Public/pics
2
2
Fork 2
Code Issues 5 Pull Requests Releases Wiki Activity

Compare commits

base: Public:master
Branches Tags
Public:master
Joost:master
Joost:elaborate-dev-setup
Joost:improve_thumbs
Joost:exif-date-time-original
Joost:refactor-tables
Joost:autosuggest
Public:version-1.2
Public:version-1.1
Public:version-1.0
Joost:version-1.2
Joost:version-1.1
Joost:version-1.0
..
compare: Joost:master
Branches Tags
Joost:master
Joost:elaborate-dev-setup
Joost:improve_thumbs
Joost:exif-date-time-original
Joost:refactor-tables
Joost:autosuggest
Public:master
Joost:version-1.2
Joost:version-1.1
Joost:version-1.0
Public:version-1.2
Public:version-1.1
Public:version-1.0

No commits in common. "master" and "master" have entirely different histories.
master ... master

40 changed files with 1248 additions and 1242 deletions
Show Stats Expand all files Collapse all files

15
controllers/EditAlbum.php
View File

@ -41,13 +41,13 @@ class EditAlbum extends HTMLController
exit;
}
else
throw new Exception('Cannot delete album: an error occured while processing the request.');
trigger_error('Cannot delete album: an error occured while processing the request.', E_USER_ERROR);
}
// Editing one, then, surely.
else
{
if ($album->kind !== 'Album')
throw new Exception('Cannot edit album: not an album.');
trigger_error('Cannot edit album: not an album.', E_USER_ERROR);
parent::__construct('Edit album \'' . $album->tag . '\'');
$form_title = 'Edit album \'' . $album->tag . '\'';
@ -67,7 +67,7 @@ class EditAlbum extends HTMLController
// Gather possible parents for this album to be filed into
$parentChoices = [0 => '-root-'];
foreach (Tag::getOffset(0, 9999, 'tag', 'up', true) as $parent)
foreach (PhotoAlbum::getHierarchy('tag', 'up') as $parent)
{
if (!empty($id_tag) && $parent['id_tag'] == $id_tag)
continue;
@ -139,10 +139,6 @@ class EditAlbum extends HTMLController
];
}
}
elseif (empty($_POST) && isset($album))
{
$formDefaults = get_object_vars($album);
}
elseif (empty($_POST) && count($parentChoices) > 1)
{
// Choose the first non-root album as the default parent
@ -150,8 +146,9 @@ class EditAlbum extends HTMLController
next($parentChoices);
$formDefaults = ['id_parent' => key($parentChoices)];
}
else
$formDefaults = $_POST;
if (!isset($formDefaults))
$formDefaults = isset($album) ? get_object_vars($album) : $_POST;
// Create the form, add in default values.
$this->form->setData($formDefaults);

2
controllers/EditAsset.php
View File

@ -67,7 +67,7 @@ class EditAsset extends HTMLController
// Get a list of available photo albums
$allAlbums = [];
foreach (Tag::getOffset(0, 9999, 'tag', 'up', true) as $album)
foreach (PhotoAlbum::getHierarchy('tag', 'up') as $album)
$allAlbums[$album['id_tag']] = $album['tag'];
// Figure out the current album id

4
controllers/EditTag.php
View File

@ -39,13 +39,13 @@ class EditTag extends HTMLController
exit;
}
else
throw new Exception('Cannot delete tag: an error occured while processing the request.');
trigger_error('Cannot delete tag: an error occured while processing the request.', E_USER_ERROR);
}
// Editing one, then, surely.
else
{
if ($tag->kind === 'Album')
throw new Exception('Cannot edit tag: is actually an album.');
trigger_error('Cannot edit tag: is actually an album.', E_USER_ERROR);
parent::__construct('Edit tag \'' . $tag->tag . '\'');
$form_title = 'Edit tag \'' . $tag->tag . '\'';

4
controllers/EditUser.php
View File

@ -33,7 +33,7 @@ class EditUser extends HTMLController
{
// Don't be stupid.
if ($current_user->getUserId() == $id_user)
throw new Exception('Sorry, I cannot allow you to delete yourself.');
trigger_error('Sorry, I cannot allow you to delete yourself.', E_USER_ERROR);
// So far so good?
$user = Member::fromId($id_user);
@ -43,7 +43,7 @@ class EditUser extends HTMLController
exit;
}
else
throw new Exception('Cannot delete user: an error occured while processing the request.');
trigger_error('Cannot delete user: an error occured while processing the request.', E_USER_ERROR);
}
// Editing one, then, surely.
else

4
controllers/Login.php
View File

@ -24,9 +24,7 @@ class Login extends HTMLController
if (Authentication::checkPassword($_POST['emailaddress'], $_POST['password']))
{
parent::__construct('Login');
$user = Member::fromEmailAddress($_POST['emailaddress']);
$_SESSION['user_id'] = $user->getUserId();
$_SESSION['user_id'] = Authentication::getUserId($_POST['emailaddress']);
if (isset($_POST['redirect_url']))
header('Location: ' . base64_decode($_POST['redirect_url']));

37
controllers/ManageAlbums.php
View File

@ -35,14 +35,18 @@ class ManageAlbums extends HTMLController
'tag' => [
'header' => 'Album',
'is_sortable' => true,
'link' => BASEURL . '/editalbum/?id={ID_TAG}',
'value' => 'tag',
'parse' => [
'link' => BASEURL . '/editalbum/?id={ID_TAG}',
'data' => 'tag',
],
],
'slug' => [
'header' => 'Slug',
'is_sortable' => true,
'link' => BASEURL . '/editalbum/?id={ID_TAG}',
'value' => 'slug',
'parse' => [
'link' => BASEURL . '/editalbum/?id={ID_TAG}',
'data' => 'slug',
],
],
'count' => [
'header' => '# Photos',
@ -50,21 +54,30 @@ class ManageAlbums extends HTMLController
'value' => 'count',
],
],
'default_sort_order' => 'tag',
'default_sort_direction' => 'up',
'start' => $_GET['start'] ?? 0,
'sort_order' => $_GET['order'] ?? '',
'sort_direction' => $_GET['dir'] ?? '',
'start' => !empty($_GET['start']) ? (int) $_GET['start'] : 0,
'sort_order' => !empty($_GET['order']) ? $_GET['order'] : null,
'sort_direction' => !empty($_GET['dir']) ? $_GET['dir'] : null,
'title' => 'Manage albums',
'no_items_label' => 'No albums meet the requirements of the current filter.',
'items_per_page' => 9999,
'index_class' => 'col-md-6',
'base_url' => BASEURL . '/managealbums/',
'get_data' => function($offset, $limit, $order, $direction) {
return Tag::getOffset($offset, $limit, $order, $direction, true);
'get_data' => function($offset = 0, $limit = 9999, $order = '', $direction = 'up') {
if (!in_array($order, ['id_tag', 'tag', 'slug', 'count']))
$order = 'tag';
if (!in_array($direction, ['up', 'down']))
$direction = 'up';
$rows = PhotoAlbum::getHierarchy($order, $direction);
return [
'rows' => $rows,
'order' => $order,
'direction' => ($direction == 'up' ? 'up' : 'down'),
];
},
'get_count' => function() {
return Tag::getCount(false, 'Album', true);
return 9999;
}
];

105
controllers/ManageAssets.php
View File

@ -38,33 +38,12 @@ class ManageAssets extends HTMLController
'checkbox' => [
'header' => '<input type="checkbox" id="selectall">',
'is_sortable' => false,
'format' => fn($row) =>
'<input type="checkbox" class="asset_select" name="delete[]" value="' . $row['id_asset'] . '">',
],
'thumbnail' => [
'header' => '&nbsp;',
'is_sortable' => false,
'cell_class' => 'text-center',
'format' => function($row) {
$asset = Image::byRow($row);
$width = $height = 65;
if ($asset->isImage())
{
if ($asset->isPortrait())
$width = null;
else
$height = null;
$thumb = $asset->getThumbnailUrl($width, $height);
}
else
$thumb = BASEURL . '/images/nothumb.svg';
$width = isset($width) ? $width . 'px' : 'auto';
$height = isset($height) ? $height . 'px' : 'auto';
return sprintf('<img src="%s" style="width: %s; height: %s;">', $thumb, $width, $height);
},
'parse' => [
'type' => 'function',
'data' => function($row) {
return '<input type="checkbox" class="asset_select" name="delete[]" value="' . $row['id_asset'] . '">';
},
],
],
'id_asset' => [
'value' => 'id_asset',
@ -80,42 +59,72 @@ class ManageAssets extends HTMLController
'value' => 'filename',
'header' => 'Filename',
'is_sortable' => true,
'link' => BASEURL . '/editasset/?id={ID_ASSET}',
'value' => 'filename',
'parse' => [
'type' => 'value',
'link' => BASEURL . '/editasset/?id={ID_ASSET}',
'data' => 'filename',
],
],
'id_user_uploaded' => [
'header' => 'User uploaded',
'is_sortable' => true,
'format' => function($row) {
if (!empty($row['id_user']))
return sprintf('<a href="%s/edituser/?id=%d">%s</a>', BASEURL, $row['id_user'],
$row['first_name'] . ' ' . $row['surname']);
else
return 'n/a';
},
'parse' => [
'type' => 'function',
'data' => function($row) {
if (!empty($row['id_user']))
return sprintf('<a href="%s/edituser/?id=%d">%s</a>', BASEURL, $row['id_user'],
$row['first_name'] . ' ' . $row['surname']);
else
return 'n/a';
},
],
],
'dimensions' => [
'header' => 'Dimensions',
'is_sortable' => false,
'format' => function($row) {
if (!empty($row['image_width']))
return $row['image_width'] . ' x ' . $row['image_height'];
else
return 'n/a';
},
'parse' => [
'type' => 'function',
'data' => function($row) {
if (!empty($row['image_width']))
return $row['image_width'] . ' x ' . $row['image_height'];
else
return 'n/a';
},
],
],
],
'default_sort_order' => 'id_asset',
'default_sort_direction' => 'down',
'start' => $_GET['start'] ?? 0,
'sort_order' => $_GET['order'] ?? '',
'sort_direction' => $_GET['dir'] ?? '',
'start' => !empty($_GET['start']) ? (int) $_GET['start'] : 0,
'sort_order' => !empty($_GET['order']) ? $_GET['order'] : '',
'sort_direction' => !empty($_GET['dir']) ? $_GET['dir'] : '',
'title' => 'Manage assets',
'no_items_label' => 'No assets meet the requirements of the current filter.',
'items_per_page' => 30,
'index_class' => 'col-md-6',
'base_url' => BASEURL . '/manageassets/',
'get_data' => 'Asset::getOffset',
'get_data' => function($offset = 0, $limit = 30, $order = '', $direction = 'down') {
if (!in_array($order, ['id_asset', 'id_user_uploaded', 'title', 'subdir', 'filename']))
$order = 'id_asset';
$data = Registry::get('db')->queryAssocs('
SELECT a.id_asset, a.subdir, a.filename,
a.image_width, a.image_height,
u.id_user, u.first_name, u.surname
FROM assets AS a
LEFT JOIN users AS u ON a.id_user_uploaded = u.id_user
ORDER BY {raw:order}
LIMIT {int:offset}, {int:limit}',
[
'order' => $order . ($direction == 'up' ? ' ASC' : ' DESC'),
'offset' => $offset,
'limit' => $limit,
]);
return [
'rows' => $data,
'order' => $order,
'direction' => $direction,
];
},
'get_count' => 'Asset::getCount',
];

73
controllers/ManageErrors.php
View File

@ -14,8 +14,8 @@ class ManageErrors extends HTMLController
if (!Registry::get('user')->isAdmin())
throw new NotAllowedException();
// Clearing, are we?
if (isset($_POST['clear']) && Session::validateSession('get'))
// Flushing, are we?
if (isset($_POST['flush']) && Session::validateSession('get'))
{
ErrorLog::flush();
header('Location: ' . BASEURL . '/manageerrors/');
@ -31,7 +31,7 @@ class ManageErrors extends HTMLController
'method' => 'post',
'class' => 'col-md-6 text-end',
'buttons' => [
'clear' => [
'flush' => [
'type' => 'submit',
'caption' => 'Delete all',
'class' => 'btn-danger',
@ -39,23 +39,26 @@ class ManageErrors extends HTMLController
],
],
'columns' => [
'id_entry' => [
'id' => [
'value' => 'id_entry',
'header' => '#',
'is_sortable' => true,
],
'message' => [
'parse' => [
'type' => 'function',
'data' => function($row) {
return $row['message'] . '<br>' .
'<div><a onclick="this.parentNode.childNodes[1].style.display=\'block\';this.style.display=\'none\';">Show debug info</a>' .
'<pre style="display: none">' . htmlspecialchars($row['debug_info']) .
'</pre></div>' .
'<small><a href="' . BASEURL .
htmlspecialchars($row['request_uri']) . '">' .
htmlspecialchars($row['request_uri']) . '</a></small>';
}
],
'header' => 'Message / URL',
'is_sortable' => false,
'format' => function($row) {
return $row['message'] . '<br>' .
'<div><a onclick="this.parentNode.childNodes[1].style.display=\'block\';this.style.display=\'none\';">Show debug info</a>' .
'<pre style="display: none">' . htmlspecialchars($row['debug_info']) .
'</pre></div>' .
'<small><a href="' . BASEURL .
htmlspecialchars($row['request_uri']) . '">' .
htmlspecialchars($row['request_uri']) . '</a></small>';
},
],
'file' => [
'value' => 'file',
@ -68,10 +71,12 @@ class ManageErrors extends HTMLController
'is_sortable' => true,
],
'time' => [
'format' => [
'parse' => [
'type' => 'timestamp',
'pattern' => 'long',
'value' => 'time',
'data' => [
'timestamp' => 'time',
'pattern' => 'long',
],
],
'header' => 'Time',
'is_sortable' => true,
@ -84,21 +89,41 @@ class ManageErrors extends HTMLController
'uid' => [
'header' => 'UID',
'is_sortable' => true,
'link' => BASEURL . '/edituser/?id={ID_USER}',
'value' => 'id_user',
'parse' => [
'link' => BASEURL . '/edituser/?id={ID_USER}',
'data' => 'id_user',
],
],
],
'default_sort_order' => 'id_entry',
'default_sort_direction' => 'down',
'start' => $_GET['start'] ?? 0,
'sort_order' => $_GET['order'] ?? '',
'sort_direction' => $_GET['dir'] ?? '',
'start' => !empty($_GET['start']) ? (int) $_GET['start'] : 0,
'sort_order' => !empty($_GET['order']) ? $_GET['order'] : '',
'sort_direction' => !empty($_GET['dir']) ? $_GET['dir'] : '',
'no_items_label' => "No errors to display -- we're all good!",
'items_per_page' => 20,
'index_class' => 'col-md-6',
'base_url' => BASEURL . '/manageerrors/',
'get_count' => 'ErrorLog::getCount',
'get_data' => 'ErrorLog::getOffset',
'get_data' => function($offset = 0, $limit = 20, $order = '', $direction = 'down') {
if (!in_array($order, ['id_entry', 'file', 'line', 'time', 'ipaddress', 'id_user']))
$order = 'id_entry';
$data = Registry::get('db')->queryAssocs('
SELECT *
FROM log_errors
ORDER BY {raw:order}
LIMIT {int:offset}, {int:limit}',
[
'order' => $order . ($direction === 'up' ? ' ASC' : ' DESC'),
'offset' => $offset,
'limit' => $limit,
]);
return [
'rows' => $data,
'order' => $order,
'direction' => $direction,
];
},
];
$error_log = new GenericTable($options);

