mysql)) { $this->mysql_init(); } return $this->mysql; } private function mysql_init() { global $db_config; require($this->conf); $this->mysql = mysql_connect($db_config['host'], $db_config['user'], $db_config['password']); mysql_set_charset($db_config['charset'], $this->mysql); mysql_select_db($db_config['name'], $this->mysql); $this->db_prefix = $db_config['prefix']; unset($db_config); } private function mysql_table($table_name) { $mysql = $this->mysql(); $prefix = $this->db_prefix; return $prefix.mysql_real_escape_string($table_name, $mysql); } private function mysql_escape($string) { $mysql = $this->mysql(); return mysql_real_escape_string($string, $mysql); } private function mysql_query($query) { $mysql = $this->mysql(); return mysql_query($query, $mysql); } public function mysql_error() { $mysql = $this->mysql(); return mysql_error($mysql); } // High-Level SQL functions //////////////////////////////////////////// // The 'auth' table public function getUID($username) { $t = $this->mysql_table('auth'); $v = $this->mysql_escape($username); $query = "SELECT * \n". "FROM $t \n". "WHERE name='$v' ;"; $q = $this->mysql_query($query); $user = mysql_fetch_array($q); if (isset($user['uid'])) { return (int)$user['uid']; } else { return false; } } public function getUsername($uid) { if (!is_int($uid)) return false; $t = $this->mysql_table('auth'); $query = "SELECT * \n". "FROM $t \n". "WHERE uid=$uid ;"; $q = $this->mysql_query($query); $user = mysql_fetch_array($q); if (isset($user['name'])) { return $user['name']; } else { return false; } } public function setUsername($uid, $username) { if (!is_int($uid)) return false; if ($this->getUID($username) !== false) { return false; } $table = $this->mysql_table('auth'); $name = $this->mysql_escape($username); $query = "UPDATE $table \n". "SET name='$name' \n". "WHERE uid=$uid ;"; $q = $this->mysql_query($query); return ($q?true:false); } public function getPasswordHash($uid) { if (!is_int($uid)) return false; $table = $this->mysql_table('auth'); $query = "SELECT * \n". "FROM $table \n". "WHERE uid=$uid ;"; $q = $this->mysql_query($query); $user = mysql_fetch_array($q); if (isset($user['hash'])) { return $user['hash']; } else { return false; } } public function setPassword($uid, $password) { if (!is_int($uid)) return false; $table = $this->mysql_table('auth'); $hasher = $this->hasher(); @$hash = $hasher->HashPassword($password); $query = "UPDATE $table \n". "SET hash='$hash' \n". "WHERE uid=$uid ;"; $q = $this->mysql_query($query); return ($q?true:false); } public function addUser($username, $password) { $user_exits = $this->getUID($username); if ($user_exists) { return false; } $table = $this->mysql_table('auth'); $user = $this->mysql_escape($username); $hasher = $this->hasher(); @$hash = $hasher->HashPassword($password); $status = 0; $query = "INSERT INTO $table ( name, hash , status) \n". "VALUES ('$user', '$hash', $status) ;"; $this->mysql_query($query); $uid = $this->getUID($username); return $uid; } public function getStatus($uid) { if (!is_int($uid)) return false; $table = $this->mysql_table('auth'); $query = "SELECT * \n". "FROM $table \n". "WHERE uid=$uid ;"; $q = $this->mysql_query($query); $user = mysql_fetch_array($q); if (isset($user['status'])) { return (int)$user['status']; } else { return false; } } public function setStatus($uid, $status) { if (!is_int($uid)) return false; $table = $this->mysql_table('auth'); $s = $this->mysql_escape($status); $query = "UPDATE $table * \n". "SET status=$s \n". "WHERE uid=$uid ;"; $q = $this->mysql_query($query); return ($q?true:false); } public function countUsers() { $table = $this->mysql_table('auth'); $query = "SELECT COUNT(*) FROM $table;"; $q = $this->mysql_query($query); $row = mysql_fetch_array($q); $count = $row[0]; return $count; } public function listGroups() { $table = $this->mysql_table('auth'); $query = "SELECT uid \n". "FROM $table \n". "WHERE status=3 ;"; $q = $this->mysql_query($query); $groups = array(); while (($row = mysql_fetch_array($q)) !