $isset = (getSysConf($key) !== false); + $t = $this->mysql_table('conf'); + $k = $this->mysql_escape($key); + $v = $this->mysql_escape($value); + if ($isset) { + $query = + "UPDATE $t \n". + "SET v = '$v' \n". + "WHERE k = '$k' ;"; + } else { + $query = + "INSERT INTO $t ( k , v ) \n". + "VALUES ('$k', '$v') ;"; + } + $q = $this->mysql_query($query); + return ($q?true:false); + } + + /** + * Strip out empty group names and duplicates, sort. + */ + private static function sanitizeArray($in) { + $out = array(); + foreach ($in as $item) { + if (($item !== '')&&(!in_array($item, $out))) { + $out[] = $item; + } + } + natsort($out); + return $out; + } + /** + * Translate an array into a value suitable to be stored into a + * key-value store in the database. + */ + public static function arrayToValue($list) { + $out_list = $this->sanitizeArray($list); + return ','.implode(',', $out_list).','; + } + /** + * Translate a value from arrayToValue() back into an array. + */ + public static function valueToArray($value) { + $raw_list = explode(',', $value); + $out_list = $this->sanitizeArray($raw_list); + return $out_list; + } + +}
\ No newline at end of file diff --git a/src/lib/Login.class.php b/src/lib/Login.class.php new file mode 100644 index 0000000..26d11dd --- /dev/null +++ b/src/lib/Login.class.php @@ -0,0 +1,31 @@ +<?php + +class Login { + public static function login($username, $password) { + global $mm; + $uid = $mm->database()->getUID($username); + if ($uid===false) { + // user does not exist + return 2; + } + $hash = $mm->database()->getPasswordHash($uid); + if ($mm->hasher()->CheckPassword($password, $hash)) { + // success + $_SESSION['uid'] = $uid; + return 0; + } else { + // wrong password + return 1; + } + } + public static function isLoggedIn() { + if ( isset($_SESSION['uid']) && ($_SESSION['uid']!='') ) { + return $_SESSION['uid']; + } else { + return false; + } + } + public static function logout() { + $_SESSION['uid'] = ''; + } +} diff --git a/src/lib/MessageHandler.class.php b/src/lib/MessageHandler.class.php index 2dce491..1fa9faf 100644 --- a/src/lib/MessageHandler.class.php +++ b/src/lib/MessageHandler.class.php @@ -1,11 +1,5 @@ <?php - -require_once('send/SenderGVSMS.class.php'); -require_once('send/SenderIdentica.class.php'); - -set_include_path(get_include_path().PATH_SEPARATOR."$BASE/src/plugins"); - class MessageHandler { public function __constructor() { @@ -28,7 +22,7 @@ class MessageHandler { $value = (int)$value; break; } - configSet($param, $value); + $obj->configSet($param, $value); } } return $obj; @@ -38,7 +32,7 @@ class MessageHandler { $private_senders = array(); $broadcast_senders = array(); - + $plugin_list = $m->getSysConf('plugins'); $plugins = explode(',', $plugin_list); foreach ($plugins as $plugin) { diff --git a/src/lib/MessageManager.class.php b/src/lib/MessageManager.class.php index 1302f8b..645643e 100644 --- a/src/lib/MessageManager.class.php +++ b/src/lib/MessageManager.class.php @@ -2,376 +2,41 @@ class MessageManager { private $conf; - private $mysql; - private $db_prefix; - private $pw_hasher; - private $template; - private $pluginManager; private $base; - private $users = array(); - - // Low-Level SQL functions ///////////////////////////////////////////// - - private function mysql() { - if (!isset($this->mysql)) { - $this->mysql_init(); - } - return $this->mysql; - } - private function mysql_init() { - global $db_config; - require($this->conf); - $this->mysql = mysql_connect($db_config['host'], - $db_config['user'], - $db_config['password']); - mysql_set_charset($db_config['charset'], $this->mysql); - mysql_select_db($db_config['name'], $this->mysql); - $this->db_prefix = $db_config['prefix']; - unset($db_config); - } - private function mysql_table($table_name) { - $mysql = $this->mysql(); - $prefix = $this->db_prefix; - return $prefix.mysql_real_escape_string($table_name, $mysql); - } - private function mysql_escape($string) { - $mysql = $this->mysql(); - return mysql_real_escape_string($string, $mysql); - } - private function mysql_query($query) { - $mysql = $this->mysql(); - return mysql_query($query, $mysql); - } - public function mysql_error() { - $mysql = $this->mysql(); - return mysql_error($mysql); - } - // High-Level SQL functions //////////////////////////////////////////// + private $users = array(); - // The 'auth' table + private $database; + private $pw_hasher; + private $template; + private $pluginManager; - public function getUID($username) { - $t = $this->mysql_table('auth'); - $v = $this->mysql_escape($username); - $query = - "SELECT * \n". - "FROM $t \n". - "WHERE name='$v' ;"; - $q = $this->mysql_query($query); - $user = mysql_fetch_array($q); - if (isset($user['uid'])) { - return (int)$user['uid']; - } else { - return false; - } - } - public function getUsername($uid) { - if (!is_int($uid)) return false; - $t = $this->mysql_table('auth'); - $query = - "SELECT * \n". - "FROM $t \n". - "WHERE uid=$uid ;"; - $q = $this->mysql_query($query); - $user = mysql_fetch_array($q); - if (isset($user['name'])) { - return $user['name']; - } else { - return false; - } - } - public function setUsername($uid, $username) { - if (!is_int($uid)) return false; - if ($this->getUID($username) !