70
controllers/ManageTags.php
View File

@ -37,25 +37,32 @@ class ManageTags extends HTMLController
'tag' => [
'header' => 'Tag',
'is_sortable' => true,
'link' => BASEURL . '/edittag/?id={ID_TAG}',
'value' => 'tag',
'parse' => [
'link' => BASEURL . '/edittag/?id={ID_TAG}',
'data' => 'tag',
],
],
'slug' => [
'header' => 'Slug',
'is_sortable' => true,
'link' => BASEURL . '/edittag/?id={ID_TAG}',
'value' => 'slug',
'parse' => [
'link' => BASEURL . '/edittag/?id={ID_TAG}',
'data' => 'slug',
],
],
'id_user_owner' => [
'header' => 'Owning user',
'is_sortable' => true,
'format' => function($row) {
if (!empty($row['id_user']))
return sprintf('<a href="%s/edituser/?id=%d">%s</a>', BASEURL, $row['id_user'],
$row['first_name'] . ' ' . $row['surname']);
else
return 'n/a';
},
'parse' => [
'type' => 'function',
'data' => function($row) {
if (!empty($row['id_user']))
return sprintf('<a href="%s/edituser/?id=%d">%s</a>', BASEURL, $row['id_user'],
$row['first_name'] . ' ' . $row['surname']);
else
return 'n/a';
},
],
],
'count' => [
'header' => 'Cardinality',
@ -63,21 +70,46 @@ class ManageTags extends HTMLController
'value' => 'count',
],
],
'default_sort_order' => 'tag',
'default_sort_direction' => 'up',
'start' => $_GET['start'] ?? 0,
'sort_order' => $_GET['order'] ?? '',
'sort_direction' => $_GET['dir'] ?? '',
'start' => !empty($_GET['start']) ? (int) $_GET['start'] : 0,
'sort_order' => !empty($_GET['order']) ? $_GET['order'] : null,
'sort_direction' => !empty($_GET['dir']) ? $_GET['dir'] : null,
'title' => 'Manage tags',
'no_items_label' => 'No tags meet the requirements of the current filter.',
'items_per_page' => 30,
'index_class' => 'col-md-6',
'base_url' => BASEURL . '/managetags/',
'get_data' => function($offset, $limit, $order, $direction) {
return Tag::getOffset($offset, $limit, $order, $direction, false);
'get_data' => function($offset = 0, $limit = 30, $order = '', $direction = 'up') {
if (!in_array($order, ['id_tag', 'tag', 'slug', 'kind', 'count']))
$order = 'tag';
if (!in_array($direction, ['up', 'down']))
$direction = 'up';
$data = Registry::get('db')->queryAssocs('
SELECT t.*, u.id_user, u.first_name, u.surname
FROM tags AS t
LEFT JOIN users AS u ON t.id_user_owner = u.id_user
WHERE kind != {string:album}
ORDER BY {raw:order}
LIMIT {int:offset}, {int:limit}',
[
'order' => $order . ($direction == 'up' ? ' ASC' : ' DESC'),
'offset' => $offset,
'limit' => $limit,
'album' => 'Album',
]);
return [
'rows' => $data,
'order' => $order,
'direction' => ($direction == 'up' ? 'up' : 'down'),
];
},
'get_count' => function() {
return Tag::getCount(false, null, false);
return Registry::get('db')->queryValue('
SELECT COUNT(*)
FROM tags
WHERE kind != {string:album}',
['album' => 'Album']);
}
];

70
controllers/ManageUsers.php
View File

@ -37,20 +37,26 @@ class ManageUsers extends HTMLController
'surname' => [
'header' => 'Last name',
'is_sortable' => true,
'link' => BASEURL . '/edituser/?id={ID_USER}',
'value' => 'surname',
'parse' => [
'link' => BASEURL . '/edituser/?id={ID_USER}',
'data' => 'surname',
],
],
'first_name' => [
'header' => 'First name',
'is_sortable' => true,
'link' => BASEURL . '/edituser/?id={ID_USER}',
'value' => 'first_name',
'parse' => [
'link' => BASEURL . '/edituser/?id={ID_USER}',
'data' => 'first_name',
],
],
'slug' => [
'header' => 'Slug',
'is_sortable' => true,
'link' => BASEURL . '/edituser/?id={ID_USER}',
'value' => 'slug',
'parse' => [
'link' => BASEURL . '/edituser/?id={ID_USER}',
'data' => 'slug',
],
],
'emailaddress' => [
'value' => 'emailaddress',
@ -58,11 +64,12 @@ class ManageUsers extends HTMLController
'is_sortable' => true,
],
'last_action_time' => [
'format' => [
'parse' => [
'type' => 'timestamp',
'pattern' => 'long',
'value' => 'last_action_time',
'if_null' => 'n/a',
'data' => [
'timestamp' => 'last_action_time',
'pattern' => 'long',
],
],
'header' => 'Last activity',
'is_sortable' => true,
@ -75,21 +82,48 @@ class ManageUsers extends HTMLController
'is_admin' => [
'is_sortable' => true,
'header' => 'Admin?',
'format' => fn($row) => $row['is_admin'] ? 'yes' : 'no',
'parse' => [
'type' => 'function',
'data' => function($row) {
return $row['is_admin'] ? 'yes' : 'no';
}
],
],
],
'default_sort_order' => 'id_user',
'default_sort_direction' => 'down',
'start' => $_GET['start'] ?? 0,
'sort_order' => $_GET['order'] ?? '',
'sort_direction' => $_GET['dir'] ?? '',
'start' => !empty($_GET['start']) ? (int) $_GET['start'] : 0,
'sort_order' => !empty($_GET['order']) ? $_GET['order'] : '',
'sort_direction' => !empty($_GET['dir']) ? $_GET['dir'] : '',
'title' => 'Manage users',
'no_items_label' => 'No users meet the requirements of the current filter.',
'items_per_page' => 30,
'index_class' => 'col-md-6',
'base_url' => BASEURL . '/manageusers/',
'get_data' => 'Member::getOffset',
'get_count' => 'Member::getCount',
'get_data' => function($offset = 0, $limit = 30, $order = '', $direction = 'down') {
if (!in_array($order, ['id_user', 'surname', 'first_name', 'slug', 'emailaddress', 'last_action_time', 'ip_address', 'is_admin']))
$order = 'id_user';
$data = Registry::get('db')->queryAssocs('
SELECT *
FROM users
ORDER BY {raw:order}
LIMIT {int:offset}, {int:limit}',
[
'order' => $order . ($direction == 'up' ? ' ASC' : ' DESC'),
'offset' => $offset,
'limit' => $limit,
]);
return [
'rows' => $data,
'order' => $order,
'direction' => $direction,
];
},
'get_count' => function() {
return Registry::get('db')->queryValue('
SELECT COUNT(*)
FROM users');
}
];
$table = new GenericTable($options);

126
controllers/ResetPassword.php
View File

@ -16,94 +16,66 @@ class ResetPassword extends HTMLController
// Verifying an existing reset key?
if (isset($_GET['step'], $_GET['email'], $_GET['key']) && $_GET['step'] == 2)
$this->verifyResetKey();
else
$this->requestResetKey();
}
private function requestResetKey()
{
parent::__construct('Reset password - ' . SITE_TITLE);
$form = new ForgotPasswordForm();
$this->page->adopt($form);
// Have they submitted an email address yet?
if (isset($_POST['emailaddress']) && preg_match('~^.+@.+\.[a-z]+$~', trim($_POST['emailaddress'])))
{
$user = Member::fromEmailAddress($_POST['emailaddress']);
if (!$user)
{
$form->adopt(new Alert('Invalid email address', 'The email address you provided could not be found in our system. Please try again.', 'danger'));
return;
}
$email = rawurldecode($_GET['email']);
$id_user = Authentication::getUserid($email);
if ($id_user === false)
throw new UserFacingException('Invalid email address. Please make sure you copied the full link in the email you received.');
if (Authentication::getResetTimeOut($user->getUserId()) > 0)
{
// Update the reset time-out to prevent hammering
$resetTimeOut = Authentication::updateResetTimeOut($user->getUserId());
$key = $_GET['key'];
if (!Authentication::checkResetKey($id_user, $key))
throw new UserFacingException('Invalid reset token. Please make sure you copied the full link in the email you received. Note: you cannot use the same token twice.');
// Present it to the user in a readable way
if ($resetTimeOut > 3600)
$timeOut = sprintf('%d hours', ceil($resetTimeOut / 3600));
elseif ($resetTimeOut > 60)
$timeOut = sprintf('%d minutes', ceil($resetTimeOut / 60));
parent::__construct('Reset password - ' . SITE_TITLE);
$form = new PasswordResetForm($email, $key);
$this->page->adopt($form);
// Are they trying to set something already?
if (isset($_POST['password1'], $_POST['password2']))
{
$missing = [];
if (strlen($_POST['password1']) < 6 || !preg_match('~[^A-z]~', $_POST['password1']))
$missing[] = 'Please fill in a password that is at least six characters long and contains at least one non-alphabetic character (e.g. a number or symbol).';
if ($_POST['password1'] != $_POST['password2'])
$missing[] = 'The passwords you entered do not match.';
// So, are we good to go?
if (empty($missing))
{
Authentication::updatePassword($id_user, Authentication::computeHash($_POST['password1']));
$_SESSION['login_msg'] = ['Your password has been reset', 'You can now use the form below to log in to your account.', 'success'];
header('Location: ' . BASEURL . '/login/');
exit;
}
else
$timeOut = sprintf('%d seconds', $resetTimeOut);
$form->adopt(new Alert('Password reset token already sent', 'We already sent a password reset token to this email address recently. ' .
'If no email was received, please wait ' . $timeOut . ' to try again.', 'error'));
return;
}
Authentication::setResetKey($user->getUserId());
Email::resetMail($user->getUserId());
// Show the success message
$this->page->clear();
$box = new DummyBox('An email has been sent');
$box->adopt(new Alert('', 'We have sent an email to ' . $_POST['emailaddress'] . ' containing details on how to reset your password.', 'success'));
$this->page->adopt($box);
$form->adopt(new Alert('Some fields require your attention', '<ul><li>' . implode('</li><li>', $missing) . '</li></ul>', 'danger'));
}
}
}
private function verifyResetKey()
{
$email = rawurldecode($_GET['email']);
$user = Member::fromEmailAddress($email);
if (!$user)
throw new UserFacingException('Invalid email address. Please make sure you copied the full link in the email you received.');
$key = $_GET['key'];
if (!Authentication::checkResetKey($user->getUserId(), $key))
throw new UserFacingException('Invalid reset token. Please make sure you copied the full link in the email you received. Note: you cannot use the same token twice.');
parent::__construct('Reset password - ' . SITE_TITLE);
$form = new PasswordResetForm($email, $key);
$this->page->adopt($form);
// Are they trying to set something already?
if (isset($_POST['password1'], $_POST['password2']))
else
{
$missing = [];
if (strlen($_POST['password1']) < 6 || !preg_match('~[^A-z]~', $_POST['password1']))
$missing[] = 'Please fill in a password that is at least six characters long and contains at least one non-alphabetic character (e.g. a number or symbol).';
if ($_POST['password1'] != $_POST['password2'])
$missing[] = 'The passwords you entered do not match.';
parent::__construct('Reset password - ' . SITE_TITLE);
$form = new ForgotPasswordForm();
$this->page->adopt($form);
// So, are we good to go?
if (empty($missing))
// Have they submitted an email address yet?
if (isset($_POST['emailaddress']) && preg_match('~^.+@.+\.[a-z]+$~', trim($_POST['emailaddress'])))
{
Authentication::updatePassword($user->getUserId(), Authentication::computeHash($_POST['password1']));
$id_user = Authentication::getUserid(trim($_POST['emailaddress']));
if ($id_user === false)
{
$form->adopt(new Alert('Invalid email address', 'The email address you provided could not be found in our system. Please try again.', 'danger'));
return;
}
// Consume token, ensuring it isn't used again
Authentication::consumeResetKey($user->getUserId());
Authentication::setResetKey($id_user);
Email::resetMail($id_user);
$_SESSION['login_msg'] = ['Your password has been reset', 'You can now use the form below to log in to your account.', 'success'];
header('Location: ' . BASEURL . '/login/');
exit;
// Show the success message
$this->page->clear();
$box = new DummyBox('An email has been sent');
$box->adopt(new Alert('', 'We have sent an email to ' . $_POST['emailaddress'] . ' containing details on how to reset your password.', 'success'));
$this->page->adopt($box);
}
else
$form->adopt(new Alert('Some fields require your attention', '<ul><li>' . implode('</li><li>', $missing) . '</li></ul>', 'danger'));
}
}
}

6
controllers/ViewPhotoAlbum.php
View File

@ -289,4 +289,10 @@ class ViewPhotoAlbum extends HTMLController
$description = !empty($tag->description) ? $tag->description : '';
return new AlbumHeaderBox($tag->tag, $description, $back_link, $back_link_title);
}
public function __destruct()
{
if (isset($this->iterator))
$this->iterator->clean();
}
}

6
controllers/ViewTimeline.php
View File

@ -54,4 +54,10 @@ class ViewTimeline extends HTMLController
// Set the canonical url.
$this->page->setCanonicalUrl(BASEURL . '/timeline/');
}
public function __destruct()
{
if (isset($this->iterator))
$this->iterator->clean();
}
}

2
migrations/2024-11-05.sql
View File

@ -1,2 +0,0 @@
/* Add time-out to password reset keys, and prevent repeated mails */
ALTER TABLE `users` ADD `reset_blocked_until` INT UNSIGNED NULL AFTER `reset_key`;

