Public/pics
2
2
Fork 2
Code Issues 5 Pull Requests Releases Wiki Activity

Compare commits

base: Public:ead97369f779038a88e1a4ccad1a690b1908804c
Branches Tags
Public:master
Public:version-1.2 Public:version-1.1 Public:version-1.0
...
compare: Public:master
Branches Tags
Public:master
Public:version-1.2 Public:version-1.1 Public:version-1.0

89 Commits
ead97369f7 ... master

Author SHA1 Message Date
Aaron van Geffen
ea4983e967 FeaturedThumbnailManager: add pager widget; show only 20 thumbs per page 2025-09-24 12:44:05 +02:00
Aaron van Geffen
b48c8ea820 EditAlbum: reorder asset loading 2025-09-24 12:32:29 +02:00
Aaron van Geffen
c9da46b36f EditAlbum: drop old thumbnail id field entirely 2025-09-24 12:30:22 +02:00
Aaron van Geffen
2b8b12e065 Merge branch 'inline-forms' 2025-09-24 12:23:50 +02:00
Aaron van Geffen
2af4e865e0 TabularData: take control of juxtapositing pager and form 2025-09-23 15:04:57 +02:00
Aaron van Geffen
77fa33730a InlineFormView: combine fields and buttons into one 'controls' array 2025-09-23 14:48:08 +02:00
Aaron van Geffen
0274ff5bf4 InlineFormView: remove support for unused 'html_after' property 2025-09-23 14:44:07 +02:00
Aaron van Geffen
2dea80b58e InlineFormView: split rendering into smaller methods 2025-09-23 14:42:47 +02:00
Aaron van Geffen
2bf78b9f5d InlineFormView: split off from TabularData template 2025-09-23 14:35:40 +02:00
Aaron van Geffen
913fb974c7 Fix two more stray queries 2025-09-18 11:10:04 +02:00
Aaron van Geffen
92b2cfa391 Merge pull request 'Simplify and clarify Forms and FormViews' (#54) from form-views into master 
Reviewed-on: #54
 2025-09-18 11:08:42 +02:00
Aaron van Geffen
48377ec823 Update stray queries to PDO-style parameters 2025-09-18 11:07:55 +02:00
Aaron van Geffen
8373c5d2d5 Form: reorder class properties and rework constructor 2025-09-11 20:01:36 +02:00
Aaron van Geffen
e69139e591 Form: introduce 'after_fields' content as well 2025-09-11 20:00:22 +02:00
Aaron van Geffen
f88d1885a2 Form: rename 'content_above' to 'before_fields' 2025-09-11 19:59:53 +02:00
Aaron van Geffen
be51946436 Form: rename 'content_below' to 'buttons_extra' 2025-09-11 19:59:30 +02:00
Aaron van Geffen
094fa16e78 FormView: add 'after_html' equivalent to 'before_html' 2025-09-11 19:58:35 +02:00
Aaron van Geffen
12352c0d71 FormView: remove unused 'before' and 'after' properties 2025-09-11 19:57:45 +02:00
Aaron van Geffen
416cb73069 FormView: remove unused $exclude and $include field lists 2025-09-11 19:57:12 +02:00
Aaron van Geffen
f82e952247 Asset: fix createNew query 2025-08-21 21:59:22 +02:00
Roflin
609edf3332 Merge pull request 'Rework DBA to use PDO' (#53) from pdo into master 
Reviewed-on: #53
Reviewed-by: Roflin <d.brentjes@gmail.com>
 2025-05-17 15:31:38 +02:00
Aaron van Geffen
26d8063c45 Asset/Thumbnail: replace 'NULL' placeholder strings with actual null values 2025-05-16 11:57:07 +02:00
Aaron van Geffen
3dfda45681 GenericTable: better handling of null values for timestamps 2025-05-16 11:54:05 +02:00
Aaron van Geffen
219260c57f Member: set empty reset key for new users 2025-05-16 11:53:59 +02:00
Aaron van Geffen
4b26c677bb AssetIterator: rewrite to standard Iterator interface 2025-05-13 23:29:43 +02:00
Aaron van Geffen
9989ba1fa7 CachedPDOIterator: introduce rewindable PDOStatement iterator 2025-05-13 22:51:12 +02:00
Aaron van Geffen
8dbf1dce7b Database: start reworking the DBA to work with PDO 2025-05-13 20:51:43 +02:00
Aaron van Geffen
7faa59562d Database: address PHP 8.5 mysqli deprecation warning 2025-04-18 19:26:50 +02:00
Roflin
d6a319b886 Merge pull request 'Add time-out to password resets; prevent repeated mails' (#50) from password-reset into master 
Reviewed-on: #50
 2025-03-02 15:01:08 +01:00
Roflin
fc9de822d8 Merge branch 'master' into password-reset 2025-03-02 15:00:34 +01:00
Aaron van Geffen
b775cffc0c EditAlbum: address refactor mistake 2025-02-26 15:44:30 +01:00
Aaron van Geffen
041b56ff8c ErrorPage: display debug info in separate box 2025-02-26 15:33:18 +01:00
Aaron van Geffen
13cbe08219 Merge pull request 'Replace deprecated trigger_error calls with exceptions' (#52) from trigger-error into master 
Reviewed-on: #52
 2025-02-26 15:29:13 +01:00
Aaron van Geffen
afd9811616 Merge pull request 'Refactor the GenericTables class' (#51) from generic-tables into master 
Reviewed-on: #51
 2025-02-26 15:29:02 +01:00
Aaron van Geffen
85ed6ba8d3 Replace deprecated trigger_error calls with exceptions 2025-02-13 11:38:45 +01:00
Aaron van Geffen
00ca931cf3 GenericTable: rework timestamp formatting 2025-01-08 19:11:10 +01:00
Aaron van Geffen
7c25d628e1 GenericTable: remove unused formatting types 2025-01-08 19:11:10 +01:00
Aaron van Geffen
9740416cb2 Management controllers: make format functions first-level 2025-01-08 19:11:10 +01:00
Aaron van Geffen
6ca3ee6d9d GenericTable: move link generation out of from formatting options 2025-01-08 19:11:10 +01:00
Aaron van Geffen
77809faada GenericTable: rename 'parse' option to 'format' 2025-01-08 19:11:10 +01:00
Aaron van Geffen
cc0ff71ef7 Management controllers: move table queries into models 2025-01-08 19:11:10 +01:00
Aaron van Geffen
2d2ef38422 MainNavBar: harden Registry access 2024-12-22 15:45:44 +01:00
Aaron van Geffen
1e26a51d08 ErrorLog: use DELETE FROM instead of TRUNCATE 2024-12-22 15:35:50 +01:00
Aaron van Geffen
bb8a8bad27 GenericTable: refactor order and pagination initalisation 2024-12-19 15:00:00 +01:00
Aaron van Geffen
06c95853f5 GenericTable: drop $tableIsSortable property 2024-12-19 12:01:00 +01:00
Aaron van Geffen
e57289eeb6 GenericTable: drop support for get_count_params, get_data_params 2024-12-19 11:56:00 +01:00
Aaron van Geffen
adfb5a2198 ResetPassword: add time-out to password resets; prevent repeated mails 2024-11-05 17:19:59 +01:00
Aaron van Geffen
eb7a40a70d ResetPassword: introduce requestResetKey and verifyResetKey methods 2024-11-05 17:17:14 +01:00
Aaron van Geffen
084658820e Authentication: replace checkExists with Member::fromId 2024-11-05 16:46:53 +01:00
Aaron van Geffen
8eaeb6c332 Authentication: remove remnants of user agent checks 2024-11-05 16:45:40 +01:00
Aaron van Geffen
9c86d2c475 Authentication: replace getUserId with Member::fromEmailAddress 2024-11-05 16:44:54 +01:00
Aaron van Geffen
3de4e9391c Authentication: reorder methods alphabetically 2024-11-05 16:39:42 +01:00
Aaron van Geffen
814a1f82f6 ManageAssets: add thumbnails to asset table 2024-08-27 12:00:46 +02:00
Aaron van Geffen
01954d4a7d TabularData: split up into logical methods 2024-08-27 11:55:22 +02:00
Aaron van Geffen
d6f39a3410 Database: patch error handling to account for exceptions thrown by mysqli_query 2024-08-27 11:46:18 +02:00
Aaron van Geffen
b64f87a49d PhotoPage: only call printNewTagScript if $allowLinkingNewTags 2024-06-29 10:03:51 +02:00
Aaron van Geffen
ead4240173 AlbumButtonBox: un-float album_button_box 2024-06-28 20:25:00 +02:00
Aaron van Geffen
89cc00ffd9 EditAlbum: choose the first non-root album as the default parent 2024-05-08 13:21:13 +02:00
Aaron van Geffen
45b59636f6 EditAlbum: fix error handling 2024-05-08 13:17:31 +02:00
Aaron van Geffen
2bfbe67d91 Merge pull request 'Introduce edit menu for admins' (#49) from edit-menu into master 
Reviewed-on: #49
 2024-02-24 13:10:58 +01:00
Aaron van Geffen
9d4f35a0fd ViewPhotoAlbum: add ?in param for root tags, too 
This was probably intended as an optimisation, but people tags are
at root level, and so id_parent == 0.
 2024-02-24 13:08:37 +01:00
Aaron van Geffen
f0d286179a Fix edge case in color-modes.js 
For details, see https://github.com/twbs/bootstrap/pull/39224
 2024-02-21 15:45:27 +01:00
Roflin
cf6adbf80c Merge pull request 'Allow users to filter albums by contributors' (#48) from refactor/viewalbum into master 
Reviewed-on: #48
Reviewed-by: Bart Schuurmans <bart@minnozz.com>
 2024-01-20 20:11:16 +01:00
Aaron van Geffen
25feb31c1a EditAsset: some hardening; deduplicate redirect code 2024-01-18 13:40:17 +01:00
Aaron van Geffen
6ec5994de0 ViewPhotoAlbum: build edit menu in controller 2024-01-18 13:18:22 +01:00
Aaron van Geffen
24c2e9cdcf PhotosIndex: allow setting image as the album cover as well 2024-01-17 18:28:24 +01:00
Aaron van Geffen
0487ad16b9 Asset: remove old setKeyData method 2024-01-17 17:54:18 +01:00
Aaron van Geffen
c2aae4fb6e EditAsset: replace Asset::setKeyData with Asset::save equivalent 2024-01-17 17:54:14 +01:00
Aaron van Geffen
069d56383e PhotosIndex: replace edit button with edit menu 2024-01-17 17:51:45 +01:00
Aaron van Geffen
8613054d69 Asset: introduce save method 2024-01-17 17:51:25 +01:00
Aaron van Geffen
30bc0bb884 ViewPhotoAlbum: don't include empty $by in page links 2024-01-15 13:44:51 +01:00
Aaron van Geffen
c0dd2cbd49 ViewPhotoAlbum: drop 'Show' from empty filter caption 2024-01-15 13:41:51 +01:00
Aaron van Geffen
bb81f7e086 Download: remove limits on maximum execution time 2024-01-15 11:46:01 +01:00
Aaron van Geffen
4b289a5e83 Download: allow limiting by user uploaded as well 2024-01-15 11:40:33 +01:00
Aaron van Geffen
ec2d702a0d ViewPhoto: simplify filter verification 2024-01-15 11:33:43 +01:00
Aaron van Geffen
52472d8b58 ViewPhotoAlbum: add 'label' key to empty filter as well 2024-01-15 11:26:17 +01:00
Aaron van Geffen
5d990501f6 ViewPhotoAlbum: move $is_person declaration to where it's used 2024-01-15 11:25:04 +01:00
Aaron van Geffen
1f53689e4b AlbumButtonBox: add visual cue to indicate a filter is active 2024-01-15 00:55:33 +01:00
Aaron van Geffen
accf093935 PageIndex: rewrite getLink to be way less messy 2024-01-15 00:51:06 +01:00
Aaron van Geffen
d8c3e76df6 ViewPhoto: take filter into account for prev/next links 2024-01-15 00:43:02 +01:00
Aaron van Geffen
f33a7e397c Asset: combine getUrlFor{Next,Previous}InSet into one private method 2024-01-15 00:19:39 +01:00
Aaron van Geffen
9c00248a7f ViewPhotoAlbum: don't populate filter box if there are no album contributors 2024-01-14 22:17:09 +01:00
Aaron van Geffen
99b867b241 AlbumButtonBox: add way for users to select an album filter 2024-01-14 21:28:45 +01:00
Aaron van Geffen
6a25ecec23 ViewPhotoAlbum: add method to filter by id_user_uploaded 2024-01-14 21:06:54 +01:00
Aaron van Geffen
16683d2f1f Tag: add getContributorList method 2024-01-14 21:06:34 +01:00
Aaron van Geffen
7cdcf8197c ViewPhotoAlbum: use Tag::getUrl instead of fumbling with $_GET['tag'] 2024-01-14 20:40:58 +01:00
Aaron van Geffen
25b9528628 ViewPhotoAlbum: simplify tag handling in getAlbumButtons 2024-01-14 20:40:58 +01:00
Aaron van Geffen
08cdbfe7b6 ViewPhotoAlbum: move some logic into new prepareHeaderBox method 2024-01-14 20:40:58 +01:00
Aaron van Geffen
978d6461c5 Database: add fetch_object, queryObject, queryObjects methods 2023-06-12 12:49:22 +02:00
50 changed files with 1957 additions and 1603 deletions
Expand all files Collapse all files

17
controllers/Download.php
View File

@@ -21,22 +21,30 @@ class Download
$tag = (int)$_GET['tag'];
$album = Tag::fromId($tag);
if (isset($_GET['by']) && ($user = Member::fromSlug($_GET['by'])) !== false)
$id_user_uploaded = $user->getUserId();
else
$id_user_uploaded = null;
if (isset($_SESSION['current_export']))
throw new UserFacingException('You can only export one album at the same time. Please wait until the other download finishes, or try again later.');
// So far so good?
$this->exportAlbum($album);
$this->exportAlbum($album, $id_user_uploaded);
exit;
}
private function exportAlbum(Tag $album)
private function exportAlbum(Tag $album, $id_user_uploaded)
{
$files = [];
$album_ids = array_merge([$album->id_tag], $this->getChildAlbumIds($album->id_tag));
foreach ($album_ids as $album_id)
{
$iterator = AssetIterator::getByOptions(['id_tag' => $album_id]);
$iterator = AssetIterator::getByOptions([
'id_tag' => $album_id,
'id_user_uploaded' => $id_user_uploaded,
]);
while ($asset = $iterator->next())
$files[] = join(DIRECTORY_SEPARATOR, [$asset->getSubdir(), $asset->getFilename()]);
}
@@ -71,6 +79,9 @@ class Download
// STDOUT should not block.
stream_set_blocking($pipes[1], 0);
// Allow this the download to take its time...
set_time_limit(0);
header('Pragma: no-cache');
header('Content-Description: File Download');
header('Content-disposition: attachment; filename="' . $album->tag . '.tar"');

106
controllers/EditAlbum.php
View File

@@ -6,8 +6,14 @@
* Kabuki CMS (C) 2013-2017, Aaron van Geffen
*****************************************************************************/
// TODO: extend EditTag?
class EditAlbum extends HTMLController
{
private $form;
private $formview;
const THUMBS_PER_PAGE = 20;
public function __construct()
{
// Ensure it's just admins at this point.
@@ -38,13 +44,13 @@ class EditAlbum extends HTMLController
exit;
}
else
trigger_error('Cannot delete album: an error occured while processing the request.', E_USER_ERROR);
throw new Exception('Cannot delete album: an error occured while processing the request.');
}
// Editing one, then, surely.
else
{
if ($album->kind !== 'Album')
trigger_error('Cannot edit album: not an album.', E_USER_ERROR);
throw new Exception('Cannot edit album: not an album.');
parent::__construct('Edit album \'' . $album->tag . '\'');
$form_title = 'Edit album \'' . $album->tag . '\'';
@@ -64,7 +70,7 @@ class EditAlbum extends HTMLController
// Gather possible parents for this album to be filed into
$parentChoices = [0 => '-root-'];
foreach (PhotoAlbum::getHierarchy('tag', 'up') as $parent)
foreach (Tag::getOffset(0, 9999, 'tag', 'up', true) as $parent)
{
if (!empty($id_tag) && $parent['id_tag'] == $id_tag)
continue;
@@ -78,11 +84,6 @@ class EditAlbum extends HTMLController
'label' => 'Parent album',
'options' => $parentChoices,
],
'id_asset_thumb' => [
'type' => 'numeric',
'label' => 'Thumbnail asset ID',
'is_optional' => true,
],
'tag' => [
'type' => 'text',
'label' => 'Album title',
@@ -104,22 +105,9 @@ class EditAlbum extends HTMLController
],
];
// Fetch image assets for this album
if (!empty($id_tag))
{
list($assets, $num_assets) = AssetIterator::getByOptions([
'direction' => 'desc',
'limit' => 500,
'id_tag' => $id_tag,
], true);
if ($num_assets > 0)
unset($fields['id_asset_thumb']);
}
$form = new Form([
$this->form = new Form([
'request_url' => BASEURL . '/editalbum/?' . ($id_tag ? 'id=' . $id_tag : 'add'),
'content_below' => $after_form,
'buttons_extra' => $after_form,
'fields' => $fields,
]);
@@ -136,23 +124,61 @@ class EditAlbum extends HTMLController
];
}
}
if (!isset($formDefaults))
$formDefaults = isset($album) ? get_object_vars($album) : $_POST;
elseif (empty($_POST) && isset($album))
{
$formDefaults = get_object_vars($album);
}
elseif (empty($_POST) && count($parentChoices) > 1)
{
// Choose the first non-root album as the default parent
reset($parentChoices);
next($parentChoices);
$formDefaults = ['id_parent' => key($parentChoices)];
}
else
$formDefaults = $_POST;
// Create the form, add in default values.
$form->setData($formDefaults);
$formview = new FormView($form, $form_title ?? '');
$this->page->adopt($formview);
$this->form->setData($formDefaults);
$this->formview = new FormView($this->form, $form_title ?? '');
$this->page->adopt($this->formview);
// If we have asset images, show the thumbnail manager
if (!empty($id_tag) && $num_assets > 0)
$this->page->adopt(new FeaturedThumbnailManager($assets, $id_tag ? $album->id_asset_thumb : 0));
if (!empty($id_tag))
{
$current_page = isset($_GET['page']) ? (int) $_GET['page'] : 1;
list($assets, $num_assets) = AssetIterator::getByOptions([
'direction' => 'desc',
'limit' => self::THUMBS_PER_PAGE,
'page' => $current_page,
'id_tag' => $id_tag,
], true);
// If we have asset images, show the thumbnail manager
if ($num_assets > 0)
{
$manager = new FeaturedThumbnailManager($assets, $id_tag ? $album->id_asset_thumb : 0);
$this->page->adopt($manager);
// Make a page index as needed, while we're at it.
if ($num_assets > self::THUMBS_PER_PAGE)
{
$index = new PageIndex([
'recordCount' => $num_assets,
'items_per_page' => self::THUMBS_PER_PAGE,
'start' => ($current_page - 1) * self::THUMBS_PER_PAGE,
'base_url' => BASEURL . '/editalbum/?id=' . $id_tag,
'page_slug' => '&page=%PAGE%',
]);
$manager->adopt(new PageIndexWidget($index));
}
}
}
if (isset($_POST['changeThumbnail']))
$this->processThumbnail($album);
elseif (!empty($_POST))
$this->processTagDetails($form, $id_tag, $album ?? null);
$this->processTagDetails($id_tag, $album ?? null);
}
private function processThumbnail($tag)
@@ -167,22 +193,22 @@ class EditAlbum extends HTMLController
exit;
}
private function processTagDetails($form, $id_tag, $album)
private function processTagDetails($id_tag, $album)
{
if (!empty($_POST))
{
$form->verify($_POST);
$this->form->verify($_POST);
// Anything missing?
if (!empty($form->getMissing()))
return $formview->adopt(new Alert('Some data missing', 'Please fill out the following fields: ' . implode(', ', $form->getMissing()), 'danger'));
if (!empty($this->form->getMissing()))
return $this->formview->adopt(new Alert('Some data missing', 'Please fill out the following fields: ' . implode(', ', $this->form->getMissing()), 'danger'));
$data = $form->getData();
$data = $this->form->getData();
// Sanity check: don't let an album be its own parent
if ($data['id_parent'] == $id_tag)
{
return $formview->adopt(new Alert('Invalid parent', 'An album cannot be its own parent.', 'danger'));
return $this->formview->adopt(new Alert('Invalid parent', 'An album cannot be its own parent.', 'danger'));
}
// Quick stripping.
@@ -198,7 +224,7 @@ class EditAlbum extends HTMLController
$data['kind'] = 'Album';
$newTag = Tag::createNew($data);
if ($newTag === false)
return $formview->adopt(new Alert('Cannot create this album', 'Something went wrong while creating the album...', 'danger'));
return $this->formview->adopt(new Alert('Cannot create this album', 'Something went wrong while creating the album...', 'danger'));
if (isset($_POST['submit_and_new']))
{

44
controllers/EditAsset.php
View File

@@ -30,10 +30,44 @@ class EditAsset extends HTMLController
header('Location: ' . $redirectUrl);
exit;
}
else
{
$isPrioChange = isset($_REQUEST['inc_prio']) || isset($_REQUEST['dec_prio']);
$isCoverChange = isset($_REQUEST['album_cover'], $_REQUEST['in']);
$madeChanges = false;
if ($user->isAdmin() && $isPrioChange && Session::validateSession('get'))
{
if (isset($_REQUEST['inc_prio']))
$priority = $asset->priority + 1;
else
$priority = $asset->priority - 1;
$asset->priority = max(0, min(100, $priority));
$asset->save();
$madeChanges = true;
}
elseif ($user->isAdmin() && $isCoverChange && Session::validateSession('get'))
{
$tag = Tag::fromId($_REQUEST['in']);
$tag->id_asset_thumb = $asset->getId();
$tag->save();
$madeChanges = true;
}
if ($madeChanges)
{
if (isset($_SERVER['HTTP_REFERER']))
header('Location: ' . $_SERVER['HTTP_REFERER']);
else
header('Location: ' . BASEURL . '/' . $asset->getSubdir());
exit;
}
}
// Get a list of available photo albums
$allAlbums = [];
foreach (PhotoAlbum::getHierarchy('tag', 'up') as $album)
foreach (Tag::getOffset(0, 9999, 'tag', 'up', true) as $album)
$allAlbums[$album['id_tag']] = $album['tag'];
// Figure out the current album id
@@ -61,10 +95,12 @@ class EditAsset extends HTMLController
// Key info
if (isset($_POST['title'], $_POST['slug'], $_POST['date_captured'], $_POST['priority']))
{
$date_captured = !empty($_POST['date_captured']) ?
$asset->date_captured = !empty($_POST['date_captured']) ?
new DateTime(str_replace('T', ' ', $_POST['date_captured'])) : null;
$slug = Asset::cleanSlug($_POST['slug']);
$asset->setKeyData(htmlspecialchars($_POST['title']), $slug, $date_captured, intval($_POST['priority']));
$asset->slug = Asset::cleanSlug($_POST['slug']);
$asset->title = htmlspecialchars($_POST['title']);
$asset->priority = intval($_POST['priority']);
$asset->save();
}
// Changing parent album?