== false) { - return false; + public function __construct($conf_file) { + $this->conf = $conf_file; + if (!file_exists($this->conf)) { + $this->base = $_SERVER['REQUEST_URI']; + $t = $this->template(); + $t->header('Message Manager'); + $t->paragraph( + 'Awe shiz, dude, conf.php doesn\'t exist, you '. + 'need to go through the '. + '<a href="installer">installer</a>.'); + $t->footer(); + exit(); } - $table = $this->mysql_table('auth'); - $name = $this->mysql_escape($username); - $query = - "UPDATE $table \n". - "SET name='$name' \n". - "WHERE uid=$uid ;"; - $q = $this->mysql_query($query); - return ($q?true:false); + session_start(); } - public function getPasswordHash($uid) { - if (!is_int($uid)) return false; - $table = $this->mysql_table('auth'); - $query = - "SELECT * \n". - "FROM $table \n". - "WHERE uid=$uid ;"; - $q = $this->mysql_query($query); - $user = mysql_fetch_array($q); - if (isset($user['hash'])) { - return $user['hash']; - } else { - return false; - } - } - public function setPassword($uid, $password) { - if (!is_int($uid)) return false; - $table = $this->mysql_table('auth'); - - $hasher = $this->hasher(); - @$hash = $hasher->HashPassword($password); - $query = - "UPDATE $table \n". - "SET hash='$hash' \n". - "WHERE uid=$uid ;"; - $q = $this->mysql_query($query); - return ($q?true:false); - } - public function addUser($username, $password) { - $user_exits = $this->getUID($username); - if ($user_exists) { - return false; - } - - $table = $this->mysql_table('auth'); - $user = $this->mysql_escape($username); - $hasher = $this->hasher(); - @$hash = $hasher->HashPassword($password); - $status = 0; - $query = - "INSERT INTO $table ( name, hash , status) \n". - "VALUES ('$user', '$hash', $status) ;"; - $this->mysql_query($query); - $uid = $this->getUID($username); - return $uid; - } - public function getStatus($uid) { - if (!is_int($uid)) return false; - $table = $this->mysql_table('auth'); - $query = - "SELECT * \n". - "FROM $table \n". - "WHERE uid=$uid ;"; - $q = $this->mysql_query($query); - $user = mysql_fetch_array($q); - if (isset($user['status'])) { - return (int)$user['status']; - } else { - return false; - } - } - public function setStatus($uid, $status) { - if (!is_int($uid)) return false; - $table = $this->mysql_table('auth'); - $s = $this->mysql_escape($status); - $query = - "UPDATE $table * \n". - "SET status=$s \n". - "WHERE uid=$uid ;"; - $q = $this->mysql_query($query); - return ($q?true:false); - } - public function countUsers() { - $table = $this->mysql_table('auth'); - $query = "SELECT COUNT(*) FROM $table;"; - $q = $this->mysql_query($query); - $row = mysql_fetch_array($q); - $count = $row[0]; - return $count; - } - public function listGroups() { - $table = $this->mysql_table('auth'); - $query = - "SELECT uid \n". - "FROM $table \n". - "WHERE status=3 ;"; - $q = $this->mysql_query($query); - $groups = array(); - while (($row = mysql_fetch_array($q)) !==false) { - $groups[] = (int)$row[0]; - } - return $groups; - } - public function listGroupNames() { - $table = $this->mysql_table('auth'); - $query = - "SELECT name \n". - "FROM $table \n". - "WHERE status=3 ;"; - $q = $this->mysql_query($query); - $groups = array(); - while (($row = mysql_fetch_array($q)) !==false) { - $groups[] = $row[0].''; - } - return $groups; - } - public function listUsers() { - $table = $this->mysql_table('auth'); - $query = - "SELECT uid \n". - "FROM $table \n". - "WHERE status < 3 ;"; - $q = $this->mysql_query($query); - $users = array(); - while (($row = mysql_fetch_array($q)) !==false) { - $users[] = (int)$row[0]; - } - return $users; - } - - // The 'users' table - - public function findUser($setting, $value) { - $t = $this->mysql_table('users'); - $k = $this->mysql_escape($setting); - $v = $this->mysql_escape($value); - $query = - "SELECT * \n". - "FROM $t \n". - "WHERE k = '$k' \n". - "AND UPPER(v)=UPPER('$v') ;"; - $q = $this->mysql_query($query); - $user = mysql_fetch_array($q); - if (isset($user['uid'])) { - return $user['uid']; - } else { - return false; - } - } - public function getUserConf($uid, $setting) { - if (!is_int($uid)) return false; - $t = $this->mysql_table('users'); - $k = $this->mysql_escape($setting); - $query = - "SELECT * \n". - "FROM $t \n". - "WHERE k='$k' \n". - "AND uid=$uid ;"; - $q = $this->mysql_query($query); - $row = mysql_fetch_array($q); - if (isset($row['v'])) { - return $row['v']; - } else { - return false; - } - } - public function setUserConf($uid, $setting, $value) { - if (!is_int($uid)) return false; - $isset = ($this->getUserConf($uid, $setting) !== false); - $t = $this->mysql_table('users'); - $k = $this->mysql_escape($setting); - $v = $this->mysql_escape($value); - if ($isset) { - $query = - "UPDATE $t \n". - "SET v = '$v' \n". - "WHERE k = '$k' \n". - "AND uid = $uid ;"; - } else { - $query = - "INSERT INTO $t ( uid, k , v ) \n". - "VALUES ($uid, '$k', '$v') ;"; - } - $q = $this->mysql_query($query); - return ($q?true:false); - } - public function getUsersInGroup($groupname) { - $table = $this->mysql_table('users'); - $group = $this->mysql_escape($groupname); - $query = - "SELECT uid \n". - "FROM $table \n". - "WHERE k='groups' \n". - "AND v LIKE '%,$group,%' ;"; - $q = $this->mysql_query($query); - $users = array(); - while (($row = mysql_fetch_array($q)) !==false) { - $users[] = $row[0]; - } - return $users; - } - - // The 'plugins' table - - public function getPluginConf($plugin, $key) { - $t = $this->mysql_table('plugins'); - $p = $this->mysql_escape($plugin); - $k = $this->mysql_escape($key); - $query = - "SELECT * \n". - "FROM $t \n". - "WHERE k='$k' \n". - "AND plugin='$p' ;"; - $q = $this->mysql_query($query); - $row = mysql_fetch_array($q); - if (isset($row['v'])) { - return $row['v']; - } else { - return false; - } - } - public function setPluginConf($plugin, $key, $value) { - $isset = ($this->getPluginConf($plugin, $key) !== false); - $t = $this->mysql_table('plugins'); - $p = $this->mysql_escape($plugin); - $k = $this->mysql_escape($key); - $v = $this->mysql_escape($value); - if ($isset) { - $query = - "UPDATE $t \n". - "SET v = '$v' \n". - "WHERE k = '$k' \n". - "AND plugin = '$p' ;"; - } else { - $query = - "INSERT INTO $t (plugin, k , v ) \n". - "VALUES ('$p' , '$k', '$v') ;"; - } - $q = $this->mysql_query($query); - return ($q?true:false); - } - - // The 'conf' table - - public function getSysConf($key) { - $t = $this->mysql_table('conf'); - $k = $this->mysql_escape($key); - $query = - "SELECT * \n". - "FROM $t \n". - "WHERE k='$k' ;"; - $q = $this->mysql_query($query); - $row = mysql_fetch_array($q); - if (isset($row['v'])) { - return $row['v']; - } else { - return false; - } - } - public function setSysConf($key, $value) { - $isset = (getSysConf($key) !