Compare commits

..

No commits in common. "master" and "master" have entirely different histories.

40 changed files with 1248 additions and 1242 deletions

View File

@ -41,13 +41,13 @@ class EditAlbum extends HTMLController
exit;
}
else
throw new Exception('Cannot delete album: an error occured while processing the request.');
trigger_error('Cannot delete album: an error occured while processing the request.', E_USER_ERROR);
}
// Editing one, then, surely.
else
{
if ($album->kind !== 'Album')
throw new Exception('Cannot edit album: not an album.');
trigger_error('Cannot edit album: not an album.', E_USER_ERROR);
parent::__construct('Edit album \'' . $album->tag . '\'');
$form_title = 'Edit album \'' . $album->tag . '\'';
@ -67,7 +67,7 @@ class EditAlbum extends HTMLController
// Gather possible parents for this album to be filed into
$parentChoices = [0 => '-root-'];
foreach (Tag::getOffset(0, 9999, 'tag', 'up', true) as $parent)
foreach (PhotoAlbum::getHierarchy('tag', 'up') as $parent)
{
if (!empty($id_tag) && $parent['id_tag'] == $id_tag)
continue;
@ -139,10 +139,6 @@ class EditAlbum extends HTMLController
];
}
}
elseif (empty($_POST) && isset($album))
{
$formDefaults = get_object_vars($album);
}
elseif (empty($_POST) && count($parentChoices) > 1)
{
// Choose the first non-root album as the default parent
@ -150,8 +146,9 @@ class EditAlbum extends HTMLController
next($parentChoices);
$formDefaults = ['id_parent' => key($parentChoices)];
}
else
$formDefaults = $_POST;
if (!isset($formDefaults))
$formDefaults = isset($album) ? get_object_vars($album) : $_POST;
// Create the form, add in default values.
$this->form->setData($formDefaults);

View File

@ -67,7 +67,7 @@ class EditAsset extends HTMLController
// Get a list of available photo albums
$allAlbums = [];
foreach (Tag::getOffset(0, 9999, 'tag', 'up', true) as $album)
foreach (PhotoAlbum::getHierarchy('tag', 'up') as $album)
$allAlbums[$album['id_tag']] = $album['tag'];
// Figure out the current album id

View File

@ -39,13 +39,13 @@ class EditTag extends HTMLController
exit;
}
else
throw new Exception('Cannot delete tag: an error occured while processing the request.');
trigger_error('Cannot delete tag: an error occured while processing the request.', E_USER_ERROR);
}
// Editing one, then, surely.
else
{
if ($tag->kind === 'Album')
throw new Exception('Cannot edit tag: is actually an album.');
trigger_error('Cannot edit tag: is actually an album.', E_USER_ERROR);
parent::__construct('Edit tag \'' . $tag->tag . '\'');
$form_title = 'Edit tag \'' . $tag->tag . '\'';

View File

@ -33,7 +33,7 @@ class EditUser extends HTMLController
{
// Don't be stupid.
if ($current_user->getUserId() == $id_user)
throw new Exception('Sorry, I cannot allow you to delete yourself.');
trigger_error('Sorry, I cannot allow you to delete yourself.', E_USER_ERROR);
// So far so good?
$user = Member::fromId($id_user);
@ -43,7 +43,7 @@ class EditUser extends HTMLController
exit;
}
else
throw new Exception('Cannot delete user: an error occured while processing the request.');
trigger_error('Cannot delete user: an error occured while processing the request.', E_USER_ERROR);
}
// Editing one, then, surely.
else

View File

@ -24,9 +24,7 @@ class Login extends HTMLController
if (Authentication::checkPassword($_POST['emailaddress'], $_POST['password']))
{
parent::__construct('Login');
$user = Member::fromEmailAddress($_POST['emailaddress']);
$_SESSION['user_id'] = $user->getUserId();
$_SESSION['user_id'] = Authentication::getUserId($_POST['emailaddress']);
if (isset($_POST['redirect_url']))
header('Location: ' . base64_decode($_POST['redirect_url']));

View File

@ -35,14 +35,18 @@ class ManageAlbums extends HTMLController
'tag' => [
'header' => 'Album',
'is_sortable' => true,
'link' => BASEURL . '/editalbum/?id={ID_TAG}',
'value' => 'tag',
'parse' => [
'link' => BASEURL . '/editalbum/?id={ID_TAG}',
'data' => 'tag',
],
],
'slug' => [
'header' => 'Slug',
'is_sortable' => true,
'link' => BASEURL . '/editalbum/?id={ID_TAG}',
'value' => 'slug',
'parse' => [
'link' => BASEURL . '/editalbum/?id={ID_TAG}',
'data' => 'slug',
],
],
'count' => [
'header' => '# Photos',
@ -50,21 +54,30 @@ class ManageAlbums extends HTMLController
'value' => 'count',
],
],
'default_sort_order' => 'tag',
'default_sort_direction' => 'up',
'start' => $_GET['start'] ?? 0,
'sort_order' => $_GET['order'] ?? '',
'sort_direction' => $_GET['dir'] ?? '',
'start' => !empty($_GET['start']) ? (int) $_GET['start'] : 0,
'sort_order' => !empty($_GET['order']) ? $_GET['order'] : null,
'sort_direction' => !empty($_GET['dir']) ? $_GET['dir'] : null,
'title' => 'Manage albums',
'no_items_label' => 'No albums meet the requirements of the current filter.',
'items_per_page' => 9999,
'index_class' => 'col-md-6',
'base_url' => BASEURL . '/managealbums/',
'get_data' => function($offset, $limit, $order, $direction) {
return Tag::getOffset($offset, $limit, $order, $direction, true);
'get_data' => function($offset = 0, $limit = 9999, $order = '', $direction = 'up') {
if (!in_array($order, ['id_tag', 'tag', 'slug', 'count']))
$order = 'tag';
if (!in_array($direction, ['up', 'down']))
$direction = 'up';
$rows = PhotoAlbum::getHierarchy($order, $direction);
return [
'rows' => $rows,
'order' => $order,
'direction' => ($direction == 'up' ? 'up' : 'down'),
];
},
'get_count' => function() {
return Tag::getCount(false, 'Album', true);
return 9999;
}
];