32
controllers/EditTag.php
View File

@@ -8,6 +8,8 @@
class EditTag extends HTMLController
{
const THUMBS_PER_PAGE = 20;
public function __construct()
{
$id_tag = isset($_GET['id']) ? (int) $_GET['id'] : 0;
@@ -39,13 +41,13 @@ class EditTag extends HTMLController
exit;
}
else
trigger_error('Cannot delete tag: an error occured while processing the request.', E_USER_ERROR);
throw new Exception('Cannot delete tag: an error occured while processing the request.');
}
// Editing one, then, surely.
else
{
if ($tag->kind === 'Album')
trigger_error('Cannot edit tag: is actually an album.', E_USER_ERROR);
throw new Exception('Cannot edit tag: is actually an album.');
parent::__construct('Edit tag \'' . $tag->tag . '\'');
$form_title = 'Edit tag \'' . $tag->tag . '\'';
@@ -106,7 +108,7 @@ class EditTag extends HTMLController
$form = new Form([
'request_url' => BASEURL . '/edittag/?' . ($id_tag ? 'id=' . $id_tag : 'add'),
'content_below' => $after_form,
'buttons_extra' => $after_form,
'fields' => $fields,
]);
@@ -117,14 +119,34 @@ class EditTag extends HTMLController
if (!empty($id_tag))
{
$current_page = isset($_GET['page']) ? (int) $_GET['page'] : 1;
list($assets, $num_assets) = AssetIterator::getByOptions([
'direction' => 'desc',
'limit' => 500,
'limit' => self::THUMBS_PER_PAGE,
'page' => $current_page,
'id_tag' => $id_tag,
], true);
// If we have asset images, show the thumbnail manager
if ($num_assets > 0)
$this->page->adopt(new FeaturedThumbnailManager($assets, $id_tag ? $tag->id_asset_thumb : 0));
{
$manager = new FeaturedThumbnailManager($assets, $id_tag ? $tag->id_asset_thumb : 0);
$this->page->adopt($manager);
// Make a page index as needed, while we're at it.
if ($num_assets > self::THUMBS_PER_PAGE)
{
$index = new PageIndex([
'recordCount' => $num_assets,
'items_per_page' => self::THUMBS_PER_PAGE,
'start' => ($current_page - 1) * self::THUMBS_PER_PAGE,
'base_url' => BASEURL . '/edittag/?id=' . $id_tag,
'page_slug' => '&page=%PAGE%',
]);
$manager->adopt(new PageIndexWidget($index));
}
}
}
if (isset($_POST['changeThumbnail']))

6
controllers/EditUser.php
View File

@@ -33,7 +33,7 @@ class EditUser extends HTMLController
{
// Don't be stupid.
if ($current_user->getUserId() == $id_user)
trigger_error('Sorry, I cannot allow you to delete yourself.', E_USER_ERROR);
throw new Exception('Sorry, I cannot allow you to delete yourself.');
// So far so good?
$user = Member::fromId($id_user);
@@ -43,7 +43,7 @@ class EditUser extends HTMLController
exit;
}
else
trigger_error('Cannot delete user: an error occured while processing the request.', E_USER_ERROR);
throw new Exception('Cannot delete user: an error occured while processing the request.');
}
// Editing one, then, surely.
else
@@ -69,7 +69,7 @@ class EditUser extends HTMLController
$form = new Form([
'request_url' => BASEURL . '/edituser/?' . ($id_user ? 'id=' . $id_user : 'add'),
'content_below' => $after_form,
'buttons_extra' => $after_form,
'fields' => [
'first_name' => [
'type' => 'text',

4
controllers/Login.php
View File

@@ -24,7 +24,9 @@ class Login extends HTMLController
if (Authentication::checkPassword($_POST['emailaddress'], $_POST['password']))
{
parent::__construct('Login');
$_SESSION['user_id'] = Authentication::getUserId($_POST['emailaddress']);
$user = Member::fromEmailAddress($_POST['emailaddress']);
$_SESSION['user_id'] = $user->getUserId();
if (isset($_POST['redirect_url']))
header('Location: ' . base64_decode($_POST['redirect_url']));

41
controllers/ManageAlbums.php
View File

@@ -18,8 +18,7 @@ class ManageAlbums extends HTMLController
'form' => [
'action' => BASEURL . '/editalbum/',
'method' => 'get',
'class' => 'col-md-6 text-end',
'buttons' => [
'controls' => [
'add' => [
'type' => 'submit',
'caption' => 'Add new album',
@@ -35,18 +34,14 @@ class ManageAlbums extends HTMLController
'tag' => [
'header' => 'Album',
'is_sortable' => true,
'parse' => [
'link' => BASEURL . '/editalbum/?id={ID_TAG}',
'data' => 'tag',
],
'link' => BASEURL . '/editalbum/?id={ID_TAG}',
'value' => 'tag',
],
'slug' => [
'header' => 'Slug',
'is_sortable' => true,
'parse' => [
'link' => BASEURL . '/editalbum/?id={ID_TAG}',
'data' => 'slug',
],
'link' => BASEURL . '/editalbum/?id={ID_TAG}',
'value' => 'slug',
],
'count' => [
'header' => '# Photos',
@@ -54,30 +49,20 @@ class ManageAlbums extends HTMLController
'value' => 'count',
],
],
'start' => !empty($_GET['start']) ? (int) $_GET['start'] : 0,
'sort_order' => !empty($_GET['order']) ? $_GET['order'] : null,
'sort_direction' => !empty($_GET['dir']) ? $_GET['dir'] : null,
'default_sort_order' => 'tag',
'default_sort_direction' => 'up',
'start' => $_GET['start'] ?? 0,
'sort_order' => $_GET['order'] ?? '',
'sort_direction' => $_GET['dir'] ?? '',
'title' => 'Manage albums',
'no_items_label' => 'No albums meet the requirements of the current filter.',
'items_per_page' => 9999,
'index_class' => 'col-md-6',
'base_url' => BASEURL . '/managealbums/',
'get_data' => function($offset = 0, $limit = 9999, $order = '', $direction = 'up') {
if (!in_array($order, ['id_tag', 'tag', 'slug', 'count']))
$order = 'tag';
if (!in_array($direction, ['up', 'down']))
$direction = 'up';
$rows = PhotoAlbum::getHierarchy($order, $direction);
return [
'rows' => $rows,
'order' => $order,
'direction' => ($direction == 'up' ? 'up' : 'down'),
];
'get_data' => function($offset, $limit, $order, $direction) {
return Tag::getOffset($offset, $limit, $order, $direction, true);
},
'get_count' => function() {
return 9999;
return Tag::getCount(false, 'Album', true);
}
];

109
controllers/ManageAssets.php
View File

@@ -23,9 +23,8 @@ class ManageAssets extends HTMLController
'form' => [
'action' => BASEURL . '/manageassets/?' . Session::getSessionTokenKey() . '=' . Session::getSessionToken(),
'method' => 'post',
'class' => 'col-md-6 text-end',
'is_embed' => true,
'buttons' => [
'controls' => [
'deleteChecked' => [
'type' => 'submit',
'caption' => 'Delete checked',
@@ -38,12 +37,33 @@ class ManageAssets extends HTMLController
'checkbox' => [
'header' => '<input type="checkbox" id="selectall">',
'is_sortable' => false,
'parse' => [
'type' => 'function',
'data' => function($row) {
return '<input type="checkbox" class="asset_select" name="delete[]" value="' . $row['id_asset'] . '">';
},
],
'format' => fn($row) =>
'<input type="checkbox" class="asset_select" name="delete[]" value="' . $row['id_asset'] . '">',
],
'thumbnail' => [
'header' => '&nbsp;',
'is_sortable' => false,
'cell_class' => 'text-center',
'format' => function($row) {
$asset = Image::byRow($row);
$width = $height = 65;
if ($asset->isImage())
{
if ($asset->isPortrait())
$width = null;
else
$height = null;
$thumb = $asset->getThumbnailUrl($width, $height);
}
else
$thumb = BASEURL . '/images/nothumb.svg';
$width = isset($width) ? $width . 'px' : 'auto';
$height = isset($height) ? $height . 'px' : 'auto';
return sprintf('<img src="%s" style="width: %s; height: %s;">', $thumb, $width, $height);
},
],
'id_asset' => [
'value' => 'id_asset',
@@ -59,72 +79,41 @@ class ManageAssets extends HTMLController
'value' => 'filename',
'header' => 'Filename',
'is_sortable' => true,
'parse' => [
'type' => 'value',
'link' => BASEURL . '/editasset/?id={ID_ASSET}',
'data' => 'filename',
],
'link' => BASEURL . '/editasset/?id={ID_ASSET}',
'value' => 'filename',
],
'id_user_uploaded' => [
'header' => 'User uploaded',
'is_sortable' => true,
'parse' => [
'type' => 'function',
'data' => function($row) {
if (!empty($row['id_user']))
return sprintf('<a href="%s/edituser/?id=%d">%s</a>', BASEURL, $row['id_user'],
$row['first_name'] . ' ' . $row['surname']);
else
return 'n/a';
},
],
'format' => function($row) {
if (!empty($row['id_user']))
return sprintf('<a href="%s/edituser/?id=%d">%s</a>', BASEURL, $row['id_user'],
$row['first_name'] . ' ' . $row['surname']);
else
return 'n/a';
},
],
'dimensions' => [
'header' => 'Dimensions',
'is_sortable' => false,
'parse' => [
'type' => 'function',
'data' => function($row) {
if (!empty($row['image_width']))
return $row['image_width'] . ' x ' . $row['image_height'];
else
return 'n/a';
},
],
'format' => function($row) {
if (!empty($row['image_width']))
return $row['image_width'] . ' x ' . $row['image_height'];
else
return 'n/a';
},
],
],
'start' => !empty($_GET['start']) ? (int) $_GET['start'] : 0,
'sort_order' => !empty($_GET['order']) ? $_GET['order'] : '',
'sort_direction' => !empty($_GET['dir']) ? $_GET['dir'] : '',
'default_sort_order' => 'id_asset',
'default_sort_direction' => 'down',
'start' => $_GET['start'] ?? 0,
'sort_order' => $_GET['order'] ?? '',
'sort_direction' => $_GET['dir'] ?? '',
'title' => 'Manage assets',
'no_items_label' => 'No assets meet the requirements of the current filter.',
'items_per_page' => 30,
'index_class' => 'col-md-6',
'base_url' => BASEURL . '/manageassets/',
'get_data' => function($offset = 0, $limit = 30, $order = '', $direction = 'down') {
if (!in_array($order, ['id_asset', 'id_user_uploaded', 'title', 'subdir', 'filename']))
$order = 'id_asset';
$data = Registry::get('db')->queryAssocs('
SELECT a.id_asset, a.subdir, a.filename,
a.image_width, a.image_height,
u.id_user, u.first_name, u.surname
FROM assets AS a
LEFT JOIN users AS u ON a.id_user_uploaded = u.id_user
ORDER BY {raw:order}
LIMIT {int:offset}, {int:limit}',
[
'order' => $order . ($direction == 'up' ? ' ASC' : ' DESC'),
'offset' => $offset,
'limit' => $limit,
]);
return [
'rows' => $data,
'order' => $order,
'direction' => $direction,
];
},
'get_data' => 'Asset::getOffset',
'get_count' => 'Asset::getCount',
];

77
controllers/ManageErrors.php
View File

@@ -14,8 +14,8 @@ class ManageErrors extends HTMLController
if (!Registry::get('user')->isAdmin())
throw new NotAllowedException();
// Flushing, are we?
if (isset($_POST['flush']) && Session::validateSession('get'))
// Clearing, are we?
if (isset($_POST['clear']) && Session::validateSession('get'))
{
ErrorLog::flush();
header('Location: ' . BASEURL . '/manageerrors/');
@@ -29,9 +29,8 @@ class ManageErrors extends HTMLController
'form' => [
'action' => BASEURL . '/manageerrors/?' . Session::getSessionTokenKey() . '=' . Session::getSessionToken(),
'method' => 'post',
'class' => 'col-md-6 text-end',
'buttons' => [
'flush' => [
'controls' => [
'clear' => [
'type' => 'submit',
'caption' => 'Delete all',
'class' => 'btn-danger',
@@ -39,26 +38,23 @@ class ManageErrors extends HTMLController
],
],
'columns' => [
'id' => [
'id_entry' => [
'value' => 'id_entry',
'header' => '#',
'is_sortable' => true,
],
'message' => [
'parse' => [
'type' => 'function',
'data' => function($row) {
return $row['message'] . '<br>' .
'<div><a onclick="this.parentNode.childNodes[1].style.display=\'block\';this.style.display=\'none\';">Show debug info</a>' .
'<pre style="display: none">' . htmlspecialchars($row['debug_info']) .
'</pre></div>' .
'<small><a href="' . BASEURL .
htmlspecialchars($row['request_uri']) . '">' .
htmlspecialchars($row['request_uri']) . '</a></small>';
}
],
'header' => 'Message / URL',
'is_sortable' => false,
'format' => function($row) {
return $row['message'] . '<br>' .
'<div><a onclick="this.parentNode.childNodes[1].style.display=\'block\';this.style.display=\'none\';">Show debug info</a>' .
'<pre style="display: none">' . htmlspecialchars($row['debug_info']) .
'</pre></div>' .
'<small><a href="' . BASEURL .
htmlspecialchars($row['request_uri']) . '">' .
htmlspecialchars($row['request_uri']) . '</a></small>';
},
],
'file' => [
'value' => 'file',
@@ -71,12 +67,10 @@ class ManageErrors extends HTMLController
'is_sortable' => true,
],
'time' => [
'parse' => [
'format' => [
'type' => 'timestamp',
'data' => [
'timestamp' => 'time',
'pattern' => 'long',
],
'pattern' => 'long',
'value' => 'time',
],
'header' => 'Time',
'is_sortable' => true,
@@ -89,41 +83,20 @@ class ManageErrors extends HTMLController
'uid' => [
'header' => 'UID',
'is_sortable' => true,
'parse' => [
'link' => BASEURL . '/edituser/?id={ID_USER}',
'data' => 'id_user',
],
'link' => BASEURL . '/edituser/?id={ID_USER}',
'value' => 'id_user',
],
],
'start' => !empty($_GET['start']) ? (int) $_GET['start'] : 0,
'sort_order' => !empty($_GET['order']) ? $_GET['order'] : '',
'sort_direction' => !empty($_GET['dir']) ? $_GET['dir'] : '',
'default_sort_order' => 'id_entry',
'default_sort_direction' => 'down',
'start' => $_GET['start'] ?? 0,
'sort_order' => $_GET['order'] ?? '',
'sort_direction' => $_GET['dir'] ?? '',
'no_items_label' => "No errors to display -- we're all good!",
'items_per_page' => 20,
'index_class' => 'col-md-6',
'base_url' => BASEURL . '/manageerrors/',
'get_count' => 'ErrorLog::getCount',
'get_data' => function($offset = 0, $limit = 20, $order = '', $direction = 'down') {
if (!in_array($order, ['id_entry', 'file', 'line', 'time', 'ipaddress', 'id_user']))
$order = 'id_entry';
$data = Registry::get('db')->queryAssocs('
SELECT *
FROM log_errors
ORDER BY {raw:order}
LIMIT {int:offset}, {int:limit}',
[
'order' => $order . ($direction === 'up' ? ' ASC' : ' DESC'),
'offset' => $offset,
'limit' => $limit,
]);
return [
'rows' => $data,
'order' => $order,
'direction' => $direction,
];
},
'get_data' => 'ErrorLog::getOffset',
];
$error_log = new GenericTable($options);

76
controllers/ManageTags.php
View File

@@ -20,8 +20,7 @@ class ManageTags extends HTMLController
'form' => [
'action' => BASEURL . '/edittag/',
'method' => 'get',
'class' => 'col-md-6 text-end',
'buttons' => [
'controls' => [
'add' => [
'type' => 'submit',
'caption' => 'Add new tag',
@@ -37,32 +36,25 @@ class ManageTags extends HTMLController
'tag' => [
'header' => 'Tag',
'is_sortable' => true,
'parse' => [
'link' => BASEURL . '/edittag/?id={ID_TAG}',
'data' => 'tag',
],
'link' => BASEURL . '/edittag/?id={ID_TAG}',
'value' => 'tag',
],
'slug' => [
'header' => 'Slug',
'is_sortable' => true,
'parse' => [
'link' => BASEURL . '/edittag/?id={ID_TAG}',
'data' => 'slug',
],
'link' => BASEURL . '/edittag/?id={ID_TAG}',
'value' => 'slug',
],
'id_user_owner' => [
'header' => 'Owning user',
'is_sortable' => true,
'parse' => [
'type' => 'function',
'data' => function($row) {
if (!empty($row['id_user']))
return sprintf('<a href="%s/edituser/?id=%d">%s</a>', BASEURL, $row['id_user'],
$row['first_name'] . ' ' . $row['surname']);
else
return 'n/a';
},
],
'format' => function($row) {
if (!empty($row['id_user']))
return sprintf('<a href="%s/edituser/?id=%d">%s</a>', BASEURL, $row['id_user'],
$row['first_name'] . ' ' . $row['surname']);
else
return 'n/a';
},
],
'count' => [
'header' => 'Cardinality',
@@ -70,46 +62,20 @@ class ManageTags extends HTMLController
'value' => 'count',
],
],
'start' => !empty($_GET['start']) ? (int) $_GET['start'] : 0,
'sort_order' => !empty($_GET['order']) ? $_GET['order'] : null,
'sort_direction' => !empty($_GET['dir']) ? $_GET['dir'] : null,
'default_sort_order' => 'tag',
'default_sort_direction' => 'up',
'start' => $_GET['start'] ?? 0,
'sort_order' => $_GET['order'] ?? '',
'sort_direction' => $_GET['dir'] ?? '',
'title' => 'Manage tags',
'no_items_label' => 'No tags meet the requirements of the current filter.',
'items_per_page' => 30,
'index_class' => 'col-md-6',
'items_per_page' => 9999,
'base_url' => BASEURL . '/managetags/',
'get_data' => function($offset = 0, $limit = 30, $order = '', $direction = 'up') {
if (!in_array($order, ['id_tag', 'tag', 'slug', 'kind', 'count']))
$order = 'tag';
if (!in_array($direction, ['up', 'down']))
$direction = 'up';
$data = Registry::get('db')->queryAssocs('
SELECT t.*, u.id_user, u.first_name, u.surname
FROM tags AS t
LEFT JOIN users AS u ON t.id_user_owner = u.id_user
WHERE kind != {string:album}
ORDER BY {raw:order}
LIMIT {int:offset}, {int:limit}',
[
'order' => $order . ($direction == 'up' ? ' ASC' : ' DESC'),
'offset' => $offset,
'limit' => $limit,
'album' => 'Album',
]);
return [
'rows' => $data,
'order' => $order,
'direction' => ($direction == 'up' ? 'up' : 'down'),
];
'get_data' => function($offset, $limit, $order, $direction) {
return Tag::getOffset($offset, $limit, $order, $direction, false);
},
'get_count' => function() {
return Registry::get('db')->queryValue('
SELECT COUNT(*)
FROM tags
WHERE kind != {string:album}',
['album' => 'Album']);
return Tag::getCount(false, null, false);
}
];

74
controllers/ManageUsers.php
View File

@@ -20,8 +20,7 @@ class ManageUsers extends HTMLController
'form' => [
'action' => BASEURL . '/edituser/',
'method' => 'get',
'class' => 'col-md-6 text-end',
'buttons' => [
'controls' => [
'add' => [
'type' => 'submit',
'caption' => 'Add new user',
@@ -37,26 +36,20 @@ class ManageUsers extends HTMLController
'surname' => [
'header' => 'Last name',
'is_sortable' => true,
'parse' => [
'link' => BASEURL . '/edituser/?id={ID_USER}',
'data' => 'surname',
],
'link' => BASEURL . '/edituser/?id={ID_USER}',
'value' => 'surname',
],
'first_name' => [
'header' => 'First name',
'is_sortable' => true,
'parse' => [
'link' => BASEURL . '/edituser/?id={ID_USER}',
'data' => 'first_name',
],
'link' => BASEURL . '/edituser/?id={ID_USER}',
'value' => 'first_name',
],
'slug' => [
'header' => 'Slug',
'is_sortable' => true,
'parse' => [
'link' => BASEURL . '/edituser/?id={ID_USER}',
'data' => 'slug',
],
'link' => BASEURL . '/edituser/?id={ID_USER}',
'value' => 'slug',
],
'emailaddress' => [
'value' => 'emailaddress',
@@ -64,12 +57,11 @@ class ManageUsers extends HTMLController
'is_sortable' => true,
],
'last_action_time' => [
'parse' => [
'format' => [
'type' => 'timestamp',
'data' => [
'timestamp' => 'last_action_time',
'pattern' => 'long',
],
'pattern' => 'long',
'value' => 'last_action_time',
'if_null' => 'n/a',
],
'header' => 'Last activity',
'is_sortable' => true,
@@ -82,48 +74,20 @@ class ManageUsers extends HTMLController
'is_admin' => [
'is_sortable' => true,
'header' => 'Admin?',
'parse' => [
'type' => 'function',
'data' => function($row) {
return $row['is_admin'] ? 'yes' : 'no';
}
],
'format' => fn($row) => $row['is_admin'] ? 'yes' : 'no',
],
],
'start' => !empty($_GET['start']) ? (int) $_GET['start'] : 0,
'sort_order' => !empty($_GET['order']) ? $_GET['order'] : '',
'sort_direction' => !empty($_GET['dir']) ? $_GET['dir'] : '',
'default_sort_order' => 'id_user',
'default_sort_direction' => 'down',
'start' => $_GET['start'] ?? 0,
'sort_order' => $_GET['order'] ?? '',
'sort_direction' => $_GET['dir'] ?? '',
'title' => 'Manage users',
'no_items_label' => 'No users meet the requirements of the current filter.',
'items_per_page' => 30,
'index_class' => 'col-md-6',
'base_url' => BASEURL . '/manageusers/',
'get_data' => function($offset = 0, $limit = 30, $order = '', $direction = 'down') {
if (!in_array($order, ['id_user', 'surname', 'first_name', 'slug', 'emailaddress', 'last_action_time', 'ip_address', 'is_admin']))
$order = 'id_user';
$data = Registry::get('db')->queryAssocs('
SELECT *
FROM users
ORDER BY {raw:order}
LIMIT {int:offset}, {int:limit}',
[
'order' => $order . ($direction == 'up' ? ' ASC' : ' DESC'),
'offset' => $offset,
'limit' => $limit,
]);
return [
'rows' => $data,
'order' => $order,
'direction' => $direction,
];
},
'get_count' => function() {
return Registry::get('db')->queryValue('
SELECT COUNT(*)
FROM users');
}
'get_data' => 'Member::getOffset',
'get_count' => 'Member::getCount',
];
$table = new GenericTable($options);