211
models/Asset.php
View File

@ -24,7 +24,7 @@ class Asset
protected $tags;
protected $thumbnails;
public function __construct(array $data)
protected function __construct(array $data)
{
foreach ($data as $attribute => $value)
{
@ -32,7 +32,7 @@ class Asset
$this->$attribute = $value;
}
if (isset($data['date_captured']) && $data['date_captured'] !== null && !is_object($data['date_captured']))
if (!empty($data['date_captured']) && $data['date_captured'] !== 'NULL')
$this->date_captured = new DateTime($data['date_captured']);
}
@ -56,7 +56,7 @@ class Asset
$row = Registry::get('db')->queryAssoc('
SELECT *
FROM assets
WHERE id_asset = :id_asset',
WHERE id_asset = {int:id_asset}',
[
'id_asset' => $id_asset,
]);
@ -69,7 +69,7 @@ class Asset
$row = Registry::get('db')->queryAssoc('
SELECT *
FROM assets
WHERE slug = :slug',
WHERE slug = {string:slug}',
[
'slug' => $slug,
]);
@ -85,7 +85,7 @@ class Asset
$row['meta'] = $db->queryPair('
SELECT variable, value
FROM assets_meta
WHERE id_asset = :id_asset',
WHERE id_asset = {int:id_asset}',
[
'id_asset' => $row['id_asset'],
]);
@ -94,20 +94,21 @@ class Asset
$row['thumbnails'] = $db->queryPair('
SELECT
CONCAT(
width, :x, height,
IF(mode != :empty1, CONCAT(:_, mode), :empty2)
width,
{string:x},
height,
IF(mode != {string:empty}, CONCAT({string:_}, mode), {string:empty})
) AS selector, filename
FROM assets_thumbs
WHERE id_asset = :id_asset',
WHERE id_asset = {int:id_asset}',
[
'id_asset' => $row['id_asset'],
'empty1' => '',
'empty2' => '',
'empty' => '',
'x' => 'x',
'_' => '_',
]);
return $return_format === 'object' ? new static($row) : $row;
return $return_format == 'object' ? new Asset($row) : $row;
}
public static function fromIds(array $id_assets, $return_format = 'array')
@ -120,14 +121,14 @@ class Asset
$res = $db->query('
SELECT *
FROM assets
WHERE id_asset IN (@id_assets)
WHERE id_asset IN ({array_int:id_assets})
ORDER BY id_asset',
[
'id_assets' => $id_assets,
]);
$assets = [];
while ($asset = $db->fetchAssoc($res))
while ($asset = $db->fetch_assoc($res))
{
$assets[$asset['id_asset']] = $asset;
$assets[$asset['id_asset']]['meta'] = [];
@ -137,7 +138,7 @@ class Asset
$metas = $db->queryRows('
SELECT id_asset, variable, value
FROM assets_meta
WHERE id_asset IN (@id_assets)
WHERE id_asset IN ({array_int:id_assets})
ORDER BY id_asset',
[
'id_assets' => $id_assets,
@ -149,16 +150,17 @@ class Asset
$thumbnails = $db->queryRows('
SELECT id_asset,
CONCAT(
width, :x, height,
IF(mode != :empty1, CONCAT(:_, mode), :empty2)
width,
{string:x},
height,
IF(mode != {string:empty}, CONCAT({string:_}, mode), {string:empty})
) AS selector, filename
FROM assets_thumbs
WHERE id_asset IN (@id_assets)
WHERE id_asset IN ({array_int:id_assets})
ORDER BY id_asset',
[
'id_assets' => $id_assets,
'empty1' => '',
'empty2' => '',
'empty' => '',
'x' => 'x',
'_' => '_',
]);
@ -166,10 +168,8 @@ class Asset
foreach ($thumbnails as $thumb)
$assets[$thumb[0]]['thumbnails'][$thumb[1]] = $thumb[2];
if ($return_format === 'array')
{
if ($return_format == 'array')
return $assets;
}
else
{
$objects = [];
@ -262,10 +262,10 @@ class Asset
INSERT INTO assets
(id_user_uploaded, subdir, filename, title, slug, mimetype, image_width, image_height, date_captured, priority)
VALUES
(:id_user_uploaded, :subdir, :filename, :title, :slug, :mimetype,
:image_width, :image_height,
IF(:date_captured > 0, FROM_UNIXTIME(:date_captured), NULL),
:priority)',
({int:id_user_uploaded}, {string:subdir}, {string:filename}, {string:title}, {string:slug}, {string:mimetype},
{int:image_width}, {int:image_height},
IF({int:date_captured} > 0, FROM_UNIXTIME({int:date_captured}), NULL),
{int:priority})',
[
'id_user_uploaded' => isset($id_user) ? $id_user : Registry::get('user')->getUserId(),
'subdir' => $preferred_subdir,
@ -273,9 +273,9 @@ class Asset
'title' => $title,
'slug' => $slug,
'mimetype' => $mimetype,
'image_width' => isset($image_width) ? $image_width : null,
'image_height' => isset($image_height) ? $image_height : null,
'date_captured' => isset($date_captured) ? $date_captured : null,
'image_width' => isset($image_width) ? $image_width : 'NULL',
'image_height' => isset($image_height) ? $image_height : 'NULL',
'date_captured' => isset($date_captured) ? $date_captured : 'NULL',
'priority' => isset($priority) ? (int) $priority : 0,
]);
@ -285,7 +285,7 @@ class Asset
return false;
}
$data['id_asset'] = $db->insertId();
$data['id_asset'] = $db->insert_id();
return $return_format === 'object' ? new self($data) : $data;
}
@ -324,7 +324,7 @@ class Asset
$posts = Registry::get('db')->queryValues('
SELECT id_post
FROM posts_assets
WHERE id_asset = :id_asset',
WHERE id_asset = {int:id_asset}',
['id_asset' => $this->id_asset]);
// TODO: fix empty post iterator.
@ -495,18 +495,18 @@ class Asset
return Registry::get('db')->query('
UPDATE assets
SET
mimetype = :mimetype,
image_width = :image_width,
image_height = :image_height,
date_captured = :date_captured,
priority = :priority
WHERE id_asset = :id_asset',
mimetype = {string:mimetype},
image_width = {int:image_width},
image_height = {int:image_height},
date_captured = {datetime:date_captured},
priority = {int:priority}
WHERE id_asset = {int:id_asset}',
[
'id_asset' => $this->id_asset,
'mimetype' => $this->mimetype,
'image_width' => isset($this->image_width) ? $this->image_width : null,
'image_height' => isset($this->image_height) ? $this->image_height : null,
'date_captured' => isset($this->date_captured) ? $this->date_captured : null,
'image_width' => isset($this->image_width) ? $this->image_width : 'NULL',
'image_height' => isset($this->image_height) ? $this->image_height : 'NULL',
'date_captured' => isset($this->date_captured) ? $this->date_captured : 'NULL',
'priority' => $this->priority,
]);
}
@ -527,8 +527,8 @@ class Asset
if (!empty($to_remove))
$db->query('
DELETE FROM assets_meta
WHERE id_asset = :id_asset AND
variable IN(@variables)',
WHERE id_asset = {int:id_asset} AND
variable IN({array_string:variables})',
[
'id_asset' => $this->id_asset,
'variables' => array_keys($to_remove),
@ -559,40 +559,63 @@ class Asset
{
$db = Registry::get('db');
// Delete any and all thumbnails, if this is an image.
if ($this->isImage())
{
$image = $this->getImage();
$image->removeAllThumbnails();
}
// Delete all meta info for this asset.
// First: delete associated metadata
$db->query('
DELETE FROM assets_meta
WHERE id_asset = :id_asset',
['id_asset' => $this->id_asset]);
WHERE id_asset = {int:id_asset}',
[
'id_asset' => $this->id_asset,
]);
// Figure out what tags to recount cardinality for
// Second: figure out what tags to recount cardinality for
$recount_tags = $db->queryValues('
SELECT id_tag
FROM assets_tags
WHERE id_asset = :id_asset',
['id_asset' => $this->id_asset]);
WHERE id_asset = {int:id_asset}',
[
'id_asset' => $this->id_asset,
]);
// Delete asset association for these tags
$db->query('
DELETE FROM assets_tags
WHERE id_asset = :id_asset',
['id_asset' => $this->id_asset]);
WHERE id_asset = {int:id_asset}',
[
'id_asset' => $this->id_asset,
]);
Tag::recount($recount_tags);
// Third: figure out what associated thumbs to delete
$thumbs_to_delete = $db->queryValues('
SELECT filename
FROM assets_thumbs
WHERE id_asset = {int:id_asset}',
[
'id_asset' => $this->id_asset,
]);
foreach ($thumbs_to_delete as $filename)
{
$thumb_path = THUMBSDIR . '/' . $this->subdir . '/' . $filename;
if (is_file($thumb_path))
unlink($thumb_path);
}
$db->query('
DELETE FROM assets_thumbs
WHERE id_asset = {int:id_asset}',
[
'id_asset' => $this->id_asset,
]);
// Reset asset ID for tags that use this asset for their thumbnail
$rows = $db->queryValues('
$rows = $db->query('
SELECT id_tag
FROM tags
WHERE id_asset_thumb = :id_asset',
['id_asset' => $this->id_asset]);
WHERE id_asset_thumb = {int:id_asset}',
[
'id_asset' => $this->id_asset,
]);
if (!empty($rows))
{
@ -609,8 +632,10 @@ class Asset
$return = $db->query('
DELETE FROM assets
WHERE id_asset = :id_asset',
['id_asset' => $this->id_asset]);
WHERE id_asset = {int:id_asset}',
[
'id_asset' => $this->id_asset,
]);
return $return;
}
@ -639,7 +664,7 @@ class Asset
Registry::get('db')->query('
DELETE FROM assets_tags
WHERE id_asset = :id_asset AND id_tag IN (@id_tags)',
WHERE id_asset = {int:id_asset} AND id_tag IN ({array_int:id_tags})',
[
'id_asset' => $this->id_asset,
'id_tags' => $id_tags,
@ -655,24 +680,6 @@ class Asset
FROM assets');
}
public static function getOffset($offset, $limit, $order, $direction)
{
$order = $order . ($direction == 'up' ? ' ASC' : ' DESC');
return Registry::get('db')->queryAssocs('
SELECT a.id_asset, a.subdir, a.filename,
a.image_width, a.image_height, a.mimetype,
u.id_user, u.first_name, u.surname
FROM assets AS a
LEFT JOIN users AS u ON a.id_user_uploaded = u.id_user
ORDER BY ' . $order . '
LIMIT :offset, :limit',
[
'offset' => $offset,
'limit' => $limit,
]);
}
public function save()
{
if (empty($this->id_asset))
@ -680,16 +687,18 @@ class Asset
return Registry::get('db')->query('
UPDATE assets
SET subdir = :subdir,
filename = :filename,
title = :title,
slug = :slug,
mimetype = :mimetype,
image_width = :image_width,
image_height = :image_height,
date_captured = :date_captured,
priority = :priority
WHERE id_asset = :id_asset',
SET id_asset = {int:id_asset},
id_user_uploaded = {int:id_user_uploaded},
subdir = {string:subdir},
filename = {string:filename},
title = {string:title},
slug = {string:slug},
mimetype = {string:mimetype},
image_width = {int:image_width},
image_height = {int:image_height},
date_captured = {datetime:date_captured},
priority = {int:priority}
WHERE id_asset = {int:id_asset}',
get_object_vars($this));
}
@ -707,27 +716,27 @@ class Asset
// Direction depends on whether we're browsing a tag or timeline
if (isset($tag))
{
$where[] = 't.id_tag = :id_tag';
$where[] = 't.id_tag = {int:id_tag}';
$params['id_tag'] = $tag->id_tag;
$where_op = $previous ? '<' : '>';
$order_dir = $previous ? 'DESC' : 'ASC';
$params['where_op'] = $previous ? '<' : '>';
$params['order_dir'] = $previous ? 'DESC' : 'ASC';
}
else
{
$where_op = $previous ? '>' : '<';
$order_dir = $previous ? 'ASC' : 'DESC';
$params['where_op'] = $previous ? '>' : '<';
$params['order_dir'] = $previous ? 'ASC' : 'DESC';
}
// Take active filter into account as well
if (!empty($activeFilter) && ($user = Member::fromSlug($activeFilter)) !== false)
{
$where[] = 'id_user_uploaded = :id_user_uploaded';
$where[] = 'id_user_uploaded = {int:id_user_uploaded}';
$params['id_user_uploaded'] = $user->getUserId();
}
// Use complete ordering when sorting the set
$where[] = '(a.date_captured, a.id_asset) ' . $where_op .
' (:date_captured, :id_asset)';
$where[] = '(a.date_captured, a.id_asset) {raw:where_op} ' .
'({datetime:date_captured}, {int:id_asset})';
// Stringify conditions together
$where = '(' . implode(') AND (', $where) . ')';
@ -739,7 +748,7 @@ class Asset
' . (isset($tag) ? '
INNER JOIN assets_tags AS t ON a.id_asset = t.id_asset' : '') . '
WHERE ' . $where . '
ORDER BY a.date_captured ' . $order_dir . ', a.id_asset ' . $order_dir . '
ORDER BY a.date_captured {raw:order_dir}, a.id_asset {raw:order_dir}
LIMIT 1',
$params);