View File

@ -38,33 +38,12 @@ class ManageAssets extends HTMLController
'checkbox' => [
'header' => '<input type="checkbox" id="selectall">',
'is_sortable' => false,
'format' => fn($row) =>
'<input type="checkbox" class="asset_select" name="delete[]" value="' . $row['id_asset'] . '">',
],
'thumbnail' => [
'header' => '&nbsp;',
'is_sortable' => false,
'cell_class' => 'text-center',
'format' => function($row) {
$asset = Image::byRow($row);
$width = $height = 65;
if ($asset->isImage())
{
if ($asset->isPortrait())
$width = null;
else
$height = null;
$thumb = $asset->getThumbnailUrl($width, $height);
}
else
$thumb = BASEURL . '/images/nothumb.svg';
$width = isset($width) ? $width . 'px' : 'auto';
$height = isset($height) ? $height . 'px' : 'auto';
return sprintf('<img src="%s" style="width: %s; height: %s;">', $thumb, $width, $height);
},
'parse' => [
'type' => 'function',
'data' => function($row) {
return '<input type="checkbox" class="asset_select" name="delete[]" value="' . $row['id_asset'] . '">';
},
],
],
'id_asset' => [
'value' => 'id_asset',
@ -80,42 +59,72 @@ class ManageAssets extends HTMLController
'value' => 'filename',
'header' => 'Filename',
'is_sortable' => true,
'link' => BASEURL . '/editasset/?id={ID_ASSET}',
'value' => 'filename',
'parse' => [
'type' => 'value',
'link' => BASEURL . '/editasset/?id={ID_ASSET}',
'data' => 'filename',
],
],
'id_user_uploaded' => [
'header' => 'User uploaded',
'is_sortable' => true,
'format' => function($row) {
if (!empty($row['id_user']))
return sprintf('<a href="%s/edituser/?id=%d">%s</a>', BASEURL, $row['id_user'],
$row['first_name'] . ' ' . $row['surname']);
else
return 'n/a';
},
'parse' => [
'type' => 'function',
'data' => function($row) {
if (!empty($row['id_user']))
return sprintf('<a href="%s/edituser/?id=%d">%s</a>', BASEURL, $row['id_user'],
$row['first_name'] . ' ' . $row['surname']);
else
return 'n/a';
},
],
],
'dimensions' => [
'header' => 'Dimensions',
'is_sortable' => false,
'format' => function($row) {
if (!empty($row['image_width']))
return $row['image_width'] . ' x ' . $row['image_height'];
else
return 'n/a';
},
'parse' => [
'type' => 'function',
'data' => function($row) {
if (!empty($row['image_width']))
return $row['image_width'] . ' x ' . $row['image_height'];
else
return 'n/a';
},
],
],
],
'default_sort_order' => 'id_asset',
'default_sort_direction' => 'down',
'start' => $_GET['start'] ?? 0,
'sort_order' => $_GET['order'] ?? '',
'sort_direction' => $_GET['dir'] ?? '',
'start' => !empty($_GET['start']) ? (int) $_GET['start'] : 0,
'sort_order' => !empty($_GET['order']) ? $_GET['order'] : '',
'sort_direction' => !empty($_GET['dir']) ? $_GET['dir'] : '',
'title' => 'Manage assets',
'no_items_label' => 'No assets meet the requirements of the current filter.',
'items_per_page' => 30,
'index_class' => 'col-md-6',
'base_url' => BASEURL . '/manageassets/',
'get_data' => 'Asset::getOffset',
'get_data' => function($offset = 0, $limit = 30, $order = '', $direction = 'down') {
if (!in_array($order, ['id_asset', 'id_user_uploaded', 'title', 'subdir', 'filename']))
$order = 'id_asset';
$data = Registry::get('db')->queryAssocs('
SELECT a.id_asset, a.subdir, a.filename,
a.image_width, a.image_height,
u.id_user, u.first_name, u.surname
FROM assets AS a
LEFT JOIN users AS u ON a.id_user_uploaded = u.id_user
ORDER BY {raw:order}
LIMIT {int:offset}, {int:limit}',
[
'order' => $order . ($direction == 'up' ? ' ASC' : ' DESC'),
'offset' => $offset,
'limit' => $limit,
]);
return [
'rows' => $data,
'order' => $order,
'direction' => $direction,
];
},
'get_count' => 'Asset::getCount',
];

View File

@ -14,8 +14,8 @@ class ManageErrors extends HTMLController
if (!Registry::get('user')->isAdmin())
throw new NotAllowedException();
// Clearing, are we?
if (isset($_POST['clear']) && Session::validateSession('get'))
// Flushing, are we?
if (isset($_POST['flush']) && Session::validateSession('get'))
{
ErrorLog::flush();
header('Location: ' . BASEURL . '/manageerrors/');
@ -31,7 +31,7 @@ class ManageErrors extends HTMLController
'method' => 'post',
'class' => 'col-md-6 text-end',
'buttons' => [
'clear' => [
'flush' => [
'type' => 'submit',
'caption' => 'Delete all',
'class' => 'btn-danger',
@ -39,23 +39,26 @@ class ManageErrors extends HTMLController
],
],
'columns' => [
'id_entry' => [
'id' => [
'value' => 'id_entry',
'header' => '#',
'is_sortable' => true,
],
'message' => [
'parse' => [
'type' => 'function',
'data' => function($row) {
return $row['message'] . '<br>' .
'<div><a onclick="this.parentNode.childNodes[1].style.display=\'block\';this.style.display=\'none\';">Show debug info</a>' .
'<pre style="display: none">' . htmlspecialchars($row['debug_info']) .
'</pre></div>' .
'<small><a href="' . BASEURL .
htmlspecialchars($row['request_uri']) . '">' .
htmlspecialchars($row['request_uri']) . '</a></small>';
}
],
'header' => 'Message / URL',
'is_sortable' => false,
'format' => function($row) {
return $row['message'] . '<br>' .
'<div><a onclick="this.parentNode.childNodes[1].style.display=\'block\';this.style.display=\'none\';">Show debug info</a>' .
'<pre style="display: none">' . htmlspecialchars($row['debug_info']) .
'</pre></div>' .
'<small><a href="' . BASEURL .
htmlspecialchars($row['request_uri']) . '">' .
htmlspecialchars($row['request_uri']) . '</a></small>';
},
],
'file' => [
'value' => 'file',
@ -68,10 +71,12 @@ class ManageErrors extends HTMLController
'is_sortable' => true,
],
'time' => [
'format' => [
'parse' => [
'type' => 'timestamp',
'pattern' => 'long',
'value' => 'time',
'data' => [
'timestamp' => 'time',
'pattern' => 'long',
],
],
'header' => 'Time',
'is_sortable' => true,
@ -84,21 +89,41 @@ class ManageErrors extends HTMLController
'uid' => [
'header' => 'UID',
'is_sortable' => true,
'link' => BASEURL . '/edituser/?id={ID_USER}',
'value' => 'id_user',
'parse' => [
'link' => BASEURL . '/edituser/?id={ID_USER}',
'data' => 'id_user',
],
],
],
'default_sort_order' => 'id_entry',
'default_sort_direction' => 'down',
'start' => $_GET['start'] ?? 0,
'sort_order' => $_GET['order'] ?? '',
'sort_direction' => $_GET['dir'] ?? '',
'start' => !empty($_GET['start']) ? (int) $_GET['start'] : 0,
'sort_order' => !empty($_GET['order']) ? $_GET['order'] : '',
'sort_direction' => !empty($_GET['dir']) ? $_GET['dir'] : '',
'no_items_label' => "No errors to display -- we're all good!",
'items_per_page' => 20,
'index_class' => 'col-md-6',
'base_url' => BASEURL . '/manageerrors/',
'get_count' => 'ErrorLog::getCount',
'get_data' => 'ErrorLog::getOffset',
'get_data' => function($offset = 0, $limit = 20, $order = '', $direction = 'down') {
if (!in_array($order, ['id_entry', 'file', 'line', 'time', 'ipaddress', 'id_user']))
$order = 'id_entry';
$data = Registry::get('db')->queryAssocs('
SELECT *
FROM log_errors
ORDER BY {raw:order}
LIMIT {int:offset}, {int:limit}',
[
'order' => $order . ($direction === 'up' ? ' ASC' : ' DESC'),
'offset' => $offset,
'limit' => $limit,
]);
return [
'rows' => $data,
'order' => $order,
'direction' => $direction,
];
},
];
$error_log = new GenericTable($options);