140
controllers/ResetPassword.php
View File

@@ -16,66 +16,94 @@ class ResetPassword extends HTMLController
// Verifying an existing reset key?
if (isset($_GET['step'], $_GET['email'], $_GET['key']) && $_GET['step'] == 2)
{
$email = rawurldecode($_GET['email']);
$id_user = Authentication::getUserid($email);
if ($id_user === false)
throw new UserFacingException('Invalid email address. Please make sure you copied the full link in the email you received.');
$key = $_GET['key'];
if (!Authentication::checkResetKey($id_user, $key))
throw new UserFacingException('Invalid reset token. Please make sure you copied the full link in the email you received. Note: you cannot use the same token twice.');
parent::__construct('Reset password - ' . SITE_TITLE);
$form = new PasswordResetForm($email, $key);
$this->page->adopt($form);
// Are they trying to set something already?
if (isset($_POST['password1'], $_POST['password2']))
{
$missing = [];
if (strlen($_POST['password1']) < 6 || !preg_match('~[^A-z]~', $_POST['password1']))
$missing[] = 'Please fill in a password that is at least six characters long and contains at least one non-alphabetic character (e.g. a number or symbol).';
if ($_POST['password1'] != $_POST['password2'])
$missing[] = 'The passwords you entered do not match.';
// So, are we good to go?
if (empty($missing))
{
Authentication::updatePassword($id_user, Authentication::computeHash($_POST['password1']));
$_SESSION['login_msg'] = ['Your password has been reset', 'You can now use the form below to log in to your account.', 'success'];
header('Location: ' . BASEURL . '/login/');
exit;
}
else
$form->adopt(new Alert('Some fields require your attention', '<ul><li>' . implode('</li><li>', $missing) . '</li></ul>', 'danger'));
}
}
$this->verifyResetKey();
else
$this->requestResetKey();
}
private function requestResetKey()
{
parent::__construct('Reset password - ' . SITE_TITLE);
$form = new ForgotPasswordForm();
$this->page->adopt($form);
// Have they submitted an email address yet?
if (isset($_POST['emailaddress']) && preg_match('~^.+@.+\.[a-z]+$~', trim($_POST['emailaddress'])))
{
parent::__construct('Reset password - ' . SITE_TITLE);
$form = new ForgotPasswordForm();
$this->page->adopt($form);
// Have they submitted an email address yet?
if (isset($_POST['emailaddress']) && preg_match('~^.+@.+\.[a-z]+$~', trim($_POST['emailaddress'])))
$user = Member::fromEmailAddress($_POST['emailaddress']);
if (!$user)
{
$id_user = Authentication::getUserid(trim($_POST['emailaddress']));
if ($id_user === false)
{
$form->adopt(new Alert('Invalid email address', 'The email address you provided could not be found in our system. Please try again.', 'danger'));
return;
}
Authentication::setResetKey($id_user);
Email::resetMail($id_user);
// Show the success message
$this->page->clear();
$box = new DummyBox('An email has been sent');
$box->adopt(new Alert('', 'We have sent an email to ' . $_POST['emailaddress'] . ' containing details on how to reset your password.', 'success'));
$this->page->adopt($box);
$form->adopt(new Alert('Invalid email address', 'The email address you provided could not be found in our system. Please try again.', 'danger'));
return;
}
if (Authentication::getResetTimeOut($user->getUserId()) > 0)
{
// Update the reset time-out to prevent hammering
$resetTimeOut = Authentication::updateResetTimeOut($user->getUserId());
// Present it to the user in a readable way
if ($resetTimeOut > 3600)
$timeOut = sprintf('%d hours', ceil($resetTimeOut / 3600));
elseif ($resetTimeOut > 60)
$timeOut = sprintf('%d minutes', ceil($resetTimeOut / 60));
else
$timeOut = sprintf('%d seconds', $resetTimeOut);
$form->adopt(new Alert('Password reset token already sent', 'We already sent a password reset token to this email address recently. ' .
'If no email was received, please wait ' . $timeOut . ' to try again.', 'error'));
return;
}
Authentication::setResetKey($user->getUserId());
Email::resetMail($user->getUserId());
// Show the success message
$this->page->clear();
$box = new DummyBox('An email has been sent');
$box->adopt(new Alert('', 'We have sent an email to ' . $_POST['emailaddress'] . ' containing details on how to reset your password.', 'success'));
$this->page->adopt($box);
}
}
private function verifyResetKey()
{
$email = rawurldecode($_GET['email']);
$user = Member::fromEmailAddress($email);
if (!$user)
throw new UserFacingException('Invalid email address. Please make sure you copied the full link in the email you received.');
$key = $_GET['key'];
if (!Authentication::checkResetKey($user->getUserId(), $key))
throw new UserFacingException('Invalid reset token. Please make sure you copied the full link in the email you received. Note: you cannot use the same token twice.');
parent::__construct('Reset password - ' . SITE_TITLE);
$form = new PasswordResetForm($email, $key);
$this->page->adopt($form);
// Are they trying to set something already?
if (isset($_POST['password1'], $_POST['password2']))
{
$missing = [];
if (strlen($_POST['password1']) < 6 || !preg_match('~[^A-z]~', $_POST['password1']))
$missing[] = 'Please fill in a password that is at least six characters long and contains at least one non-alphabetic character (e.g. a number or symbol).';
if ($_POST['password1'] != $_POST['password2'])
$missing[] = 'The passwords you entered do not match.';
// So, are we good to go?
if (empty($missing))
{
Authentication::updatePassword($user->getUserId(), Authentication::computeHash($_POST['password1']));
// Consume token, ensuring it isn't used again
Authentication::consumeResetKey($user->getUserId());
$_SESSION['login_msg'] = ['Your password has been reset', 'You can now use the form below to log in to your account.', 'success'];
header('Location: ' . BASEURL . '/login/');
exit;
}
else
$form->adopt(new Alert('Some fields require your attention', '<ul><li>' . implode('</li><li>', $missing) . '</li></ul>', 'danger'));
}
}
}

12
controllers/ViewPhoto.php
View File

@@ -46,6 +46,18 @@ class ViewPhoto extends HTMLController
if (isset($tag))
$page->setTag($tag);
// Keeping tabs on a filter?
if (isset($_GET['by']))
{
// Let's first verify that the filter is valid
$user = Member::fromSlug($_GET['by']);
if (!$user)
throw new UnexpectedValueException('Invalid filter for this album or tag.');
// Alright, let's run with it then
$page->setActiveFilter($user->getSlug());
}
$this->page->adopt($page);
$this->page->setCanonicalUrl($this->photo->getPageUrl());
}

174
controllers/ViewPhotoAlbum.php
View File

@@ -26,60 +26,92 @@ class ViewPhotoAlbum extends HTMLController
$tag = Tag::fromSlug($_GET['tag']);
$id_tag = $tag->id_tag;
$title = $tag->tag;
$description = !empty($tag->description) ? $tag->description : '';
// Can we go up a level?
if ($tag->id_parent != 0)
{
$ptag = Tag::fromId($tag->id_parent);
$back_link = BASEURL . '/' . (!empty($ptag->slug) ? $ptag->slug . '/' : '');
$back_link_title = 'Back to &quot;' . $ptag->tag . '&quot;';
}
elseif ($tag->kind === 'Person')
{
$back_link = BASEURL . '/people/';
$back_link_title = 'Back to &quot;People&quot;';
$is_person = true;
}
$header_box = new AlbumHeaderBox($title, $description, $back_link, $back_link_title);
$header_box = $this->getHeaderBox($tag);
}
// View the album root.
else
{
$id_tag = 1;
$tag = Tag::fromId($id_tag);
$title = 'Albums';
}
// What page are we at?
$page = isset($_GET['page']) ? (int) $_GET['page'] : 1;
$current_page = isset($_GET['page']) ? (int) $_GET['page'] : 1;
parent::__construct($title . ' - Page ' . $page . ' - ' . SITE_TITLE);
parent::__construct($title . ' - Page ' . $current_page . ' - ' . SITE_TITLE);
if (isset($header_box))
$this->page->adopt($header_box);
// Can we do fancy things here?
// !!! TODO: permission system?
$buttons = $this->getAlbumButtons($id_tag, $tag ?? null);
if (!empty($buttons))
$this->page->adopt(new AlbumButtonBox($buttons));
// Who contributed to this album?
$contributors = $tag->getContributorList();
// Enumerate possible filters
$filters = [];
if (!empty($contributors))
{
$filters[''] = ['id_user' => null, 'label' => '', 'caption' => 'All photos',
'link' => $tag->getUrl()];
foreach ($contributors as $contributor)
{
$filters[$contributor['slug']] = [
'id_user' => $contributor['id_user'],
'label' => $contributor['first_name'],
'caption' => sprintf('By %s (%s photos)',
$contributor['first_name'], $contributor['num_assets']),
'link' => $tag->getUrl() . '?by=' . $contributor['slug'],
];
}
}
// Limit to a particular uploader?
$active_filter = '';
$id_user_uploaded = null;
if (!empty($_GET['by']))
{
if (!isset($filters[$_GET['by']]))
throw new UnexpectedValueException('Invalid filter for this album or tag.');
$active_filter = $_GET['by'];
$id_user_uploaded = $filters[$active_filter]['id_user'];
$filters[$active_filter]['is_active'] = true;
}
// Add an interface to query and modify the album/tag
$buttons = $this->getAlbumButtons($tag, $active_filter);
$button_strip = new AlbumButtonBox($buttons, $filters, $active_filter);
$this->page->adopt($button_strip);
// Fetch subalbums, but only if we're on the first page.
if ($page === 1)
if ($current_page === 1)
{
$albums = $this->getAlbums($id_tag);
$index = new AlbumIndex($albums);
$this->page->adopt($index);
}
// Are we viewing a person tag?
$is_person = $tag->kind === 'Person';
// Load a photo mosaic for the current tag.
list($mosaic, $total_count) = $this->getPhotoMosaic($id_tag, $page, !isset($is_person));
list($mosaic, $total_count) = $this->getPhotoMosaic($id_tag, $id_user_uploaded, $current_page, !$is_person);
if (isset($mosaic))
{
$index = new PhotosIndex($mosaic, Registry::get('user')->isAdmin());
$this->page->adopt($index);
if ($id_tag > 1)
$index->setUrlSuffix('?in=' . $id_tag);
$url_params = [];
if (isset($tag))
$url_params['in'] = $tag->id_tag;
if (!empty($active_filter))
$url_params['by'] = $active_filter;
$url_suffix = http_build_query($url_params);
$index->setUrlSuffix('?' . $url_suffix);
$menu_items = $this->getEditMenuItems('&' . $url_suffix);
$index->setEditMenuItems($menu_items);
}
// Make a page index as needed, while we're at it.
@@ -88,24 +120,24 @@ class ViewPhotoAlbum extends HTMLController
$index = new PageIndex([
'recordCount' => $total_count,
'items_per_page' => self::PER_PAGE,
'start' => (isset($_GET['page']) ? $_GET['page'] - 1 : 0) * self::PER_PAGE,
'base_url' => BASEURL . '/' . (isset($_GET['tag']) ? $_GET['tag'] . '/' : ''),
'page_slug' => 'page/%PAGE%/',
'start' => ($current_page - 1) * self::PER_PAGE,
'base_url' => $tag->getUrl(),
'page_slug' => 'page/%PAGE%/' . (!empty($active_filter) ? '?by=' . $active_filter : ''),
'index_class' => 'pagination-lg justify-content-around justify-content-lg-center',
]);
$this->page->adopt(new PageIndexWidget($index));
}
// Set the canonical url.
$this->page->setCanonicalUrl(BASEURL . '/' . (isset($_GET['tag']) ? $_GET['tag'] . '/' : '') .
($page > 1 ? 'page/' . $page . '/' : ''));
$this->page->setCanonicalUrl($tag->getUrl() . ($current_page > 1 ? 'page/' . $current_page . '/' : ''));
}
public function getPhotoMosaic($id_tag, $page, $sort_linear)
public function getPhotoMosaic($id_tag, $id_user_uploaded, $page, $sort_linear)
{
// Create an iterator.
list($this->iterator, $total_count) = AssetIterator::getByOptions([
'id_tag' => $id_tag,
'id_user_uploaded' => $id_user_uploaded,
'order' => 'date_captured',
'direction' => $sort_linear ? 'asc' : 'desc',
'limit' => self::PER_PAGE,
@@ -145,25 +177,26 @@ class ViewPhotoAlbum extends HTMLController
return $albums;
}
private function getAlbumButtons($id_tag, $tag)
private function getAlbumButtons(Tag $tag, $active_filter)
{
$buttons = [];
$user = Registry::get('user');
if ($user->isLoggedIn())
{
$suffix = !empty($active_filter) ? '&by=' . $active_filter : '';
$buttons[] = [
'url' => BASEURL . '/download/?tag=' . $id_tag,
'url' => BASEURL . '/download/?tag=' . $tag->id_tag . $suffix,
'caption' => 'Download album',
];
}
if (isset($tag))
if ($tag->id_parent != 0)
{
if ($tag->kind === 'Album')
{
$buttons[] = [
'url' => BASEURL . '/uploadmedia/?tag=' . $id_tag,
'url' => BASEURL . '/uploadmedia/?tag=' . $tag->id_tag,
'caption' => 'Upload photos here',
];
}
@@ -173,14 +206,14 @@ class ViewPhotoAlbum extends HTMLController
if ($tag->kind === 'Album')
{
$buttons[] = [
'url' => BASEURL . '/editalbum/?id=' . $id_tag,
'url' => BASEURL . '/editalbum/?id=' . $tag->id_tag,
'caption' => 'Edit album',
];
}
elseif ($tag->kind === 'Person')
{
$buttons[] = [
'url' => BASEURL . '/edittag/?id=' . $id_tag,
'url' => BASEURL . '/edittag/?id=' . $tag->id_tag,
'caption' => 'Edit tag',
];
}
@@ -190,7 +223,7 @@ class ViewPhotoAlbum extends HTMLController
if ($user->isAdmin() && (!isset($tag) || $tag->kind === 'Album'))
{
$buttons[] = [
'url' => BASEURL . '/addalbum/?tag=' . $id_tag,
'url' => BASEURL . '/addalbum/?tag=' . $tag->id_tag,
'caption' => 'Create subalbum',
];
}
@@ -198,9 +231,62 @@ class ViewPhotoAlbum extends HTMLController
return $buttons;
}
public function __destruct()
private function getEditMenuItems($url_suffix)
{
if (isset($this->iterator))
$this->iterator->clean();
$items = [];
$sess = '&' . Session::getSessionTokenKey() . '=' . Session::getSessionToken();
if (Registry::get('user')->isLoggedIn())
{
$items[] = [
'label' => 'Edit image',
'uri' => fn($image) => $image->getEditUrl() . $url_suffix,
];
$items[] = [
'label' => 'Delete image',
'uri' => fn($image) => $image->getDeleteUrl() . $url_suffix . $sess,
'onclick' => 'return confirm(\'Are you sure you want to delete this image?\');',
];
}
if (Registry::get('user')->isAdmin())
{
$items[] = [
'label' => 'Make album cover',
'uri' => fn($image) => $image->getEditUrl() . $url_suffix . '&album_cover' . $sess,
];
$items[] = [
'label' => 'Increase priority',
'uri' => fn($image) => $image->getEditUrl() . $url_suffix . '&inc_prio' . $sess,
];
$items[] = [
'label' => 'Decrease priority',
'uri' => fn($image) => $image->getEditUrl() . $url_suffix . '&dec_prio' . $sess,
];
}
return $items;
}
private function getHeaderBox(Tag $tag)
{
// Can we go up a level?
if ($tag->id_parent != 0)
{
$ptag = Tag::fromId($tag->id_parent);
$back_link = BASEURL . '/' . (!empty($ptag->slug) ? $ptag->slug . '/' : '');
$back_link_title = 'Back to &quot;' . $ptag->tag . '&quot;';
}
elseif ($tag->kind === 'Person')
{
$back_link = BASEURL . '/people/';
$back_link_title = 'Back to &quot;People&quot;';
}
$description = !empty($tag->description) ? $tag->description : '';
return new AlbumHeaderBox($tag->tag, $description, $back_link, $back_link_title);
}
}

6
controllers/ViewTimeline.php
View File

@@ -54,10 +54,4 @@ class ViewTimeline extends HTMLController
// Set the canonical url.
$this->page->setCanonicalUrl(BASEURL . '/timeline/');
}
public function __destruct()
{
if (isset($this->iterator))
$this->iterator->clean();
}
}

2
migrations/2024-11-05.sql Normal file
View File

@@ -0,0 +1,2 @@
/* Add time-out to password reset keys, and prevent repeated mails */
ALTER TABLE `users` ADD `reset_blocked_until` INT UNSIGNED NULL AFTER `reset_key`;