== false); - $t = $this->mysql_table('conf'); - $k = $this->mysql_escape($key); - $v = $this->mysql_escape($value); - if ($isset) { - $query = - "UPDATE $t \n". - "SET v = '$v' \n". - "WHERE k = '$k' ;"; - } else { - $query = - "INSERT INTO $t ( k , v ) \n". - "VALUES ('$k', '$v') ;"; - } - $q = $this->mysql_query($query); - return ($q?true:false); - } + // Load Things - // If the remaining code has to deal with SQL, you're doing it wrong. // - - public function baseUrl() { - if (!isset($this->base)) { - $this->base = $this->getSysConf('baseurl'); + public function database() { + if (!isset($this->database)) { + require_once('Database.class.php'); + $this->database = new Database($this->conf); } - return $this->base; + return $this->database; } + public function hasher() { if (!isset($this->pw_hasher)) { require_once('PasswordHash.class.php'); @@ -387,7 +52,7 @@ class MessageManager { } return $this->template; } - + public function pluginManager() { if (!isset($this->pluginManager)) { require_once('PluginManager.class.php'); @@ -395,35 +60,9 @@ class MessageManager { } return $this->pluginManager; } - - public function login($username, $password) { - $uid = $this->getUID($username); - if ($uid===false) { - // user does not exist - return 2; - } - $hash = $this->getPasswordHash($uid); - $hasher = $this->hasher(); - if ($hasher->CheckPassword($password, $hash)) { - // success - $_SESSION['uid'] = $uid; - return 0; - } else { - // wrong password - return 1; - } - } - public function isLoggedIn() { - if ( isset($_SESSION['uid']) && ($_SESSION['uid']!='') ) { - return $_SESSION['uid']; - } else { - return false; - } - } - public function logout() { - $_SESSION['uid'] = ''; - } - + + // Utility functions + public function shortUrl($longUrl) { $ch = curl_init('http://ur1.ca'); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); @@ -436,26 +75,17 @@ class MessageManager { curl_close($ch); return $shortUrl; } - - public function __construct($conf_file) { - $this->conf = $conf_file; - if (!file_exists($this->conf)) { - $this->base = $_SERVER['REQUEST_URI']; - $t = $this->template(); - $t->header('Message Manager'); - $t->paragraph( - 'Awe shiz, dude, conf.php doesn\'t exist, you '. - 'need to go through the '. - '<a href="installer">installer</a>.'); - $t->footer(); - exit(); + + public function baseUrl() { + if (!isset($this->base)) { + $this->base = $this->database()->getSysConf('baseurl'); } - session_start(); + return $this->base; } - + public function getAuthObj($uid) { if (!isset($this->users[$uid])) { - $is_group = ($this->getStatus($uid)===3); + $is_group = ($this->database()->getStatus($uid)===3); if ($is_group) { require_once('Group.class.php'); $this->users[$uid] = new Group($uid); @@ -466,33 +96,4 @@ class MessageManager { } return $this->users[$uid]; } - /** - * Strip out empty group names and duplicates, sort. - */ - private function sanitizeArray($in) { - $out = array(); - foreach ($in as $item) { - if (($item !== '')&&(!in_array($item, $out))) { - $out[] = $item; - } - } - natsort($out); - return $out; - } - /** - * Translate an array into a value suitable to be stored into a - * key-value store in the database. - */ - public function arrayToValue($list) { - $out_list = $this->sanitizeArray($list); - return ','.implode(',', $out_list).','; - } - /** - * Translate a value from arrayToValue() back into an array. - */ - public function valueToArray($value) { - $raw_list = explode(',', $value); - $out_list = $this->sanitizeArray($raw_list); - return $out_list; - } } diff --git a/src/plugins/InformationPlugin.class.php b/src/plugins/InformationPlugin.class.php new file mode 100644 index 0000000..6a37370 --- /dev/null +++ b/src/plugins/InformationPlugin.class.php @@ -0,0 +1,25 @@ +<?php + +require_once('Plugin.class.php'); + +class InformationPlugin extends Plugin { + public static function configList() { return array(); } + public function init() {} + public static function description() { + return "Get information about the user."; + } + public function userConfig(&$arr) { + $group = 'Information'; + $this->addConfigGroup($arr, $group); + $arr[$group][] = array('firstname','First Name','text'); + $arr[$group][] = array('lastname','Last Name','text'); + $arr[$group][] = array('school','Home School','text'); + $arr[$group][] = array('hsclass','Highschool Class of','text'); + + $group = 'Application-Resume-Things'; + $this->addConfigGroup($arr, $group); + $arr[$group][] = array('why_team', + 'Why you want to be on the team', + 'textarea'); + } +} diff --git a/src/plugins/SenderGVSMS.class.php b/src/plugins/SenderGVSMS.class.php index 777586c..90f9e69 100644 --- a/src/plugins/SenderGVSMS.class.php +++ b/src/plugins/SenderGVSMS.class.php @@ -5,8 +5,8 @@ require_once('GoogleVoice.class.php'); class SenderGVSMS extends SenderPrivate { protected $config = array('username'=>'', - 'password'=>'', - 'length'=>160); + 'password'=>'', + 'length'=>160); private $obj; public static function description() { diff --git a/src/plugins/SenderIdentica.class.php b/src/plugins/SenderIdentica.class.php index 4bb20c9..ac62dc3 100644 --- a/src/plugins/SenderIdentica.class.php +++ b/src/plugins/SenderIdentica.class.php @@ -5,8 +5,8 @@ require_once('Identica.class.php'); class SenderIdentica extends SenderBroadcast { protected $config = array('username'=>'', - 'password'=>'', - 'length'=>140); + 'password'=>'', + 'length'=>140); private $obj; public static function description() { diff --git a/src/views/pages/auth.php b/src/views/pages/auth.php deleted file mode 100644 index 2132d67..0000000 --- a/src/views/pages/auth.php +++ /dev/null @@ -1,65 +0,0 @@ -<?php global $mm; -/** - * This is the view for the main login page. - */ - -// TODO: We should probably check to make sure PAGE is just 'auth' or -// 'auth/', and not something like 'auth/foobar', for which we should -// throw a 404. - -@$action = $_POST['action']; -switch ($action) { -case 'login': login(); break; -case 'logout': logout(); break; -case '': maybe_login(); break; -default: badrequest(); break; -} - -function maybe_login() { - global $mm; - $uid = $mm->isLoggedIn(); - if ($uid===false) { - login(); - } else { - $mm->header('Authentication'); - $t = $mm->template(); - - $username = $mm->getUsername($uid); - - $t->openTag('div',array('class'=>'login')); - $t->text("Logged in as ".htmlentities($username).'