View File

@ -37,25 +37,32 @@ class ManageTags extends HTMLController
'tag' => [
'header' => 'Tag',
'is_sortable' => true,
'link' => BASEURL . '/edittag/?id={ID_TAG}',
'value' => 'tag',
'parse' => [
'link' => BASEURL . '/edittag/?id={ID_TAG}',
'data' => 'tag',
],
],
'slug' => [
'header' => 'Slug',
'is_sortable' => true,
'link' => BASEURL . '/edittag/?id={ID_TAG}',
'value' => 'slug',
'parse' => [
'link' => BASEURL . '/edittag/?id={ID_TAG}',
'data' => 'slug',
],
],
'id_user_owner' => [
'header' => 'Owning user',
'is_sortable' => true,
'format' => function($row) {
if (!empty($row['id_user']))
return sprintf('<a href="%s/edituser/?id=%d">%s</a>', BASEURL, $row['id_user'],
$row['first_name'] . ' ' . $row['surname']);
else
return 'n/a';
},
'parse' => [
'type' => 'function',
'data' => function($row) {
if (!empty($row['id_user']))
return sprintf('<a href="%s/edituser/?id=%d">%s</a>', BASEURL, $row['id_user'],
$row['first_name'] . ' ' . $row['surname']);
else
return 'n/a';
},
],
],
'count' => [
'header' => 'Cardinality',
@ -63,21 +70,46 @@ class ManageTags extends HTMLController
'value' => 'count',
],
],
'default_sort_order' => 'tag',
'default_sort_direction' => 'up',
'start' => $_GET['start'] ?? 0,
'sort_order' => $_GET['order'] ?? '',
'sort_direction' => $_GET['dir'] ?? '',
'start' => !empty($_GET['start']) ? (int) $_GET['start'] : 0,
'sort_order' => !empty($_GET['order']) ? $_GET['order'] : null,
'sort_direction' => !empty($_GET['dir']) ? $_GET['dir'] : null,
'title' => 'Manage tags',
'no_items_label' => 'No tags meet the requirements of the current filter.',
'items_per_page' => 30,
'index_class' => 'col-md-6',
'base_url' => BASEURL . '/managetags/',
'get_data' => function($offset, $limit, $order, $direction) {
return Tag::getOffset($offset, $limit, $order, $direction, false);
'get_data' => function($offset = 0, $limit = 30, $order = '', $direction = 'up') {
if (!in_array($order, ['id_tag', 'tag', 'slug', 'kind', 'count']))
$order = 'tag';
if (!in_array($direction, ['up', 'down']))
$direction = 'up';
$data = Registry::get('db')->queryAssocs('
SELECT t.*, u.id_user, u.first_name, u.surname
FROM tags AS t
LEFT JOIN users AS u ON t.id_user_owner = u.id_user
WHERE kind != {string:album}
ORDER BY {raw:order}
LIMIT {int:offset}, {int:limit}',
[
'order' => $order . ($direction == 'up' ? ' ASC' : ' DESC'),
'offset' => $offset,
'limit' => $limit,
'album' => 'Album',
]);
return [
'rows' => $data,
'order' => $order,
'direction' => ($direction == 'up' ? 'up' : 'down'),
];
},
'get_count' => function() {
return Tag::getCount(false, null, false);
return Registry::get('db')->queryValue('
SELECT COUNT(*)
FROM tags
WHERE kind != {string:album}',
['album' => 'Album']);
}
];