356
models/Asset.php
View File

@@ -8,23 +8,23 @@
class Asset
{
protected $id_asset;
protected $id_user_uploaded;
protected $subdir;
protected $filename;
protected $title;
protected $slug;
protected $mimetype;
protected $image_width;
protected $image_height;
protected $date_captured;
protected $priority;
public $id_asset;
public $id_user_uploaded;
public $subdir;
public $filename;
public $title;
public $slug;
public $mimetype;
public $image_width;
public $image_height;
public $date_captured;
public $priority;
protected $meta;
protected $tags;
protected $thumbnails;
protected function __construct(array $data)
public function __construct(array $data)
{
foreach ($data as $attribute => $value)
{
@@ -32,10 +32,15 @@ class Asset
$this->$attribute = $value;
}
if (!empty($data['date_captured']) && $data['date_captured'] !== 'NULL')
if (isset($data['date_captured']) && $data['date_captured'] !== null && !is_object($data['date_captured']))
$this->date_captured = new DateTime($data['date_captured']);
}
public function canBeEditedBy(User $user)
{
return $this->isOwnedBy($user) || $user->isAdmin();
}
public static function cleanSlug($slug)
{
// Only alphanumerical chars, underscores and forward slashes are allowed
@@ -51,7 +56,7 @@ class Asset
$row = Registry::get('db')->queryAssoc('
SELECT *
FROM assets
WHERE id_asset = {int:id_asset}',
WHERE id_asset = :id_asset',
[
'id_asset' => $id_asset,
]);
@@ -64,7 +69,7 @@ class Asset
$row = Registry::get('db')->queryAssoc('
SELECT *
FROM assets
WHERE slug = {string:slug}',
WHERE slug = :slug',
[
'slug' => $slug,
]);
@@ -80,7 +85,7 @@ class Asset
$row['meta'] = $db->queryPair('
SELECT variable, value
FROM assets_meta
WHERE id_asset = {int:id_asset}',
WHERE id_asset = :id_asset',
[
'id_asset' => $row['id_asset'],
]);
@@ -89,21 +94,20 @@ class Asset
$row['thumbnails'] = $db->queryPair('
SELECT
CONCAT(
width,
{string:x},
height,
IF(mode != {string:empty}, CONCAT({string:_}, mode), {string:empty})
width, :x, height,
IF(mode != :empty1, CONCAT(:_, mode), :empty2)
) AS selector, filename
FROM assets_thumbs
WHERE id_asset = {int:id_asset}',
WHERE id_asset = :id_asset',
[
'id_asset' => $row['id_asset'],
'empty' => '',
'empty1' => '',
'empty2' => '',
'x' => 'x',
'_' => '_',
]);
return $return_format == 'object' ? new Asset($row) : $row;
return $return_format === 'object' ? new static($row) : $row;
}
public static function fromIds(array $id_assets, $return_format = 'array')
@@ -116,14 +120,14 @@ class Asset
$res = $db->query('
SELECT *
FROM assets
WHERE id_asset IN ({array_int:id_assets})
WHERE id_asset IN (@id_assets)
ORDER BY id_asset',
[
'id_assets' => $id_assets,
]);
$assets = [];
while ($asset = $db->fetch_assoc($res))
while ($asset = $db->fetchAssoc($res))
{
$assets[$asset['id_asset']] = $asset;
$assets[$asset['id_asset']]['meta'] = [];
@@ -133,7 +137,7 @@ class Asset
$metas = $db->queryRows('
SELECT id_asset, variable, value
FROM assets_meta
WHERE id_asset IN ({array_int:id_assets})
WHERE id_asset IN (@id_assets)
ORDER BY id_asset',
[
'id_assets' => $id_assets,
@@ -145,17 +149,16 @@ class Asset
$thumbnails = $db->queryRows('
SELECT id_asset,
CONCAT(
width,
{string:x},
height,
IF(mode != {string:empty}, CONCAT({string:_}, mode), {string:empty})
width, :x, height,
IF(mode != :empty1, CONCAT(:_, mode), :empty2)
) AS selector, filename
FROM assets_thumbs
WHERE id_asset IN ({array_int:id_assets})
WHERE id_asset IN (@id_assets)
ORDER BY id_asset',
[
'id_assets' => $id_assets,
'empty' => '',
'empty1' => '',
'empty2' => '',
'x' => 'x',
'_' => '_',
]);
@@ -163,8 +166,10 @@ class Asset
foreach ($thumbnails as $thumb)
$assets[$thumb[0]]['thumbnails'][$thumb[1]] = $thumb[2];
if ($return_format == 'array')
if ($return_format === 'array')
{
return $assets;
}
else
{
$objects = [];
@@ -257,10 +262,10 @@ class Asset
INSERT INTO assets
(id_user_uploaded, subdir, filename, title, slug, mimetype, image_width, image_height, date_captured, priority)
VALUES
({int:id_user_uploaded}, {string:subdir}, {string:filename}, {string:title}, {string:slug}, {string:mimetype},
{int:image_width}, {int:image_height},
IF({int:date_captured} > 0, FROM_UNIXTIME({int:date_captured}), NULL),
{int:priority})',
(:id_user_uploaded, :subdir, :filename, :title, :slug, :mimetype,
:image_width, :image_height,
' . (!empty($date_captured) ? 'FROM_UNIXTIME(:date_captured)' : 'NULL') . ',
:priority)',
[
'id_user_uploaded' => isset($id_user) ? $id_user : Registry::get('user')->getUserId(),
'subdir' => $preferred_subdir,
@@ -268,9 +273,9 @@ class Asset
'title' => $title,
'slug' => $slug,
'mimetype' => $mimetype,
'image_width' => isset($image_width) ? $image_width : 'NULL',
'image_height' => isset($image_height) ? $image_height : 'NULL',
'date_captured' => isset($date_captured) ? $date_captured : 'NULL',
'image_width' => isset($image_width) ? $image_width : null,
'image_height' => isset($image_height) ? $image_height : null,
'date_captured' => isset($date_captured) ? $date_captured : null,
'priority' => isset($priority) ? (int) $priority : 0,
]);
@@ -280,7 +285,7 @@ class Asset
return false;
}
$data['id_asset'] = $db->insert_id();
$data['id_asset'] = $db->insertId();
return $return_format === 'object' ? new self($data) : $data;
}
@@ -319,7 +324,7 @@ class Asset
$posts = Registry::get('db')->queryValues('
SELECT id_post
FROM posts_assets
WHERE id_asset = {int:id_asset}',
WHERE id_asset = :id_asset',
['id_asset' => $this->id_asset]);
// TODO: fix empty post iterator.
@@ -433,9 +438,9 @@ class Asset
$this->slug = $this->subdir . '/' . $this->title;
Registry::get('db')->query('
UPDATE assets
SET subdir = {string:subdir},
slug = {string:slug}
WHERE id_asset = {int:id_asset}',
SET subdir = :subdir,
slug = :slug
WHERE id_asset = :id_asset',
[
'id_asset' => $this->id_asset,
'subdir' => $this->subdir,
@@ -490,18 +495,18 @@ class Asset
return Registry::get('db')->query('
UPDATE assets
SET
mimetype = {string:mimetype},
image_width = {int:image_width},
image_height = {int:image_height},
date_captured = {datetime:date_captured},
priority = {int:priority}
WHERE id_asset = {int:id_asset}',
mimetype = :mimetype,
image_width = :image_width,
image_height = :image_height,
date_captured = :date_captured,
priority = :priority
WHERE id_asset = :id_asset',
[
'id_asset' => $this->id_asset,
'mimetype' => $this->mimetype,
'image_width' => isset($this->image_width) ? $this->image_width : 'NULL',
'image_height' => isset($this->image_height) ? $this->image_height : 'NULL',
'date_captured' => isset($this->date_captured) ? $this->date_captured : 'NULL',
'image_width' => isset($this->image_width) ? $this->image_width : null,
'image_height' => isset($this->image_height) ? $this->image_height : null,
'date_captured' => isset($this->date_captured) ? $this->date_captured : null,
'priority' => $this->priority,
]);
}
@@ -522,8 +527,8 @@ class Asset
if (!empty($to_remove))
$db->query('
DELETE FROM assets_meta
WHERE id_asset = {int:id_asset} AND
variable IN({array_string:variables})',
WHERE id_asset = :id_asset AND
variable IN(@variables)',
[
'id_asset' => $this->id_asset,
'variables' => array_keys($to_remove),
@@ -554,63 +559,40 @@ class Asset
{
$db = Registry::get('db');
// First: delete associated metadata
// Delete any and all thumbnails, if this is an image.
if ($this->isImage())
{
$image = $this->getImage();
$image->removeAllThumbnails();
}
// Delete all meta info for this asset.
$db->query('
DELETE FROM assets_meta
WHERE id_asset = {int:id_asset}',
[
'id_asset' => $this->id_asset,
]);
WHERE id_asset = :id_asset',
['id_asset' => $this->id_asset]);
// Second: figure out what tags to recount cardinality for
// Figure out what tags to recount cardinality for
$recount_tags = $db->queryValues('
SELECT id_tag
FROM assets_tags
WHERE id_asset = {int:id_asset}',
[
'id_asset' => $this->id_asset,
]);
WHERE id_asset = :id_asset',
['id_asset' => $this->id_asset]);
// Delete asset association for these tags
$db->query('
DELETE FROM assets_tags
WHERE id_asset = {int:id_asset}',
[
'id_asset' => $this->id_asset,
]);
WHERE id_asset = :id_asset',
['id_asset' => $this->id_asset]);
Tag::recount($recount_tags);
// Third: figure out what associated thumbs to delete
$thumbs_to_delete = $db->queryValues('
SELECT filename
FROM assets_thumbs
WHERE id_asset = {int:id_asset}',
[
'id_asset' => $this->id_asset,
]);
foreach ($thumbs_to_delete as $filename)
{
$thumb_path = THUMBSDIR . '/' . $this->subdir . '/' . $filename;
if (is_file($thumb_path))
unlink($thumb_path);
}
$db->query('
DELETE FROM assets_thumbs
WHERE id_asset = {int:id_asset}',
[
'id_asset' => $this->id_asset,
]);
// Reset asset ID for tags that use this asset for their thumbnail
$rows = $db->query('
$rows = $db->queryValues('
SELECT id_tag
FROM tags
WHERE id_asset_thumb = {int:id_asset}',
[
'id_asset' => $this->id_asset,
]);
WHERE id_asset_thumb = :id_asset',
['id_asset' => $this->id_asset]);
if (!empty($rows))
{
@@ -627,10 +609,8 @@ class Asset
$return = $db->query('
DELETE FROM assets
WHERE id_asset = {int:id_asset}',
[
'id_asset' => $this->id_asset,
]);
WHERE id_asset = :id_asset',
['id_asset' => $this->id_asset]);
return $return;
}
@@ -659,7 +639,7 @@ class Asset
Registry::get('db')->query('
DELETE FROM assets_tags
WHERE id_asset = {int:id_asset} AND id_tag IN ({array_int:id_tags})',
WHERE id_asset = :id_asset AND id_tag IN (@id_tags)',
[
'id_asset' => $this->id_asset,
'id_tags' => $id_tags,
@@ -675,87 +655,117 @@ class Asset
FROM assets');
}
public function setKeyData($title, $slug, DateTime $date_captured = null, $priority)
public static function getOffset($offset, $limit, $order, $direction)
{
$params = [
'id_asset' => $this->id_asset,
'title' => $title,
'slug' => $slug,
'priority' => $priority,
];
$order = $order . ($direction == 'up' ? ' ASC' : ' DESC');
if (isset($date_captured))
$params['date_captured'] = $date_captured->format('Y-m-d H:i:s');
return Registry::get('db')->queryAssocs('
SELECT a.id_asset, a.subdir, a.filename,
a.image_width, a.image_height, a.mimetype,
u.id_user, u.first_name, u.surname
FROM assets AS a
LEFT JOIN users AS u ON a.id_user_uploaded = u.id_user
ORDER BY ' . $order . '
LIMIT :offset, :limit',
[
'offset' => $offset,
'limit' => $limit,
]);
}
public function save()
{
if (empty($this->id_asset))
throw new UnexpectedValueException();
return Registry::get('db')->query('
UPDATE assets
SET title = {string:title},
slug = {string:slug},' . (isset($date_captured) ? '
date_captured = {datetime:date_captured},' : '') . '
priority = {int:priority}
WHERE id_asset = {int:id_asset}',
SET subdir = :subdir,
filename = :filename,
title = :title,
slug = :slug,
mimetype = :mimetype,
image_width = :image_width,
image_height = :image_height,
date_captured = :date_captured,
priority = :priority
WHERE id_asset = :id_asset',
get_object_vars($this));
}
protected function getUrlForAdjacentInSet($prevNext, ?Tag $tag, $activeFilter)
{
$next = $prevNext === 'next';
$previous = !$next;
$where = [];
$params = [
'id_asset' => $this->id_asset,
'date_captured' => $this->date_captured,
];
// Direction depends on whether we're browsing a tag or timeline
if (isset($tag))
{
$where[] = 't.id_tag = :id_tag';
$params['id_tag'] = $tag->id_tag;
$where_op = $previous ? '<' : '>';
$order_dir = $previous ? 'DESC' : 'ASC';
}
else
{
$where_op = $previous ? '>' : '<';
$order_dir = $previous ? 'ASC' : 'DESC';
}
// Take active filter into account as well
if (!empty($activeFilter) && ($user = Member::fromSlug($activeFilter)) !== false)
{
$where[] = 'id_user_uploaded = :id_user_uploaded';
$params['id_user_uploaded'] = $user->getUserId();
}
// Use complete ordering when sorting the set
$where[] = '(a.date_captured, a.id_asset) ' . $where_op .
' (:date_captured, :id_asset)';
// Stringify conditions together
$where = '(' . implode(') AND (', $where) . ')';
// Run query, leaving out tags table if not required
$row = Registry::get('db')->queryAssoc('
SELECT a.*
FROM assets AS a
' . (isset($tag) ? '
INNER JOIN assets_tags AS t ON a.id_asset = t.id_asset' : '') . '
WHERE ' . $where . '
ORDER BY a.date_captured ' . $order_dir . ', a.id_asset ' . $order_dir . '
LIMIT 1',
$params);
if (!$row)
return false;
$obj = self::byRow($row, 'object');
$urlParams = [];
if (isset($tag))
$urlParams['in'] = $tag->id_tag;
if (!empty($activeFilter))
$urlParams['by'] = $activeFilter;
$queryString = !empty($urlParams) ? '?' . http_build_query($urlParams) : '';
return $obj->getPageUrl() . $queryString;
}
public function getUrlForPreviousInSet(?Tag $tag)
public function getUrlForPreviousInSet(?Tag $tag, $activeFilter)
{
$row = Registry::get('db')->queryAssoc('
SELECT a.*
' . (isset($tag) ? '
FROM assets_tags AS t
INNER JOIN assets AS a ON a.id_asset = t.id_asset
WHERE t.id_tag = {int:id_tag} AND
(a.date_captured, a.id_asset) < ({datetime:date_captured}, {int:id_asset})
ORDER BY a.date_captured DESC, a.id_asset DESC'
: '
FROM assets AS a
WHERE (a.date_captured, a.id_asset) > ({datetime:date_captured}, {int:id_asset})
ORDER BY date_captured ASC, a.id_asset ASC')
. '
LIMIT 1',
[
'id_asset' => $this->id_asset,
'id_tag' => isset($tag) ? $tag->id_tag : null,
'date_captured' => $this->date_captured,
]);
if ($row)
{
$obj = self::byRow($row, 'object');
return $obj->getPageUrl() . ($tag ? '?in=' . $tag->id_tag : '');
}
else
return false;
return $this->getUrlForAdjacentInSet('previous', $tag, $activeFilter);
}
public function getUrlForNextInSet(?Tag $tag)
public function getUrlForNextInSet(?Tag $tag, $activeFilter)
{
$row = Registry::get('db')->queryAssoc('
SELECT a.*
' . (isset($tag) ? '
FROM assets_tags AS t
INNER JOIN assets AS a ON a.id_asset = t.id_asset
WHERE t.id_tag = {int:id_tag} AND
(a.date_captured, a.id_asset) > ({datetime:date_captured}, {int:id_asset})
ORDER BY a.date_captured ASC, a.id_asset ASC'
: '
FROM assets AS a
WHERE (a.date_captured, a.id_asset) < ({datetime:date_captured}, {int:id_asset})
ORDER BY date_captured DESC, a.id_asset DESC')
. '
LIMIT 1',
[
'id_asset' => $this->id_asset,
'id_tag' => isset($tag) ? $tag->id_tag : null,
'date_captured' => $this->date_captured,
]);
if ($row)
{
$obj = self::byRow($row, 'object');
return $obj->getPageUrl() . ($tag ? '?in=' . $tag->id_tag : '');
}
else
return false;
return $this->getUrlForAdjacentInSet('next', $tag, $activeFilter);
}
}

146
models/AssetIterator.php
View File

@@ -1,42 +1,50 @@
<?php
/*****************************************************************************
* AssetIterator.php
* Contains key class AssetIterator.
* Contains model class AssetIterator.
*
* Kabuki CMS (C) 2013-2015, Aaron van Geffen
* Kabuki CMS (C) 2013-2025, Aaron van Geffen
*****************************************************************************/
class AssetIterator extends Asset
class AssetIterator implements Iterator
{
private Database $db;
private $direction;
private $return_format;
private $res_assets;
private $res_meta;
private $res_thumbs;
private $rowCount;
protected function __construct($res_assets, $res_meta, $res_thumbs, $return_format, $direction)
private $assets_iterator;
private $meta_iterator;
private $thumbs_iterator;
protected function __construct(PDOStatement $stmt_assets, PDOStatement $stmt_meta, PDOStatement $stmt_thumbs,
$return_format, $direction)
{
$this->db = Registry::get('db');
$this->direction = $direction;
$this->res_assets = $res_assets;
$this->res_meta = $res_meta;
$this->res_thumbs = $res_thumbs;
$this->return_format = $return_format;
$this->rowCount = $stmt_assets->rowCount();
$this->assets_iterator = new CachedPDOIterator($stmt_assets);
$this->assets_iterator->rewind();
$this->meta_iterator = new CachedPDOIterator($stmt_meta);
$this->thumbs_iterator = new CachedPDOIterator($stmt_thumbs);
}
public function next()
public static function all()
{
$row = $this->db->fetch_assoc($this->res_assets);
return self::getByOptions();
}
// No more rows?
public function current(): mixed
{
$row = $this->assets_iterator->current();
if (!$row)
return false;
return $row;
// Looks up metadata.
// Collect metadata
$row['meta'] = [];
while ($meta = $this->db->fetch_assoc($this->res_meta))
$this->meta_iterator->rewind();
foreach ($this->meta_iterator as $meta)
{
if ($meta['id_asset'] != $row['id_asset'])
continue;
@@ -44,54 +52,23 @@ class AssetIterator extends Asset
$row['meta'][$meta['variable']] = $meta['value'];
}
// Reset internal pointer for next asset.
$this->db->data_seek($this->res_meta, 0);
// Looks up thumbnails.
// Collect thumbnails
$row['thumbnails'] = [];
while ($thumbs = $this->db->fetch_assoc($this->res_thumbs))
$this->thumbs_iterator->rewind();
foreach ($this->thumbs_iterator as $thumb)
{
if ($thumbs['id_asset'] != $row['id_asset'])
if ($thumb['id_asset'] != $row['id_asset'])
continue;
$row['thumbnails'][$thumbs['selector']] = $thumbs['filename'];
$row['thumbnails'][$thumb['selector']] = $thumb['filename'];
}
// Reset internal pointer for next asset.
$this->db->data_seek($this->res_thumbs, 0);
if ($this->return_format === 'object')
return new Asset($row);
else
return $row;
}
public function reset()
{
$this->db->data_seek($this->res_assets, 0);
$this->db->data_seek($this->res_meta, 0);
$this->db->data_seek($this->res_thumbs, 0);
}
public function clean()
{
if (!$this->res_assets)
return;
$this->db->free_result($this->res_assets);
$this->res_assets = null;
}
public function num()
{
return $this->db->num_rows($this->res_assets);
}
public static function all()
{
return self::getByOptions();
}
public static function getByOptions(array $options = [], $return_count = false, $return_format = 'object')
{
$params = [
@@ -114,9 +91,14 @@ class AssetIterator extends Asset
{
$params['mime_type'] = $options['mime_type'];
if (is_array($options['mime_type']))
$where[] = 'a.mimetype IN({array_string:mime_type})';
$where[] = 'a.mimetype IN(@mime_type)';
else
$where[] = 'a.mimetype = {string:mime_type}';
$where[] = 'a.mimetype = :mime_type';
}
if (isset($options['id_user_uploaded']))
{
$params['id_user_uploaded'] = $options['id_user_uploaded'];
$where[] = 'id_user_uploaded = :id_user_uploaded';
}
if (isset($options['id_tag']))
{
@@ -124,7 +106,17 @@ class AssetIterator extends Asset
$where[] = 'id_asset IN(
SELECT l.id_asset
FROM assets_tags AS l
WHERE l.id_tag = {int:id_tag})';
WHERE l.id_tag = :id_tag)';
}
elseif (isset($options['tag']))
{
$params['tag'] = $options['tag'];
$where[] = 'id_asset IN(
SELECT l.id_asset
FROM assets_tags AS l
INNER JOIN tags AS t
ON l.id_tag = t.id_tag
WHERE t.slug = :tag)';
}
// Make it valid SQL.
@@ -140,7 +132,7 @@ class AssetIterator extends Asset
FROM assets AS a
WHERE ' . $where . '
ORDER BY ' . $order . (!empty($params['limit']) ? '
LIMIT {int:offset}, {int:limit}' : ''),
LIMIT :offset, :limit' : ''),
$params);
// Get a resource object for the asset meta.
@@ -160,9 +152,9 @@ class AssetIterator extends Asset
SELECT id_asset, filename,
CONCAT(
width,
{string:x},
:x,
height,
IF(mode != {string:empty}, CONCAT({string:_}, mode), {string:empty})
IF(mode != :empty1, CONCAT(:_, mode), :empty2)
) AS selector
FROM assets_thumbs
WHERE id_asset IN(
@@ -172,7 +164,8 @@ class AssetIterator extends Asset
)
ORDER BY id_asset',
$params + [
'empty' => '',
'empty1' => '',
'empty2' => '',
'x' => 'x',
'_' => '_',
]);
@@ -194,13 +187,38 @@ class AssetIterator extends Asset
return $iterator;
}
public function isAscending()
public function key(): mixed
{
return $this->assets_iterator->key();
}
public function isAscending(): bool
{
return $this->direction === 'asc';
}
public function isDescending()
public function isDescending(): bool
{
return $this->direction === 'desc';
}
public function next(): void
{
$this->assets_iterator->next();
}
public function num(): int
{
return $this->rowCount;
}
public function rewind(): void
{
$this->assets_iterator->rewind();
}
public function valid(): bool
{
return $this->assets_iterator->valid();
}
}

157
models/Authentication.php
View File

@@ -12,48 +12,27 @@
*/
class Authentication
{
/**
* Checks whether a user still exists in the database.
*/
public static function checkExists($id_user)
{
$res = Registry::get('db')->queryValue('
SELECT id_user
FROM users
WHERE id_user = {int:id}',
[
'id' => $id_user,
]);
return $res !== null;
}
const DEFAULT_RESET_TIMEOUT = 30;
/**
* Finds the user id belonging to a certain emailaddress.
* Checks a password for a given username against the database.
*/
public static function getUserId($emailaddress)
public static function checkPassword($emailaddress, $password)
{
$res = Registry::get('db')->queryValue('
SELECT id_user
// Retrieve password hash for user matching the provided emailaddress.
$password_hash = Registry::get('db')->queryValue('
SELECT password_hash
FROM users
WHERE emailaddress = {string:emailaddress}',
WHERE emailaddress = :emailaddress',
[
'emailaddress' => $emailaddress,
]);
return empty($res) ? false : $res;
}
// If there's no hash, the user likely does not exist.
if (!$password_hash)
return false;
public static function setResetKey($id_user)
{
return Registry::get('db')->query('
UPDATE users
SET reset_key = {string:key}
WHERE id_user = {int:id}',
[
'id' => $id_user,
'key' => self::newActivationKey(),
]);
return password_verify($password, $password_hash);
}
public static function checkResetKey($id_user, $reset_key)
@@ -61,7 +40,7 @@ class Authentication
$key = Registry::get('db')->queryValue('
SELECT reset_key
FROM users
WHERE id_user = {int:id}',
WHERE id_user = :id',
[
'id' => $id_user,
]);
@@ -69,22 +48,55 @@ class Authentication
return $key == $reset_key;
}
/**
* Computes a password hash.
*/
public static function computeHash($password)
{
$hash = password_hash($password, PASSWORD_DEFAULT);
if (!$hash)
throw new Exception('Hash creation failed!');
return $hash;
}
public static function consumeResetKey($id_user)
{
return Registry::get('db')->query('
UPDATE users
SET reset_key = NULL,
reset_blocked_until = NULL
WHERE id_user = :id_user',
['id_user' => $id_user]);
}
public static function getResetTimeOut($id_user)
{
$resetTime = Registry::get('db')->queryValue('
SELECT reset_blocked_until
FROM users
WHERE id_user = :id_user',
['id_user' => $id_user]);
return max(0, $resetTime - time());
}
/**
* Verifies whether the user is currently logged in.
*/
public static function isLoggedIn()
{
// Check whether the active session matches the current user's environment.
if (isset($_SESSION['ip_address'], $_SESSION['user_agent']) && (
(isset($_SERVER['REMOTE_ADDR']) && $_SESSION['ip_address'] != $_SERVER['REMOTE_ADDR']) ||
(isset($_SERVER['HTTP_USER_AGENT']) && $_SESSION['user_agent'] != $_SERVER['HTTP_USER_AGENT'])))
if (!isset($_SESSION['user_id']))
return false;
try
{
$exists = Member::fromId($_SESSION['user_id']);
return true;
}
catch (NotFoundException $e)
{
session_destroy();
return false;
}
// A user is logged in if a user id exists in the session and this id is (still) in the database.
return isset($_SESSION['user_id']) && self::checkExists($_SESSION['user_id']);
}
/**
@@ -99,36 +111,17 @@ class Authentication
return $string;
}
/**
* Checks a password for a given username against the database.
*/
public static function checkPassword($emailaddress, $password)
public static function setResetKey($id_user)
{
// Retrieve password hash for user matching the provided emailaddress.
$password_hash = Registry::get('db')->queryValue('
SELECT password_hash
FROM users
WHERE emailaddress = {string:emailaddress}',
return Registry::get('db')->query('
UPDATE users
SET reset_key = :key,
reset_blocked_until = UNIX_TIMESTAMP() + ' . static::DEFAULT_RESET_TIMEOUT . '
WHERE id_user = :id',
[
'emailaddress' => $emailaddress,
'id' => $id_user,
'key' => self::newActivationKey(),
]);
// If there's no hash, the user likely does not exist.
if (!$password_hash)
return false;
return password_verify($password, $password_hash);
}
/**
* Computes a password hash.
*/
public static function computeHash($password)
{
$hash = password_hash($password, PASSWORD_DEFAULT);
if (!$hash)
throw new Exception('Hash creation failed!');
return $hash;
}
/**
@@ -139,13 +132,35 @@ class Authentication
return Registry::get('db')->query('
UPDATE users
SET
password_hash = {string:hash},
reset_key = {string:blank}
WHERE id_user = {int:id_user}',
password_hash = :hash,
reset_key = :blank
WHERE id_user = :id_user',
[
'id_user' => $id_user,
'hash' => $hash,
'blank' => '',
]);
}
public static function updateResetTimeOut($id_user)
{
$currentResetTimeOut = static::getResetTimeOut($id_user);
// New timeout: between 30 seconds, double the current timeout, and a full day
$newResetTimeOut = min(max(static::DEFAULT_RESET_TIMEOUT, $currentResetTimeOut * 2), 60 * 60 * 24);
$success = Registry::get('db')->query('
UPDATE users
SET reset_blocked_until = :new_time_out
WHERE id_user = :id_user',
[
'id_user' => $id_user,
'new_time_out' => time() + $newResetTimeOut,
]);
if (!$success)
throw new UnexpectedValueException('Could not set password reset timeout!');
return $newResetTimeOut;
}
}