.'); - $t->logout_button('Logout'); - $t->closeTag('div'); - - $mm->footer(); - } -} - -function login() { - include(VIEWPATH.'/pages/auth/login.php'); -} - -function logout() { - global $mm; - $t = $mm->template(); - - $mm->logout(); - - $mm->header('Authentication'); - $t->paragraph('Logged out'); - $mm->footer(); -} - -function badrequest() { - global $mm; - $mm->status('400 Bad Request'); - $t = $mm->template(); - - $mm->header('Authentication'); - $t->paragraph('The recieved POST request was malformed/invalid. '. - 'If you got here from a link, this is a bug; '. - 'Let the admin know.'. - 'If you got here from outside, then the API is being '. - 'missused.'); - $mm->footer(); -} diff --git a/src/views/pages/auth/login.php b/src/views/pages/auth/login.php deleted file mode 100644 index 8a175eb..0000000 --- a/src/views/pages/auth/login.php +++ /dev/null @@ -1,63 +0,0 @@ -<?php global $mm; -/** - * This isn't a separate URL, but this is what the 'auth' view loads - * when the user is attempting to log in. - * Logically, I don't think it should be in a separate file, but I think the - * general flow of things is easier to follow and edit and maintain. - */ -$username = ''; -$password = ''; - -$t = $mm->template(); - -$login = -1; -if ( isset($_POST['username']) && isset($_POST['password'])) { - $username = $_POST['username']; - $password = $_POST['password']; - $login = $mm->login($username, $password); -} - -$mm->header('Authentication'); - -$t->openTag('form',array('action'=>$mm->baseUrl().'auth','method'=>"post")); -$t->openFieldset('Login'); -switch ($login) { -case -1: break; -case 0: - $t->inputP('Successfully logged in as '. - htmlentities($username).'.'); - if (isset($_POST['url'])) { - $url = htmlentities($_POST['url']); - $t->inputP($t->link($url, - 'Return to the page you were on.', - true)); - } - $t->closeFieldset(); - $t->closeTag('form'); - return; - break; -case 1: - $t->inputP("Password does not match username.", - array('class'=>'error')); - break; -case 2: - $t->inputP("Username <q>$username</q> does not exist."); - $username = ''; - break; -} -$t->inputText( 'username', 'Username:', '', $username); -$t->inputPassword('password', 'Password:', '', $password); -$t->openTag('li'); -$t->tag('input', array('type'=>'submit', 'value'=>'Login')); -$t->closeTag('li'); -$t->closeFieldset(); -$t->tag('input', array('type'=>'hidden', - 'name'=>'action', - 'value'=>'login')); -if (isset($_POST['url'])) { - $url = htmlentities($_POST['url']); - $t->tag('input', array('type'=>'hidden', - 'name'=>'url', - 'value'=>$url)); -} -$t->closeTag('form'); diff --git a/src/views/pages/groups.php b/src/views/pages/groups.php deleted file mode 100644 index 03f625f..0000000 --- a/src/views/pages/groups.php +++ /dev/null @@ -1,41 +0,0 @@ -<?php global $mm; - -global $illegal_names; -$illegal_names = array('', 'new'); -global $groupname, $uid;// We will use these to pass the groupname to sub-views. - -$page_parts = explode('/', PAGE); -if (isset($page_parts[1])) { - $username = $page_parts[1]; - if ($username == '') { - unset($username); - } -} - -if (isset($username)) { // URI: "users/*" - // We'll be handing this off to another view. - if ($username === 'new') { - include(VIEWPATH.'/pages/users/new.php'); - } - - $uid = $mm->getUID($username); - if ($mm->getStatus($uid)===3) $uid = false; // ignore groups. - - if ($uid===false) { - include(VIEWPATH.'/pages/users/404.php'); - } else { - include(VIEWPATH.'/pages/users/individual.php'); - } -} else { // URI: "users" - $method = $_SERVER['REQUEST_METHOD']; - switch ($method) { - case 'PUT': - case 'POST': - // We're POSTing a new user - include(VIEWPATH.'/pages/users/create.php'); - case 'HEAD': // fall-through to GET - case 'GET': - // We're GETing an existing user - include(VIEWPATH.'/pages/users/index.php'); - } -} diff --git a/src/views/pages/groups/401.html.php b/src/views/pages/groups/401.html.php new file mode 100644 index 0000000..23e3778 --- /dev/null +++ b/src/views/pages/groups/401.html.php @@ -0,0 +1,15 @@ +<?php global $VARS; +$t = $VARS['template']; + +$t->status('401 Unauthorized'); +$t->header('Unauthorized'); +$t->tag('h1', array(), "401: Unauthorized"); +if ($VARS['uid']===false) { + // Not logged in + $t->paragraph('You need to be logged in to view group-data.'); +} else { + // Logged in, so the account must not activated + $t->paragraph('Your account needs to be activated by an administrator '. + 'to group-data.'); +} +$t->footer(); diff --git a/src/views/pages/index.html.php b/src/views/pages/index.html.php new file mode 100644 index 0000000..cf31759 --- /dev/null +++ b/src/views/pages/index.html.php @@ -0,0 +1,8 @@ +<?php global $VARS; +$t = $VARS['template']; + +$t->header('Main Page'); +$t->tag('h1', array(), "Message Manager"); +$t->paragraph("This is the main index page."); +$t->link($t->url('users'), 'List of all users'); +$t->footer(); diff --git a/src/views/pages/index.php b/src/views/pages/index.php deleted file mode 100644 index ad68559..0000000 --- a/src/views/pages/index.php +++ /dev/null @@ -1,7 +0,0 @@ -<?php global $mm; -$t = $mm->template(); - -$mm->header("Main Page"); -$t->paragraph("This is the main index page."); -$t->link($mm->baseUrl().'users', 'List of all users'); -$mm->footer(); diff --git a/src/views/pages/messages.php b/src/views/pages/messages.php deleted file mode 100644 index da57596..0000000 --- a/src/views/pages/messages.php +++ /dev/null @@ -1,222 +0,0 @@ -<?php
-// the first ~20 lines are so that this can be called from the command line,
-// with mail piped in. This allows us to hook it into a local mail handler.