View File

@ -37,20 +37,26 @@ class ManageUsers extends HTMLController
'surname' => [
'header' => 'Last name',
'is_sortable' => true,
'link' => BASEURL . '/edituser/?id={ID_USER}',
'value' => 'surname',
'parse' => [
'link' => BASEURL . '/edituser/?id={ID_USER}',
'data' => 'surname',
],
],
'first_name' => [
'header' => 'First name',
'is_sortable' => true,
'link' => BASEURL . '/edituser/?id={ID_USER}',
'value' => 'first_name',
'parse' => [
'link' => BASEURL . '/edituser/?id={ID_USER}',
'data' => 'first_name',
],
],
'slug' => [
'header' => 'Slug',
'is_sortable' => true,
'link' => BASEURL . '/edituser/?id={ID_USER}',
'value' => 'slug',
'parse' => [
'link' => BASEURL . '/edituser/?id={ID_USER}',
'data' => 'slug',
],
],
'emailaddress' => [
'value' => 'emailaddress',
@ -58,11 +64,12 @@ class ManageUsers extends HTMLController
'is_sortable' => true,
],
'last_action_time' => [
'format' => [
'parse' => [
'type' => 'timestamp',
'pattern' => 'long',
'value' => 'last_action_time',
'if_null' => 'n/a',
'data' => [
'timestamp' => 'last_action_time',
'pattern' => 'long',
],
],
'header' => 'Last activity',
'is_sortable' => true,
@ -75,21 +82,48 @@ class ManageUsers extends HTMLController
'is_admin' => [
'is_sortable' => true,
'header' => 'Admin?',
'format' => fn($row) => $row['is_admin'] ? 'yes' : 'no',
'parse' => [
'type' => 'function',
'data' => function($row) {
return $row['is_admin'] ? 'yes' : 'no';
}
],
],
],
'default_sort_order' => 'id_user',
'default_sort_direction' => 'down',
'start' => $_GET['start'] ?? 0,
'sort_order' => $_GET['order'] ?? '',
'sort_direction' => $_GET['dir'] ?? '',
'start' => !empty($_GET['start']) ? (int) $_GET['start'] : 0,
'sort_order' => !empty($_GET['order']) ? $_GET['order'] : '',
'sort_direction' => !empty($_GET['dir']) ? $_GET['dir'] : '',
'title' => 'Manage users',
'no_items_label' => 'No users meet the requirements of the current filter.',
'items_per_page' => 30,
'index_class' => 'col-md-6',
'base_url' => BASEURL . '/manageusers/',
'get_data' => 'Member::getOffset',
'get_count' => 'Member::getCount',
'get_data' => function($offset = 0, $limit = 30, $order = '', $direction = 'down') {
if (!in_array($order, ['id_user', 'surname', 'first_name', 'slug', 'emailaddress', 'last_action_time', 'ip_address', 'is_admin']))
$order = 'id_user';
$data = Registry::get('db')->queryAssocs('
SELECT *
FROM users
ORDER BY {raw:order}
LIMIT {int:offset}, {int:limit}',
[
'order' => $order . ($direction == 'up' ? ' ASC' : ' DESC'),
'offset' => $offset,
'limit' => $limit,
]);
return [
'rows' => $data,
'order' => $order,
'direction' => $direction,
];
},
'get_count' => function() {
return Registry::get('db')->queryValue('
SELECT COUNT(*)
FROM users');
}
];
$table = new GenericTable($options);

View File

@ -16,94 +16,66 @@ class ResetPassword extends HTMLController
// Verifying an existing reset key?
if (isset($_GET['step'], $_GET['email'], $_GET['key']) && $_GET['step'] == 2)
$this->verifyResetKey();
else
$this->requestResetKey();
}
private function requestResetKey()
{
parent::__construct('Reset password - ' . SITE_TITLE);
$form = new ForgotPasswordForm();
$this->page->adopt($form);
// Have they submitted an email address yet?
if (isset($_POST['emailaddress']) && preg_match('~^.+@.+\.[a-z]+$~', trim($_POST['emailaddress'])))
{
$user = Member::fromEmailAddress($_POST['emailaddress']);
if (!$user)
{
$form->adopt(new Alert('Invalid email address', 'The email address you provided could not be found in our system. Please try again.', 'danger'));
return;
}
$email = rawurldecode($_GET['email']);
$id_user = Authentication::getUserid($email);
if ($id_user === false)
throw new UserFacingException('Invalid email address. Please make sure you copied the full link in the email you received.');
if (Authentication::getResetTimeOut($user->getUserId()) > 0)
{
// Update the reset time-out to prevent hammering
$resetTimeOut = Authentication::updateResetTimeOut($user->getUserId());
$key = $_GET['key'];
if (!Authentication::checkResetKey($id_user, $key))
throw new UserFacingException('Invalid reset token. Please make sure you copied the full link in the email you received. Note: you cannot use the same token twice.');
// Present it to the user in a readable way
if ($resetTimeOut > 3600)
$timeOut = sprintf('%d hours', ceil($resetTimeOut / 3600));
elseif ($resetTimeOut > 60)
$timeOut = sprintf('%d minutes', ceil($resetTimeOut / 60));
parent::__construct('Reset password - ' . SITE_TITLE);
$form = new PasswordResetForm($email, $key);
$this->page->adopt($form);
// Are they trying to set something already?
if (isset($_POST['password1'], $_POST['password2']))
{
$missing = [];
if (strlen($_POST['password1']) < 6 || !preg_match('~[^A-z]~', $_POST['password1']))
$missing[] = 'Please fill in a password that is at least six characters long and contains at least one non-alphabetic character (e.g. a number or symbol).';
if ($_POST['password1'] != $_POST['password2'])
$missing[] = 'The passwords you entered do not match.';
// So, are we good to go?
if (empty($missing))
{
Authentication::updatePassword($id_user, Authentication::computeHash($_POST['password1']));
$_SESSION['login_msg'] = ['Your password has been reset', 'You can now use the form below to log in to your account.', 'success'];
header('Location: ' . BASEURL . '/login/');
exit;
}
else
$timeOut = sprintf('%d seconds', $resetTimeOut);
$form->adopt(new Alert('Password reset token already sent', 'We already sent a password reset token to this email address recently. ' .
'If no email was received, please wait ' . $timeOut . ' to try again.', 'error'));
return;
}
Authentication::setResetKey($user->getUserId());
Email::resetMail($user->getUserId());
// Show the success message
$this->page->clear();
$box = new DummyBox('An email has been sent');
$box->adopt(new Alert('', 'We have sent an email to ' . $_POST['emailaddress'] . ' containing details on how to reset your password.', 'success'));
$this->page->adopt($box);
$form->adopt(new Alert('Some fields require your attention', '<ul><li>' . implode('</li><li>', $missing) . '</li></ul>', 'danger'));
}
}
}
private function verifyResetKey()
{
$email = rawurldecode($_GET['email']);
$user = Member::fromEmailAddress($email);
if (!$user)
throw new UserFacingException('Invalid email address. Please make sure you copied the full link in the email you received.');
$key = $_GET['key'];
if (!Authentication::checkResetKey($user->getUserId(), $key))
throw new UserFacingException('Invalid reset token. Please make sure you copied the full link in the email you received. Note: you cannot use the same token twice.');
parent::__construct('Reset password - ' . SITE_TITLE);
$form = new PasswordResetForm($email, $key);
$this->page->adopt($form);
// Are they trying to set something already?
if (isset($_POST['password1'], $_POST['password2']))
else
{
$missing = [];
if (strlen($_POST['password1']) < 6 || !preg_match('~[^A-z]~', $_POST['password1']))
$missing[] = 'Please fill in a password that is at least six characters long and contains at least one non-alphabetic character (e.g. a number or symbol).';
if ($_POST['password1'] != $_POST['password2'])
$missing[] = 'The passwords you entered do not match.';
parent::__construct('Reset password - ' . SITE_TITLE);
$form = new ForgotPasswordForm();
$this->page->adopt($form);
// So, are we good to go?
if (empty($missing))
// Have they submitted an email address yet?
if (isset($_POST['emailaddress']) && preg_match('~^.+@.+\.[a-z]+$~', trim($_POST['emailaddress'])))
{
Authentication::updatePassword($user->getUserId(), Authentication::computeHash($_POST['password1']));
$id_user = Authentication::getUserid(trim($_POST['emailaddress']));
if ($id_user === false)
{
$form->adopt(new Alert('Invalid email address', 'The email address you provided could not be found in our system. Please try again.', 'danger'));
return;
}
// Consume token, ensuring it isn't used again
Authentication::consumeResetKey($user->getUserId());
Authentication::setResetKey($id_user);
Email::resetMail($id_user);
$_SESSION['login_msg'] = ['Your password has been reset', 'You can now use the form below to log in to your account.', 'success'];
header('Location: ' . BASEURL . '/login/');
exit;
// Show the success message
$this->page->clear();
$box = new DummyBox('An email has been sent');
$box->adopt(new Alert('', 'We have sent an email to ' . $_POST['emailaddress'] . ' containing details on how to reset your password.', 'success'));
$this->page->adopt($box);
}
else
$form->adopt(new Alert('Some fields require your attention', '<ul><li>' . implode('</li><li>', $missing) . '</li></ul>', 'danger'));
}
}
}