56
models/CachedPDOIterator.php Normal file
View File

@@ -0,0 +1,56 @@
<?php
/*****************************************************************************
* CachedPDOIterator.php
* Contains model class CachedPDOIterator.
*
* Based on https://gist.github.com/hakre/5152090
*
* Kabuki CMS (C) 2013-2021, Aaron van Geffen
*****************************************************************************/
class CachedPDOIterator extends CachingIterator
{
private $index;
public function __construct(PDOStatement $statement)
{
parent::__construct(new IteratorIterator($statement), self::FULL_CACHE);
}
public function rewind(): void
{
if ($this->index === null)
{
parent::rewind();
}
$this->index = 0;
}
public function current(): mixed
{
if ($this->offsetExists($this->index))
{
return $this->offsetGet($this->index);
}
return parent::current();
}
public function key(): mixed
{
return $this->index;
}
public function next(): void
{
$this->index++;
if (!$this->offsetExists($this->index))
{
parent::next();
}
}
public function valid(): bool
{
return $this->offsetExists($this->index) || parent::valid();
}
}

552
models/Database.php
View File

@@ -1,44 +1,34 @@
<?php
/*****************************************************************************
* Database.php
* Contains key class Database.
* Contains model class Database.
*
* Adapted from SMF 2.0's DBA (C) 2011 Simple Machines
* Used under BSD 3-clause license.
*
* Kabuki CMS (C) 2013-2015, Aaron van Geffen
* Kabuki CMS (C) 2013-2025, Aaron van Geffen
*****************************************************************************/
/**
* The database model used to communicate with the MySQL server.
*/
class Database
{
private $connection;
private $query_count = 0;
private $logged_queries = [];
private array $db_callback;
/**
* Initialises a new database connection.
* @param server: server to connect to.
* @param user: username to use for authentication.
* @param password: password to use for authentication.
* @param name: database to select.
*/
public function __construct($server, $user, $password, $name)
public function __construct($host, $user, $password, $name)
{
$this->connection = @mysqli_connect($server, $user, $password, $name);
// Give up if we have a connection error.
if (mysqli_connect_error())
try
{
header('HTTP/1.1 503 Service Temporarily Unavailable');
$this->connection = new PDO("mysql:host=$host;dbname=$name;charset=utf8mb4", $user, $password, [
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
PDO::ATTR_EMULATE_PREPARES => false,
]);
}
// Give up if we have a connection error.
catch (PDOException $e)
{
http_response_code(503);
echo '<h2>Database Connection Problems</h2><p>Our software could not connect to the database. We apologise for any inconvenience and ask you to check back later.</p>';
exit;
}
$this->query('SET NAMES {string:utf8mb4}', ['utf8mb4' => 'utf8mb4']);
}
public function getQueryCount()
@@ -52,305 +42,227 @@ class Database
}
/**
* Fetches a row from a given recordset, using field names as keys.
* Fetches a row from a given statement/recordset, using field names as keys.
*/
public function fetch_assoc($resource)
public function fetchAssoc($stmt)
{
return mysqli_fetch_assoc($resource);
return $stmt->fetch(PDO::FETCH_ASSOC);
}
/**
* Fetches a row from a given recordset, using numeric keys.
* Fetches a row from a given statement/recordset, encapsulating into an object.
*/
public function fetch_row($resource)
public function fetchObject($stmt, $class)
{
return mysqli_fetch_row($resource);
return $stmt->fetchObject($class);
}
/**
* Destroys a given recordset.
* Fetches a row from a given statement/recordset, using numeric keys.
*/
public function free_result($resource)
public function fetchNum($stmt)
{
return mysqli_free_result($resource);
}
public function data_seek($result, $row_num)
{
return mysqli_data_seek($result, $row_num);
return $stmt->fetch(PDO::FETCH_NUM);
}
/**
* Returns the amount of rows in a given recordset.
* Destroys a given statement/recordset.
*/
public function num_rows($resource)
public function free($stmt)
{
return mysqli_num_rows($resource);
return $stmt->closeCursor();
}
/**
* Returns the amount of fields in a given recordset.
* Returns the amount of rows in a given statement/recordset.
*/
public function num_fields($resource)
public function rowCount($stmt)
{
return mysqli_num_fields($resource);
return $stmt->rowCount();
}
/**
* Escapes a string.
* Returns the amount of fields in a given statement/recordset.
*/
public function escape_string($string)
public function columnCount($stmt)
{
return mysqli_real_escape_string($this->connection, $string);
}
/**
* Unescapes a string.
*/
public function unescape_string($string)
{
return stripslashes($string);
}
/**
* Returns the last MySQL error.
*/
public function error()
{
return mysqli_error($this->connection);
}
public function server_info()
{
return mysqli_get_server_info($this->connection);
}
/**
* Selects a database on a given connection.
*/
public function select_db($database)
{
return mysqli_select_db($database, $this->connection);
}
/**
* Returns the amount of rows affected by the previous query.
*/
public function affected_rows()
{
return mysqli_affected_rows($this->connection);
return $stmt->columnCount();
}
/**
* Returns the id of the row created by a previous query.
*/
public function insert_id()
public function insertId($name = null)
{
return mysqli_insert_id($this->connection);
return $this->connection->lastInsertId($name);
}
/**
* Do a MySQL transaction.
* Start a transaction.
*/
public function transaction($operation = 'commit')
public function beginTransaction()
{
switch ($operation)
{
case 'begin':
case 'rollback':
case 'commit':
return @mysqli_query($this->connection, strtoupper($operation));
default:
return false;
}
return $this->connection->beginTransaction();
}
/**
* Function used as a callback for the preg_match function that parses variables into database queries.
* Rollback changes in a transaction.
*/
private function replacement_callback($matches)
public function rollback()
{
list ($values, $connection) = $this->db_callback;
return $this->connection->rollBack();
}
if (!isset($matches[2]))
trigger_error('Invalid value inserted or no type specified.', E_USER_ERROR);
/**
* Commit changes in a transaction.
*/
public function commit()
{
return $this->connection->commit();
}
if (!isset($values[$matches[2]]))
trigger_error('The database value you\'re trying to insert does not exist: ' . htmlspecialchars($matches[2]), E_USER_ERROR);
$replacement = $values[$matches[2]];
switch ($matches[1])
private function expandPlaceholders($db_string, array &$db_values)
{
foreach ($db_values as $key => &$value)
{
case 'int':
if ((!is_numeric($replacement) || (string) $replacement !== (string) (int) $replacement) && $replacement !== 'NULL')
trigger_error('Wrong value type sent to the database for field: ' . $matches[2] . '. Integer expected.', E_USER_ERROR);
return $replacement !== 'NULL' ? (string) (int) $replacement : 'NULL';
break;
case 'string':
case 'text':
return $replacement !== 'NULL' ? sprintf('\'%1$s\'', mysqli_real_escape_string($connection, $replacement)) : 'NULL';
break;
case 'array_int':
if (is_array($replacement))
if (str_contains($db_string, ':' . $key))
{
if (is_array($value))
{
if (empty($replacement))
trigger_error('Database error, given array of integer values is empty.', E_USER_ERROR);
foreach ($replacement as $key => $value)
{
if (!is_numeric($value) || (string) $value !== (string) (int) $value)
trigger_error('Wrong value type sent to the database for field: ' . $matches[2] . '. Array of integers expected.', E_USER_ERROR);
$replacement[$key] = (string) (int) $value;
}
return implode(', ', $replacement);
throw new UnexpectedValueException('Array ' . $key .
' is used as a scalar placeholder. Did you mean to use \'@\' instead?');
}
else
trigger_error('Wrong value type sent to the database for field: ' . $matches[2] . '. Array of integers expected.', E_USER_ERROR);
break;
case 'array_string':
if (is_array($replacement))
// Prepare date/time values
if (is_a($value, 'DateTime'))
{
if (empty($replacement))
trigger_error('Database error, given array of string values is empty.', E_USER_ERROR);
foreach ($replacement as $key => $value)
$replacement[$key] = sprintf('\'%1$s\'', mysqli_real_escape_string($connection, $value));
return implode(', ', $replacement);
$value = $value->format('Y-m-d H:i:s');
}
}
elseif (str_contains($db_string, '@' . $key))
{
if (!is_array($value))
{
throw new UnexpectedValueException('Scalar value ' . $key .
' is used as an array placeholder. Did you mean to use \':\' instead?');
}
else
trigger_error('Wrong value type sent to the database for field: ' . $matches[2] . '. Array of strings expected.', E_USER_ERROR);
break;
case 'date':
if (preg_match('~^(\d{4})-([0-1]?\d)-([0-3]?\d)$~', $replacement, $date_matches) === 1)
return sprintf('\'%04d-%02d-%02d\'', $date_matches[1], $date_matches[2], $date_matches[3]);
elseif ($replacement === 'NULL')
return 'NULL';
else
trigger_error('Wrong value type sent to the database for field: ' . $matches[2] . '. Date expected.', E_USER_ERROR);
break;
case 'datetime':
if (is_a($replacement, 'DateTime'))
return $replacement->format('\'Y-m-d H:i:s\'');
elseif (preg_match('~^(\d{4})-([0-1]?\d)-([0-3]?\d) (\d{2}):(\d{2}):(\d{2})$~', $replacement, $date_matches) === 1)
return sprintf('\'%04d-%02d-%02d %02d:%02d:%02d\'', $date_matches[1], $date_matches[2], $date_matches[3], $date_matches[4], $date_matches[5], $date_matches[6]);
elseif ($replacement === 'NULL')
return 'NULL';
else
trigger_error('Wrong value type sent to the database for field: ' . $matches[2] . '. DateTime expected.', E_USER_ERROR);
break;
case 'float':
if (!is_numeric($replacement) && $replacement !== 'NULL')
trigger_error('Wrong value type sent to the database for field: ' . $matches[2] . '. Floating point number expected.', E_USER_ERROR);
return $replacement !== 'NULL' ? (string) (float) $replacement : 'NULL';
break;
case 'identifier':
// Backticks inside identifiers are supported as of MySQL 4.1. We don't need them here.
return '`' . strtr($replacement, ['`' => '', '.' => '']) . '`';
break;
case 'raw':
return $replacement;
break;
case 'bool':
case 'boolean':
// In mysql this is a synonym for tinyint(1)
return (bool)$replacement ? 1 : 0;
break;
default:
trigger_error('Undefined type <b>' . $matches[1] . '</b> used in the database query', E_USER_ERROR);
break;
// Create placeholders for all array elements
$placeholders = array_map(fn($num) => ':' . $key . $num, range(0, count($value) - 1));
$db_string = str_replace('@' . $key, implode(', ', $placeholders), $db_string);
}
else
{
// throw new Exception('Warning: unused key in query: ' . $key);
}
}
}
/**
* Escapes and quotes a string using values passed, and executes the query.
*/
public function query($db_string, $db_values = [])
{
// One more query....
$this->query_count ++;
// Overriding security? This is evil!
$security_override = $db_values === 'security_override' || !empty($db_values['security_override']);
// Please, just use new style queries.
if (strpos($db_string, '\'') !== false && !$security_override)
trigger_error('Hack attempt!', 'Illegal character (\') used in query.', E_USER_ERROR);
if (!$security_override && !empty($db_values))
{
// Set some values for use in the callback function.
$this->db_callback = [$db_values, $this->connection];
// Insert the values passed to this function.
$db_string = preg_replace_callback('~{([a-z_]+)(?::([a-zA-Z0-9_-]+))?}~', [&$this, 'replacement_callback'], $db_string);
// Save some memory.
$this->db_callback = [];
}
if (defined("DB_LOG_QUERIES") && DB_LOG_QUERIES)
$this->logged_queries[] = $db_string;
$return = @mysqli_query($this->connection, $db_string, empty($this->unbuffered) ? MYSQLI_STORE_RESULT : MYSQLI_USE_RESULT);
if (!$return)
{
$clean_sql = implode("\n", array_map('trim', explode("\n", $db_string)));
trigger_error($this->error() . '<br>' . $clean_sql, E_USER_ERROR);
}
return $return;
}
/**
* Escapes and quotes a string just like db_query, but does not execute the query.
* Useful for debugging purposes.
*/
public function quote($db_string, $db_values = [])
{
// Please, just use new style queries.
if (strpos($db_string, '\'') !== false)
trigger_error('Hack attempt!', 'Illegal character (\') used in query.', E_USER_ERROR);
// Save some values for use in the callback function.
$this->db_callback = [$db_values, $this->connection];
// Insert the values passed to this function.
$db_string = preg_replace_callback('~{([a-z_]+)(?::([a-zA-Z0-9_-]+))?}~', [&$this, 'replacement_callback'], $db_string);
// Save some memory.
$this->db_callback = [];
return $db_string;
}
/**
* Executes a query, returning an array of all the rows it returns.
* Escapes and quotes a string using values passed, and executes the query.
*/
public function queryRow($db_string, $db_values = [])
public function query($db_string, array $db_values = []): PDOStatement
{
// One more query...
$this->query_count++;
// Error out if hardcoded strings are detected
if (strpos($db_string, '\'') !== false)
throw new UnexpectedValueException('Hack attempt: illegal character (\') used in query.');
if (defined('DB_LOG_QUERIES') && DB_LOG_QUERIES)
$this->logged_queries[] = $db_string;
try
{
// Preprocessing/checks: prepare any arrays for binding
$db_string = $this->expandPlaceholders($db_string, $db_values);
// Prepare query for execution
$statement = $this->connection->prepare($db_string);
// Bind parameters... the hard way, due to a limit/offset hack.
// NB: bindParam binds by reference, hence &$value here.
foreach ($db_values as $key => &$value)
{
// Assumption: both scalar and array values are preprocessed to use named ':' placeholders
if (!str_contains($db_string, ':' . $key))
continue;
if (!is_array($value))
{
$statement->bindParam(':' . $key, $value);
continue;
}
foreach (array_values($value) as $num => &$element)
{
$statement->bindParam(':' . $key . $num, $element);
}
}
$statement->execute();
return $statement;
}
catch (PDOException $e)
{
ob_start();
$debug = ob_get_clean();
throw new Exception($e->getMessage() . "\n" . var_export($e->errorInfo, true) . "\n" . var_export($db_values, true));
}
}
/**
* Executes a query, returning an object of the row it returns.
*/
public function queryObject($class, $db_string, $db_values = [])
{
$res = $this->query($db_string, $db_values);
if (!$res || $this->num_rows($res) == 0)
if (!$res || $this->rowCount($res) === 0)
return null;
$object = $this->fetchObject($res, $class);
$this->free($res);
return $object;
}
/**
* Executes a query, returning an array of objects of all the rows returns.
*/
public function queryObjects($class, $db_string, $db_values = [])
{
$res = $this->query($db_string, $db_values);
if (!$res || $this->rowCount($res) === 0)
return [];
$row = $this->fetch_row($res);
$this->free_result($res);
$rows = [];
while ($object = $this->fetchObject($res, $class))
$rows[] = $object;
$this->free($res);
return $rows;
}
/**
* Executes a query, returning an array of all the rows it returns.
*/
public function queryRow($db_string, array $db_values = [])
{
$res = $this->query($db_string, $db_values);
if ($this->rowCount($res) === 0)
return [];
$row = $this->fetchNum($res);
$this->free($res);
return $row;
}
@@ -358,18 +270,18 @@ class Database
/**
* Executes a query, returning an array of all the rows it returns.
*/
public function queryRows($db_string, $db_values = [])
public function queryRows($db_string, array $db_values = [])
{
$res = $this->query($db_string, $db_values);
if (!$res || $this->num_rows($res) == 0)
if ($this->rowCount($res) === 0)
return [];
$rows = [];
while ($row = $this->fetch_row($res))
while ($row = $this->fetchNum($res))
$rows[] = $row;
$this->free_result($res);
$this->free($res);
return $rows;
}
@@ -377,18 +289,18 @@ class Database
/**
* Executes a query, returning an array of all the rows it returns.
*/
public function queryPair($db_string, $db_values = [])
public function queryPair($db_string, array $db_values = [])
{
$res = $this->query($db_string, $db_values);
if (!$res || $this->num_rows($res) == 0)
if ($this->rowCount($res) === 0)
return [];
$rows = [];
while ($row = $this->fetch_row($res))
while ($row = $this->fetchNum($res))
$rows[$row[0]] = $row[1];
$this->free_result($res);
$this->free($res);
return $rows;
}
@@ -396,21 +308,21 @@ class Database
/**
* Executes a query, returning an array of all the rows it returns.
*/
public function queryPairs($db_string, $db_values = [])
public function queryPairs($db_string, $db_values = array())
{
$res = $this->query($db_string, $db_values);
if (!$res || $this->num_rows($res) == 0)
if (!$res || $this->rowCount($res) === 0)
return [];
$rows = [];
while ($row = $this->fetch_assoc($res))
while ($row = $this->fetchAssoc($res))
{
$key_value = reset($row);
$rows[$key_value] = $row;
}
$this->free_result($res);
$this->free($res);
return $rows;
}
@@ -418,15 +330,15 @@ class Database
/**
* Executes a query, returning an associative array of all the rows it returns.
*/
public function queryAssoc($db_string, $db_values = [])
public function queryAssoc($db_string, array $db_values = [])
{
$res = $this->query($db_string, $db_values);
if (!$res || $this->num_rows($res) == 0)
if ($this->rowCount($res) === 0)
return [];
$row = $this->fetch_assoc($res);
$this->free_result($res);
$row = $this->fetchAssoc($res);
$this->free($res);
return $row;
}
@@ -434,18 +346,18 @@ class Database
/**
* Executes a query, returning an associative array of all the rows it returns.
*/
public function queryAssocs($db_string, $db_values = [], $connection = null)
public function queryAssocs($db_string, array $db_values = [])
{
$res = $this->query($db_string, $db_values);
if (!$res || $this->num_rows($res) == 0)
if ($this->rowCount($res) === 0)
return [];
$rows = [];
while ($row = $this->fetch_assoc($res))
while ($row = $this->fetchAssoc($res))
$rows[] = $row;
$this->free_result($res);
$this->free($res);
return $rows;
}
@@ -453,16 +365,16 @@ class Database
/**
* Executes a query, returning the first value of the first row.
*/
public function queryValue($db_string, $db_values = [])
public function queryValue($db_string, array $db_values = [])
{
$res = $this->query($db_string, $db_values);
// If this happens, you're doing it wrong.
if (!$res || $this->num_rows($res) == 0)
if ($this->rowCount($res) === 0)
return null;
list($value) = $this->fetch_row($res);
$this->free_result($res);
list($value) = $this->fetchNum($res);
$this->free($res);
return $value;
}
@@ -470,18 +382,18 @@ class Database
/**
* Executes a query, returning an array of the first value of each row.
*/
public function queryValues($db_string, $db_values = [])
public function queryValues($db_string, array $db_values = [])
{
$res = $this->query($db_string, $db_values);
if (!$res || $this->num_rows($res) == 0)
if ($this->rowCount($res) === 0)
return [];
$rows = [];
while ($row = $this->fetch_row($res))
while ($row = $this->fetchNum($res))
$rows[] = $row[0];
$this->free_result($res);
$this->free($res);
return $rows;
}
@@ -499,35 +411,45 @@ class Database
if (!is_array($data[array_rand($data)]))
$data = [$data];
// Create the mold for a single row insert.
$insertData = '(';
foreach ($columns as $columnName => $type)
{
// Are we restricting the length?
if (strpos($type, 'string-') !== false)
$insertData .= sprintf('SUBSTRING({string:%1$s}, 1, ' . substr($type, 7) . '), ', $columnName);
else
$insertData .= sprintf('{%1$s:%2$s}, ', $type, $columnName);
}
$insertData = substr($insertData, 0, -2) . ')';
// Create an array consisting of only the columns.
$indexed_columns = array_keys($columns);
// Here's where the variables are injected to the query.
$insertRows = [];
foreach ($data as $dataRow)
$insertRows[] = $this->quote($insertData, array_combine($indexed_columns, $dataRow));
// Determine the method of insertion.
$queryTitle = $method === 'replace' ? 'REPLACE' : ($method === 'ignore' ? 'INSERT IGNORE' : 'INSERT');
$method = $method == 'replace' ? 'REPLACE' : ($method == 'ignore' ? 'INSERT IGNORE' : 'INSERT');
// Do the insert.
return $this->query('
' . $queryTitle . ' INTO ' . $table . ' (`' . implode('`, `', $indexed_columns) . '`)
VALUES
' . implode(',
', $insertRows),
['security_override' => true]);
// What columns are we inserting?
$columns = array_keys($data[0]);
// Start building the query.
$db_string = $method . ' INTO ' . $table . ' (' . implode(',', $columns) . ') VALUES ';
// Create the mold for a single row insert.
$placeholders = '(' . substr(str_repeat('?, ', count($columns)), 0, -2) . '), ';
// Append it for every row we're to insert.
$values = [];
foreach ($data as $row)
{
$values = array_merge($values, array_values($row));
$db_string .= $placeholders;
}
// Get rid of the tailing comma.
$db_string = substr($db_string, 0, -2);
// Prepare for your impending demise!
$statement = $this->connection->prepare($db_string);
// Bind parameters... the hard way, due to a limit/offset hack.
foreach ($values as $key => $value)
$statement->bindValue($key + 1, $values[$key]);
// Handle errors.
try
{
$statement->execute();
return $statement;
}
catch (PDOException $e)
{
throw new Exception($e->getMessage() . '<br><br>' . $db_string . '<br><br>' . print_r($values, true));
}
}
}