==false) { $groups[] = (int)$row[0]; } return $groups; } public function listGroupNames() { $table = $this->mysql_table('auth'); $query = "SELECT name \n". "FROM $table \n". "WHERE status=3 ;"; $q = $this->mysql_query($query); $groups = array(); while (($row = mysql_fetch_array($q)) !==false) { $groups[] = $row[0].''; } return $groups; } public function listUsers() { $table = $this->mysql_table('auth'); $query = "SELECT uid \n". "FROM $table \n". "WHERE status < 3 ;"; $q = $this->mysql_query($query); $users = array(); while (($row = mysql_fetch_array($q)) !==false) { $users[] = (int)$row[0]; } return $users; } // The 'users' table public function findUser($setting, $value) { $t = $this->mysql_table('users'); $k = $this->mysql_escape($setting); $v = $this->mysql_escape($value); $query = "SELECT * \n". "FROM $t \n". "WHERE k = '$k' \n". "AND UPPER(v)=UPPER('$v') ;"; $q = $this->mysql_query($query); $user = mysql_fetch_array($q); if (isset($user['uid'])) { return $user['uid']; } else { return false; } } public function getUserConf($uid, $setting) { if (!is_int($uid)) return false; $t = $this->mysql_table('users'); $k = $this->mysql_escape($setting); $query = "SELECT * \n". "FROM $t \n". "WHERE k='$k' \n". "AND uid=$uid ;"; $q = $this->mysql_query($query); $row = mysql_fetch_array($q); if (isset($row['v'])) { return $row['v']; } else { return false; } } public function setUserConf($uid, $setting, $value) { if (!is_int($uid)) return false; $isset = ($this->getUserConf($uid, $setting) !== false); $t = $this->mysql_table('users'); $k = $this->mysql_escape($setting); $v = $this->mysql_escape($value); if ($isset) { $query = "UPDATE $t \n". "SET v = '$v' \n". "WHERE k = '$k' \n". "AND uid = $uid ;"; } else { $query = "INSERT INTO $t ( uid, k , v ) \n". "VALUES ($uid, '$k', '$v') ;"; } $q = $this->mysql_query($query); return ($q?true:false); } public function getUsersInGroup($groupname) { $table = $this->mysql_table('users'); $group = $this->mysql_escape($groupname); $query = "SELECT uid \n". "FROM $table \n". "WHERE k='groups' \n". "AND v LIKE '%,$group,%' ;"; $q = $this->mysql_query($query); $users = array(); while (($row = mysql_fetch_array($q)) !==false) { $users[] = $row[0]; } return $users; } // The 'plugins' table public function getPluginConf($plugin, $key) { $t = $this->mysql_table('plugins'); $p = $this->mysql_escape($plugin); $k = $this->mysql_escape($key); $query = "SELECT * \n". "FROM $t \n". "WHERE k='$k' \n". "AND plugin='$p' ;"; $q = $this->mysql_query($query); $row = mysql_fetch_array($q); if (isset($row['v'])) { return $row['v']; } else { return false; } } public function setPluginConf($plugin, $key, $value) { $isset = ($this->getPluginConf($plugin, $key) !== false); $t = $this->mysql_table('plugins'); $p = $this->mysql_escape($plugin); $k = $this->mysql_escape($key); $v = $this->mysql_escape($value); if ($isset) { $query = "UPDATE $t \n". "SET v = '$v' \n". "WHERE k = '$k' \n". "AND plugin = '$p' ;"; } else { $query = "INSERT INTO $t (plugin, k , v ) \n". "VALUES ('$p' , '$k', '$v') ;"; } $q = $this->mysql_query($query); return ($q?true:false); } // The 'conf' table public function getSysConf($key) { $t = $this->mysql_table('conf'); $k = $this->mysql_escape($key); $query = "SELECT * \n". "FROM $t \n". "WHERE k='$k' ;"; $q = $this->mysql_query($query); $row = mysql_fetch_array($q); if (isset($row['v'])) { return $row['v']; } else { return false; } } public function setSysConf($key, $value) { $isset = (getSysConf($key) !