-
-global $BASE, $m;
-
-$cmdline = isset($argv[0]); // called from the command line
-@$method = $_SERVER['REQUEST_METHOD']; // What HTTP method was used
-
-if (!isset($BASE)) {
- $pages = dirname(__FILE__);
- $src = dirname($pages);
- $BASE = dirname($src);
- set_include_path(get_include_path()
- .PATH_SEPARATOR. "$BASE/src/lib"
- .PATH_SEPARATOR. "$BASE/src/ext"
- );
-}
-
-if (!$cmdline) {
- require_once('MessageManager.class.php');
- $m = new MessageManager($BASE.'/conf.php');
-}
-
-$uid = $m->isLoggedIn();
-$auth = ($uid!==false) && ($m->getStatus($uid)>0);
-if (!$cmdline && !$auth) {
- $m->status('401 Unauthorized');
- $m->header('Unauthorized');
- $t = $m->template();
- $t->tag('h1',array(),"401: Unauthorized");
- $t->paragraph('You need to be logged in to view messages. :(');
- $m->footer();
- exit();
-}
-
-@$method = $_SERVER['REQUEST_METHOD'];
-if ( ($method=='PUT') || ($method=='POST') || $cmdline ) {
- // We're going to be uploading a new message.
-
- // so uniqid isn't 'secure', it doesn't need to be, it's to prevent
- // random collisions.
- $tmpfile = "$BASE/tmp/".uniqid(getmypid().'.');
- $infile = ($cmdline?'php://stdin':'php://input');
- $out = fopen($tmpfile, "w");
- $in = fopen($infile, "r");
- while ($data = fread($in, 1024))
- fwrite($out, $data);
- fclose($out);
- fclose($in);
- //apache_request_headers()
- require_once('MimeMailParser.class.php');
- $parser = new MimeMailParser();
- $parser->setPath($tmpfile);
- $id = preg_replace('/<(.*)>/', '$1',
- $parser->getHeader('message-id'));
- $id = str_replace('/', '', $id); // for security reasons
- $msg_file = "$BASE/msg/$id";
- rename($tmpfile, $msg_file);
-
- if (!$cmdline) {
- $m->status('201 Created');
- header("Location: ".$m->baseUrl().'messages/'.$id);
- }
- exit();
-}
-
-global $PAGE, $BASE;
-$page_parts = explode('/',$PAGE);
-@$msg = $page_parts[1];
-if ($msg == '') {
- $m->header('Message Index');
- $t = $m->template();
- $t->tag('h1',array(),"Message Index");
-
- require_once('MimeMailParser.class.php');
- $parser = new MimeMailParser();
- $messages = array();
- $dh = opendir("$BASE/msg");
- while (($file = readdir($dh)) !== false) {
- $path = "$BASE/msg/$file";
- if (is_file($path)) {
- $parser->setPath($path);
-
- $date_string = $parser->getHeader('date');
- $date = strtotime($date_string);
- if (!isset($messages[$date])) $messages[$date] = array();
- $messages[$date][] =
- array('id'=>$file,
- 'subject'=>$parser->getHeader('subject'));
- }
- }
- closedir($dh);
-
- $t->openTag('table');
- foreach ($messages as $date => $message_array) {
- foreach ($message_array as $message) {
- $url = $m->baseUrl().'messages/'.$message['id'];
- $subject = htmlentities($message['subject']);
- $date_str = date('Y-m-d H:i:s',$date);
- $t->row(array(
- $t->link($url, $subject, true),
- $t->link($url, $date_str, true)
- ));
- }
- }
- $t->closeTag('table');
-
- $m->footer();
- exit();
-}
-
-@$msg_file = "$BASE/msg/$msg";
-if (!is_file($msg_file)) {
- $m->status('404 Not Found');
- $m->header('Message not found | MessageManager');
- $t = $m->template();
- $t->tag('h1',array(),'404: Not Found');
- $t->paragraph('The message <q>'.htmlentities($msg).'</q> was not '.
- 'found in our database.');
- $m->footer();
- exit();
-}
-
-////////////////////////////////////////////////////////////////////////////////
-// In the interest of code reusability, most of the following code is //
-// independent of message manager. This section is stubs to bind into //
-// MessageManager. //
-$msg_file = $msg_file;
-$msg_id = $msg;
-@$part = $page_parts[2];
-@$subpart = $page_parts[3];
-function url($id, $part='',$subpart='') {
- global $m;
- return $m->baseUrl().'messages/'.$id.'/'.($part?"$part/$subpart":'');
-}
-// With the exception of one line (tagged with XXX), the following code is //
-// not specific to MessageManager. //
-// At some point I may contemplate making this use the template engine, but //
-// I like the idea of it being self-standing. //
-////////////////////////////////////////////////////////////////////////////////
-
-require_once('MimeMailParser.class.php');
-$parser = new MimeMailParser();
-$parser->setPath($msg_file);
-
-function messageLink($id) {
- if (is_array($id)) { $id = $id[1]; }
- return '<<a href="'.url($id).'">'.$id.'</a>>';
-}
-function parseMessageIDs($string) {
- $base = $_SERVER['REQUEST_URL'];
- $safe = htmlentities($string);
- $html = preg_replace_callback(
- '/<([^>]*)>/',
- 'messageLink',
- $safe);
- return $html;
-}
-
-function row($c1, $c2) {
- echo '<tr><td>'.$c1.'</td><td>'.$c2."</td></tr>\n";
-}
-switch ($part) {
-case '': // Show a frame for all the other parts
- $m->header('View Message | MessageManager');
- $t = $m->template();
- echo "<table>\n";
- row('To:' , htmlentities($parser->getHeader('to' )));
- row('From:' , htmlentities($parser->getHeader('from' )));
- row('Subject:' , htmlentities($parser->getHeader('subject' )));
- row('In-Reply-to:', parseMessageIDs($parser->getHeader('in-reply-to')));
- row('References:' , parseMessageIDs($parser->getHeader('references' )));
- echo "</table>\n";
- echo "<div class='message-body'>\n";
- if ($parser->getMessageBodyPart('html')!==false) {
- echo "<h2>HTML</h2>\n";
- echo '<iframe src="'.url($msg_id,'body','html').'" ></iframe>'."\n";
- }
- if ($parser->getMessageBodyPart('text')!==false) {
- echo "<h2>Plain Text</h2>\n";
- echo '<iframe src="'.url($msg_id,'body','text').'" ></iframe>'."\n";
- }
- echo "</div>\n";
- echo "<h2>Attachments</h2>\n";
- echo "<table>\n";
- $attachments = $parser->getAttachments();
- foreach ($attachments as $id => $attachment) {
- echo "<tr>";
- echo '<td>'.htmlentities($attachment->getContentType())."</td>";
- echo '<td><a href="'.url($msg_id,'attachment',$id).'">';
- echo htmlentities($attachment->getFilename());
- echo "</a></td>";
- echo "</tr>\n";
- }
- echo "</table>\n";
- $m->footer();// XXX: this is specific to MessageManager
- break;
-case 'body':
- $type = $subpart;