46
models/Dispatcher.php
View File

@@ -44,6 +44,19 @@ class Dispatcher
}
}
public static function errorPage($title, $body)
{
$page = new MainTemplate($title);
$page->adopt(new ErrorPage($title, $body));
if (Registry::get('user')->isAdmin())
{
$page->appendStylesheet(BASEURL . '/css/admin.css');
}
$page->html_main();
}
/**
* Kicks a guest to a login form, redirecting them back to this page upon login.
*/
@@ -60,37 +73,24 @@ class Dispatcher
exit;
}
public static function trigger400()
private static function trigger400()
{
header('HTTP/1.1 400 Bad Request');
$page = new MainTemplate('Bad request');
$page->adopt(new DummyBox('Bad request', '<p>The server does not understand your request.</p>'));
$page->html_main();
http_response_code(400);
self::errorPage('Bad request', 'The server does not understand your request.');
exit;
}
public static function trigger403()
private static function trigger403()
{
header('HTTP/1.1 403 Forbidden');
$page = new MainTemplate('Access denied');
$page->adopt(new DummyBox('Forbidden', '<p>You do not have access to the page you requested.</p>'));
$page->html_main();
http_response_code(403);
self::errorPage('Forbidden', 'You do not have access to this page.');
exit;
}
public static function trigger404()
private static function trigger404()
{
header('HTTP/1.1 404 Not Found');
$page = new MainTemplate('Page not found');
if (Registry::has('user') && Registry::get('user')->isAdmin())
{
$page->appendStylesheet(BASEURL . '/css/admin.css');
}
$page->adopt(new DummyBox('Well, this is a bit embarrassing!', '<p>The page you requested could not be found. Don\'t worry, it\'s probably not your fault. You\'re welcome to browse the website, though!</p>', 'errormsg'));
$page->addClass('errorpage');
$page->html_main();
exit;
http_response_code(404);
$page = new ViewErrorPage('Page not found!');
$page->showContent();
}
}

2
models/Email.php
View File

@@ -69,7 +69,7 @@ class Email
$row = Registry::get('db')->queryAssoc('
SELECT first_name, surname, emailaddress, reset_key
FROM users
WHERE id_user = {int:id_user}',
WHERE id_user = :id_user',
[
'id_user' => $id_user,
]);

21
models/ErrorHandler.php
View File

@@ -3,7 +3,7 @@
* ErrorHandler.php
* Contains key class ErrorHandler.
*
* Kabuki CMS (C) 2013-2016, Aaron van Geffen
* Kabuki CMS (C) 2013-2025, Aaron van Geffen
*****************************************************************************/
class ErrorHandler
@@ -47,10 +47,8 @@ class ErrorHandler
// Log the error in the database.
self::logError($error_message, $debug_info, $file, $line);
// Are we considering this fatal? Then display and exit.
// !!! TODO: should we consider warnings fatal?
if (true) // DEBUG || (!DEBUG && $error_level === E_WARNING || $error_level === E_USER_WARNING))
self::display($file . ' (' . $line . ')<br>' . $error_message, $debug_info);
// Display error and exit.
self::display($error_message, $file, $line, $debug_info);
// If it wasn't a fatal error, well...
self::$handling_error = false;
@@ -118,7 +116,7 @@ class ErrorHandler
}
// Logs an error into the database.
private static function logError($error_message = '', $debug_info = '', $file = '', $line = 0)
public static function logError($error_message = '', $debug_info = '', $file = '', $line = 0)
{
if (!ErrorLog::log([
'message' => $error_message,
@@ -130,7 +128,7 @@ class ErrorHandler
'request_uri' => isset($_SERVER['REQUEST_URI']) ? $_SERVER['REQUEST_URI'] : '',
]))
{
header('HTTP/1.1 503 Service Temporarily Unavailable');
http_response_code(503);
echo '<h2>An Error Occurred</h2><p>Our software could not connect to the database. We apologise for any inconvenience and ask you to check back later.</p>';
exit;
}
@@ -138,7 +136,7 @@ class ErrorHandler
return $error_message;
}
public static function display($message, $debug_info, $is_sensitive = true)
public static function display($message, $file, $line, $debug_info, $is_sensitive = true)
{
$is_admin = Registry::has('user') && Registry::get('user')->isAdmin();
@@ -167,7 +165,8 @@ class ErrorHandler
$is_admin = Registry::has('user') && Registry::get('user')->isAdmin();
if (DEBUG || $is_admin)
{
$page->adopt(new DummyBox('An error occurred!', '<p>' . $message . '</p><pre>' . $debug_info . '</pre>'));
$debug_info = sprintf("Trigger point:\n%s (L%d)\n\n%s", $file, $line, $debug_info);
$page->adopt(new ErrorPage('An error occurred!', $message, $debug_info));
// Let's provide the admin navigation despite it all!
if ($is_admin)
@@ -176,9 +175,9 @@ class ErrorHandler
}
}
elseif (!$is_sensitive)
$page->adopt(new DummyBox('An error occurred!', '<p>' . $message . '</p>'));
$page->adopt(new ErrorPage('An error occurred!', '<p>' . $message . '</p>'));
else
$page->adopt(new DummyBox('An error occurred!', '<p>Our apologies, an error occurred while we were processing your request. Please try again later, or contact us if the problem persists.</p>'));
$page->adopt(new ErrorPage('An error occurred!', 'Our apologies, an error occurred while we were processing your request. Please try again later, or contact us if the problem persists.'));
// If we got this far, make sure we're not showing stuff twice.
ob_end_clean();

22
models/ErrorLog.php
View File

@@ -17,14 +17,14 @@ class ErrorLog
INSERT INTO log_errors
(id_user, message, debug_info, file, line, request_uri, time, ip_address)
VALUES
({int:id_user}, {string:message}, {string:debug_info}, {string:file}, {int:line},
{string:request_uri}, CURRENT_TIMESTAMP, {string:ip_address})',
(:id_user, :message, :debug_info, :file, :line,
:request_uri, CURRENT_TIMESTAMP, :ip_address)',
$data);
}
public static function flush()
{
return Registry::get('db')->query('TRUNCATE log_errors');
return Registry::get('db')->query('DELETE FROM log_errors');
}
public static function getCount()
@@ -33,4 +33,20 @@ class ErrorLog
SELECT COUNT(*)
FROM log_errors');
}
public static function getOffset($offset, $limit, $order, $direction)
{
assert(in_array($order, ['id_entry', 'file', 'line', 'time', 'ipaddress', 'id_user']));
$order = $order . ($direction === 'up' ? ' ASC' : ' DESC');
return Registry::get('db')->queryAssocs('
SELECT *
FROM log_errors
ORDER BY ' . $order . '
LIMIT :offset, :limit',
[
'offset' => $offset,
'limit' => $limit,
]);
}
}

34
models/Form.php
View File

@@ -10,24 +10,36 @@ class Form
{
public $request_method;
public $request_url;
public $content_above;
public $content_below;
private $fields = [];
public $before_fields;
public $after_fields;
private $submit_caption;
public $buttons_extra;
private $trim_inputs;
private $data = [];
private $missing = [];
private $submit_caption;
private $trim_inputs;
// NOTE: this class does not verify the completeness of form options.
public function __construct($options)
{
$this->request_method = !empty($options['request_method']) ? $options['request_method'] : 'POST';
$this->request_url = !empty($options['request_url']) ? $options['request_url'] : BASEURL;
$this->fields = !empty($options['fields']) ? $options['fields'] : [];
$this->content_below = !empty($options['content_below']) ? $options['content_below'] : null;
$this->content_above = !empty($options['content_above']) ? $options['content_above'] : null;
$this->submit_caption = !empty($options['submit_caption']) ? $options['submit_caption'] : 'Save information';
$this->trim_inputs = !empty($options['trim_inputs']);
static $optionKeys = [
'request_method' => 'POST',
'request_url' => BASEURL,
'fields' => [],
'before_fields' => null,
'after_fields' => null,
'submit_caption' => 'Save information',
'buttons_extra' => null,
'trim_inputs' => true,
];
foreach ($optionKeys as $optionKey => $default)
$this->$optionKey = !empty($options[$optionKey]) ? $options[$optionKey] : $default;
}
public function getFields()

190
models/GenericTable.php
View File

@@ -15,7 +15,6 @@ class GenericTable
private $title;
private $title_class;
private $tableIsSortable = false;
public $form_above;
public $form_below;
@@ -29,58 +28,22 @@ class GenericTable
public function __construct($options)
{
// Make sure we're actually sorting on something sortable.
if (!isset($options['sort_order']) || (!empty($options['sort_order']) && empty($options['columns'][$options['sort_order']]['is_sortable'])))
$options['sort_order'] = '';
$this->initOrder($options);
$this->initPagination($options);
// Order in which direction?
if (!empty($options['sort_direction']) && !in_array($options['sort_direction'], ['up', 'down']))
$options['sort_direction'] = 'up';
// Make sure we know whether we can actually sort on something.
$this->tableIsSortable = !empty($options['base_url']);
// How much data do we have?
$this->recordCount = $options['get_count'](...(!empty($options['get_count_params']) ? $options['get_count_params'] : []));
// How much data do we need to retrieve?
$this->items_per_page = !empty($options['items_per_page']) ? $options['items_per_page'] : 30;
// Figure out where to start.
$this->start = empty($options['start']) || !is_numeric($options['start']) || $options['start'] < 0 || $options['start'] > $this->recordCount ? 0 : $options['start'];
// Figure out where we are on the whole, too.
$numPages = max(1, ceil($this->recordCount / $this->items_per_page));
$this->currentPage = min(ceil($this->start / $this->items_per_page) + 1, $numPages);
// Let's bear a few things in mind...
$this->base_url = $options['base_url'];
// Gather parameters for the data gather function first.
$parameters = [$this->start, $this->items_per_page, $options['sort_order'], $options['sort_direction']];
if (!empty($options['get_data_params']) && is_array($options['get_data_params']))
$parameters = array_merge($parameters, $options['get_data_params']);
// Okay, let's fetch the data!
$data = $options['get_data'](...$parameters);
// Extract data into local variables.
$rawRowData = $data['rows'];
$this->sort_order = $data['order'];
$this->sort_direction = $data['direction'];
unset($data);
$data = $options['get_data']($this->start, $this->items_per_page,
$this->sort_order, $this->sort_direction);
// Okay, now for the column headers...
$this->generateColumnHeaders($options);
// Should we create a page index?
$needsPageIndex = !empty($this->items_per_page) && $this->recordCount > $this->items_per_page;
if ($needsPageIndex)
if ($this->recordCount > $this->items_per_page)
$this->generatePageIndex($options);
// Process the data to be shown into rows.
if (!empty($rawRowData))
$this->processAllRows($rawRowData, $options);
if (!empty($data))
$this->processAllRows($data, $options);
else
$this->body = $options['no_items_label'] ?? '';
@@ -95,6 +58,38 @@ class GenericTable
$this->form_below = $options['form_below'] ?? $options['form'] ?? null;
}
private function initOrder($options)
{
assert(isset($options['default_sort_order']));
assert(isset($options['default_sort_direction']));
// Validate sort order (column)
$this->sort_order = $options['sort_order'];
if (empty($this->sort_order) || empty($options['columns'][$this->sort_order]['is_sortable']))
$this->sort_order = $options['default_sort_order'];
// Validate sort direction
$this->sort_direction = $options['sort_direction'];
if (empty($this->sort_direction) || !in_array($this->sort_direction, ['up', 'down']))
$this->sort_direction = $options['default_sort_direction'];
}
private function initPagination(array $options)
{
assert(isset($options['base_url']));
assert(isset($options['items_per_page']));
$this->base_url = $options['base_url'];
$this->recordCount = $options['get_count']();
$this->items_per_page = !empty($options['items_per_page']) ? $options['items_per_page'] : 30;
$this->start = empty($options['start']) || !is_numeric($options['start']) || $options['start'] < 0 || $options['start'] > $this->recordCount ? 0 : $options['start'];
$numPages = max(1, ceil($this->recordCount / $this->items_per_page));
$this->currentPage = min(ceil($this->start / $this->items_per_page) + 1, $numPages);
}
private function generateColumnHeaders($options)
{
foreach ($options['columns'] as $key => $column)
@@ -102,14 +97,14 @@ class GenericTable
if (empty($column['header']))
continue;
$isSortable = $this->tableIsSortable && !empty($column['is_sortable']);
$isSortable = !empty($column['is_sortable']);
$sortDirection = $key == $this->sort_order && $this->sort_direction === 'up' ? 'down' : 'up';
$header = [
'class' => isset($column['class']) ? $column['class'] : '',
'cell_class' => isset($column['cell_class']) ? $column['cell_class'] : null,
'colspan' => !empty($column['header_colspan']) ? $column['header_colspan'] : 1,
'href' => $isSortable ? $this->getLink($this->start, $key, $sortDirection) : null,
'href' => $isSortable ? $this->getHeaderLink($this->start, $key, $sortDirection) : null,
'label' => $column['header'],
'scope' => 'col',
'sort_mode' => $key == $this->sort_order ? $this->sort_direction : null,
@@ -126,7 +121,7 @@ class GenericTable
'base_url' => $this->base_url,
'index_class' => $options['index_class'] ?? '',
'items_per_page' => $this->items_per_page,
'linkBuilder' => [$this, 'getLink'],
'linkBuilder' => [$this, 'getHeaderLink'],
'recordCount' => $this->recordCount,
'sort_direction' => $this->sort_direction,
'sort_order' => $this->sort_order,
@@ -134,7 +129,7 @@ class GenericTable
]);
}
public function getLink($start = null, $order = null, $dir = null)
public function getHeaderLink($start = null, $order = null, $dir = null)
{
if ($start === null)
$start = $this->start;
@@ -196,12 +191,18 @@ class GenericTable
foreach ($options['columns'] as $column)
{
// Process data for this particular cell.
if (isset($column['parse']))
$value = self::processCell($column['parse'], $row);
// Process formatting
if (isset($column['format']) && is_callable($column['format']))
$value = $column['format']($row);
elseif (isset($column['format']))
$value = self::processFormatting($column['format'], $row);
else
$value = $row[$column['value']];
// Turn value into a link?
if (!empty($column['link']))
$value = $this->processLink($column['link'], $value, $row);
// Append the cell to the row.
$newRow['cells'][] = [
'class' => $column['cell_class'] ?? '',
@@ -214,68 +215,47 @@ class GenericTable
}
}
private function processCell($options, $rowData)
private function processFormatting($options, $rowData)
{
if (!isset($options['type']))
$options['type'] = 'value';
// Parse the basic value first.
switch ($options['type'])
if ($options['type'] === 'timestamp')
{
// Basic option: simply take a use a particular data property.
case 'value':
$value = htmlspecialchars($rowData[$options['data']]);
break;
if (empty($options['pattern']) || $options['pattern'] === 'long')
$pattern = 'Y-m-d H:i';
elseif ($options['pattern'] === 'short')
$pattern = 'Y-m-d';
else
$pattern = $options['pattern'];
// Processing via a lambda function.
case 'function':
$value = $options['data']($rowData);
break;
assert(array_key_exists($options['value'], $rowData));
if (isset($rowData[$options['value']]) && !is_numeric($rowData[$options['value']]))
$timestamp = strtotime($rowData[$options['value']]);
else
$timestamp = (int) $rowData[$options['value']];
// Using sprintf to fill out a particular pattern.
case 'sprintf':
$parameters = [$options['data']['pattern']];
foreach ($options['data']['arguments'] as $identifier)
$parameters[] = $rowData[$identifier];
if (isset($options['if_null']) && $timestamp == 0)
$value = $options['if_null'];
else
$value = date($pattern, $timestamp);
$value = sprintf(...$parameters);
break;
// Timestamps get custom treatment.
case 'timestamp':
if (empty($options['data']['pattern']) || $options['data']['pattern'] === 'long')
$pattern = 'Y-m-d H:i';
elseif ($options['data']['pattern'] === 'short')
$pattern = 'Y-m-d';
else
$pattern = $options['data']['pattern'];
if (!isset($rowData[$options['data']['timestamp']]))
$timestamp = 0;
elseif (!is_numeric($rowData[$options['data']['timestamp']]))
$timestamp = strtotime($rowData[$options['data']['timestamp']]);
else
$timestamp = (int) $rowData[$options['data']['timestamp']];
if (isset($options['data']['if_null']) && $timestamp == 0)
$value = $options['data']['if_null'];
else
$value = date($pattern, $timestamp);
break;
return $value;
}
else
throw ValueError('Unexpected formatter type: ' . $options['type']);
}
// Generate a link, if requested.
if (!empty($options['link']))
{
// First, generate the replacement variables.
$keys = array_keys($rowData);
$values = array_values($rowData);
foreach ($keys as $keyKey => $keyValue)
$keys[$keyKey] = '{' . strtoupper($keyValue) . '}';
private function processLink($template, $value, array $rowData)
{
$href = $this->rowReplacements($template, $rowData);
return '<a href="' . $href . '">' . $value . '</a>';
}
$value = '<a href="' . str_replace($keys, $values, $options['link']) . '">' . $value . '</a>';
}
private function rowReplacements($template, array $rowData)
{
$keys = array_keys($rowData);
$values = array_values($rowData);
foreach ($keys as $keyKey => $keyValue)
$keys[$keyKey] = '{' . strtoupper($keyValue) . '}';
return $value;
return str_replace($keys, $values, $template);
}
}

14
models/Image.php
View File

@@ -12,12 +12,6 @@ class Image extends Asset
const TYPE_LANDSCAPE = 2;
const TYPE_PORTRAIT = 4;
protected function __construct(array $data)
{
foreach ($data as $attribute => $value)
$this->$attribute = $value;
}
public static function fromId($id_asset, $return_format = 'object')
{
$asset = parent::fromId($id_asset, 'array');
@@ -171,7 +165,7 @@ class Image extends Asset
return Registry::get('db')->query('
DELETE FROM assets_thumbs
WHERE id_asset = {int:id_asset}',
WHERE id_asset = :id_asset',
['id_asset' => $this->id_asset]);
}
@@ -189,9 +183,9 @@ class Image extends Asset
return Registry::get('db')->query('
DELETE FROM assets_thumbs
WHERE id_asset = {int:id_asset} AND
width = {int:width} AND
height = {int:height}',
WHERE id_asset = :id_asset AND
width = :width AND
height = :height',
[
'height' => $height,
'id_asset' => $this->id_asset,

63
models/Member.php
View File

@@ -8,7 +8,7 @@
class Member extends User
{
private function __construct($data)
private function __construct($data = [])
{
foreach ($data as $key => $value)
$this->$key = $value;
@@ -18,12 +18,21 @@ class Member extends User
$this->is_admin = $this->is_admin == 1;
}
public static function fromEmailAddress($email_address)
{
return Registry::get('db')->queryObject(static::class, '
SELECT *
FROM users
WHERE emailaddress = :email_address',
['email_address' => $email_address]);
}
public static function fromId($id_user)
{
$row = Registry::get('db')->queryAssoc('
SELECT *
FROM users
WHERE id_user = {int:id_user}',
WHERE id_user = :id_user',
[
'id_user' => $id_user,
]);
@@ -40,7 +49,7 @@ class Member extends User
$row = Registry::get('db')->queryAssoc('
SELECT *
FROM users
WHERE slug = {string:slug}',
WHERE slug = :slug',
[
'slug' => $slug,
]);
@@ -68,6 +77,7 @@ class Member extends User
'creation_time' => time(),
'ip_address' => isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : '',
'is_admin' => empty($data['is_admin']) ? 0 : 1,
'reset_key' => '',
];
if ($error)
@@ -83,12 +93,13 @@ class Member extends User
'creation_time' => 'int',
'ip_address' => 'string-45',
'is_admin' => 'int',
'reset_key' => 'string-16'
], $new_user, ['id_user']);
if (!$bool)
return false;
$new_user['id_user'] = $db->insert_id();
$new_user['id_user'] = $db->insertId();
$member = new Member($new_user);
return $member;
@@ -116,14 +127,14 @@ class Member extends User
return Registry::get('db')->query('
UPDATE users
SET
first_name = {string:first_name},
surname = {string:surname},
slug = {string:slug},
emailaddress = {string:emailaddress},
password_hash = {string:password_hash},
is_admin = {int:is_admin}
WHERE id_user = {int:id_user}',
$params);
first_name = :first_name,
surname = :surname,
slug = :slug,
emailaddress = :emailaddress,
password_hash = :password_hash,
is_admin = :is_admin
WHERE id_user = :id_user',
get_object_vars($this));
}
/**
@@ -134,7 +145,7 @@ class Member extends User
{
return Registry::get('db')->query('
DELETE FROM users
WHERE id_user = {int:id_user}',
WHERE id_user = :id_user',
['id_user' => $this->id_user]);
}
@@ -149,7 +160,7 @@ class Member extends User
$res = Registry::get('db')->queryValue('
SELECT id_user
FROM users
WHERE emailaddress = {string:emailaddress}',
WHERE emailaddress = :emailaddress',
[
'emailaddress' => $emailaddress,
]);
@@ -165,9 +176,9 @@ class Member extends User
return Registry::get('db')->query('
UPDATE users
SET
last_action_time = {int:now},
ip_address = {string:ip}
WHERE id_user = {int:id}',
last_action_time = :now,
ip_address = :ip
WHERE id_user = :id',
[
'now' => time(),
'id' => $this->id_user,
@@ -187,6 +198,22 @@ class Member extends User
FROM users');
}
public static function getOffset($offset, $limit, $order, $direction)
{
assert(in_array($order, ['id_user', 'surname', 'first_name', 'slug', 'emailaddress', 'last_action_time', 'ip_address', 'is_admin']));
$order = $order . ($direction === 'up' ? ' ASC' : ' DESC');
return Registry::get('db')->queryAssocs('
SELECT *
FROM users
ORDER BY ' . $order . '
LIMIT :offset, :limit',
[
'offset' => $offset,
'limit' => $limit,
]);
}
public function getProps()
{
// We should probably phase out the use of this function, or refactor the access levels of member properties...
@@ -196,7 +223,7 @@ class Member extends User
public static function getMemberMap()
{
return Registry::get('db')->queryPair('
SELECT id_user, CONCAT(first_name, {string:blank}, surname) AS full_name
SELECT id_user, CONCAT(first_name, :blank, surname) AS full_name
FROM users
ORDER BY first_name, surname',
[