141
models/AssetIterator.php
View File

@ -1,50 +1,42 @@
<?php
/*****************************************************************************
* AssetIterator.php
* Contains model class AssetIterator.
* Contains key class AssetIterator.
*
* Kabuki CMS (C) 2013-2025, Aaron van Geffen
* Kabuki CMS (C) 2013-2015, Aaron van Geffen
*****************************************************************************/
class AssetIterator implements Iterator
class AssetIterator extends Asset
{
private Database $db;
private $direction;
private $return_format;
private $rowCount;
private $res_assets;
private $res_meta;
private $res_thumbs;
private $assets_iterator;
private $meta_iterator;
private $thumbs_iterator;
protected function __construct(PDOStatement $stmt_assets, PDOStatement $stmt_meta, PDOStatement $stmt_thumbs,
$return_format, $direction)
protected function __construct($res_assets, $res_meta, $res_thumbs, $return_format, $direction)
{
$this->db = Registry::get('db');
$this->direction = $direction;
$this->res_assets = $res_assets;
$this->res_meta = $res_meta;
$this->res_thumbs = $res_thumbs;
$this->return_format = $return_format;
$this->rowCount = $stmt_assets->rowCount();
$this->assets_iterator = new CachedPDOIterator($stmt_assets);
$this->assets_iterator->rewind();
$this->meta_iterator = new CachedPDOIterator($stmt_meta);
$this->thumbs_iterator = new CachedPDOIterator($stmt_thumbs);
}
public static function all()
public function next()
{
return self::getByOptions();
}
$row = $this->db->fetch_assoc($this->res_assets);
public function current(): mixed
{
$row = $this->assets_iterator->current();
// No more rows?
if (!$row)
return $row;
return false;
// Collect metadata
// Looks up metadata.
$row['meta'] = [];
$this->meta_iterator->rewind();
foreach ($this->meta_iterator as $meta)
while ($meta = $this->db->fetch_assoc($this->res_meta))
{
if ($meta['id_asset'] != $row['id_asset'])
continue;
@ -52,23 +44,54 @@ class AssetIterator implements Iterator
$row['meta'][$meta['variable']] = $meta['value'];
}
// Collect thumbnails
// Reset internal pointer for next asset.
$this->db->data_seek($this->res_meta, 0);
// Looks up thumbnails.
$row['thumbnails'] = [];
$this->thumbs_iterator->rewind();
foreach ($this->thumbs_iterator as $thumb)
while ($thumbs = $this->db->fetch_assoc($this->res_thumbs))
{
if ($thumb['id_asset'] != $row['id_asset'])
if ($thumbs['id_asset'] != $row['id_asset'])
continue;
$row['thumbnails'][$thumb['selector']] = $thumb['filename'];
$row['thumbnails'][$thumbs['selector']] = $thumbs['filename'];
}
// Reset internal pointer for next asset.
$this->db->data_seek($this->res_thumbs, 0);
if ($this->return_format === 'object')
return new Asset($row);
else
return $row;
}
public function reset()
{
$this->db->data_seek($this->res_assets, 0);
$this->db->data_seek($this->res_meta, 0);
$this->db->data_seek($this->res_thumbs, 0);
}
public function clean()
{
if (!$this->res_assets)
return;
$this->db->free_result($this->res_assets);
$this->res_assets = null;
}
public function num()
{
return $this->db->num_rows($this->res_assets);
}
public static function all()
{
return self::getByOptions();
}
public static function getByOptions(array $options = [], $return_count = false, $return_format = 'object')
{
$params = [
@ -91,9 +114,9 @@ class AssetIterator implements Iterator
{
$params['mime_type'] = $options['mime_type'];
if (is_array($options['mime_type']))
$where[] = 'a.mimetype IN(@mime_type)';
$where[] = 'a.mimetype IN({array_string:mime_type})';
else
$where[] = 'a.mimetype = :mime_type';
$where[] = 'a.mimetype = {string:mime_type}';
}
if (isset($options['id_user_uploaded']))
{
@ -106,17 +129,7 @@ class AssetIterator implements Iterator
$where[] = 'id_asset IN(
SELECT l.id_asset
FROM assets_tags AS l
WHERE l.id_tag = :id_tag)';
}
elseif (isset($options['tag']))
{
$params['tag'] = $options['tag'];
$where[] = 'id_asset IN(
SELECT l.id_asset
FROM assets_tags AS l
INNER JOIN tags AS t
ON l.id_tag = t.id_tag
WHERE t.slug = :tag)';
WHERE l.id_tag = {int:id_tag})';
}
// Make it valid SQL.
@ -132,7 +145,7 @@ class AssetIterator implements Iterator
FROM assets AS a
WHERE ' . $where . '
ORDER BY ' . $order . (!empty($params['limit']) ? '
LIMIT :offset, :limit' : ''),
LIMIT {int:offset}, {int:limit}' : ''),
$params);
// Get a resource object for the asset meta.
@ -152,9 +165,9 @@ class AssetIterator implements Iterator
SELECT id_asset, filename,
CONCAT(
width,
:x,
{string:x},
height,
IF(mode != :empty1, CONCAT(:_, mode), :empty2)
IF(mode != {string:empty}, CONCAT({string:_}, mode), {string:empty})
) AS selector
FROM assets_thumbs
WHERE id_asset IN(
@ -164,8 +177,7 @@ class AssetIterator implements Iterator
)
ORDER BY id_asset',
$params + [
'empty1' => '',
'empty2' => '',
'empty' => '',
'x' => 'x',
'_' => '_',
]);
@ -187,38 +199,13 @@ class AssetIterator implements Iterator
return $iterator;
}
public function key(): mixed
{
return $this->assets_iterator->key();
}
public function isAscending(): bool
public function isAscending()
{
return $this->direction === 'asc';
}
public function isDescending(): bool
public function isDescending()
{
return $this->direction === 'desc';
}
public function next(): void
{
$this->assets_iterator->next();
}
public function num(): int
{
return $this->rowCount;
}
public function rewind(): void
{
$this->assets_iterator->rewind();
}
public function valid(): bool
{
return $this->assets_iterator->valid();
}
}

157
models/Authentication.php
View File

@ -12,27 +12,48 @@
*/
class Authentication
{
const DEFAULT_RESET_TIMEOUT = 30;
/**
* Checks whether a user still exists in the database.
*/
public static function checkExists($id_user)
{
$res = Registry::get('db')->queryValue('
SELECT id_user
FROM users
WHERE id_user = {int:id}',
[
'id' => $id_user,
]);
return $res !== null;
}
/**
* Checks a password for a given username against the database.
* Finds the user id belonging to a certain emailaddress.
*/
public static function checkPassword($emailaddress, $password)
public static function getUserId($emailaddress)
{
// Retrieve password hash for user matching the provided emailaddress.
$password_hash = Registry::get('db')->queryValue('
SELECT password_hash
$res = Registry::get('db')->queryValue('
SELECT id_user
FROM users
WHERE emailaddress = :emailaddress',
WHERE emailaddress = {string:emailaddress}',
[
'emailaddress' => $emailaddress,
]);
// If there's no hash, the user likely does not exist.
if (!$password_hash)
return false;
return empty($res) ? false : $res;
}
return password_verify($password, $password_hash);
public static function setResetKey($id_user)
{
return Registry::get('db')->query('
UPDATE users
SET reset_key = {string:key}
WHERE id_user = {int:id}',
[
'id' => $id_user,
'key' => self::newActivationKey(),
]);
}
public static function checkResetKey($id_user, $reset_key)
@ -48,55 +69,22 @@ class Authentication
return $key == $reset_key;
}
/**
* Computes a password hash.
*/
public static function computeHash($password)
{
$hash = password_hash($password, PASSWORD_DEFAULT);
if (!$hash)
throw new Exception('Hash creation failed!');
return $hash;
}
public static function consumeResetKey($id_user)
{
return Registry::get('db')->query('
UPDATE users
SET reset_key = NULL,
reset_blocked_until = NULL
WHERE id_user = {int:id_user}',
['id_user' => $id_user]);
}
public static function getResetTimeOut($id_user)
{
$resetTime = Registry::get('db')->queryValue('
SELECT reset_blocked_until
FROM users
WHERE id_user = {int:id_user}',
['id_user' => $id_user]);
return max(0, $resetTime - time());
}
/**
* Verifies whether the user is currently logged in.
*/
public static function isLoggedIn()
{
if (!isset($_SESSION['user_id']))
// Check whether the active session matches the current user's environment.
if (isset($_SESSION['ip_address'], $_SESSION['user_agent']) && (
(isset($_SERVER['REMOTE_ADDR']) && $_SESSION['ip_address'] != $_SERVER['REMOTE_ADDR']) ||
(isset($_SERVER['HTTP_USER_AGENT']) && $_SESSION['user_agent'] != $_SERVER['HTTP_USER_AGENT'])))
{
session_destroy();
return false;
}
try
{
$exists = Member::fromId($_SESSION['user_id']);
return true;
}
catch (NotFoundException $e)
{
return false;
}
// A user is logged in if a user id exists in the session and this id is (still) in the database.
return isset($_SESSION['user_id']) && self::checkExists($_SESSION['user_id']);
}
/**
@ -111,17 +99,36 @@ class Authentication
return $string;
}
public static function setResetKey($id_user)
/**
* Checks a password for a given username against the database.
*/
public static function checkPassword($emailaddress, $password)
{
return Registry::get('db')->query('
UPDATE users
SET reset_key = {string:key},
reset_blocked_until = UNIX_TIMESTAMP() + ' . static::DEFAULT_RESET_TIMEOUT . '
WHERE id_user = {int:id}',
// Retrieve password hash for user matching the provided emailaddress.
$password_hash = Registry::get('db')->queryValue('
SELECT password_hash
FROM users
WHERE emailaddress = {string:emailaddress}',
[
'id' => $id_user,
'key' => self::newActivationKey(),
'emailaddress' => $emailaddress,
]);
// If there's no hash, the user likely does not exist.
if (!$password_hash)
return false;
return password_verify($password, $password_hash);
}
/**
* Computes a password hash.
*/
public static function computeHash($password)
{
$hash = password_hash($password, PASSWORD_DEFAULT);
if (!$hash)
throw new Exception('Hash creation failed!');
return $hash;
}
/**
@ -132,35 +139,13 @@ class Authentication
return Registry::get('db')->query('
UPDATE users
SET
password_hash = :hash,
reset_key = :blank
WHERE id_user = :id_user',
password_hash = {string:hash},
reset_key = {string:blank}
WHERE id_user = {int:id_user}',
[
'id_user' => $id_user,
'hash' => $hash,
'blank' => '',
]);
}
public static function updateResetTimeOut($id_user)
{
$currentResetTimeOut = static::getResetTimeOut($id_user);
// New timeout: between 30 seconds, double the current timeout, and a full day
$newResetTimeOut = min(max(static::DEFAULT_RESET_TIMEOUT, $currentResetTimeOut * 2), 60 * 60 * 24);
$success = Registry::get('db')->query('
UPDATE users
SET reset_blocked_until = {int:new_time_out}
WHERE id_user = {int:id_user}',
[
'id_user' => $id_user,
'new_time_out' => time() + $newResetTimeOut,
]);
if (!$success)
throw new UnexpectedValueException('Could not set password reset timeout!');
return $newResetTimeOut;
}
}

56
models/CachedPDOIterator.php
View File

@ -1,56 +0,0 @@
<?php
/*****************************************************************************
* CachedPDOIterator.php
* Contains model class CachedPDOIterator.
*
* Based on https://gist.github.com/hakre/5152090
*
* Kabuki CMS (C) 2013-2021, Aaron van Geffen
*****************************************************************************/
class CachedPDOIterator extends CachingIterator
{
private $index;
public function __construct(PDOStatement $statement)
{
parent::__construct(new IteratorIterator($statement), self::FULL_CACHE);
}
public function rewind(): void
{
if ($this->index === null)
{
parent::rewind();
}
$this->index = 0;
}
public function current(): mixed
{
if ($this->offsetExists($this->index))
{
return $this->offsetGet($this->index);
}
return parent::current();
}
public function key(): mixed
{
return $this->index;
}
public function next(): void
{
$this->index++;
if (!$this->offsetExists($this->index))
{
parent::next();
}
}
public function valid(): bool
{
return $this->offsetExists($this->index) || parent::valid();
}
}