View File

@ -289,4 +289,10 @@ class ViewPhotoAlbum extends HTMLController
$description = !empty($tag->description) ? $tag->description : '';
return new AlbumHeaderBox($tag->tag, $description, $back_link, $back_link_title);
}
public function __destruct()
{
if (isset($this->iterator))
$this->iterator->clean();
}
}

View File

@ -54,4 +54,10 @@ class ViewTimeline extends HTMLController
// Set the canonical url.
$this->page->setCanonicalUrl(BASEURL . '/timeline/');
}
public function __destruct()
{
if (isset($this->iterator))
$this->iterator->clean();
}
}

View File

@ -1,2 +0,0 @@
/* Add time-out to password reset keys, and prevent repeated mails */
ALTER TABLE `users` ADD `reset_blocked_until` INT UNSIGNED NULL AFTER `reset_key`;

View File

@ -24,7 +24,7 @@ class Asset
protected $tags;
protected $thumbnails;
public function __construct(array $data)
protected function __construct(array $data)
{
foreach ($data as $attribute => $value)
{
@ -32,7 +32,7 @@ class Asset
$this->$attribute = $value;
}
if (isset($data['date_captured']) && $data['date_captured'] !== null && !is_object($data['date_captured']))
if (!empty($data['date_captured']) && $data['date_captured'] !== 'NULL')
$this->date_captured = new DateTime($data['date_captured']);
}
@ -56,7 +56,7 @@ class Asset
$row = Registry::get('db')->queryAssoc('
SELECT *
FROM assets
WHERE id_asset = :id_asset',
WHERE id_asset = {int:id_asset}',
[
'id_asset' => $id_asset,
]);
@ -69,7 +69,7 @@ class Asset
$row = Registry::get('db')->queryAssoc('
SELECT *
FROM assets
WHERE slug = :slug',
WHERE slug = {string:slug}',
[
'slug' => $slug,
]);
@ -85,7 +85,7 @@ class Asset
$row['meta'] = $db->queryPair('
SELECT variable, value
FROM assets_meta
WHERE id_asset = :id_asset',
WHERE id_asset = {int:id_asset}',
[
'id_asset' => $row['id_asset'],
]);
@ -94,20 +94,21 @@ class Asset
$row['thumbnails'] = $db->queryPair('
SELECT
CONCAT(
width, :x, height,
IF(mode != :empty1, CONCAT(:_, mode), :empty2)
width,
{string:x},
height,
IF(mode != {string:empty}, CONCAT({string:_}, mode), {string:empty})
) AS selector, filename
FROM assets_thumbs
WHERE id_asset = :id_asset',
WHERE id_asset = {int:id_asset}',
[
'id_asset' => $row['id_asset'],
'empty1' => '',
'empty2' => '',
'empty' => '',
'x' => 'x',
'_' => '_',
]);
return $return_format === 'object' ? new static($row) : $row;
return $return_format == 'object' ? new Asset($row) : $row;
}
public static function fromIds(array $id_assets, $return_format = 'array')
@ -120,14 +121,14 @@ class Asset
$res = $db->query('
SELECT *
FROM assets
WHERE id_asset IN (@id_assets)
WHERE id_asset IN ({array_int:id_assets})
ORDER BY id_asset',
[
'id_assets' => $id_assets,
]);
$assets = [];
while ($asset = $db->fetchAssoc($res))
while ($asset = $db->fetch_assoc($res))
{
$assets[$asset['id_asset']] = $asset;
$assets[$asset['id_asset']]['meta'] = [];
@ -137,7 +138,7 @@ class Asset
$metas = $db->queryRows('
SELECT id_asset, variable, value
FROM assets_meta
WHERE id_asset IN (@id_assets)
WHERE id_asset IN ({array_int:id_assets})
ORDER BY id_asset',
[
'id_assets' => $id_assets,
@ -149,16 +150,17 @@ class Asset
$thumbnails = $db->queryRows('
SELECT id_asset,
CONCAT(
width, :x, height,
IF(mode != :empty1, CONCAT(:_, mode), :empty2)
width,
{string:x},
height,
IF(mode != {string:empty}, CONCAT({string:_}, mode), {string:empty})
) AS selector, filename
FROM assets_thumbs
WHERE id_asset IN (@id_assets)
WHERE id_asset IN ({array_int:id_assets})
ORDER BY id_asset',
[
'id_assets' => $id_assets,
'empty1' => '',
'empty2' => '',
'empty' => '',
'x' => 'x',
'_' => '_',
]);
@ -166,10 +168,8 @@ class Asset
foreach ($thumbnails as $thumb)
$assets[$thumb[0]]['thumbnails'][$thumb[1]] = $thumb[2];
if ($return_format === 'array')
{
if ($return_format == 'array')
return $assets;
}
else
{
$objects = [];
@ -262,10 +262,10 @@ class Asset
INSERT INTO assets
(id_user_uploaded, subdir, filename, title, slug, mimetype, image_width, image_height, date_captured, priority)
VALUES
(:id_user_uploaded, :subdir, :filename, :title, :slug, :mimetype,
:image_width, :image_height,
IF(:date_captured > 0, FROM_UNIXTIME(:date_captured), NULL),
:priority)',
({int:id_user_uploaded}, {string:subdir}, {string:filename}, {string:title}, {string:slug}, {string:mimetype},
{int:image_width}, {int:image_height},
IF({int:date_captured} > 0, FROM_UNIXTIME({int:date_captured}), NULL),
{int:priority})',
[
'id_user_uploaded' => isset($id_user) ? $id_user : Registry::get('user')->getUserId(),
'subdir' => $preferred_subdir,
@ -273,9 +273,9 @@ class Asset
'title' => $title,
'slug' => $slug,
'mimetype' => $mimetype,
'image_width' => isset($image_width) ? $image_width : null,
'image_height' => isset($image_height) ? $image_height : null,
'date_captured' => isset($date_captured) ? $date_captured : null,
'image_width' => isset($image_width) ? $image_width : 'NULL',
'image_height' => isset($image_height) ? $image_height : 'NULL',
'date_captured' => isset($date_captured) ? $date_captured : 'NULL',
'priority' => isset($priority) ? (int) $priority : 0,
]);
@ -285,7 +285,7 @@ class Asset
return false;
}
$data['id_asset'] = $db->insertId();
$data['id_asset'] = $db->insert_id();
return $return_format === 'object' ? new self($data) : $data;
}
@ -324,7 +324,7 @@ class Asset
$posts = Registry::get('db')->queryValues('
SELECT id_post
FROM posts_assets
WHERE id_asset = :id_asset',
WHERE id_asset = {int:id_asset}',
['id_asset' => $this->id_asset]);
// TODO: fix empty post iterator.
@ -495,18 +495,18 @@ class Asset
return Registry::get('db')->query('
UPDATE assets
SET
mimetype = :mimetype,
image_width = :image_width,
image_height = :image_height,
date_captured = :date_captured,
priority = :priority
WHERE id_asset = :id_asset',
mimetype = {string:mimetype},
image_width = {int:image_width},
image_height = {int:image_height},
date_captured = {datetime:date_captured},
priority = {int:priority}
WHERE id_asset = {int:id_asset}',
[