24
models/PageIndex.php
View File

@@ -155,24 +155,20 @@ class PageIndex
public function getLink($start = null, $order = null, $dir = null)
{
$url = $this->base_url;
$amp = strpos($this->base_url, '?') ? '&' : '?';
$page = !is_string($start) ? ($start / $this->items_per_page) + 1 : $start;
$url = $this->base_url . str_replace('%PAGE%', $page, $this->page_slug);
if (!empty($start))
{
$page = $start !== '%d' ? ($start / $this->items_per_page) + 1 : $start;
$url .= strtr($this->page_slug, ['%PAGE%' => $page, '%AMP%' => $amp]);
$amp = '&';
}
$urlParams = [];
if (!empty($order))
{
$url .= $amp . 'order=' . $order;
$amp = '&';
}
$urlParams['order'] = $order;
if (!empty($dir))
$urlParams['dir'] = $dir;
if (!empty($urlParams))
{
$url .= $amp . 'dir=' . $dir;
$amp = '&';
$queryString = (strpos($uri, '?') !== false ? '&' : '?');
$queryString .= http_build_query($urlParams);
$url .= $queryString;
}
return $url;

76
models/PhotoAlbum.php
View File

@@ -1,76 +0,0 @@
<?php
/*****************************************************************************
* PhotoAlbum.php
* Contains key class PhotoAlbum.
*
* Kabuki CMS (C) 2013-2015, Aaron van Geffen
*****************************************************************************/
class PhotoAlbum extends Tag
{
public static function getHierarchy($order, $direction)
{
$db = Registry::get('db');
$res = $db->query('
SELECT *
FROM tags
WHERE kind = {string:album}
ORDER BY id_parent, {raw:order}',
[
'order' => $order . ($direction == 'up' ? ' ASC' : ' DESC'),
'album' => 'Album',
]);
$albums_by_parent = [];
while ($row = $db->fetch_assoc($res))
{
if (!isset($albums_by_parent[$row['id_parent']]))
$albums_by_parent[$row['id_parent']] = [];
$albums_by_parent[$row['id_parent']][] = $row + ['children' => []];
}
$albums = self::getChildrenRecursively(0, 0, $albums_by_parent);
$rows = self::flattenChildrenRecursively($albums);
return $rows;
}
private static function getChildrenRecursively($id_parent, $level, &$albums_by_parent)
{
$children = [];
if (!isset($albums_by_parent[$id_parent]))
return $children;
foreach ($albums_by_parent[$id_parent] as $child)
{
if (isset($albums_by_parent[$child['id_tag']]))
$child['children'] = self::getChildrenRecursively($child['id_tag'], $level + 1, $albums_by_parent);
$child['tag'] = ($level ? str_repeat('—', $level * 2) . ' ' : '') . $child['tag'];
$children[] = $child;
}
return $children;
}
private static function flattenChildrenRecursively($albums)
{
if (empty($albums))
return [];
$rows = [];
foreach ($albums as $album)
{
$rows[] = array_intersect_key($album, array_flip(['id_tag', 'tag', 'slug', 'count']));
if (!empty($album['children']))
{
$children = self::flattenChildrenRecursively($album['children']);
foreach ($children as $child)
$rows[] = array_intersect_key($child, array_flip(['id_tag', 'tag', 'slug', 'count']));
}
}
return $rows;
}
}

22
models/PhotoMosaic.php
View File

@@ -8,11 +8,11 @@
class PhotoMosaic
{
private $descending;
private bool $descending;
private AssetIterator $iterator;
private $layouts;
private $processedImages = 0;
private $queue = [];
private array $layouts;
private int $processedImages = 0;
private array $queue = [];
const IMAGE_MASK_ALL = Image::TYPE_PORTRAIT | Image::TYPE_LANDSCAPE | Image::TYPE_PANORAMA;
const NUM_DAYS_CUTOFF = 7;
@@ -25,11 +25,6 @@ class PhotoMosaic
$this->descending = $iterator->isDescending();
}
public function __destruct()
{
$this->iterator->clean();
}
private function availableLayouts()
{
static $layouts = [
@@ -86,9 +81,14 @@ class PhotoMosaic
}
}
// Check whatever's next up!
while (($asset = $this->iterator->next()) && ($image = $asset->getImage()))
// Check whatever's up next!
// NB: not is not a `foreach` so as to not reset the iterator implicitly
while ($this->iterator->valid())
{
$asset = $this->iterator->current();
$image = $asset->getImage();
$this->iterator->next();
// Give up on the recordset once dates are too far apart
if (isset($refDate) && abs(self::daysApart($image->getDateCaptured(), $refDate)) > self::NUM_DAYS_CUTOFF)
{

4
models/Registry.php
View File

@@ -24,7 +24,7 @@ class Registry
public static function get($key)
{
if (!isset(self::$storage[$key]))
trigger_error('Key does not exist in Registry: ' . $key, E_USER_ERROR);
throw new Exception('Key does not exist in Registry: ' . $key);
return self::$storage[$key];
}
@@ -32,7 +32,7 @@ class Registry
public static function remove($key)
{
if (!isset(self::$storage[$key]))
trigger_error('Key does not exist in Registry: ' . $key, E_USER_ERROR);
throw new Exception('Key does not exist in Registry: ' . $key);
unset(self::$storage[$key]);
}

4
models/Session.php
View File

@@ -33,7 +33,7 @@ class Session
public static function getSessionToken()
{
if (empty($_SESSION['session_token']))
trigger_error('Call to getSessionToken without a session token being set!', E_USER_ERROR);
throw new Exception('Call to getSessionToken without a session token being set!');
return $_SESSION['session_token'];
}
@@ -41,7 +41,7 @@ class Session
public static function getSessionTokenKey()
{
if (empty($_SESSION['session_token_key']))
trigger_error('Call to getSessionTokenKey without a session token key being set!', E_USER_ERROR);
throw new Exception('Call to getSessionTokenKey without a session token key being set!');
return $_SESSION['session_token_key'];
}

27
models/Setting.php
View File

@@ -21,7 +21,7 @@ class Setting
REPLACE INTO settings
(id_user, variable, value, time_set)
VALUES
({int:id_user}, {string:key}, {string:value}, CURRENT_TIMESTAMP())',
(:id_user, :key, :value, CURRENT_TIMESTAMP())',
[
'id_user' => $id_user,
'key' => $key,
@@ -45,7 +45,7 @@ class Setting
$value = Registry::get('db')->queryValue('
SELECT value
FROM settings
WHERE id_user = {int:id_user} AND variable = {string:key}',
WHERE id_user = :id_user AND variable = :key',
[
'id_user' => $id_user,
'key' => $key,
@@ -63,11 +63,30 @@ class Setting
public static function remove($key, $id_user = null)
{
$id_user = Registry::get('user')->getUserId();
// User setting or global setting?
if ($id_user === null)
$id_user = Registry::get('user')->getUserId();
$pairs = Registry::get('db')->queryPair('
SELECT variable, value
FROM settings
WHERE id_user = :id_user',
[
'id_user' => $id_user,
]);
return $pairs;
}
public static function remove($key, $id_user = 0)
{
// User setting or global setting?
if ($id_user === null)
$id_user = Registry::get('user')->getUserId();
if (Registry::get('db')->query('
DELETE FROM settings
WHERE id_user = {int:id_user} AND variable = {string:key}',
WHERE id_user = :id_user AND variable = :key',
[
'id_user' => $id_user,
'key' => $key,

187
models/Tag.php
View File

@@ -24,6 +24,11 @@ class Tag
$this->$attribute = $value;
}
public function __toString()
{
return $this->tag;
}
public static function fromId($id_tag, $return_format = 'object')
{
$db = Registry::get('db');
@@ -31,7 +36,7 @@ class Tag
$row = $db->queryAssoc('
SELECT *
FROM tags
WHERE id_tag = {int:id_tag}',
WHERE id_tag = :id_tag',
[
'id_tag' => $id_tag,
]);
@@ -50,7 +55,7 @@ class Tag
$row = $db->queryAssoc('
SELECT *
FROM tags
WHERE slug = {string:slug}',
WHERE slug = :slug',
[
'slug' => $slug,
]);
@@ -68,7 +73,7 @@ class Tag
SELECT *
FROM tags
ORDER BY ' . ($limit > 0 ? 'count
LIMIT {int:limit}' : 'tag'),
LIMIT :limit' : 'tag'),
[
'limit' => $limit,
]);
@@ -102,14 +107,14 @@ class Tag
$res = $db->query('
SELECT *
FROM tags
WHERE id_user_owner = {int:id_user_owner}
WHERE id_user_owner = :id_user_owner
ORDER BY tag',
[
'id_user_owner' => $id_user_owner,
]);
$objects = [];
while ($row = $db->fetch_assoc($res))
while ($row = $db->fetchAssoc($res))
$objects[$row['id_tag']] = new Tag($row);
return $objects;
@@ -120,9 +125,9 @@ class Tag
$rows = Registry::get('db')->queryAssocs('
SELECT *
FROM tags
WHERE id_parent = {int:id_parent} AND kind = {string:kind}
WHERE id_parent = :id_parent AND kind = :kind
ORDER BY tag ASC
LIMIT {int:offset}, {int:limit}',
LIMIT :offset, :limit',
[
'id_parent' => $id_parent,
'kind' => 'Album',
@@ -141,14 +146,29 @@ class Tag
return $rows;
}
public function getContributorList()
{
return Registry::get('db')->queryPairs('
SELECT u.id_user, u.first_name, u.surname, u.slug, COUNT(*) AS num_assets
FROM assets_tags AS at
LEFT JOIN assets AS a ON at.id_asset = a.id_asset
LEFT JOIN users AS u ON a.id_user_uploaded = u.id_user
WHERE at.id_tag = :id_tag
GROUP BY a.id_user_uploaded
ORDER BY u.first_name, u.surname',
[
'id_tag' => $this->id_tag,
]);
}
public static function getPeople($id_parent = 0, $offset = 0, $limit = 24, $return_format = 'array')
{
$rows = Registry::get('db')->queryAssocs('
SELECT *
FROM tags
WHERE id_parent = {int:id_parent} AND kind = {string:kind}
WHERE id_parent = :id_parent AND kind = :kind
ORDER BY tag ASC
LIMIT {int:offset}, {int:limit}',
LIMIT :offset, :limit',
[
'id_parent' => $id_parent,
'kind' => 'Person',
@@ -175,7 +195,7 @@ class Tag
WHERE id_tag IN(
SELECT id_tag
FROM assets_tags
WHERE id_asset = {int:id_asset}
WHERE id_asset = :id_asset
)
ORDER BY count DESC',
[
@@ -205,7 +225,7 @@ class Tag
WHERE id_tag IN(
SELECT id_tag
FROM posts_tags
WHERE id_post = {int:id_post}
WHERE id_post = :id_post
)
ORDER BY count DESC',
[
@@ -235,7 +255,7 @@ class Tag
FROM `assets_tags` AS at
WHERE at.id_tag = t.id_tag
)' . (!empty($id_tags) ? '
WHERE t.id_tag IN({array_int:id_tags})' : ''),
WHERE t.id_tag IN(@id_tags)' : ''),
['id_tags' => $id_tags]);
}
@@ -256,14 +276,14 @@ class Tag
INSERT IGNORE INTO tags
(id_parent, tag, slug, kind, description, count)
VALUES
({int:id_parent}, {string:tag}, {string:slug}, {string:kind}, {string:description}, {int:count})
(:id_parent, :tag, :slug, :kind, :description, :count)
ON DUPLICATE KEY UPDATE count = count + 1',
$data);
if (!$res)
trigger_error('Could not create the requested tag.', E_USER_ERROR);
throw new Exception('Could not create the requested tag.');
$data['id_tag'] = $db->insert_id();
$data['id_tag'] = $db->insertId();
return $return_format === 'object' ? new Tag($data) : $data;
}
@@ -277,14 +297,15 @@ class Tag
return Registry::get('db')->query('
UPDATE tags
SET
id_parent = {int:id_parent},
id_asset_thumb = {int:id_asset_thumb},' . (isset($this->id_user_owner) ? '
id_user_owner = {int:id_user_owner},' : '') . '
tag = {string:tag},
slug = {string:slug},
description = {string:description},
count = {int:count}
WHERE id_tag = {int:id_tag}',
id_parent = :id_parent,
id_asset_thumb = :id_asset_thumb,' . (isset($this->id_user_owner) ? '
id_user_owner = :id_user_owner,' : '') . '
tag = :tag,
slug = :slug,
kind = :kind,
description = :description,
count = :count
WHERE id_tag = :id_tag',
get_object_vars($this));
}
@@ -292,9 +313,10 @@ class Tag
{
$db = Registry::get('db');
// Unlink any tagged assets
$res = $db->query('
DELETE FROM assets_tags
WHERE id_tag = {int:id_tag}',
WHERE id_tag = :id_tag',
[
'id_tag' => $this->id_tag,
]);
@@ -302,9 +324,10 @@ class Tag
if (!$res)
return false;
// Delete the actual tag
return $db->query('
DELETE FROM tags
WHERE id_tag = {int:id_tag}',
WHERE id_tag = :id_tag',
[
'id_tag' => $this->id_tag,
]);
@@ -316,15 +339,15 @@ class Tag
$new_id = $db->queryValue('
SELECT MAX(id_asset) as new_id
FROM assets_tags
WHERE id_tag = {int:id_tag}',
WHERE id_tag = :id_tag',
[
'id_tag' => $this->id_tag,
]);
return $db->query('
UPDATE tags
SET id_asset_thumb = {int:new_id}
WHERE id_tag = {int:id_tag}',
SET id_asset_thumb = :new_id
WHERE id_tag = :id_tag',
[
'new_id' => $new_id ?? 0,
'id_tag' => $this->id_tag,
@@ -339,7 +362,7 @@ class Tag
return Registry::get('db')->queryPair('
SELECT id_tag, tag
FROM tags
WHERE LOWER(tag) LIKE {string:tokens}
WHERE LOWER(tag) LIKE :tokens
ORDER BY tag ASC',
['tokens' => '%' . strtolower(implode('%', $tokens)) . '%']);
}
@@ -352,8 +375,8 @@ class Tag
return Registry::get('db')->queryPairs('
SELECT id_tag, tag, slug
FROM tags
WHERE LOWER(tag) LIKE {string:tokens} AND
kind = {string:person}
WHERE LOWER(tag) LIKE :tokens AND
kind = :person
ORDER BY tag ASC',
[
'tokens' => '%' . strtolower(implode('%', $tokens)) . '%',
@@ -369,7 +392,7 @@ class Tag
return Registry::get('db')->queryPair('
SELECT id_tag, tag
FROM tags
WHERE tag = {string:tag}',
WHERE tag = :tag',
['tag' => $tag]);
}
@@ -381,7 +404,7 @@ class Tag
return Registry::get('db')->queryValue('
SELECT id_tag
FROM tags
WHERE slug = {string:slug}',
WHERE slug = :slug',
['slug' => $slug]);
}
@@ -390,31 +413,103 @@ class Tag
return Registry::get('db')->queryPair('
SELECT tag, id_tag
FROM tags
WHERE tag IN ({array_string:tags})',
WHERE tag IN (:tags)',
['tags' => $tags]);
}
public static function getCount($only_active = 1, $kind = '')
public static function getCount($only_used = true, $kind = '', $isAlbum = false)
{
$where = [];
if ($only_active)
if ($only_used)
$where[] = 'count > 0';
if (!empty($kind))
$where[] = 'kind = {string:kind}';
if (empty($kind))
$kind = 'Album';
if (!empty($where))
$where = 'WHERE ' . implode(' AND ', $where);
else
$where = '';
$operator = $isAlbum ? '=' : '!=';
$where[] = 'kind ' . $operator . ' :kind';
$where = implode(' AND ', $where);
return Registry::get('db')->queryValue('
SELECT COUNT(*)
FROM tags ' . $where,
['kind' => $kind]);
FROM tags
WHERE ' . $where,
[
'kind' => $kind,
]);
}
public function __toString()
public static function getOffset($offset, $limit, $order, $direction, $isAlbum = false)
{
return $this->tag;
assert(in_array($order, ['id_tag', 'tag', 'slug', 'count']));
$order = $order . ($direction === 'up' ? ' ASC' : ' DESC');
$operator = $isAlbum ? '=' : '!=';
$db = Registry::get('db');
$res = $db->query('
SELECT t.*, u.id_user, u.first_name, u.surname
FROM tags AS t
LEFT JOIN users AS u ON t.id_user_owner = u.id_user
WHERE kind ' . $operator . ' :album
ORDER BY id_parent, ' . $order . '
LIMIT :offset, :limit',
[
'offset' => $offset,
'limit' => $limit,
'album' => 'Album',
]);
$albums_by_parent = [];
while ($row = $db->fetchAssoc($res))
{
if (!isset($albums_by_parent[$row['id_parent']]))
$albums_by_parent[$row['id_parent']] = [];
$albums_by_parent[$row['id_parent']][] = $row + ['children' => []];
}
$albums = self::getChildrenRecursively(0, 0, $albums_by_parent);
$rows = self::flattenChildrenRecursively($albums);
return $rows;
}
private static function getChildrenRecursively($id_parent, $level, &$albums_by_parent)
{
$children = [];
if (!isset($albums_by_parent[$id_parent]))
return $children;
foreach ($albums_by_parent[$id_parent] as $child)
{
if (isset($albums_by_parent[$child['id_tag']]))
$child['children'] = self::getChildrenRecursively($child['id_tag'], $level + 1, $albums_by_parent);
$child['tag'] = ($level ? str_repeat('—', $level * 2) . ' ' : '') . $child['tag'];
$children[] = $child;
}
return $children;
}
private static function flattenChildrenRecursively($albums)
{
if (empty($albums))
return [];
$rows = [];
foreach ($albums as $album)
{
static $headers_to_keep = ['id_tag', 'tag', 'slug', 'count', 'id_user', 'first_name', 'surname'];
$rows[] = array_intersect_key($album, array_flip($headers_to_keep));
if (!empty($album['children']))
{
$children = self::flattenChildrenRecursively($album['children']);
foreach ($children as $child)
$rows[] = array_intersect_key($child, array_flip($headers_to_keep));
}
}
return $rows;
}
}

4
models/Thumbnail.php
View File

@@ -335,7 +335,7 @@ class Thumbnail
if ($success)
{
$thumb_selector = $this->width . 'x' . $this->height . $this->filename_suffix;
$this->thumbnails[$thumb_selector] = $filename !== 'NULL' ? $filename : null;
$this->thumbnails[$thumb_selector] = $filename ?? null;
// For consistency, write new thumbnail filename to parent Image object.
// TODO: there could still be an inconsistency if multiple objects exists for the same image asset.
@@ -349,7 +349,7 @@ class Thumbnail
private function markAsQueued()
{
$this->updateDb('NULL');
$this->updateDb(null);
}
private function markAsGenerated($filename)

6
models/User.php
View File

@@ -23,6 +23,7 @@ abstract class User
protected $ip_address;
protected $is_admin;
protected $reset_key;
protected $reset_blocked_until;
protected bool $is_logged;
protected bool $is_guest;
@@ -75,6 +76,11 @@ abstract class User
return $this->ip_address;
}
public function getSlug()
{
return $this->slug;
}
/**
* Returns whether user is logged in.
*/

24
public/css/admin.css
View File

@@ -1,27 +1,3 @@
/* Edit icon on tiled grids
-----------------------------*/
.polaroid {
position: relative;
}
.polaroid a.edit {
background: var(--bs-body-bg);
border-radius: 3px;
box-shadow: 1px 1px 2px rgba(0,0,0,0.3);
color: var(--bs-body-color);
opacity: 0;
left: 20px;
line-height: 1.5;
padding: 5px 10px;
position: absolute;
transition: 0.25s;
top: 20px;
z-index: 50;
}
.polaroid:hover > a.edit {
opacity: 1;
}
/* Crop editor
----------------*/
#crop_editor {

38
public/css/default.css
View File

@@ -296,6 +296,34 @@ div.polaroid a {
}
/* Edit icon on tiled grids
-----------------------------*/
.polaroid {
position: relative;
}
.polaroid div.edit {
box-shadow: 1px 1px 2px rgba(0,0,0,0.3);
opacity: 0;
left: 20px;
position: absolute;
transition: 0.25s;
top: 20px;
z-index: 50;
}
.polaroid div.edit .dropdown-item {
line-height: 1.4;
}
.polaroid div.edit .dropdown-toggle {
line-height: 1.4;
padding: 0.25rem 0.5rem;
}
.polaroid div.edit .dropdown-toggle::after {
margin-left: 0;
}
.polaroid:hover > div.edit {
opacity: 1;
}
/* Album title boxes
----------------------*/
@@ -338,10 +366,12 @@ div.polaroid a {
/* Album button box
---------------------*/
.album_button_box {
float: right;
display: flex;
justify-content: flex-end;
margin-bottom: 3rem;
}
.album_button_box > a {
.album_button_box > a,
.album_button_box .btn {
background: var(--bs-body-bg);
box-shadow: 2px 2px 4px rgba(0, 0, 0, 0.3);
border-color: var( --bs-secondary-bg);
@@ -349,7 +379,9 @@ div.polaroid a {
padding: 8px 10px;
margin-left: 12px;
}
.album_button_box > a:hover {
.album_button_box > a:hover,
.album_button_box .btn:hover,
.album_button_box .btn:focus {
background: var(--bs-secondary-bg);
border-color: var(--bs-tertiary-bg);
color: var(--bs-secondary-color);