522
models/Database.php
View File

@ -1,34 +1,44 @@
<?php
/*****************************************************************************
* Database.php
* Contains model class Database.
* Contains key class Database.
*
* Kabuki CMS (C) 2013-2025, Aaron van Geffen
* Adapted from SMF 2.0's DBA (C) 2011 Simple Machines
* Used under BSD 3-clause license.
*
* Kabuki CMS (C) 2013-2015, Aaron van Geffen
*****************************************************************************/
/**
* The database model used to communicate with the MySQL server.
*/
class Database
{
private $connection;
private $query_count = 0;
private $logged_queries = [];
private array $db_callback;
public function __construct($host, $user, $password, $name)
/**
* Initialises a new database connection.
* @param server: server to connect to.
* @param user: username to use for authentication.
* @param password: password to use for authentication.
* @param name: database to select.
*/
public function __construct($server, $user, $password, $name)
{
try
{
$this->connection = new PDO("mysql:host=$host;dbname=$name;charset=utf8mb4", $user, $password, [
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
PDO::ATTR_EMULATE_PREPARES => false,
]);
}
$this->connection = @mysqli_connect($server, $user, $password, $name);
// Give up if we have a connection error.
catch (PDOException $e)
if (mysqli_connect_error())
{
http_response_code(503);
header('HTTP/1.1 503 Service Temporarily Unavailable');
echo '<h2>Database Connection Problems</h2><p>Our software could not connect to the database. We apologise for any inconvenience and ask you to check back later.</p>';
exit;
}
$this->query('SET NAMES {string:utf8mb4}', ['utf8mb4' => 'utf8mb4']);
}
public function getQueryCount()
@ -42,227 +52,305 @@ class Database
}
/**
* Fetches a row from a given statement/recordset, using field names as keys.
* Fetches a row from a given recordset, using field names as keys.
*/
public function fetchAssoc($stmt)
public function fetch_assoc($resource)
{
return $stmt->fetch(PDO::FETCH_ASSOC);
return mysqli_fetch_assoc($resource);
}
/**
* Fetches a row from a given statement/recordset, encapsulating into an object.
* Fetches a row from a given recordset, using numeric keys.
*/
public function fetchObject($stmt, $class)
public function fetch_row($resource)
{
return $stmt->fetchObject($class);
return mysqli_fetch_row($resource);
}
/**
* Fetches a row from a given statement/recordset, using numeric keys.
* Destroys a given recordset.
*/
public function fetchNum($stmt)
public function free_result($resource)
{
return $stmt->fetch(PDO::FETCH_NUM);
return mysqli_free_result($resource);
}
public function data_seek($result, $row_num)
{
return mysqli_data_seek($result, $row_num);
}
/**
* Destroys a given statement/recordset.
* Returns the amount of rows in a given recordset.
*/
public function free($stmt)
public function num_rows($resource)
{
return $stmt->closeCursor();
return mysqli_num_rows($resource);
}
/**
* Returns the amount of rows in a given statement/recordset.
* Returns the amount of fields in a given recordset.
*/
public function rowCount($stmt)
public function num_fields($resource)
{
return $stmt->rowCount();
return mysqli_num_fields($resource);
}
/**
* Returns the amount of fields in a given statement/recordset.
* Escapes a string.
*/
public function columnCount($stmt)
public function escape_string($string)
{
return $stmt->columnCount();
return mysqli_real_escape_string($this->connection, $string);
}
/**
* Unescapes a string.
*/
public function unescape_string($string)
{
return stripslashes($string);
}
/**
* Returns the last MySQL error.
*/
public function error()
{
return mysqli_error($this->connection);
}
public function server_info()
{
return mysqli_get_server_info($this->connection);
}
/**
* Selects a database on a given connection.
*/
public function select_db($database)
{
return mysqli_select_db($database, $this->connection);
}
/**
* Returns the amount of rows affected by the previous query.
*/
public function affected_rows()
{
return mysqli_affected_rows($this->connection);
}
/**
* Returns the id of the row created by a previous query.
*/
public function insertId($name = null)
public function insert_id()
{
return $this->connection->lastInsertId($name);
return mysqli_insert_id($this->connection);
}
/**
* Start a transaction.
* Do a MySQL transaction.
*/
public function beginTransaction()
public function transaction($operation = 'commit')
{
return $this->connection->beginTransaction();
}
/**
* Rollback changes in a transaction.
*/
public function rollback()
{
return $this->connection->rollBack();
}
/**
* Commit changes in a transaction.
*/
public function commit()
{
return $this->connection->commit();
}
private function expandPlaceholders($db_string, array &$db_values)
{
foreach ($db_values as $key => &$value)
switch ($operation)
{
if (str_contains($db_string, ':' . $key))
{
if (is_array($value))
{
throw new UnexpectedValueException('Array ' . $key .
' is used as a scalar placeholder. Did you mean to use \'@\' instead?');
}
// Prepare date/time values
if (is_a($value, 'DateTime'))
{
$value = $value->format('Y-m-d H:i:s');
}
}
elseif (str_contains($db_string, '@' . $key))
{
if (!is_array($value))
{
throw new UnexpectedValueException('Scalar value ' . $key .
' is used as an array placeholder. Did you mean to use \':\' instead?');
}
// Create placeholders for all array elements
$placeholders = array_map(fn($num) => ':' . $key . $num, range(0, count($value) - 1));
$db_string = str_replace('@' . $key, implode(', ', $placeholders), $db_string);
}
else
{
// throw new Exception('Warning: unused key in query: ' . $key);
}
case 'begin':
case 'rollback':
case 'commit':
return @mysqli_query($this->connection, strtoupper($operation));
default:
return false;
}
}
return $db_string;
/**
* Function used as a callback for the preg_match function that parses variables into database queries.
*/
private function replacement_callback($matches)
{
list ($values, $connection) = $this->db_callback;
if (!isset($matches[2]))
trigger_error('Invalid value inserted or no type specified.', E_USER_ERROR);
if (!isset($values[$matches[2]]))
trigger_error('The database value you\'re trying to insert does not exist: ' . htmlspecialchars($matches[2]), E_USER_ERROR);
$replacement = $values[$matches[2]];
switch ($matches[1])
{
case 'int':
if ((!is_numeric($replacement) || (string) $replacement !== (string) (int) $replacement) && $replacement !== 'NULL')
trigger_error('Wrong value type sent to the database for field: ' . $matches[2] . '. Integer expected.', E_USER_ERROR);
return $replacement !== 'NULL' ? (string) (int) $replacement : 'NULL';
break;
case 'string':
case 'text':
return $replacement !== 'NULL' ? sprintf('\'%1$s\'', mysqli_real_escape_string($connection, $replacement)) : 'NULL';
break;
case 'array_int':
if (is_array($replacement))
{
if (empty($replacement))
trigger_error('Database error, given array of integer values is empty.', E_USER_ERROR);
foreach ($replacement as $key => $value)
{
if (!is_numeric($value) || (string) $value !== (string) (int) $value)
trigger_error('Wrong value type sent to the database for field: ' . $matches[2] . '. Array of integers expected.', E_USER_ERROR);
$replacement[$key] = (string) (int) $value;
}
return implode(', ', $replacement);
}
else
trigger_error('Wrong value type sent to the database for field: ' . $matches[2] . '. Array of integers expected.', E_USER_ERROR);
break;
case 'array_string':
if (is_array($replacement))
{
if (empty($replacement))
trigger_error('Database error, given array of string values is empty.', E_USER_ERROR);
foreach ($replacement as $key => $value)
$replacement[$key] = sprintf('\'%1$s\'', mysqli_real_escape_string($connection, $value));
return implode(', ', $replacement);
}
else
trigger_error('Wrong value type sent to the database for field: ' . $matches[2] . '. Array of strings expected.', E_USER_ERROR);
break;
case 'date':
if (preg_match('~^(\d{4})-([0-1]?\d)-([0-3]?\d)$~', $replacement, $date_matches) === 1)
return sprintf('\'%04d-%02d-%02d\'', $date_matches[1], $date_matches[2], $date_matches[3]);
elseif ($replacement === 'NULL')
return 'NULL';
else
trigger_error('Wrong value type sent to the database for field: ' . $matches[2] . '. Date expected.', E_USER_ERROR);
break;
case 'datetime':
if (is_a($replacement, 'DateTime'))
return $replacement->format('\'Y-m-d H:i:s\'');
elseif (preg_match('~^(\d{4})-([0-1]?\d)-([0-3]?\d) (\d{2}):(\d{2}):(\d{2})$~', $replacement, $date_matches) === 1)
return sprintf('\'%04d-%02d-%02d %02d:%02d:%02d\'', $date_matches[1], $date_matches[2], $date_matches[3], $date_matches[4], $date_matches[5], $date_matches[6]);
elseif ($replacement === 'NULL')
return 'NULL';
else
trigger_error('Wrong value type sent to the database for field: ' . $matches[2] . '. DateTime expected.', E_USER_ERROR);
break;
case 'float':
if (!is_numeric($replacement) && $replacement !== 'NULL')
trigger_error('Wrong value type sent to the database for field: ' . $matches[2] . '. Floating point number expected.', E_USER_ERROR);
return $replacement !== 'NULL' ? (string) (float) $replacement : 'NULL';
break;
case 'identifier':
// Backticks inside identifiers are supported as of MySQL 4.1. We don't need them here.
return '`' . strtr($replacement, ['`' => '', '.' => '']) . '`';
break;
case 'raw':
return $replacement;
break;
case 'bool':
case 'boolean':
// In mysql this is a synonym for tinyint(1)
return (bool)$replacement ? 1 : 0;
break;
default:
trigger_error('Undefined type <b>' . $matches[1] . '</b> used in the database query', E_USER_ERROR);
break;
}
}
/**
* Escapes and quotes a string using values passed, and executes the query.
*/
public function query($db_string, array $db_values = []): PDOStatement
public function query($db_string, $db_values = [])
{
// One more query...
$this->query_count++;
// One more query....
$this->query_count ++;
// Error out if hardcoded strings are detected
if (strpos($db_string, '\'') !== false)
throw new UnexpectedValueException('Hack attempt: illegal character (\') used in query.');
// Overriding security? This is evil!
$security_override = $db_values === 'security_override' || !empty($db_values['security_override']);
if (defined('DB_LOG_QUERIES') && DB_LOG_QUERIES)
// Please, just use new style queries.
if (strpos($db_string, '\'') !== false && !$security_override)
trigger_error('Hack attempt!', 'Illegal character (\') used in query.', E_USER_ERROR);
if (!$security_override && !empty($db_values))
{
// Set some values for use in the callback function.
$this->db_callback = [$db_values, $this->connection];
// Insert the values passed to this function.
$db_string = preg_replace_callback('~{([a-z_]+)(?::([a-zA-Z0-9_-]+))?}~', [&$this, 'replacement_callback'], $db_string);
// Save some memory.
$this->db_callback = [];
}
if (defined("DB_LOG_QUERIES") && DB_LOG_QUERIES)
$this->logged_queries[] = $db_string;
try
$return = @mysqli_query($this->connection, $db_string, empty($this->unbuffered) ? MYSQLI_STORE_RESULT : MYSQLI_USE_RESULT);
if (!$return)
{
// Preprocessing/checks: prepare any arrays for binding
$db_string = $this->expandPlaceholders($db_string, $db_values);
// Prepare query for execution
$statement = $this->connection->prepare($db_string);
// Bind parameters... the hard way, due to a limit/offset hack.
// NB: bindParam binds by reference, hence &$value here.
foreach ($db_values as $key => &$value)
{
// Assumption: both scalar and array values are preprocessed to use named ':' placeholders
if (!str_contains($db_string, ':' . $key))
continue;
if (!is_array($value))
{
$statement->bindParam(':' . $key, $value);
continue;
}
foreach (array_values($value) as $num => &$element)
{
$statement->bindParam(':' . $key . $num, $element);
}
}
$statement->execute();
return $statement;
$clean_sql = implode("\n", array_map('trim', explode("\n", $db_string)));
trigger_error($this->error() . '<br>' . $clean_sql, E_USER_ERROR);
}
catch (PDOException $e)
{
ob_start();
$debug = ob_get_clean();
throw new Exception($e->getMessage() . "\n" . var_export($e->errorInfo, true) . "\n" . var_export($db_values, true));
}
return $return;
}
/**
* Executes a query, returning an object of the row it returns.
* Escapes and quotes a string just like db_query, but does not execute the query.
* Useful for debugging purposes.
*/
public function queryObject($class, $db_string, $db_values = [])
public function quote($db_string, $db_values = [])
{
$res = $this->query($db_string, $db_values);
// Please, just use new style queries.
if (strpos($db_string, '\'') !== false)
trigger_error('Hack attempt!', 'Illegal character (\') used in query.', E_USER_ERROR);
if (!$res || $this->rowCount($res) === 0)
return null;
// Save some values for use in the callback function.
$this->db_callback = [$db_values, $this->connection];
$object = $this->fetchObject($res, $class);
$this->free($res);
// Insert the values passed to this function.
$db_string = preg_replace_callback('~{([a-z_]+)(?::([a-zA-Z0-9_-]+))?}~', [&$this, 'replacement_callback'], $db_string);
return $object;
}
// Save some memory.
$this->db_callback = [];
/**
* Executes a query, returning an array of objects of all the rows returns.
*/
public function queryObjects($class, $db_string, $db_values = [])
{
$res = $this->query($db_string, $db_values);
if (!$res || $this->rowCount($res) === 0)
return [];
$rows = [];
while ($object = $this->fetchObject($res, $class))
$rows[] = $object;
$this->free($res);
return $rows;
return $db_string;
}
/**
* Executes a query, returning an array of all the rows it returns.
*/
public function queryRow($db_string, array $db_values = [])
public function queryRow($db_string, $db_values = [])
{
$res = $this->query($db_string, $db_values);
if ($this->rowCount($res) === 0)
if (!$res || $this->num_rows($res) == 0)
return [];
$row = $this->fetchNum($res);
$this->free($res);
$row = $this->fetch_row($res);
$this->free_result($res);
return $row;
}
@ -270,18 +358,18 @@ class Database
/**
* Executes a query, returning an array of all the rows it returns.
*/
public function queryRows($db_string, array $db_values = [])
public function queryRows($db_string, $db_values = [])
{
$res = $this->query($db_string, $db_values);
if ($this->rowCount($res) === 0)
if (!$res || $this->num_rows($res) == 0)
return [];
$rows = [];
while ($row = $this->fetchNum($res))
while ($row = $this->fetch_row($res))
$rows[] = $row;
$this->free($res);
$this->free_result($res);
return $rows;
}
@ -289,18 +377,18 @@ class Database
/**
* Executes a query, returning an array of all the rows it returns.
*/
public function queryPair($db_string, array $db_values = [])
public function queryPair($db_string, $db_values = [])
{
$res = $this->query($db_string, $db_values);
if ($this->rowCount($res) === 0)
if (!$res || $this->num_rows($res) == 0)
return [];
$rows = [];
while ($row = $this->fetchNum($res))
while ($row = $this->fetch_row($res))
$rows[$row[0]] = $row[1];
$this->free($res);
$this->free_result($res);
return $rows;
}
@ -308,21 +396,21 @@ class Database
/**
* Executes a query, returning an array of all the rows it returns.
*/
public function queryPairs($db_string, $db_values = array())
public function queryPairs($db_string, $db_values = [])
{
$res = $this->query($db_string, $db_values);
if (!$res || $this->rowCount($res) === 0)
if (!$res || $this->num_rows($res) == 0)
return [];
$rows = [];
while ($row = $this->fetchAssoc($res))
while ($row = $this->fetch_assoc($res))
{
$key_value = reset($row);
$rows[$key_value] = $row;
}
$this->free($res);
$this->free_result($res);
return $rows;
}
@ -330,15 +418,15 @@ class Database
/**
* Executes a query, returning an associative array of all the rows it returns.
*/
public function queryAssoc($db_string, array $db_values = [])
public function queryAssoc($db_string, $db_values = [])
{
$res = $this->query($db_string, $db_values);
if ($this->rowCount($res) === 0)
if (!$res || $this->num_rows($res) == 0)
return [];
$row = $this->fetchAssoc($res);
$this->free($res);
$row = $this->fetch_assoc($res);
$this->free_result($res);
return $row;
}
@ -346,18 +434,18 @@ class Database
/**
* Executes a query, returning an associative array of all the rows it returns.
*/
public function queryAssocs($db_string, array $db_values = [])
public function queryAssocs($db_string, $db_values = [], $connection = null)
{
$res = $this->query($db_string, $db_values);
if ($this->rowCount($res) === 0)
if (!$res || $this->num_rows($res) == 0)
return [];
$rows = [];
while ($row = $this->fetchAssoc($res))
while ($row = $this->fetch_assoc($res))
$rows[] = $row;
$this->free($res);
$this->free_result($res);
return $rows;
}
@ -365,16 +453,16 @@ class Database
/**
* Executes a query, returning the first value of the first row.
*/
public function queryValue($db_string, array $db_values = [])
public function queryValue($db_string, $db_values = [])
{
$res = $this->query($db_string, $db_values);
// If this happens, you're doing it wrong.
if ($this->rowCount($res) === 0)
if (!$res || $this->num_rows($res) == 0)
return null;
list($value) = $this->fetchNum($res);
$this->free($res);
list($value) = $this->fetch_row($res);
$this->free_result($res);
return $value;
}
@ -382,18 +470,18 @@ class Database
/**
* Executes a query, returning an array of the first value of each row.
*/
public function queryValues($db_string, array $db_values = [])
public function queryValues($db_string, $db_values = [])
{
$res = $this->query($db_string, $db_values);
if ($this->rowCount($res) === 0)
if (!$res || $this->num_rows($res) == 0)
return [];
$rows = [];
while ($row = $this->fetchNum($res))
while ($row = $this->fetch_row($res))
$rows[] = $row[0];
$this->free($res);
$this->free_result($res);
return $rows;
}
@ -411,45 +499,35 @@ class Database
if (!is_array($data[array_rand($data)]))
$data = [$data];
// Determine the method of insertion.
$method = $method == 'replace' ? 'REPLACE' : ($method == 'ignore' ? 'INSERT IGNORE' : 'INSERT');
// What columns are we inserting?
$columns = array_keys($data[0]);
// Start building the query.
$db_string = $method . ' INTO ' . $table . ' (' . implode(',', $columns) . ') VALUES ';
// Create the mold for a single row insert.
$placeholders = '(' . substr(str_repeat('?, ', count($columns)), 0, -2) . '), ';
// Append it for every row we're to insert.
$values = [];
foreach ($data as $row)
$insertData = '(';
foreach ($columns as $columnName => $type)
{
$values = array_merge($values, array_values($row));
$db_string .= $placeholders;
// Are we restricting the length?
if (strpos($type, 'string-') !== false)
$insertData .= sprintf('SUBSTRING({string:%1$s}, 1, ' . substr($type, 7) . '), ', $columnName);
else
$insertData .= sprintf('{%1$s:%2$s}, ', $type, $columnName);
}
$insertData = substr($insertData, 0, -2) . ')';
// Get rid of the tailing comma.
$db_string = substr($db_string, 0, -2);
// Create an array consisting of only the columns.
$indexed_columns = array_keys($columns);
// Prepare for your impending demise!
$statement = $this->connection->prepare($db_string);
// Here's where the variables are injected to the query.
$insertRows = [];
foreach ($data as $dataRow)
$insertRows[] = $this->quote($insertData, array_combine($indexed_columns, $dataRow));
// Bind parameters... the hard way, due to a limit/offset hack.
foreach ($values as $key => $value)
$statement->bindValue($key + 1, $values[$key]);
// Determine the method of insertion.
$queryTitle = $method === 'replace' ? 'REPLACE' : ($method === 'ignore' ? 'INSERT IGNORE' : 'INSERT');
// Handle errors.
try
{
$statement->execute();
return $statement;
}
catch (PDOException $e)
{
throw new Exception($e->getMessage() . '<br><br>' . $db_string . '<br><br>' . print_r($values, true));
}
// Do the insert.
return $this->query('
' . $queryTitle . ' INTO ' . $table . ' (`' . implode('`, `', $indexed_columns) . '`)
VALUES
' . implode(',
', $insertRows),
['security_override' => true]);
}
}