- switch ($type) {
- case 'text': header('Content-type: text/plain'); break;
- case 'html': header('Content-type: text/html' ); break;
- default:
- }
- echo $parser->getMessageBody($type);
- break;
-case 'attachment':
- $attachment_id = $subpart;
- $attachments = $parser->getAttachments();
- $attachment = $attachments[$attachment_id];
-
- $type = $attachment->getContentType();
- $filename = $attachment->getFilename();
-
- header('Content-Type: '.$type);
- header('Content-Disposition: attachment; filename='.$filename );
- while($bytes = $attachment->read()) {
- echo $bytes;
- }
- break;
-}
diff --git a/src/views/pages/messages/401.html.php b/src/views/pages/messages/401.html.php new file mode 100644 index 0000000..0b24f80 --- /dev/null +++ b/src/views/pages/messages/401.html.php @@ -0,0 +1,15 @@ +<?php global $VARS; +$t = $VARS['template']; + +$t->status('401 Unauthorized'); +$t->header('Unauthorized'); +$t->tag('h1', array(), "401: Unauthorized"); +if ($VARS['uid']===false) { + // Not logged in + $t->paragraph('You need to be logged in to view messages.'); +} else { + // Logged in, so the account must not activated + $t->paragraph('Your account needs to be activated by an administrator '. + 'to view messages.'); +} +$t->footer(); diff --git a/src/views/pages/messages/frame.html.php b/src/views/pages/messages/frame.html.php new file mode 100644 index 0000000..e64bc2f --- /dev/null +++ b/src/views/pages/messages/frame.html.php @@ -0,0 +1,57 @@ +<?php global $VARS; +$t = $VARS['template']; +$msg_id = $VARS['msg_id']; +$parser = $VARS['parser']; +$msgdir = $VARS['msgdir']; + +function messageLink($id) { + if (is_array($id)) { $id = $id[1]; } + global $VARS; $t = $VARS['template']; $msgdir = $VARS['msgdir']; + $exists = is_file("$msgdir/$id"); + $class = + $id = htmlentities($id); + return sprintf('<<a href="%1$s"%2$s>%3$s</a>>', + $t->url("messages/$id/"), + ($exists?'':' class="http404"'), + $id); +} +function parseMessageIDs($string) { + $base = $_SERVER['REQUEST_URL']; + $html = preg_replace_callback( + '/<([^>]*)>/', + 'messageLink', + $string); + return $html; +} + +$t->header('View Message'); +$t->openTag('table'); +$t->row(array('To:' , htmlentities( $parser->getHeader('to' )))); +$t->row(array('From:' , htmlentities( $parser->getHeader('from' )))); +$t->row(array('Subject:' , htmlentities( $parser->getHeader('subject' )))); +$t->row(array('In-Reply-to:', parseMessageIDs($parser->getHeader('in-reply-to')))); +$t->row(array('References:' , parseMessageIDs($parser->getHeader('references' )))); +$t->closeTag('table'); + +$t->openTag('div', array('class'=>'message-body')); +if ($parser->getMessageBodyPart('html')!==false) { + $t->tag('h2', array(), 'HTML'); + $t->tag('iframe', array('src'=>$t->url("messages/$msg_id/body.html")), ''); +} +if ($parser->getMessageBodyPart('text')!==false) { + $t->tag('h2', array(), 'Plain Text'); + $t->tag('iframe', array('src'=>$t->url("messages/$msg_id/body.txt")), ''); +} +$t->closeTag('div'); +$t->tag('h2', array(), 'Attachments'); +$t->openTag('table'); +$attachments = $parser->getAttachments(); +foreach ($attachments as $id => $attachment) { + $t->row(array( + htmlentities($attachment->getContentType()), + $t->link($t->url("$msg_id/attachment/$id"), + htmlentities($attachment->getFilename())), + )); +} +$t->closeTag('table'); +$t->footer(); diff --git a/src/views/pages/messages/index.html.php b/src/views/pages/messages/index.html.php new file mode 100644 index 0000000..111b6c6 --- /dev/null +++ b/src/views/pages/messages/index.html.php @@ -0,0 +1,25 @@ +<?php global $VARS; +$t = $VARS['template']; +$messages = $VARS['messages']; + +$t->header('Message Index'); +$t->tag('h1', array(), "Message Index"); + +$t->openTag('table'); +$t->row(array('From','Subject', 'Date')); +foreach ($messages as $date => $message_array) { + foreach ($message_array as $message) { + $url = $t->url('messages/'.$message['id'].'/'); + $subject = htmlentities($message['subject']); + $from = htmlentities($message['from']); + $date_str = str_replace(' ', ' ', date('Y-m-d H:i:s',$date)); + $t->row(array( + $t->link($url, $from , true), + $t->link($url, $subject , true), + $t->link($url, $date_str, true), + )); + } +} +$t->closeTag('table'); + +$t->footer(); diff --git a/src/views/pages/plugins/401.html.php b/src/views/pages/plugins/401.html.php new file mode 100644 index 0000000..5b1b222 --- /dev/null +++ b/src/views/pages/plugins/401.html.php @@ -0,0 +1,9 @@ +<?php global $VARS; +$t = $VARS['template']; + +$t->status('401 Unauthorized'); +$t->header('Unauthorized'); +$t->tag('h1',array(),"401: Unauthorized"); +$t->paragraph('You need to be logged in as an admin to edit global plugin '. + 'settings.'); +$t->footer(); diff --git a/src/views/pages/plugins/index.html.php b/src/views/pages/plugins/index.html.php new file mode 100644 index 0000000..0e14161 --- /dev/null +++ b/src/views/pages/plugins/index.html.php @@ -0,0 +1,5 @@ +<?php global $VARS; +$t = $VARS['template']; + +$t->header('Administrator Plugin Management'); +$t->openTag('form',array('method'=>'post','action'=>$m->baseUrl().plugins)); diff --git a/src/views/pages/users.php b/src/views/pages/users.php deleted file mode 100644 index 9c12ee7..0000000 --- a/src/views/pages/users.php +++ /dev/null @@ -1,44 +0,0 @@ -<?php global $mm; - -global $illegal_names; -$illegal_names = array('', 'new'); -global $username, $uid;// We will use these to pass the username to sub-views. - -$page_parts = explode('/', PAGE); -if (isset($page_parts[1])) { - $username = $page_parts[1]; - if ($username == '') { - unset($username); - } -} - -if (isset($username)) { // URI: "users/*" - // We'll be handing this off to another view. - if ($username === 'new') { - include(VIEWPATH.'/pages/users/new.php'); - exit(); - } - - $uid = $mm->getUID($username); - if ($mm->getStatus($uid)===3) $uid = false; // ignore groups. - - if ($uid===false) { - include(VIEWPATH.'/pages/users/404.php'); - } else { - include(VIEWPATH.'