4
public/js/color-modes.js
View File

@@ -20,8 +20,8 @@
}
const setTheme = theme => {
if (theme === 'auto' && window.matchMedia('(prefers-color-scheme: dark)').matches) {
document.documentElement.setAttribute('data-bs-theme', 'dark');
if (theme === 'auto') {
document.documentElement.setAttribute('data-bs-theme', (window.matchMedia('(prefers-color-scheme: dark)').matches ? 'dark' : 'light'))
} else {
document.documentElement.setAttribute('data-bs-theme', theme);
}

41
templates/AlbumButtonBox.php
View File

@@ -8,22 +8,59 @@
class AlbumButtonBox extends Template
{
private $active_filter;
private $buttons;
private $filters;
public function __construct($buttons)
public function __construct(array $buttons, array $filters, $active_filter)
{
$this->active_filter = $active_filter;
$this->buttons = $buttons;
$this->filters = $filters;
}
public function html_main()
{
echo '
<div class="album_button_box">';
<div class="container album_button_box">';
foreach ($this->buttons as $button)
echo '
<a class="btn btn-light" href="', $button['url'], '">', $button['caption'], '</a>';
if (!empty($this->filters))
{
echo '
<div class="dropdown">
<button class="btn btn-light dropdown-toggle" type="button" data-bs-toggle="dropdown" aria-expanded="false">
<i class="bi bi-filter"></i>';
if ($this->active_filter)
{
echo '
<span class="badge text-bg-danger">',
$this->filters[$this->active_filter]['label'], '</span>';
}
echo '
</button>
<ul class="dropdown-menu">';
foreach ($this->filters as $key => $filter)
{
$is_active = $key === $this->active_filter;
echo '
<li><a class="dropdown-item', $is_active ? ' active' : '',
'" href="', $filter['link'], '">',
$filter['caption'],
'</a></li>';
}
echo '
</ul>
</div>';
}
echo '
</div>';
}

41
templates/ErrorPage.php Normal file
View File

@@ -0,0 +1,41 @@
<?php
/*****************************************************************************
* ErrorPage.php
* Defines the template class ErrorPage.
*
* Kabuki CMS (C) 2013-2025, Aaron van Geffen
*****************************************************************************/
class ErrorPage extends Template
{
private $debug_info;
private $message;
private $title;
public function __construct($title, $message, $debug_info = null)
{
$this->title = $title;
$this->message = $message;
$this->debug_info = $debug_info;
}
public function html_main()
{
echo '
<div class="content-box container">
<h2>', $this->title, '</h2>
<p>', nl2br(htmlspecialchars($this->message)), '</p>';
if (isset($this->debug_info))
{
echo '
</div>
<div class="content-box container">
<h4>Debug Info</h4>
<pre>', htmlspecialchars($this->debug_info), '</pre>';
}
echo '
</div>';
}
}

27
templates/FeaturedThumbnailManager.php
View File

@@ -8,12 +8,12 @@
class FeaturedThumbnailManager extends SubTemplate
{
private $assets;
private $iterator;
private $currentThumbnailId;
public function __construct(AssetIterator $assets, $currentThumbnailId)
public function __construct(AssetIterator $iterator, $currentThumbnailId)
{
$this->assets = $assets;
$this->iterator = $iterator;
$this->currentThumbnailId = $currentThumbnailId;
}
@@ -21,11 +21,24 @@ class FeaturedThumbnailManager extends SubTemplate
{
echo '
<form action="" method="post">
<button class="btn btn-primary float-end" type="submit" name="changeThumbnail">Save thumbnail selection</button>
<h2>Select thumbnail</h2>
<div class="row">
<div class="col-lg">
<h2>Select thumbnail</h2>
</div>
<div class="col-lg">';
foreach ($this->_subtemplates as $template)
$template->html_main();
echo '
</div>
<div class="col-lg-auto">
<button class="btn btn-primary" type="submit" name="changeThumbnail">Save thumbnail selection</button>
</div>
</div>
<ul id="featuredThumbnail">';
while ($asset = $this->assets->next())
foreach ($this->iterator as $asset)
{
$image = $asset->getImage();
echo '
@@ -36,8 +49,6 @@ class FeaturedThumbnailManager extends SubTemplate
</li>';
}
$this->assets->clean();
echo '
</ul>
<input type="hidden" name="', Session::getSessionTokenKey(), '" value="', Session::getSessionToken(), '">

33
templates/FormView.php
View File

@@ -19,7 +19,7 @@ class FormView extends SubTemplate
$this->title = $title;
}
protected function html_content($exclude = [], $include = [])
protected function html_content()
{
if (!empty($this->title))
echo '
@@ -31,34 +31,29 @@ class FormView extends SubTemplate
echo '
<form action="', $this->form->request_url, '" method="', $this->form->request_method, '" enctype="multipart/form-data">';
if (isset($this->form->content_above))
echo $this->form->content_above;
if (isset($this->form->before_fields))
echo $this->form->before_fields;
$this->missing = $this->form->getMissing();
$this->data = $this->form->getData();
foreach ($this->form->getFields() as $field_id => $field)
{
// Either we have a blacklist
if (!empty($exclude) && in_array($field_id, $exclude))
continue;
// ... or a whitelist
elseif (!empty($include) && !in_array($field_id, $include))
continue;
// ... or neither (ha)
$this->renderField($field_id, $field);
}
if (isset($this->form->after_fields))
echo $this->form->after_fields;
echo '
<input type="hidden" name="', Session::getSessionTokenKey(), '" value="', Session::getSessionToken(), '">
<div class="form-group">
<div class="offset-sm-2 col-sm-10">
<button type="submit" name="submit" class="btn btn-primary">', $this->form->getSubmitButtonCaption(), '</button>';
if (isset($this->form->content_below))
if (isset($this->form->buttons_extra))
echo '
', $this->form->content_below;
', $this->form->buttons_extra;
echo '
</div>
@@ -75,10 +70,8 @@ class FormView extends SubTemplate
echo '
<div class="row mb-2">';
if (isset($field['before']))
echo $field['before'];
if ($field['type'] !== 'checkbox')
{
if (isset($field['label']))
echo '
<label class="col-sm-2 col-form-label" for="', $field_id, '"', in_array($field_id, $this->missing) ? ' style="color: red"' : '', '>', $field['label'], ':</label>
@@ -86,6 +79,7 @@ class FormView extends SubTemplate
else
echo '
<div class="offset-sm-2 ', isset($field['class']) ? $field['class'] : 'col-sm-6', '">';
}
switch ($field['type'])
{
@@ -127,15 +121,16 @@ class FormView extends SubTemplate
$this->renderText($field_id, $field);
}
if (isset($field['after']))
echo ' ', $field['after'];
if ($field['type'] !== 'checkbox')
echo '
</div>';
echo '
</div>';
if (isset($field['after_html']))
echo '
', $field['after_html'];
}
private function renderCaptcha($field_id, array $field)

105
templates/InlineFormView.php Normal file
View File

@@ -0,0 +1,105 @@
<?php
/*****************************************************************************
* InlineFormView.php
* Contains the template that renders inline forms.
*
* Kabuki CMS (C) 2013-2025, Aaron van Geffen
*****************************************************************************/
class InlineFormView
{
public static function renderInlineForm($form)
{
if (!isset($form['is_embed']))
echo '
<form action="', $form['action'], '" method="', $form['method'], '" class="', $form['class'] ?? '', '">';
else
echo '
<div class="', $form['class'] ?? '', '">';
if (!empty($form['is_group']))
echo '
<div class="input-group">';
foreach ($form['controls'] as $name => $control)
{
if ($control['type'] === 'select')
self::renderSelectBox($control, $name);
elseif ($control['type'] === 'submit')
self::renderSubmitButton($control, $name);
else
self::renderInputBox($control, $name);
}
echo '
<input type="hidden" name="', Session::getSessionTokenKey(), '" value="', Session::getSessionToken(), '">';
if (!empty($form['is_group']))
echo '
</div>';
if (!isset($form['is_embed']))
echo '
</form>';
else
echo '
</div>';
}
private static function renderInputBox(array $field, $name)
{
echo '
<input name="', $name, '" id="field_', $name, '" type="', $field['type'], '" ',
'class="form-control', isset($field['class']) ? ' ' . $field['class'] : '', '"',
isset($field['placeholder']) ? ' placeholder="' . $field['placeholder'] . '"' : '',
isset($field['value']) ? ' value="' . htmlspecialchars($field['value']) . '"' : '', '>';
}
private static function renderSelectBox(array $field, $name)
{
echo '
<select class="form-select" name="', $name, '"',
(isset($field['onchange']) ? ' onchange="' . $field['onchange'] . '"' : ''), '>';
foreach ($field['values'] as $value => $caption)
{
if (!is_array($caption))
{
echo '
<option value="', $value, '"', $value === $field['selected'] ? ' selected' : '', '>', $caption, '</option>';
}
else
{
$label = $value;
$options = $caption;
echo '
<optgroup label="', $label, '">';
foreach ($options as $value => $caption)
{
echo '
<option value="', $value, '"', $value === $field['selected'] ? ' selected' : '', '>', $caption, '</option>';
}
echo '
</optgroup>';
}
}
echo '
</select>';
}
private static function renderSubmitButton(array $button, $name)
{
echo '
<button class="btn ', isset($button['class']) ? $button['class'] : 'btn-primary', '" ',
'type="', $button['type'], '" name="', $name, '"';
if (isset($button['onclick']))
echo ' onclick="', $button['onclick'], '"';
echo '>', $button['caption'], '</button>';
}
}

2
templates/MainNavBar.php
View File

@@ -33,7 +33,7 @@ class MainNavBar extends NavBar
<span class="navbar-toggler-icon"></span>
</button>';
if (Registry::get('user')->isLoggedIn())
if (Registry::has('user') && Registry::get('user')->isLoggedIn())
{
echo '
<div class="collapse navbar-collapse justify-content-end" id="', $this->innerMenuId, '">

35
templates/PhotoPage.php
View File

@@ -8,6 +8,7 @@
class PhotoPage extends Template
{
private $activeFilter;
private $photo;
private $metaData;
private $tag;
@@ -24,7 +25,15 @@ class PhotoPage extends Template
echo '
<div class="row mt-5">
<div class="col-lg-9">
<div class="col-lg">';
$this->photoMeta();
echo '
</div>
</div>
<div class="row mt-5">
<div class="col-lg">
<div id="sub_photo" class="content-box">';
$this->userActions();
@@ -38,12 +47,6 @@ class PhotoPage extends Template
echo '
</div>
</div>
<div class="col-lg-3">';
$this->photoMeta();
echo '
</div>
</div>
<script type="text/javascript" src="', BASEURL, '/js/photonav.js"></script>';
}
@@ -78,6 +81,11 @@ class PhotoPage extends Template
</a>';
}
public function setActiveFilter($filter)
{
$this->activeFilter = $filter;
}
public function setTag(Tag $tag)
{
$this->tag = $tag;
@@ -85,14 +93,14 @@ class PhotoPage extends Template
private function photoNav()
{
if ($previousUrl = $this->photo->getUrlForPreviousInSet($this->tag))
if ($previousUrl = $this->photo->getUrlForPreviousInSet($this->tag, $this->activeFilter))
echo '
<a href="', $previousUrl, '#photo_frame" id="previous_photo"><i class="bi bi-arrow-left"></i></a>';
else
echo '
<span id="previous_photo"><i class="bi bi-arrow-left"></i></span>';
if ($nextUrl = $this->photo->getUrlForNextInSet($this->tag))
if ($nextUrl = $this->photo->getUrlForNextInSet($this->tag, $this->activeFilter))
echo '
<a href="', $nextUrl, '#photo_frame" id="next_photo"><i class="bi bi-arrow-right"></i></a>';
else
@@ -103,12 +111,12 @@ class PhotoPage extends Template
private function photoMeta()
{
echo '
<ul class="list-group photo_meta">';
<ul class="list-group list-group-horizontal photo_meta">';
foreach ($this->metaData as $header => $body)
{
echo '
<li class="list-group-item">
<li class="list-group-item flex-fill">
<h4>', $header, '</h4>
', $body, '
</li>';
@@ -166,7 +174,10 @@ class PhotoPage extends Template
echo '
</ul>';
$this->printNewTagScript($tagKind, $tagListId, $newTagId);
if ($allowLinkingNewTags)
{
$this->printNewTagScript($tagKind, $tagListId, $newTagId);
}
}
private function printNewTagScript($tagKind, $tagListId, $newTagId)

42
templates/PhotosIndex.php
View File

@@ -13,7 +13,9 @@ class PhotosIndex extends Template
protected $show_headers;
protected $show_labels;
protected $previous_header = '';
protected $url_suffix;
protected $edit_menu_items = [];
protected $photo_url_suffix;
const PANORAMA_WIDTH = 1256;
const PANORAMA_HEIGHT = null;
@@ -81,6 +83,30 @@ class PhotosIndex extends Template
$this->previous_header = $header;
}
protected function editMenu(Image $image)
{
if (empty($this->edit_menu_items))
return;
echo '
<div class="edit dropdown">
<button class="btn btn-primary btn-sm dropdown-toggle" type="button" data-bs-toggle="dropdown" aria-expanded="false">
</button>
<ul class="dropdown-menu">';
foreach ($this->edit_menu_items as $item)
{
echo '
<li><a class="dropdown-item" href="', $item['uri']($image), '"',
isset($item['onclick']) ? ' onclick="' . $item['onclick'] . '"' : '',
'>', $item['label'], '</a></li>';
}
echo '
</ul>
</div>';
}
protected function photo(Image $image, $className, $width, $height, $crop = true, $fit = true)
{
// Prefer thumbnail aspect ratio if available, otherwise use image aspect ratio.
@@ -89,12 +115,11 @@ class PhotosIndex extends Template
echo '
<div class="polaroid ', $className, '" style="aspect-ratio: ', $aspectRatio, '">';
if ($this->show_edit_buttons)
echo '
<a class="edit" href="', BASEURL, '/editasset/?id=', $image->getId(), '">Edit</a>';
if ($this->show_edit_buttons && $image->canBeEditedBy(Registry::get('user')))
$this->editMenu($image);
echo '
<a href="', $image->getPageUrl(), $this->url_suffix, '#photo_frame">';
<a href="', $image->getPageUrl(), $this->photo_url_suffix, '#photo_frame">';
foreach (['normal-photo', 'blur-photo'] as $className)
@@ -319,8 +344,13 @@ class PhotosIndex extends Template
$this->threePortraits($photos, $altLayout);
}
public function setEditMenuItems(array $items)
{
$this->edit_menu_items = $items;
}
public function setUrlSuffix($suffix)
{
$this->url_suffix = $suffix;
$this->photo_url_suffix = $suffix;
}
}

235
templates/TabularData.php
View File

@@ -3,12 +3,12 @@
* TabularData.php
* Contains the template that displays tabular data.
*
* Kabuki CMS (C) 2013-2023, Aaron van Geffen
* Kabuki CMS (C) 2013-2025, Aaron van Geffen
*****************************************************************************/
class TabularData extends SubTemplate
{
private GenericTable $_t;
protected GenericTable $_t;
public function __construct(GenericTable $table)
{
@@ -16,6 +16,47 @@ class TabularData extends SubTemplate
}
protected function html_content()
{
$this->renderTitle();
foreach ($this->_subtemplates as $template)
$template->html_main();
// Showing an inline form?
$pager = $this->_t->getPageIndex();
if (!empty($pager) || isset($this->_t->form_above))
$this->renderPaginationForm($pager, $this->_t->form_above);
$tableClass = $this->_t->getTableClass();
if ($tableClass)
echo '
<div class="', $tableClass, '">';
// Build the table!
echo '
<table class="table table-striped table-condensed">';
$this->renderTableHead($this->_t->getHeader());
$this->renderTableBody($this->_t->getBody());
echo '
</table>';
if ($tableClass)
echo '
</div>';
// Showing an inline form?
if (!empty($pager) || isset($this->_t->form_below))
$this->renderPaginationForm($pager, $this->_t->form_below);
$title = $this->_t->getTitle();
if (!empty($title))
echo '
</div>';
}
protected function renderTitle()
{
$title = $this->_t->getTitle();
if (!empty($title))
@@ -25,43 +66,48 @@ class TabularData extends SubTemplate
<div class="generic-table', !empty($titleclass) ? ' ' . $titleclass : '', '">
<h1>', htmlspecialchars($title), '</h1>';
}
}
foreach ($this->_subtemplates as $template)
$template->html_main();
protected function renderPaginationForm($pager, $form)
{
echo '
<div class="row clearfix justify-content-end">';
// Showing an inline form?
$pager = $this->_t->getPageIndex();
if (!empty($pager) || isset($this->_t->form_above))
// Page index?
if (!empty($pager))
{
echo '
<div class="row clearfix justify-content-end">';
<div class="col-md">';
// Page index?
if (!empty($pager))
PageIndexWidget::paginate($pager);
// Form controls?
if (isset($this->_t->form_above))
$this->showForm($this->_t->form_above);
PageIndexWidget::paginate($pager);
echo '
</div>';
}
$tableClass = $this->_t->getTableClass();
if ($tableClass)
// Form controls?
if (isset($form))
{
echo '
<div class="', $tableClass, '">';
<div class="col-md-auto">';
InlineFormView::renderInlineForm($form);
echo '
</div>';
}
// Build the table!
echo '
<table class="table table-striped table-condensed">
</div>';
}
protected function renderTableHead(array $headers)
{
echo '
<thead>
<tr>';
// Show all headers in their full glory!
$header = $this->_t->getHeader();
foreach ($header as $th)
foreach ($headers as $th)
{
echo '
<th', (!empty($th['width']) ? ' width="' . $th['width'] . '"' : ''), (!empty($th['class']) ? ' class="' . $th['class'] . '"' : ''), ($th['colspan'] > 1 ? ' colspan="' . $th['colspan'] . '"' : ''), ' scope="', $th['scope'], '">',
@@ -75,11 +121,14 @@ class TabularData extends SubTemplate
echo '
</tr>
</thead>
</thead>';
}
protected function renderTableBody($body)
{
echo '
<tbody>';
// The body is what we came to see!
$body = $this->_t->getBody();
if (is_array($body))
{
foreach ($body as $tr)
@@ -90,145 +139,27 @@ class TabularData extends SubTemplate
foreach ($tr['cells'] as $td)
{
echo '
<td', (!empty($td['width']) ? ' width="' . $td['width'] . '"' : ''), '>';
if (!empty($td['class']))
echo '<span class="', $td['class'], '">', $td['value'], '</span>';
else
echo $td['value'];
echo '</td>';
<td',
(!empty($td['class']) ? ' class="' . $td['class'] . '"' : ''),
(!empty($td['width']) ? ' width="' . $td['width'] . '"' : ''), '>',
$td['value'],
'</td>';
}
echo '
</tr>';
}
}
// !!! Sum colspan!
else
{
$header = $this->_t->getHeader();
echo '
<tr>
<td colspan="', count($header), '" class="fullwidth">', $body, '</td>
</tr>';
echo '
</tbody>
</table>';
if ($tableClass)
echo '
</div>';
// Showing an inline form?
if (!empty($pager) || isset($this->_t->form_below))
{
echo '
<div class="row clearfix justify-content-end">';
// Page index?
if (!empty($pager))
PageIndexWidget::paginate($pager);
// Form controls?
if (isset($this->_t->form_below))
$this->showForm($this->_t->form_below);
echo '
</div>';
}
if (!empty($title))
echo '
</div>';
}
protected function showForm($form)
{
if (!isset($form['is_embed']))
echo '
<form action="', $form['action'], '" method="', $form['method'], '" class="', $form['class'], '">';
else
echo '
<div class="', $form['class'], '">';
if (!empty($form['is_group']))
echo '
<div class="input-group">';
if (!empty($form['fields']))
{
foreach ($form['fields'] as $name => $field)
{
if ($field['type'] === 'select')
{
echo '
<select class="form-select" name="', $name, '"', (isset($field['onchange']) ? ' onchange="' . $field['onchange'] . '"' : ''), '>';
foreach ($field['values'] as $value => $caption)
{
if (!is_array($caption))
{
echo '
<option value="', $value, '"', $value === $field['selected'] ? ' selected' : '', '>', $caption, '</option>';
}
else
{
$label = $value;
$options = $caption;
echo '
<optgroup label="', $label, '">';
foreach ($options as $value => $caption)
{
echo '
<option value="', $value, '"', $value === $field['selected'] ? ' selected' : '', '>', $caption, '</option>';
}
echo '
</optgroup>';
}
}
echo '
</select>';
}
else
echo '
<input name="', $name, '" id="field_', $name, '" type="', $field['type'], '" placeholder="', $field['placeholder'], '" class="form-control', isset($field['class']) ? ' ' . $field['class'] : '', '"', isset($field['value']) ? ' value="' . htmlspecialchars($field['value']) . '"' : '', '>';
if (isset($field['html_after']))
echo $field['html_after'];
}
}
echo '
<input type="hidden" name="', Session::getSessionTokenKey(), '" value="', Session::getSessionToken(), '">';
if (!empty($form['buttons']))
foreach ($form['buttons'] as $name => $button)
{
echo '
<button class="btn ', isset($button['class']) ? $button['class'] : 'btn-primary', '" type="', $button['type'], '" name="', $name, '"';
if (isset($button['onclick']))
echo ' onclick="', $button['onclick'], '"';
echo '>', $button['caption'], '</button>';
if (isset($button['html_after']))
echo $button['html_after'];
}
if (!empty($form['is_group']))
echo '
</div>';
if (!isset($form['is_embed']))
echo '
</form>';
else
echo '
</div>';
</tbody>';
}
}