46
models/Dispatcher.php
View File

@ -44,19 +44,6 @@ class Dispatcher
}
}
public static function errorPage($title, $body)
{
$page = new MainTemplate($title);
$page->adopt(new ErrorPage($title, $body));
if (Registry::get('user')->isAdmin())
{
$page->appendStylesheet(BASEURL . '/css/admin.css');
}
$page->html_main();
}
/**
* Kicks a guest to a login form, redirecting them back to this page upon login.
*/
@ -73,24 +60,37 @@ class Dispatcher
exit;
}
private static function trigger400()
public static function trigger400()
{
http_response_code(400);
self::errorPage('Bad request', 'The server does not understand your request.');
header('HTTP/1.1 400 Bad Request');
$page = new MainTemplate('Bad request');
$page->adopt(new DummyBox('Bad request', '<p>The server does not understand your request.</p>'));
$page->html_main();
exit;
}
private static function trigger403()
public static function trigger403()
{
http_response_code(403);
self::errorPage('Forbidden', 'You do not have access to this page.');
header('HTTP/1.1 403 Forbidden');
$page = new MainTemplate('Access denied');
$page->adopt(new DummyBox('Forbidden', '<p>You do not have access to the page you requested.</p>'));
$page->html_main();
exit;
}
private static function trigger404()
public static function trigger404()
{
http_response_code(404);
$page = new ViewErrorPage('Page not found!');
$page->showContent();
header('HTTP/1.1 404 Not Found');
$page = new MainTemplate('Page not found');
if (Registry::has('user') && Registry::get('user')->isAdmin())
{
$page->appendStylesheet(BASEURL . '/css/admin.css');
}
$page->adopt(new DummyBox('Well, this is a bit embarrassing!', '<p>The page you requested could not be found. Don\'t worry, it\'s probably not your fault. You\'re welcome to browse the website, though!</p>', 'errormsg'));
$page->addClass('errorpage');
$page->html_main();
exit;
}
}

21
models/ErrorHandler.php
View File

@ -3,7 +3,7 @@
* ErrorHandler.php
* Contains key class ErrorHandler.
*
* Kabuki CMS (C) 2013-2025, Aaron van Geffen
* Kabuki CMS (C) 2013-2016, Aaron van Geffen
*****************************************************************************/
class ErrorHandler
@ -47,8 +47,10 @@ class ErrorHandler
// Log the error in the database.
self::logError($error_message, $debug_info, $file, $line);
// Display error and exit.
self::display($error_message, $file, $line, $debug_info);
// Are we considering this fatal? Then display and exit.
// !!! TODO: should we consider warnings fatal?
if (true) // DEBUG || (!DEBUG && $error_level === E_WARNING || $error_level === E_USER_WARNING))
self::display($file . ' (' . $line . ')<br>' . $error_message, $debug_info);
// If it wasn't a fatal error, well...
self::$handling_error = false;
@ -116,7 +118,7 @@ class ErrorHandler
}
// Logs an error into the database.
public static function logError($error_message = '', $debug_info = '', $file = '', $line = 0)
private static function logError($error_message = '', $debug_info = '', $file = '', $line = 0)
{
if (!ErrorLog::log([
'message' => $error_message,
@ -128,7 +130,7 @@ class ErrorHandler
'request_uri' => isset($_SERVER['REQUEST_URI']) ? $_SERVER['REQUEST_URI'] : '',
]))
{
http_response_code(503);
header('HTTP/1.1 503 Service Temporarily Unavailable');
echo '<h2>An Error Occurred</h2><p>Our software could not connect to the database. We apologise for any inconvenience and ask you to check back later.</p>';
exit;
}
@ -136,7 +138,7 @@ class ErrorHandler
return $error_message;
}
public static function display($message, $file, $line, $debug_info, $is_sensitive = true)
public static function display($message, $debug_info, $is_sensitive = true)
{
$is_admin = Registry::has('user') && Registry::get('user')->isAdmin();
@ -165,8 +167,7 @@ class ErrorHandler
$is_admin = Registry::has('user') && Registry::get('user')->isAdmin();
if (DEBUG || $is_admin)
{
$debug_info = sprintf("Trigger point:\n%s (L%d)\n\n%s", $file, $line, $debug_info);
$page->adopt(new ErrorPage('An error occurred!', $message, $debug_info));
$page->adopt(new DummyBox('An error occurred!', '<p>' . $message . '</p><pre>' . $debug_info . '</pre>'));
// Let's provide the admin navigation despite it all!
if ($is_admin)
@ -175,9 +176,9 @@ class ErrorHandler
}
}
elseif (!$is_sensitive)
$page->adopt(new ErrorPage('An error occurred!', '<p>' . $message . '</p>'));
$page->adopt(new DummyBox('An error occurred!', '<p>' . $message . '</p>'));
else
$page->adopt(new ErrorPage('An error occurred!', 'Our apologies, an error occurred while we were processing your request. Please try again later, or contact us if the problem persists.'));
$page->adopt(new DummyBox('An error occurred!', '<p>Our apologies, an error occurred while we were processing your request. Please try again later, or contact us if the problem persists.</p>'));
// If we got this far, make sure we're not showing stuff twice.
ob_end_clean();

22
models/ErrorLog.php
View File

@ -17,14 +17,14 @@ class ErrorLog
INSERT INTO log_errors
(id_user, message, debug_info, file, line, request_uri, time, ip_address)
VALUES
(:id_user, :message, :debug_info, :file, :line,
:request_uri, CURRENT_TIMESTAMP, :ip_address)',
({int:id_user}, {string:message}, {string:debug_info}, {string:file}, {int:line},
{string:request_uri}, CURRENT_TIMESTAMP, {string:ip_address})',
$data);
}
public static function flush()
{
return Registry::get('db')->query('DELETE FROM log_errors');
return Registry::get('db')->query('TRUNCATE log_errors');
}
public static function getCount()
@ -33,20 +33,4 @@ class ErrorLog
SELECT COUNT(*)
FROM log_errors');
}
public static function getOffset($offset, $limit, $order, $direction)
{
assert(in_array($order, ['id_entry', 'file', 'line', 'time', 'ipaddress', 'id_user']));
$order = $order . ($direction === 'up' ? ' ASC' : ' DESC');
return Registry::get('db')->queryAssocs('
SELECT *
FROM log_errors
ORDER BY ' . $order . '
LIMIT :offset, :limit',
[
'offset' => $offset,
'limit' => $limit,
]);
}
}

190
models/GenericTable.php
View File

@ -15,6 +15,7 @@ class GenericTable
private $title;
private $title_class;
private $tableIsSortable = false;
public $form_above;
public $form_below;
@ -28,22 +29,58 @@ class GenericTable
public function __construct($options)
{
$this->initOrder($options);
$this->initPagination($options);
// Make sure we're actually sorting on something sortable.
if (!isset($options['sort_order']) || (!empty($options['sort_order']) && empty($options['columns'][$options['sort_order']]['is_sortable'])))
$options['sort_order'] = '';
$data = $options['get_data']($this->start, $this->items_per_page,
$this->sort_order, $this->sort_direction);
// Order in which direction?
if (!empty($options['sort_direction']) && !in_array($options['sort_direction'], ['up', 'down']))
$options['sort_direction'] = 'up';
// Make sure we know whether we can actually sort on something.
$this->tableIsSortable = !empty($options['base_url']);
// How much data do we have?
$this->recordCount = $options['get_count'](...(!empty($options['get_count_params']) ? $options['get_count_params'] : []));
// How much data do we need to retrieve?
$this->items_per_page = !empty($options['items_per_page']) ? $options['items_per_page'] : 30;
// Figure out where to start.
$this->start = empty($options['start']) || !is_numeric($options['start']) || $options['start'] < 0 || $options['start'] > $this->recordCount ? 0 : $options['start'];
// Figure out where we are on the whole, too.
$numPages = max(1, ceil($this->recordCount / $this->items_per_page));
$this->currentPage = min(ceil($this->start / $this->items_per_page) + 1, $numPages);
// Let's bear a few things in mind...
$this->base_url = $options['base_url'];
// Gather parameters for the data gather function first.
$parameters = [$this->start, $this->items_per_page, $options['sort_order'], $options['sort_direction']];
if (!empty($options['get_data_params']) && is_array($options['get_data_params']))
$parameters = array_merge($parameters, $options['get_data_params']);
// Okay, let's fetch the data!
$data = $options['get_data'](...$parameters);
// Extract data into local variables.
$rawRowData = $data['rows'];
$this->sort_order = $data['order'];
$this->sort_direction = $data['direction'];
unset($data);
// Okay, now for the column headers...
$this->generateColumnHeaders($options);
// Should we create a page index?
if ($this->recordCount > $this->items_per_page)
$needsPageIndex = !empty($this->items_per_page) && $this->recordCount > $this->items_per_page;
if ($needsPageIndex)
$this->generatePageIndex($options);
// Process the data to be shown into rows.
if (!empty($data))
$this->processAllRows($data, $options);
if (!empty($rawRowData))
$this->processAllRows($rawRowData, $options);
else
$this->body = $options['no_items_label'] ?? '';
@ -58,38 +95,6 @@ class GenericTable
$this->form_below = $options['form_below'] ?? $options['form'] ?? null;
}
private function initOrder($options)
{
assert(isset($options['default_sort_order']));
assert(isset($options['default_sort_direction']));
// Validate sort order (column)
$this->sort_order = $options['sort_order'];
if (empty($this->sort_order) || empty($options['columns'][$this->sort_order]['is_sortable']))
$this->sort_order = $options['default_sort_order'];
// Validate sort direction
$this->sort_direction = $options['sort_direction'];
if (empty($this->sort_direction) || !in_array($this->sort_direction, ['up', 'down']))
$this->sort_direction = $options['default_sort_direction'];
}
private function initPagination(array $options)
{
assert(isset($options['base_url']));
assert(isset($options['items_per_page']));
$this->base_url = $options['base_url'];
$this->recordCount = $options['get_count']();
$this->items_per_page = !empty($options['items_per_page']) ? $options['items_per_page'] : 30;
$this->start = empty($options['start']) || !is_numeric($options['start']) || $options['start'] < 0 || $options['start'] > $this->recordCount ? 0 : $options['start'];
$numPages = max(1, ceil($this->recordCount / $this->items_per_page));
$this->currentPage = min(ceil($this->start / $this->items_per_page) + 1, $numPages);
}
private function generateColumnHeaders($options)
{
foreach ($options['columns'] as $key => $column)
@ -97,14 +102,14 @@ class GenericTable
if (empty($column['header']))
continue;
$isSortable = !empty($column['is_sortable']);
$isSortable = $this->tableIsSortable && !empty($column['is_sortable']);
$sortDirection = $key == $this->sort_order && $this->sort_direction === 'up' ? 'down' : 'up';
$header = [
'class' => isset($column['class']) ? $column['class'] : '',
'cell_class' => isset($column['cell_class']) ? $column['cell_class'] : null,
'colspan' => !empty($column['header_colspan']) ? $column['header_colspan'] : 1,
'href' => $isSortable ? $this->getHeaderLink($this->start, $key, $sortDirection) : null,
'href' => $isSortable ? $this->getLink($this->start, $key, $sortDirection) : null,
'label' => $column['header'],
'scope' => 'col',
'sort_mode' => $key == $this->sort_order ? $this->sort_direction : null,
@ -121,7 +126,7 @@ class GenericTable
'base_url' => $this->base_url,
'index_class' => $options['index_class'] ?? '',
'items_per_page' => $this->items_per_page,
'linkBuilder' => [$this, 'getHeaderLink'],
'linkBuilder' => [$this, 'getLink'],
'recordCount' => $this->recordCount,
'sort_direction' => $this->sort_direction,
'sort_order' => $this->sort_order,
@ -129,7 +134,7 @@ class GenericTable
]);
}
public function getHeaderLink($start = null, $order = null, $dir = null)
public function getLink($start = null, $order = null, $dir = null)
{
if ($start === null)
$start = $this->start;
@ -191,18 +196,12 @@ class GenericTable
foreach ($options['columns'] as $column)
{
// Process formatting
if (isset($column['format']) && is_callable($column['format']))
$value = $column['format']($row);
elseif (isset($column['format']))
$value = self::processFormatting($column['format'], $row);
// Process data for this particular cell.
if (isset($column['parse']))
$value = self::processCell($column['parse'], $row);
else
$value = $row[$column['value']];
// Turn value into a link?
if (!empty($column['link']))
$value = $this->processLink($column['link'], $value, $row);
// Append the cell to the row.
$newRow['cells'][] = [
'class' => $column['cell_class'] ?? '',
@ -215,47 +214,68 @@ class GenericTable
}
}
private function processFormatting($options, $rowData)
private function processCell($options, $rowData)
{
if ($options['type'] === 'timestamp')
if (!isset($options['type']))
$options['type'] = 'value';
// Parse the basic value first.
switch ($options['type'])
{
if (empty($options['pattern']) || $options['pattern'] === 'long')
$pattern = 'Y-m-d H:i';
elseif ($options['pattern'] === 'short')
$pattern = 'Y-m-d';
else
$pattern = $options['pattern'];
// Basic option: simply take a use a particular data property.
case 'value':
$value = htmlspecialchars($rowData[$options['data']]);
break;
assert(array_key_exists($options['value'], $rowData));
if (isset($rowData[$options['value']]) && !is_numeric($rowData[$options['value']]))
$timestamp = strtotime($rowData[$options['value']]);
else
$timestamp = (int) $rowData[$options['value']];
// Processing via a lambda function.
case 'function':
$value = $options['data']($rowData);
break;
if (isset($options['if_null']) && $timestamp == 0)
$value = $options['if_null'];
else
$value = date($pattern, $timestamp);
// Using sprintf to fill out a particular pattern.
case 'sprintf':
$parameters = [$options['data']['pattern']];
foreach ($options['data']['arguments'] as $identifier)
$parameters[] = $rowData[$identifier];
return $value;
$value = sprintf(...$parameters);
break;
// Timestamps get custom treatment.
case 'timestamp':
if (empty($options['data']['pattern']) || $options['data']['pattern'] === 'long')
$pattern = 'Y-m-d H:i';
elseif ($options['data']['pattern'] === 'short')
$pattern = 'Y-m-d';
else
$pattern = $options['data']['pattern'];
if (!isset($rowData[$options['data']['timestamp']]))
$timestamp = 0;
elseif (!is_numeric($rowData[$options['data']['timestamp']]))
$timestamp = strtotime($rowData[$options['data']['timestamp']]);
else
$timestamp = (int) $rowData[$options['data']['timestamp']];
if (isset($options['data']['if_null']) && $timestamp == 0)
$value = $options['data']['if_null'];
else
$value = date($pattern, $timestamp);
break;
}
else
throw ValueError('Unexpected formatter type: ' . $options['type']);
}
private function processLink($template, $value, array $rowData)
{
$href = $this->rowReplacements($template, $rowData);
return '<a href="' . $href . '">' . $value . '</a>';
}
// Generate a link, if requested.
if (!empty($options['link']))
{
// First, generate the replacement variables.
$keys = array_keys($rowData);
$values = array_values($rowData);
foreach ($keys as $keyKey => $keyValue)
$keys[$keyKey] = '{' . strtoupper($keyValue) . '}';
private function rowReplacements($template, array $rowData)
{
$keys = array_keys($rowData);
$values = array_values($rowData);
foreach ($keys as $keyKey => $keyValue)
$keys[$keyKey] = '{' . strtoupper($keyValue) . '}';
$value = '<a href="' . str_replace($keys, $values, $options['link']) . '">' . $value . '</a>';
}
return str_replace($keys, $values, $template);
return $value;
}
}