/pages/users/individual.php'); - } -} else { // URI: "users" - $method = $_SERVER['REQUEST_METHOD']; - switch ($method) { - case 'PUT': - case 'POST': - // We're POSTing a new user - include(VIEWPATH.'/pages/users/create.php'); - break; - case 'HEAD': // fall-through to GET - case 'GET': - // We're GETing an existing user - include(VIEWPATH.'/pages/users/index.php'); - break; - } -} diff --git a/src/views/pages/users/include.php b/src/views/pages/users/include.php deleted file mode 100644 index 6e8c90b..0000000 --- a/src/views/pages/users/include.php +++ /dev/null @@ -1,60 +0,0 @@ -<?php global $mm; - -require_once('User.class.php'); - -/** - * This will take care of possibly updating and displaying a value in the - * 'users' table. - */ -function inputText($user, $name, $label, $hint='') { - if ($user->canEdit()) { - if (isset($_POST["user_$name"])) { - $user->setConf($name, $_POST["user_$name"]); - } - } - - $current_setting = $user->getConf($name); - - global $mm; - $t = $mm->template(); - $t->inputText("user_$name", $label, $hint, $current_setting, - !$user->canEdit()); -} - -function inputArray($user, $name, $arr) { - global $mm; - $t = $mm->template(); - - if (isset($_POST[$name]) && is_array($_POST[$name])) { - $user->setConfArray($name, $_POST[$name]); - } - $defaults = $user->getConfArray($name); - - foreach ($arr as $value => $label) { - $t->inputBool($name, $value, $label, - in_array($value, $defaults), !$user->canEdit()); - } -} - -function inputNewPassword($user, $name, $label) { - @$password1 = $_POST[$name ]; - @$password2 = $_POST[$name.'_verify']; - - // Check the verify box, not main box, so that we don't get tripped by - // browsers annoyingly autocompleting the password. - $is_set = ($password2 != ''); - - global $mm; - $t = $mm->template(); - - if ($is_set) { - $matches = ( $password1 == $password2 ); - if ($matches) { - $user->setPassword($password1); - $t->inputP('Password successfully updated.'); - } else { - $t->inputP("Passwords don't match.", true); - } - } - $t->inputNewPassword($name, $label); -} diff --git a/src/views/pages/users/index.csv.php b/src/views/pages/users/index.csv.php index 527e508..0a69cee 100644 --- a/src/views/pages/users/index.csv.php +++ b/src/views/pages/users/index.csv.php @@ -1,5 +1,5 @@ <?php global $VARS; -$attribs = $VARS['template']; +$attribs = $VARS['attribs']; $users = $VARS['users']; function escape($value) { @@ -7,7 +7,7 @@ function escape($value) { return ($value?'true':'false'); } else { $chars = "'" . '"' . '\\' . ','; - return addcslashes($str, $chars); + return addcslashes($value, $chars); } } diff --git a/src/views/pages/users/index.html.php b/src/views/pages/users/index.html.php index 5f1ab02..c268c87 100644 --- a/src/views/pages/users/index.html.php +++ b/src/views/pages/users/index.html.php @@ -1,10 +1,12 @@ <?php global $VARS; $t = $VARS['template']; -$attribs = $VARS['template']; +$attribs = $VARS['attribs']; $users = $VARS['users']; $t->header('Users'); +$t->paragraph($t->link($t->url('users.csv'), "Download this as a spreadsheet.")); + $t->openTag('form', array('action'=>$t->url('users/index'), 'method'=>'post')); diff --git a/src/views/pages/users/index.php b/src/views/pages/users/index.php deleted file mode 100644 index d801faf..0000000 --- a/src/views/pages/users/index.php +++ /dev/null @@ -1,116 +0,0 @@ -<?php global $mm; - -$logged_in_user = $mm->getAuthObj($mm->isLoggedIn()); -if (!$logged_in_user->isUser()) { - include(VIEWPATH.'/pages/users/401.php'); - exit(); -} - -function attrib($key, $name, $check=false) { - return array('key'=>$key, 'name'=>$name, 'checkbox'=>$check); -} - -function getSetConf($user, $key) { - global $mm; - $logged_in_user = $mm->getAuthObj($mm->isLoggedIn()); - $uid = $user->getUID(); - $post_key = $key."[$uid]"; - @$value = $_POST[$post_key]; - $editable = $user->canEdit(); - $edit = isset($_POST[$post_key]); - - switch ($key) { - case 'auth_name': - if ($editable && $edit) $user->setName($value); - $value = $user->getName(); - break; - case 'auth_user': - $editable = $editable && $logged_in_user->isAdmin(); - if ($editable && $edit) $user->setUser($value=='true'); - $value = $user->isUser(); - break; - case 'auth_admin': - $editable = $editable && $logged_in_user->isAdmin(); - if ($editable && $edit) $user->setAdmin($value=='true'); - $value = $user->isAdmin(); - break; - default: - if ($editable && $edit) $user->setConf($key, $value); - $value = $user->getConf($key); - break; - } - - return array( - 'value'=>$value, - 'post_key'=>$post_key, - 'editable'=>$editable); -} - -$attribs = array(attrib('auth_user', 'Active', true), - attrib('lastname','Last'), - attrib('firstname','First'), - attrib('hsclass','Class of'), - attrib('phone','Phone number'), - attrib('email','Email'), - attrib('auth_name', 'Username'), - ); - -//////////////////////////////////////////////////////////////////////////////// - -$t = $mm->template(); -$mm->header('Users'); - -$t->openTag('form', array('action'=>$mm->baseUrl().'users', - 'method'=>'post')); - -$t->openTag('table'); - -$t->openTag('tr'); -foreach ($attribs as $attrib) { - $t->tag('th', array(), $attrib['name']); -} -$t->tag('th'); -$t->closeTag('tr'); - -$uids = $mm->listUsers(); -foreach ($uids as $uid) { - $user = $mm->getAuthObj($uid); - $t->openTag('tr'); - - foreach ($attribs as $attrib) { - $props = getSetConf($user, $attrib['key']); - - $arr = array('name'=>$props['post_key']); - if (!$props['editable']) { - $arr['readonly'] = 'readonly'; - if ($attrib['checkbox']) $arr['disabled'] = $disabled; - } - if ($attrib['checkbox']) { - if ($props['value']) - $arr['checked'] = 'checked'; - $arr['value'] = 'true'; - $arr['type'] = 'checkbox'; - } else { - $arr['value'] = $props['value']; - $arr['type'] = 'text'; - } - - $t->openTag('td'); - $t->tag('input', $arr); - $t->closeTag('td'); - } - - $t->openTag('td'); - $t->link($mm->baseUrl().'users/'.$user->getName(), 'More'); - $t->closeTag('td'); - - $t->closeTag('tr'); -} - -$t->closeTag('table'); - -$t->tag('input', array('type'=>'submit', - 'value'=>'Save/Update')); -$t->closeTag('form'); - -$mm->footer();