'id_asset' => $this->id_asset,
'mimetype' => $this->mimetype,
'image_width' => isset($this->image_width) ? $this->image_width : null,
'image_height' => isset($this->image_height) ? $this->image_height : null,
'date_captured' => isset($this->date_captured) ? $this->date_captured : null,
'image_width' => isset($this->image_width) ? $this->image_width : 'NULL',
'image_height' => isset($this->image_height) ? $this->image_height : 'NULL',
'date_captured' => isset($this->date_captured) ? $this->date_captured : 'NULL',
'priority' => $this->priority,
]);
}
@ -527,8 +527,8 @@ class Asset
if (!empty($to_remove))
$db->query('
DELETE FROM assets_meta
WHERE id_asset = :id_asset AND
variable IN(@variables)',
WHERE id_asset = {int:id_asset} AND
variable IN({array_string:variables})',
[
'id_asset' => $this->id_asset,
'variables' => array_keys($to_remove),
@ -559,40 +559,63 @@ class Asset
{
$db = Registry::get('db');
// Delete any and all thumbnails, if this is an image.
if ($this->isImage())
{
$image = $this->getImage();
$image->removeAllThumbnails();
}
// Delete all meta info for this asset.
// First: delete associated metadata
$db->query('
DELETE FROM assets_meta
WHERE id_asset = :id_asset',
['id_asset' => $this->id_asset]);
WHERE id_asset = {int:id_asset}',
[
'id_asset' => $this->id_asset,
]);
// Figure out what tags to recount cardinality for
// Second: figure out what tags to recount cardinality for
$recount_tags = $db->queryValues('
SELECT id_tag
FROM assets_tags
WHERE id_asset = :id_asset',
['id_asset' => $this->id_asset]);
WHERE id_asset = {int:id_asset}',
[
'id_asset' => $this->id_asset,
]);
// Delete asset association for these tags
$db->query('
DELETE FROM assets_tags
WHERE id_asset = :id_asset',
['id_asset' => $this->id_asset]);
WHERE id_asset = {int:id_asset}',
[
'id_asset' => $this->id_asset,
]);
Tag::recount($recount_tags);
// Third: figure out what associated thumbs to delete
$thumbs_to_delete = $db->queryValues('
SELECT filename
FROM assets_thumbs
WHERE id_asset = {int:id_asset}',
[
'id_asset' => $this->id_asset,
]);
foreach ($thumbs_to_delete as $filename)
{
$thumb_path = THUMBSDIR . '/' . $this->subdir . '/' . $filename;
if (is_file($thumb_path))
unlink($thumb_path);
}
$db->query('
DELETE FROM assets_thumbs
WHERE id_asset = {int:id_asset}',
[
'id_asset' => $this->id_asset,
]);
// Reset asset ID for tags that use this asset for their thumbnail
$rows = $db->queryValues('
$rows = $db->query('
SELECT id_tag
FROM tags
WHERE id_asset_thumb = :id_asset',
['id_asset' => $this->id_asset]);
WHERE id_asset_thumb = {int:id_asset}',
[
'id_asset' => $this->id_asset,
]);
if (!empty($rows))
{
@ -609,8 +632,10 @@ class Asset
$return = $db->query('
DELETE FROM assets
WHERE id_asset = :id_asset',
['id_asset' => $this->id_asset]);
WHERE id_asset = {int:id_asset}',
[
'id_asset' => $this->id_asset,
]);
return $return;
}
@ -639,7 +664,7 @@ class Asset
Registry::get('db')->query('
DELETE FROM assets_tags
WHERE id_asset = :id_asset AND id_tag IN (@id_tags)',
WHERE id_asset = {int:id_asset} AND id_tag IN ({array_int:id_tags})',
[
'id_asset' => $this->id_asset,
'id_tags' => $id_tags,
@ -655,24 +680,6 @@ class Asset
FROM assets');
}
public static function getOffset($offset, $limit, $order, $direction)
{
$order = $order . ($direction == 'up' ? ' ASC' : ' DESC');
return Registry::get('db')->queryAssocs('
SELECT a.id_asset, a.subdir, a.filename,
a.image_width, a.image_height, a.mimetype,
u.id_user, u.first_name, u.surname
FROM assets AS a
LEFT JOIN users AS u ON a.id_user_uploaded = u.id_user
ORDER BY ' . $order . '
LIMIT :offset, :limit',
[
'offset' => $offset,
'limit' => $limit,
]);
}
public function save()
{
if (empty($this->id_asset))
@ -680,16 +687,18 @@ class Asset
return Registry::get('db')->query('
UPDATE assets
SET subdir = :subdir,
filename = :filename,
title = :title,
slug = :slug,
mimetype = :mimetype,
image_width = :image_width,
image_height = :image_height,
date_captured = :date_captured,
priority = :priority
WHERE id_asset = :id_asset',
SET id_asset = {int:id_asset},
id_user_uploaded = {int:id_user_uploaded},
subdir = {string:subdir},
filename = {string:filename},
title = {string:title},
slug = {string:slug},
mimetype = {string:mimetype},
image_width = {int:image_width},
image_height = {int:image_height},
date_captured = {datetime:date_captured},
priority = {int:priority}
WHERE id_asset = {int:id_asset}',
get_object_vars($this));
}
@ -707,27 +716,27 @@ class Asset
// Direction depends on whether we're browsing a tag or timeline
if (isset($tag))
{
$where[] = 't.id_tag = :id_tag';
$where[] = 't.id_tag = {int:id_tag}';
$params['id_tag'] = $tag->id_tag;
$where_op = $previous ? '<' : '>';
$order_dir = $previous ? 'DESC' : 'ASC';
$params['where_op'] = $previous ? '<' : '>';
$params['order_dir'] = $previous ? 'DESC' : 'ASC';
}
else
{
$where_op = $previous ? '>' : '<';
$order_dir = $previous ? 'ASC' : 'DESC';
$params['where_op'] = $previous ? '>' : '<';
$params['order_dir'] = $previous ? 'ASC' : 'DESC';
}
// Take active filter into account as well
if (!empty($activeFilter) && ($user = Member::fromSlug($activeFilter)) !== false)
{
$where[] = 'id_user_uploaded = :id_user_uploaded';
$where[] = 'id_user_uploaded = {int:id_user_uploaded}';
$params['id_user_uploaded'] = $user->getUserId();
}
// Use complete ordering when sorting the set
$where[] = '(a.date_captured, a.id_asset) ' . $where_op .
' (:date_captured, :id_asset)';
$where[] = '(a.date_captured, a.id_asset) {raw:where_op} ' .
'({datetime:date_captured}, {int:id_asset})';
// Stringify conditions together
$where = '(' . implode(') AND (', $where) . ')';
@ -739,7 +748,7 @@ class Asset
' . (isset($tag) ? '
INNER JOIN assets_tags AS t ON a.id_asset = t.id_asset' : '') . '
WHERE ' . $where . '
ORDER BY a.date_captured ' . $order_dir . ', a.id_asset ' . $order_dir . '
ORDER BY a.date_captured {raw:order_dir}, a.id_asset {raw:order_dir}
LIMIT 1',
$params);