14
models/Image.php
View File

@ -12,6 +12,12 @@ class Image extends Asset
const TYPE_LANDSCAPE = 2;
const TYPE_PORTRAIT = 4;
protected function __construct(array $data)
{
foreach ($data as $attribute => $value)
$this->$attribute = $value;
}
public static function fromId($id_asset, $return_format = 'object')
{
$asset = parent::fromId($id_asset, 'array');
@ -165,7 +171,7 @@ class Image extends Asset
return Registry::get('db')->query('
DELETE FROM assets_thumbs
WHERE id_asset = :id_asset',
WHERE id_asset = {int:id_asset}',
['id_asset' => $this->id_asset]);
}
@ -183,9 +189,9 @@ class Image extends Asset
return Registry::get('db')->query('
DELETE FROM assets_thumbs
WHERE id_asset = :id_asset AND
width = :width AND
height = :height',
WHERE id_asset = {int:id_asset} AND
width = {int:width} AND
height = {int:height}',
[
'height' => $height,
'id_asset' => $this->id_asset,

63
models/Member.php
View File

@ -8,7 +8,7 @@
class Member extends User
{
private function __construct($data = [])
private function __construct($data)
{
foreach ($data as $key => $value)
$this->$key = $value;
@ -18,21 +18,12 @@ class Member extends User
$this->is_admin = $this->is_admin == 1;
}
public static function fromEmailAddress($email_address)
{
return Registry::get('db')->queryObject(static::class, '
SELECT *
FROM users
WHERE emailaddress = :email_address',
['email_address' => $email_address]);
}
public static function fromId($id_user)
{
$row = Registry::get('db')->queryAssoc('
SELECT *
FROM users
WHERE id_user = :id_user',
WHERE id_user = {int:id_user}',
[
'id_user' => $id_user,
]);
@ -49,7 +40,7 @@ class Member extends User
$row = Registry::get('db')->queryAssoc('
SELECT *
FROM users
WHERE slug = :slug',
WHERE slug = {string:slug}',
[
'slug' => $slug,
]);
@ -77,7 +68,6 @@ class Member extends User
'creation_time' => time(),
'ip_address' => isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : '',
'is_admin' => empty($data['is_admin']) ? 0 : 1,
'reset_key' => '',
];
if ($error)
@ -93,13 +83,12 @@ class Member extends User
'creation_time' => 'int',
'ip_address' => 'string-45',
'is_admin' => 'int',
'reset_key' => 'string-16'
], $new_user, ['id_user']);
if (!$bool)
return false;
$new_user['id_user'] = $db->insertId();
$new_user['id_user'] = $db->insert_id();
$member = new Member($new_user);
return $member;
@ -127,14 +116,14 @@ class Member extends User
return Registry::get('db')->query('
UPDATE users
SET
first_name = :first_name,
surname = :surname,
slug = :slug,
emailaddress = :emailaddress,
password_hash = :password_hash,
is_admin = :is_admin
WHERE id_user = :id_user',
get_object_vars($this));
first_name = {string:first_name},
surname = {string:surname},
slug = {string:slug},
emailaddress = {string:emailaddress},
password_hash = {string:password_hash},
is_admin = {int:is_admin}
WHERE id_user = {int:id_user}',
$params);
}
/**
@ -145,7 +134,7 @@ class Member extends User
{
return Registry::get('db')->query('
DELETE FROM users
WHERE id_user = :id_user',
WHERE id_user = {int:id_user}',
['id_user' => $this->id_user]);
}
@ -160,7 +149,7 @@ class Member extends User
$res = Registry::get('db')->queryValue('
SELECT id_user
FROM users
WHERE emailaddress = :emailaddress',
WHERE emailaddress = {string:emailaddress}',
[
'emailaddress' => $emailaddress,
]);
@ -176,9 +165,9 @@ class Member extends User
return Registry::get('db')->query('
UPDATE users
SET
last_action_time = :now,
ip_address = :ip
WHERE id_user = :id',
last_action_time = {int:now},
ip_address = {string:ip}
WHERE id_user = {int:id}',
[
'now' => time(),
'id' => $this->id_user,
@ -198,22 +187,6 @@ class Member extends User
FROM users');
}
public static function getOffset($offset, $limit, $order, $direction)
{
assert(in_array($order, ['id_user', 'surname', 'first_name', 'slug', 'emailaddress', 'last_action_time', 'ip_address', 'is_admin']));
$order = $order . ($direction === 'up' ? ' ASC' : ' DESC');
return Registry::get('db')->queryAssocs('
SELECT *
FROM users
ORDER BY ' . $order . '
LIMIT :offset, :limit',
[
'offset' => $offset,
'limit' => $limit,
]);
}
public function getProps()
{
// We should probably phase out the use of this function, or refactor the access levels of member properties...
@ -223,7 +196,7 @@ class Member extends User
public static function getMemberMap()
{
return Registry::get('db')->queryPair('
SELECT id_user, CONCAT(first_name, :blank, surname) AS full_name
SELECT id_user, CONCAT(first_name, {string:blank}, surname) AS full_name
FROM users
ORDER BY first_name, surname',
[

76
models/PhotoAlbum.php Normal file
View File

@ -0,0 +1,76 @@
<?php
/*****************************************************************************
* PhotoAlbum.php
* Contains key class PhotoAlbum.
*
* Kabuki CMS (C) 2013-2015, Aaron van Geffen
*****************************************************************************/
class PhotoAlbum extends Tag
{
public static function getHierarchy($order, $direction)
{
$db = Registry::get('db');
$res = $db->query('
SELECT *
FROM tags
WHERE kind = {string:album}
ORDER BY id_parent, {raw:order}',
[
'order' => $order . ($direction == 'up' ? ' ASC' : ' DESC'),
'album' => 'Album',
]);
$albums_by_parent = [];
while ($row = $db->fetch_assoc($res))
{
if (!isset($albums_by_parent[$row['id_parent']]))
$albums_by_parent[$row['id_parent']] = [];
$albums_by_parent[$row['id_parent']][] = $row + ['children' => []];
}
$albums = self::getChildrenRecursively(0, 0, $albums_by_parent);
$rows = self::flattenChildrenRecursively($albums);
return $rows;
}
private static function getChildrenRecursively($id_parent, $level, &$albums_by_parent)
{
$children = [];
if (!isset($albums_by_parent[$id_parent]))
return $children;
foreach ($albums_by_parent[$id_parent] as $child)
{
if (isset($albums_by_parent[$child['id_tag']]))
$child['children'] = self::getChildrenRecursively($child['id_tag'], $level + 1, $albums_by_parent);
$child['tag'] = ($level ? str_repeat('—', $level * 2) . ' ' : '') . $child['tag'];
$children[] = $child;
}
return $children;
}
private static function flattenChildrenRecursively($albums)
{
if (empty($albums))
return [];
$rows = [];
foreach ($albums as $album)
{
$rows[] = array_intersect_key($album, array_flip(['id_tag', 'tag', 'slug', 'count']));
if (!empty($album['children']))
{
$children = self::flattenChildrenRecursively($album['children']);
foreach ($children as $child)
$rows[] = array_intersect_key($child, array_flip(['id_tag', 'tag', 'slug', 'count']));
}
}
return $rows;
}
}

22
models/PhotoMosaic.php
View File

@ -8,11 +8,11 @@
class PhotoMosaic
{
private bool $descending;
private $descending;
private AssetIterator $iterator;
private array $layouts;
private int $processedImages = 0;
private array $queue = [];
private $layouts;
private $processedImages = 0;
private $queue = [];
const IMAGE_MASK_ALL = Image::TYPE_PORTRAIT | Image::TYPE_LANDSCAPE | Image::TYPE_PANORAMA;
const NUM_DAYS_CUTOFF = 7;
@ -25,6 +25,11 @@ class PhotoMosaic
$this->descending = $iterator->isDescending();
}
public function __destruct()
{
$this->iterator->clean();
}
private function availableLayouts()
{
static $layouts = [
@ -81,14 +86,9 @@ class PhotoMosaic
}
}
// Check whatever's up next!
// NB: not is not a `foreach` so as to not reset the iterator implicitly
while ($this->iterator->valid())
// Check whatever's next up!
while (($asset = $this->iterator->next()) && ($image = $asset->getImage()))
{
$asset = $this->iterator->current();
$image = $asset->getImage();
$this->iterator->next();
// Give up on the recordset once dates are too far apart
if (isset($refDate) && abs(self::daysApart($image->getDateCaptured(), $refDate)) > self::NUM_DAYS_CUTOFF)
{

4
models/Registry.php
View File

@ -24,7 +24,7 @@ class Registry
public static function get($key)
{
if (!isset(self::$storage[$key]))
throw new Exception('Key does not exist in Registry: ' . $key);
trigger_error('Key does not exist in Registry: ' . $key, E_USER_ERROR);
return self::$storage[$key];
}
@ -32,7 +32,7 @@ class Registry
public static function remove($key)
{
if (!isset(self::$storage[$key]))
throw new Exception('Key does not exist in Registry: ' . $key);
trigger_error('Key does not exist in Registry: ' . $key, E_USER_ERROR);
unset(self::$storage[$key]);
}

4
models/Session.php
View File

@ -33,7 +33,7 @@ class Session
public static function getSessionToken()
{
if (empty($_SESSION['session_token']))
throw new Exception('Call to getSessionToken without a session token being set!');
trigger_error('Call to getSessionToken without a session token being set!', E_USER_ERROR);
return $_SESSION['session_token'];
}
@ -41,7 +41,7 @@ class Session
public static function getSessionTokenKey()
{
if (empty($_SESSION['session_token_key']))
throw new Exception('Call to getSessionTokenKey without a session token key being set!');
trigger_error('Call to getSessionTokenKey without a session token key being set!', E_USER_ERROR);
return $_SESSION['session_token_key'];
}

27
models/Setting.php
View File

@ -21,7 +21,7 @@ class Setting
REPLACE INTO settings
(id_user, variable, value, time_set)
VALUES
(:id_user, :key, :value, CURRENT_TIMESTAMP())',
({int:id_user}, {string:key}, {string:value}, CURRENT_TIMESTAMP())',
[
'id_user' => $id_user,
'key' => $key,
@ -45,7 +45,7 @@ class Setting
$value = Registry::get('db')->queryValue('
SELECT value
FROM settings
WHERE id_user = :id_user AND variable = :key',
WHERE id_user = {int:id_user} AND variable = {string:key}',
[
'id_user' => $id_user,
'key' => $key,
@ -63,30 +63,11 @@ class Setting
public static function remove($key, $id_user = null)
{
// User setting or global setting?
if ($id_user === null)
$id_user = Registry::get('user')->getUserId();
$pairs = Registry::get('db')->queryPair('
SELECT variable, value
FROM settings
WHERE id_user = :id_user',
[
'id_user' => $id_user,
]);
return $pairs;
}
public static function remove($key, $id_user = 0)
{
// User setting or global setting?
if ($id_user === null)
$id_user = Registry::get('user')->getUserId();
$id_user = Registry::get('user')->getUserId();
if (Registry::get('db')->query('
DELETE FROM settings
WHERE id_user = :id_user AND variable = :key',
WHERE id_user = {int:id_user} AND variable = {string:key}',
[
'id_user' => $id_user,
'key' => $key,