\ No newline at end of file diff --git a/src/views/pages/users/individual.html.php b/src/views/pages/users/individual.html.php index 4d6e4fc..9e3048a 100644 --- a/src/views/pages/users/individual.html.php +++ b/src/views/pages/users/individual.html.php @@ -8,6 +8,12 @@ function inputText($user, $key, $label, $hint='') { $t->inputText("user_$key", $label, $hint, $current_setting, !$user->canEdit()); } +function inputTextarea($user, $key, $label, $hint='') { + global $VARS; $t = $VARS['template']; + $current_setting = $user->getConf($key); + $t->inputTextarea("user_$key", $label, $hint, $current_setting, + !$user->canEdit()); +} function inputArray($user, $key, $arr) { global $VARS; $t = $VARS['template']; @@ -19,12 +25,27 @@ function inputArray($user, $key, $arr) { } } +function inputField($user, $arr) { + $fieldname = $arr[0]; + $fieldlabel = $arr[1]; + $fieldtype = $arr[2]; + + switch ($fieldtype) { + case 'text': + inputText($user, $fieldname, $fieldlabel, ''); + break; + case 'textarea': + inputTextarea($user, $fieldname, $fieldlabel, ''); + break; + } +} //////////////////////////////////////////////////////////////////////////////// +$username = $user->getName(); $t->header("Users: $username"); -$t->tag('h1', array(), ($user->canEdit()?'Edit':'View')." User (UID: $uid)"); +$t->tag('h1', array(), ($user->canEdit()?'Edit':'View')." User <q>$username</q> (UID: ".$user->getUID().")"); if ($user->canEdit()) { $t->openTag('form', array('method'=>'post', @@ -53,17 +74,26 @@ if (@$VARS['pw_updated']===true) { if (@$VARS['pw mixmatch']===true) { $t->inputP("Passwords don't match.", true); } -if ($user->canEdit()) inputNewPassword($user, 'auth_password','Reset Password'); +if ($user->canEdit()) $t->inputNewPassword('auth_password','Reset Password'); //////////////////////////////////////////////////////////////////////////////// $t->closeFieldset(); +/* $t->openFieldset("Information"); inputText($user, 'firstname','First Name',''); inputText($user, 'lastname','Last Name',''); inputText($user, 'hsclass','Highschool Class of', 'Please put the full year (ex: 2012)'); $t->closeFieldset(); +*/ +foreach ($VARS['config_options'] as $groupname=>$options) { + $t->openFieldset($groupname); + foreach ($options as $option) { + inputField($user, $option); + } + $t->closeFieldset(); +} $t->openFieldset("Contact"); // TODO: I should make this a setting for admins to set. @@ -80,9 +110,9 @@ $use_arr = array(); foreach ($CONTACT_METHODS as $method) { inputText($user, $method->addr_slug, - ucwords($method->addr_word), + ucwords($method->addr_text), $hints[$method->addr_slug]); - $use_arr[$method->verb_slug] = ucwords($method->verb_word); + $use_arr[$method->verb_slug] = ucwords($method->verb_text); } $t->inputP("When I recieve a message, notify me using the following methods:"); diff --git a/src/views/pages/users/individual.php b/src/views/pages/users/individual.php deleted file mode 100644 index 2483e6b..0000000 --- a/src/views/pages/users/individual.php +++ /dev/null @@ -1,89 +0,0 @@ -<?php global $mm, $uid; -// Honestly, the functions in this include should be in this file, but that -// would make this file too messy. -require_once(VIEWPATH.'/pages/users/include.php'); - -$user = $mm->getAuthObj($uid); - -if (!$user->canRead()) { - include(VIEWPATH.'/pages/users/401.php'); - exit(); -} - -// Read/Change the username -$username = $user->getName(); -if (isset($_POST['auth_name'])) { - $new_name = $_POST['auth_name']; - if ($new_name != $username) { - global $illegal_names; - if (!in_array($new_name, $illegal_names)) { - $changed_name = $user->setName($new_name); - $username = $user->getName(); - } - } -} - -//////////////////////////////////////////////////////////////////////////////// - -$t = $mm->template(); -$mm->header("Users: $username"); - -$t->tag('h1', array(), ($user->canEdit()?'Edit':'View')." User (UID: $uid)"); - -if ($user->canEdit()) { - $t->openTag('form', array('method'=>'post', - 'action'=>$mm->baseUrl()."users/$username")); -} else { - $t->openTag('form'); -} - -$t->openFieldset("Login / Authentication"); -if (isset($changed_name) && !$changed_name) { - $t->inputP("Error setting username to ". - "<q>$new_name</q>. This is probably because". - " a user with that name already exists.", - true); -} - -$t->inputText('auth_name','Username', - "This is the name you use to log in, but it is also a ". - "short name that is used in various places, think of it ". - "as a sort of <q>Twitter name</q>.", - $username,!$user->canEdit()); -if ($user->canEdit()) inputNewPassword($user, 'auth_password','Reset Password'); -$t->closeFieldset(); - -$t->openFieldset("Information"); -inputText($user, 'firstname','First Name',''); -inputText($user, 'lastname','Last Name',''); -inputText($user, 'hsclass','Highschool Class of','Please put the full year (ex: 2012)'); -$t->closeFieldset(); - -$t->openFieldset("Contact"); -inputText($user, 'email', 'Email', - "Right now you can only have one email address, ". - "but I'm working on making it so you can have ". - "multiple."); -inputText($user, 'phone', 'Cell Number', - "A home phone number isn't much use here because it is ". - "used to text-message you (if you enable it), and ". - "contact you at competition."); -$t->inputP("When I recieve a message, notify me using the following methods:"); -inputArray($user, 'use', array('email'=>'Email', - 'sms'=>'Text Message')); -$t->closeFieldSet(); - -$t->openFieldSet('Groups'); -$groups = $mm->listGroupNames(); -$group_arr = array(); -foreach ($groups as $group_name) { - $group_arr[$group_name] = ucwords($group_name); -} -inputArray($user, 'groups', $group_arr); -$t->closeFieldset(); - -if ($user->canEdit()) { - $t->tag('input', array('type'=>'submit', 'value'=>'Save')); -} -$t->closeTag('form'); -$mm->footer(); |