View File

@ -1,50 +1,42 @@
<?php
/*****************************************************************************
* AssetIterator.php
* Contains model class AssetIterator.
* Contains key class AssetIterator.
*
* Kabuki CMS (C) 2013-2025, Aaron van Geffen
* Kabuki CMS (C) 2013-2015, Aaron van Geffen
*****************************************************************************/
class AssetIterator implements Iterator
class AssetIterator extends Asset
{
private Database $db;
private $direction;
private $return_format;
private $rowCount;
private $res_assets;
private $res_meta;
private $res_thumbs;
private $assets_iterator;
private $meta_iterator;
private $thumbs_iterator;
protected function __construct(PDOStatement $stmt_assets, PDOStatement $stmt_meta, PDOStatement $stmt_thumbs,
$return_format, $direction)
protected function __construct($res_assets, $res_meta, $res_thumbs, $return_format, $direction)
{
$this->db = Registry::get('db');
$this->direction = $direction;
$this->res_assets = $res_assets;
$this->res_meta = $res_meta;
$this->res_thumbs = $res_thumbs;
$this->return_format = $return_format;
$this->rowCount = $stmt_assets->rowCount();
$this->assets_iterator = new CachedPDOIterator($stmt_assets);
$this->assets_iterator->rewind();
$this->meta_iterator = new CachedPDOIterator($stmt_meta);
$this->thumbs_iterator = new CachedPDOIterator($stmt_thumbs);
}
public static function all()
public function next()
{
return self::getByOptions();
}
$row = $this->db->fetch_assoc($this->res_assets);
public function current(): mixed
{
$row = $this->assets_iterator->current();
// No more rows?
if (!$row)
return $row;
return false;
// Collect metadata
// Looks up metadata.
$row['meta'] = [];
$this->meta_iterator->rewind();
foreach ($this->meta_iterator as $meta)
while ($meta = $this->db->fetch_assoc($this->res_meta))
{
if ($meta['id_asset'] != $row['id_asset'])
continue;
@ -52,23 +44,54 @@ class AssetIterator implements Iterator
$row['meta'][$meta['variable']] = $meta['value'];
}
// Collect thumbnails
// Reset internal pointer for next asset.
$this->db->data_seek($this->res_meta, 0);
// Looks up thumbnails.
$row['thumbnails'] = [];
$this->thumbs_iterator->rewind();
foreach ($this->thumbs_iterator as $thumb)
while ($thumbs = $this->db->fetch_assoc($this->res_thumbs))
{
if ($thumb['id_asset'] != $row['id_asset'])
if ($thumbs['id_asset'] != $row['id_asset'])
continue;
$row['thumbnails'][$thumb['selector']] = $thumb['filename'];
$row['thumbnails'][$thumbs['selector']] = $thumbs['filename'];
}
// Reset internal pointer for next asset.
$this->db->data_seek($this->res_thumbs, 0);
if ($this->return_format === 'object')
return new Asset($row);
else
return $row;
}
public function reset()
{
$this->db->data_seek($this->res_assets, 0);
$this->db->data_seek($this->res_meta, 0);
$this->db->data_seek($this->res_thumbs, 0);
}
public function clean()
{
if (!$this->res_assets)
return;
$this->db->free_result($this->res_assets);
$this->res_assets = null;
}
public function num()
{
return $this->db->num_rows($this->res_assets);
}
public static function all()
{
return self::getByOptions();
}
public static function getByOptions(array $options = [], $return_count = false, $return_format = 'object')
{
$params = [
@ -91,9 +114,9 @@ class AssetIterator implements Iterator
{
$params['mime_type'] = $options['mime_type'];
if (is_array($options['mime_type']))
$where[] = 'a.mimetype IN(@mime_type)';
$where[] = 'a.mimetype IN({array_string:mime_type})';
else
$where[] = 'a.mimetype = :mime_type';
$where[] = 'a.mimetype = {string:mime_type}';
}
if (isset($options['id_user_uploaded']))
{
@ -106,17 +129,7 @@ class AssetIterator implements Iterator
$where[] = 'id_asset IN(
SELECT l.id_asset
FROM assets_tags AS l
WHERE l.id_tag = :id_tag)';
}
elseif (isset($options['tag']))
{
$params['tag'] = $options['tag'];
$where[] = 'id_asset IN(
SELECT l.id_asset
FROM assets_tags AS l
INNER JOIN tags AS t
ON l.id_tag = t.id_tag
WHERE t.slug = :tag)';
WHERE l.id_tag = {int:id_tag})';
}
// Make it valid SQL.
@ -132,7 +145,7 @@ class AssetIterator implements Iterator
FROM assets AS a
WHERE ' . $where . '
ORDER BY ' . $order . (!empty($params['limit']) ? '
LIMIT :offset, :limit' : ''),
LIMIT {int:offset}, {int:limit}' : ''),
$params);
// Get a resource object for the asset meta.
@ -152,9 +165,9 @@ class AssetIterator implements Iterator
SELECT id_asset, filename,
CONCAT(
width,
:x,
{string:x},
height,
IF(mode != :empty1, CONCAT(:_, mode), :empty2)
IF(mode != {string:empty}, CONCAT({string:_}, mode), {string:empty})
) AS selector
FROM assets_thumbs
WHERE id_asset IN(
@ -164,8 +177,7 @@ class AssetIterator implements Iterator
)
ORDER BY id_asset',
$params + [
'empty1' => '',
'empty2' => '',
'empty' => '',
'x' => 'x',
'_' => '_',
]);
@ -187,38 +199,13 @@ class AssetIterator implements Iterator
return $iterator;
}
public function key(): mixed
{
return $this->assets_iterator->key();
}
public function isAscending(): bool
public function isAscending()
{
return $this->direction === 'asc';
}
public function isDescending(): bool
public function isDescending()
{
return $this->direction === 'desc';
}
public function next(): void
{
$this->assets_iterator->next();
}
public function num(): int
{
return $this->rowCount;
}
public function rewind(): void
{
$this->assets_iterator->rewind();
}
public function valid(): bool
{
return $this->assets_iterator->valid();
}
}