170
models/Tag.php
View File

@ -24,11 +24,6 @@ class Tag
$this->$attribute = $value;
}
public function __toString()
{
return $this->tag;
}
public static function fromId($id_tag, $return_format = 'object')
{
$db = Registry::get('db');
@ -36,7 +31,7 @@ class Tag
$row = $db->queryAssoc('
SELECT *
FROM tags
WHERE id_tag = :id_tag',
WHERE id_tag = {int:id_tag}',
[
'id_tag' => $id_tag,
]);
@ -55,7 +50,7 @@ class Tag
$row = $db->queryAssoc('
SELECT *
FROM tags
WHERE slug = :slug',
WHERE slug = {string:slug}',
[
'slug' => $slug,
]);
@ -73,7 +68,7 @@ class Tag
SELECT *
FROM tags
ORDER BY ' . ($limit > 0 ? 'count
LIMIT :limit' : 'tag'),
LIMIT {int:limit}' : 'tag'),
[
'limit' => $limit,
]);
@ -107,14 +102,14 @@ class Tag
$res = $db->query('
SELECT *
FROM tags
WHERE id_user_owner = :id_user_owner
WHERE id_user_owner = {int:id_user_owner}
ORDER BY tag',
[
'id_user_owner' => $id_user_owner,
]);
$objects = [];
while ($row = $db->fetchAssoc($res))
while ($row = $db->fetch_assoc($res))
$objects[$row['id_tag']] = new Tag($row);
return $objects;
@ -125,9 +120,9 @@ class Tag
$rows = Registry::get('db')->queryAssocs('
SELECT *
FROM tags
WHERE id_parent = :id_parent AND kind = :kind
WHERE id_parent = {int:id_parent} AND kind = {string:kind}
ORDER BY tag ASC
LIMIT :offset, :limit',
LIMIT {int:offset}, {int:limit}',
[
'id_parent' => $id_parent,
'kind' => 'Album',
@ -153,7 +148,7 @@ class Tag
FROM assets_tags AS at
LEFT JOIN assets AS a ON at.id_asset = a.id_asset
LEFT JOIN users AS u ON a.id_user_uploaded = u.id_user
WHERE at.id_tag = :id_tag
WHERE at.id_tag = {int:id_tag}
GROUP BY a.id_user_uploaded
ORDER BY u.first_name, u.surname',
[
@ -166,9 +161,9 @@ class Tag
$rows = Registry::get('db')->queryAssocs('
SELECT *
FROM tags
WHERE id_parent = :id_parent AND kind = :kind
WHERE id_parent = {int:id_parent} AND kind = {string:kind}
ORDER BY tag ASC
LIMIT :offset, :limit',
LIMIT {int:offset}, {int:limit}',
[
'id_parent' => $id_parent,
'kind' => 'Person',
@ -195,7 +190,7 @@ class Tag
WHERE id_tag IN(
SELECT id_tag
FROM assets_tags
WHERE id_asset = :id_asset
WHERE id_asset = {int:id_asset}
)
ORDER BY count DESC',
[
@ -225,7 +220,7 @@ class Tag
WHERE id_tag IN(
SELECT id_tag
FROM posts_tags
WHERE id_post = :id_post
WHERE id_post = {int:id_post}
)
ORDER BY count DESC',
[
@ -255,7 +250,7 @@ class Tag
FROM `assets_tags` AS at
WHERE at.id_tag = t.id_tag
)' . (!empty($id_tags) ? '
WHERE t.id_tag IN(@id_tags)' : ''),
WHERE t.id_tag IN({array_int:id_tags})' : ''),
['id_tags' => $id_tags]);
}
@ -276,14 +271,14 @@ class Tag
INSERT IGNORE INTO tags
(id_parent, tag, slug, kind, description, count)
VALUES
(:id_parent, :tag, :slug, :kind, :description, :count)
({int:id_parent}, {string:tag}, {string:slug}, {string:kind}, {string:description}, {int:count})
ON DUPLICATE KEY UPDATE count = count + 1',
$data);
if (!$res)
throw new Exception('Could not create the requested tag.');
trigger_error('Could not create the requested tag.', E_USER_ERROR);
$data['id_tag'] = $db->insertId();
$data['id_tag'] = $db->insert_id();
return $return_format === 'object' ? new Tag($data) : $data;
}
@ -297,15 +292,14 @@ class Tag
return Registry::get('db')->query('
UPDATE tags
SET
id_parent = :id_parent,
id_asset_thumb = :id_asset_thumb,' . (isset($this->id_user_owner) ? '
id_user_owner = :id_user_owner,' : '') . '
tag = :tag,
slug = :slug,
kind = :kind,
description = :description,
count = :count
WHERE id_tag = :id_tag',
id_parent = {int:id_parent},
id_asset_thumb = {int:id_asset_thumb},' . (isset($this->id_user_owner) ? '
id_user_owner = {int:id_user_owner},' : '') . '
tag = {string:tag},
slug = {string:slug},
description = {string:description},
count = {int:count}
WHERE id_tag = {int:id_tag}',
get_object_vars($this));
}
@ -313,10 +307,9 @@ class Tag
{
$db = Registry::get('db');
// Unlink any tagged assets
$res = $db->query('
DELETE FROM assets_tags
WHERE id_tag = :id_tag',
WHERE id_tag = {int:id_tag}',
[
'id_tag' => $this->id_tag,
]);
@ -324,10 +317,9 @@ class Tag
if (!$res)
return false;
// Delete the actual tag
return $db->query('
DELETE FROM tags
WHERE id_tag = :id_tag',
WHERE id_tag = {int:id_tag}',
[
'id_tag' => $this->id_tag,
]);
@ -339,15 +331,15 @@ class Tag
$new_id = $db->queryValue('
SELECT MAX(id_asset) as new_id
FROM assets_tags
WHERE id_tag = :id_tag',
WHERE id_tag = {int:id_tag}',
[
'id_tag' => $this->id_tag,
]);
return $db->query('
UPDATE tags
SET id_asset_thumb = :new_id
WHERE id_tag = :id_tag',
SET id_asset_thumb = {int:new_id}
WHERE id_tag = {int:id_tag}',
[
'new_id' => $new_id ?? 0,
'id_tag' => $this->id_tag,
@ -362,7 +354,7 @@ class Tag
return Registry::get('db')->queryPair('
SELECT id_tag, tag
FROM tags
WHERE LOWER(tag) LIKE :tokens
WHERE LOWER(tag) LIKE {string:tokens}
ORDER BY tag ASC',
['tokens' => '%' . strtolower(implode('%', $tokens)) . '%']);
}
@ -392,7 +384,7 @@ class Tag
return Registry::get('db')->queryPair('
SELECT id_tag, tag
FROM tags
WHERE tag = :tag',
WHERE tag = {string:tag}',
['tag' => $tag]);
}
@ -404,7 +396,7 @@ class Tag
return Registry::get('db')->queryValue('
SELECT id_tag
FROM tags
WHERE slug = :slug',
WHERE slug = {string:slug}',
['slug' => $slug]);
}
@ -413,103 +405,31 @@ class Tag
return Registry::get('db')->queryPair('
SELECT tag, id_tag
FROM tags
WHERE tag IN (:tags)',
WHERE tag IN ({array_string:tags})',
['tags' => $tags]);
}
public static function getCount($only_used = true, $kind = '', $isAlbum = false)
public static function getCount($only_active = 1, $kind = '')
{
$where = [];
if ($only_used)
if ($only_active)
$where[] = 'count > 0';
if (empty($kind))
$kind = 'Album';
if (!empty($kind))
$where[] = 'kind = {string:kind}';
$operator = $isAlbum ? '=' : '!=';
$where[] = 'kind ' . $operator . ' :kind';
$where = implode(' AND ', $where);
if (!empty($where))
$where = 'WHERE ' . implode(' AND ', $where);
else
$where = '';
return Registry::get('db')->queryValue('
SELECT COUNT(*)
FROM tags
WHERE ' . $where,
[
'kind' => $kind,
]);
FROM tags ' . $where,
['kind' => $kind]);
}
public static function getOffset($offset, $limit, $order, $direction, $isAlbum = false)
public function __toString()
{
assert(in_array($order, ['id_tag', 'tag', 'slug', 'count']));
$order = $order . ($direction === 'up' ? ' ASC' : ' DESC');
$operator = $isAlbum ? '=' : '!=';
$db = Registry::get('db');
$res = $db->query('
SELECT t.*, u.id_user, u.first_name, u.surname
FROM tags AS t
LEFT JOIN users AS u ON t.id_user_owner = u.id_user
WHERE kind ' . $operator . ' :album
ORDER BY id_parent, ' . $order . '
LIMIT :offset, :limit',
[
'offset' => $offset,
'limit' => $limit,
'album' => 'Album',
]);
$albums_by_parent = [];
while ($row = $db->fetchAssoc($res))
{
if (!isset($albums_by_parent[$row['id_parent']]))
$albums_by_parent[$row['id_parent']] = [];
$albums_by_parent[$row['id_parent']][] = $row + ['children' => []];
}
$albums = self::getChildrenRecursively(0, 0, $albums_by_parent);
$rows = self::flattenChildrenRecursively($albums);
return $rows;
}
private static function getChildrenRecursively($id_parent, $level, &$albums_by_parent)
{
$children = [];
if (!isset($albums_by_parent[$id_parent]))
return $children;
foreach ($albums_by_parent[$id_parent] as $child)
{
if (isset($albums_by_parent[$child['id_tag']]))
$child['children'] = self::getChildrenRecursively($child['id_tag'], $level + 1, $albums_by_parent);
$child['tag'] = ($level ? str_repeat('—', $level * 2) . ' ' : '') . $child['tag'];
$children[] = $child;
}
return $children;
}
private static function flattenChildrenRecursively($albums)
{
if (empty($albums))
return [];
$rows = [];
foreach ($albums as $album)
{
static $headers_to_keep = ['id_tag', 'tag', 'slug', 'count', 'id_user', 'first_name', 'surname'];
$rows[] = array_intersect_key($album, array_flip($headers_to_keep));
if (!empty($album['children']))
{
$children = self::flattenChildrenRecursively($album['children']);
foreach ($children as $child)
$rows[] = array_intersect_key($child, array_flip($headers_to_keep));
}
}
return $rows;
return $this->tag;
}
}

4
models/Thumbnail.php
View File

@ -335,7 +335,7 @@ class Thumbnail
if ($success)
{
$thumb_selector = $this->width . 'x' . $this->height . $this->filename_suffix;
$this->thumbnails[$thumb_selector] = $filename ?? null;
$this->thumbnails[$thumb_selector] = $filename !== 'NULL' ? $filename : null;
// For consistency, write new thumbnail filename to parent Image object.
// TODO: there could still be an inconsistency if multiple objects exists for the same image asset.
@ -349,7 +349,7 @@ class Thumbnail
private function markAsQueued()
{
$this->updateDb(null);
$this->updateDb('NULL');
}
private function markAsGenerated($filename)

1
models/User.php
View File

@ -23,7 +23,6 @@ abstract class User
protected $ip_address;
protected $is_admin;
protected $reset_key;
protected $reset_blocked_until;
protected bool $is_logged;
protected bool $is_guest;

2
public/css/default.css
View File

@ -366,8 +366,8 @@ div.polaroid a {
/* Album button box
---------------------*/
.album_button_box {
float: right;
display: flex;
justify-content: flex-end;
margin-bottom: 3rem;
}
.album_button_box > a,

2
templates/AlbumButtonBox.php
View File

@ -22,7 +22,7 @@ class AlbumButtonBox extends Template
public function html_main()
{
echo '
<div class="container album_button_box">';
<div class="album_button_box">';
foreach ($this->buttons as $button)
echo '

41
templates/ErrorPage.php
View File

@ -1,41 +0,0 @@
<?php
/*****************************************************************************
* ErrorPage.php
* Defines the template class ErrorPage.
*
* Kabuki CMS (C) 2013-2025, Aaron van Geffen
*****************************************************************************/
class ErrorPage extends Template
{
private $debug_info;
private $message;
private $title;
public function __construct($title, $message, $debug_info = null)
{
$this->title = $title;
$this->message = $message;
$this->debug_info = $debug_info;
}
public function html_main()
{
echo '
<div class="content-box container">
<h2>', $this->title, '</h2>
<p>', nl2br(htmlspecialchars($this->message)), '</p>';
if (isset($this->debug_info))
{
echo '
</div>
<div class="content-box container">
<h4>Debug Info</h4>
<pre>', htmlspecialchars($this->debug_info), '</pre>';
}
echo '
</div>';
}
}

10
templates/FeaturedThumbnailManager.php
View File

@ -8,12 +8,12 @@
class FeaturedThumbnailManager extends SubTemplate
{
private $iterator;
private $assets;
private $currentThumbnailId;
public function __construct(AssetIterator $iterator, $currentThumbnailId)
public function __construct(AssetIterator $assets, $currentThumbnailId)
{
$this->iterator = $iterator;
$this->assets = $assets;
$this->currentThumbnailId = $currentThumbnailId;
}
@ -25,7 +25,7 @@ class FeaturedThumbnailManager extends SubTemplate
<h2>Select thumbnail</h2>
<ul id="featuredThumbnail">';
foreach ($this->iterator as $asset)
while ($asset = $this->assets->next())
{
$image = $asset->getImage();
echo '
@ -36,6 +36,8 @@ class FeaturedThumbnailManager extends SubTemplate
</li>';
}
$this->assets->clean();
echo '
</ul>
<input type="hidden" name="', Session::getSessionTokenKey(), '" value="', Session::getSessionToken(), '">

2
templates/MainNavBar.php
View File

@ -33,7 +33,7 @@ class MainNavBar extends NavBar
<span class="navbar-toggler-icon"></span>
</button>';
if (Registry::has('user') && Registry::get('user')->isLoggedIn())
if (Registry::get('user')->isLoggedIn())
{
echo '
<div class="collapse navbar-collapse justify-content-end" id="', $this->innerMenuId, '">

5
templates/PhotoPage.php
View File

@ -174,10 +174,7 @@ class PhotoPage extends Template
echo '
</ul>';
if ($allowLinkingNewTags)
{
$this->printNewTagScript($tagKind, $tagListId, $newTagId);
}
$this->printNewTagScript($tagKind, $tagListId, $newTagId);
}
private function printNewTagScript($tagKind, $tagListId, $newTagId)

153
templates/TabularData.php
View File

@ -8,7 +8,7 @@
class TabularData extends SubTemplate
{
protected GenericTable $_t;
private GenericTable $_t;
public function __construct(GenericTable $table)
{
@ -16,47 +16,6 @@ class TabularData extends SubTemplate
}
protected function html_content()
{
$this->renderTitle();
foreach ($this->_subtemplates as $template)
$template->html_main();
// Showing an inline form?
$pager = $this->_t->getPageIndex();
if (!empty($pager) || isset($this->_t->form_above))
$this->renderPaginationForm($pager, $this->_t->form_above);
$tableClass = $this->_t->getTableClass();
if ($tableClass)
echo '
<div class="', $tableClass, '">';
// Build the table!
echo '
<table class="table table-striped table-condensed">';
$this->renderTableHead($this->_t->getHeader());
$this->renderTableBody($this->_t->getBody());
echo '
</table>';
if ($tableClass)
echo '
</div>';
// Showing an inline form?
if (!empty($pager) || isset($this->_t->form_below))
$this->renderPaginationForm($pager, $this->_t->form_below);
$title = $this->_t->getTitle();
if (!empty($title))
echo '
</div>';
}
protected function renderTitle()
{
$title = $this->_t->getTitle();
if (!empty($title))
@ -66,32 +25,43 @@ class TabularData extends SubTemplate
<div class="generic-table', !empty($titleclass) ? ' ' . $titleclass : '', '">
<h1>', htmlspecialchars($title), '</h1>';
}
}
protected function renderPaginationForm($pager, $form, $class='row')
{
echo '
<div class="', $class, ' clearfix justify-content-end">';
// Page index?
if (!empty($pager))
PageIndexWidget::paginate($pager);
// Form controls?
if (isset($form))
$this->renderInlineForm($form);
echo '
</div>';
}
protected function renderTableHead(array $headers)
{
foreach ($this->_subtemplates as $template)
$template->html_main();
// Showing an inline form?
$pager = $this->_t->getPageIndex();
if (!empty($pager) || isset($this->_t->form_above))
{
echo '
<div class="row clearfix justify-content-end">';
// Page index?
if (!empty($pager))
PageIndexWidget::paginate($pager);
// Form controls?
if (isset($this->_t->form_above))
$this->showForm($this->_t->form_above);
echo '
</div>';
}
$tableClass = $this->_t->getTableClass();
if ($tableClass)
echo '
<div class="', $tableClass, '">';
// Build the table!
echo '
<table class="table table-striped table-condensed">
<thead>
<tr>';
foreach ($headers as $th)
// Show all headers in their full glory!
$header = $this->_t->getHeader();
foreach ($header as $th)
{
echo '
<th', (!empty($th['width']) ? ' width="' . $th['width'] . '"' : ''), (!empty($th['class']) ? ' class="' . $th['class'] . '"' : ''), ($th['colspan'] > 1 ? ' colspan="' . $th['colspan'] . '"' : ''), ' scope="', $th['scope'], '">',
@ -105,14 +75,11 @@ class TabularData extends SubTemplate
echo '
</tr>
</thead>';
}
protected function renderTableBody($body)
{
echo '
</thead>
<tbody>';
// The body is what we came to see!
$body = $this->_t->getBody();
if (is_array($body))
{
foreach ($body as $tr)
@ -123,31 +90,59 @@ class TabularData extends SubTemplate
foreach ($tr['cells'] as $td)
{
echo '
<td',
(!empty($td['class']) ? ' class="' . $td['class'] . '"' : ''),
(!empty($td['width']) ? ' width="' . $td['width'] . '"' : ''), '>',
$td['value'],
'</td>';
<td', (!empty($td['width']) ? ' width="' . $td['width'] . '"' : ''), '>';
if (!empty($td['class']))
echo '<span class="', $td['class'], '">', $td['value'], '</span>';
else
echo $td['value'];
echo '</td>';
}
echo '
</tr>';
}
}
// !!! Sum colspan!
else
{
$header = $this->_t->getHeader();
echo '
<tr>
<td colspan="', count($header), '" class="fullwidth">', $body, '</td>
</tr>';
}
echo '
</tbody>';
</tbody>
</table>';
if ($tableClass)
echo '
</div>';
// Showing an inline form?
if (!empty($pager) || isset($this->_t->form_below))
{
echo '
<div class="row clearfix justify-content-end">';
// Page index?
if (!empty($pager))
PageIndexWidget::paginate($pager);
// Form controls?
if (isset($this->_t->form_below))
$this->showForm($this->_t->form_below);
echo '
</div>';
}
if (!empty($title))
echo '
</div>';
}
protected function renderInlineForm($form)
protected function showForm($form)
{
if (!isset($form['is_embed']))
echo '