== false); $t = $this->mysql_table('conf'); $k = $this->mysql_escape($key); $v = $this->mysql_escape($value); if ($isset) { $query = "UPDATE $t \n". "SET v = '$v' \n". "WHERE k = '$k' ;"; } else { $query = "INSERT INTO $t ( k , v ) \n". "VALUES ('$k', '$v') ;"; } $q = $this->mysql_query($query); return ($q?true:false); } // If the remaining code has to deal with SQL, you're doing it wrong. // public function baseUrl() { if (!isset($this->base)) { $this->base = $this->getSysConf('baseurl'); } return $this->base; } public function hasher() { if (!isset($this->pw_hasher)) { require_once('PasswordHash.class.php'); $this->pw_hasher = new PasswordHash(8, false); } return $this->pw_hasher; } public function template() { if (!isset($this->template)) { require_once(VIEWPATH.'/Template.class.php'); $this->template = new Template($this->baseUrl(), $this); } return $this->template; } public function pluginManager() { if (!isset($this->pluginManager)) { require_once('PluginManager.class.php'); $this->pluginManager = new PluginManager(); } return $this->pluginManager; } public function login($username, $password) { $uid = $this->getUID($username); if ($uid===false) { // user does not exist return 2; } $hash = $this->getPasswordHash($uid); $hasher = $this->hasher(); if ($hasher->CheckPassword($password, $hash)) { // success $_SESSION['uid'] = $uid; return 0; } else { // wrong password return 1; } } public function isLoggedIn() { if ( isset($_SESSION['uid']) && ($_SESSION['uid']!='') ) { return $_SESSION['uid']; } else { return false; } } public function logout() { $_SESSION['uid'] = ''; } public function shortUrl($longUrl) { $ch = curl_init('http://ur1.ca'); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFILEDS, 'longurl='.urlencode($longUrl)); $html = curl_exec(); preg_match('/Your ur1 is: /',$html,$matches); $shortUrl = $matches[1]; curl_close($ch); return $shortUrl; } public function __construct($conf_file) { $this->conf = $conf_file; if (!file_exists($this->conf)) { $this->base = $_SERVER['REQUEST_URI']; $t = $this->template(); $t->header('Message Manager'); $t->paragraph( 'Awe shiz, dude, conf.php doesn\'t exist, you '. 'need to go through the '. 'installer.'); $t->footer(); exit(); } session_start(); } public function getAuthObj($uid) { if (!isset($this->users[$uid])) { $is_group = ($this->getStatus($uid)===3); if ($is_group) { require_once('Group.class.php'); $this->users[$uid] = new Group($uid); } else { require_once('User.class.php'); $this->users[$uid] = new User($uid); } } return $this->users[$uid]; } /** * Strip out empty group names and duplicates, sort. */ private function sanitizeArray($in) { $out = array(); foreach ($in as $item) { if (($item !== '')||(!in_array($item, $out))) { $out[] = $item; } } natsort($out); return $out; } /** * Translate an array into a value suitable to be stored into a * key-value store in the database. */ public function arrayToValue($list) { $out_list = $this->sanitizeArray($list); return ','.implode(',', $out_list).','; } /** * Translate a value from arrayToValue() back into an array. */ public function valueToArray($value) { $raw_list = explode(',', $value); $out_list = $this->sanitizeArray($raw_list); return $out_list; } }