View File

@ -12,27 +12,48 @@
*/
class Authentication
{
const DEFAULT_RESET_TIMEOUT = 30;
/**
* Checks whether a user still exists in the database.
*/
public static function checkExists($id_user)
{
$res = Registry::get('db')->queryValue('
SELECT id_user
FROM users
WHERE id_user = {int:id}',
[
'id' => $id_user,
]);
return $res !== null;
}
/**
* Checks a password for a given username against the database.
* Finds the user id belonging to a certain emailaddress.
*/
public static function checkPassword($emailaddress, $password)
public static function getUserId($emailaddress)
{
// Retrieve password hash for user matching the provided emailaddress.
$password_hash = Registry::get('db')->queryValue('
SELECT password_hash
$res = Registry::get('db')->queryValue('
SELECT id_user
FROM users
WHERE emailaddress = :emailaddress',
WHERE emailaddress = {string:emailaddress}',
[
'emailaddress' => $emailaddress,
]);
// If there's no hash, the user likely does not exist.
if (!$password_hash)
return false;
return empty($res) ? false : $res;
}
return password_verify($password, $password_hash);
public static function setResetKey($id_user)
{
return Registry::get('db')->query('
UPDATE users
SET reset_key = {string:key}
WHERE id_user = {int:id}',
[
'id' => $id_user,
'key' => self::newActivationKey(),
]);
}
public static function checkResetKey($id_user, $reset_key)
@ -48,55 +69,22 @@ class Authentication
return $key == $reset_key;
}
/**
* Computes a password hash.
*/
public static function computeHash($password)
{
$hash = password_hash($password, PASSWORD_DEFAULT);
if (!$hash)
throw new Exception('Hash creation failed!');
return $hash;
}
public static function consumeResetKey($id_user)
{
return Registry::get('db')->query('
UPDATE users
SET reset_key = NULL,
reset_blocked_until = NULL
WHERE id_user = {int:id_user}',
['id_user' => $id_user]);
}
public static function getResetTimeOut($id_user)
{
$resetTime = Registry::get('db')->queryValue('
SELECT reset_blocked_until
FROM users
WHERE id_user = {int:id_user}',
['id_user' => $id_user]);
return max(0, $resetTime - time());
}
/**
* Verifies whether the user is currently logged in.
*/
public static function isLoggedIn()
{
if (!isset($_SESSION['user_id']))
// Check whether the active session matches the current user's environment.
if (isset($_SESSION['ip_address'], $_SESSION['user_agent']) && (
(isset($_SERVER['REMOTE_ADDR']) && $_SESSION['ip_address'] != $_SERVER['REMOTE_ADDR']) ||
(isset($_SERVER['HTTP_USER_AGENT']) && $_SESSION['user_agent'] != $_SERVER['HTTP_USER_AGENT'])))
{
session_destroy();
return false;
}
try
{
$exists = Member::fromId($_SESSION['user_id']);
return true;
}
catch (NotFoundException $e)
{
return false;
}
// A user is logged in if a user id exists in the session and this id is (still) in the database.
return isset($_SESSION['user_id']) && self::checkExists($_SESSION['user_id']);
}
/**
@ -111,17 +99,36 @@ class Authentication
return $string;
}
public static function setResetKey($id_user)
/**
* Checks a password for a given username against the database.
*/
public static function checkPassword($emailaddress, $password)
{
return Registry::get('db')->query('
UPDATE users
SET reset_key = {string:key},
reset_blocked_until = UNIX_TIMESTAMP() + ' . static::DEFAULT_RESET_TIMEOUT . '
WHERE id_user = {int:id}',
// Retrieve password hash for user matching the provided emailaddress.
$password_hash = Registry::get('db')->queryValue('
SELECT password_hash
FROM users
WHERE emailaddress = {string:emailaddress}',
[
'id' => $id_user,
'key' => self::newActivationKey(),
'emailaddress' => $emailaddress,
]);
// If there's no hash, the user likely does not exist.
if (!$password_hash)
return false;
return password_verify($password, $password_hash);
}
/**
* Computes a password hash.
*/
public static function computeHash($password)
{
$hash = password_hash($password, PASSWORD_DEFAULT);
if (!$hash)
throw new Exception('Hash creation failed!');
return $hash;
}
/**
@ -132,35 +139,13 @@ class Authentication
return Registry::get('db')->query('
UPDATE users
SET
password_hash = :hash,
reset_key = :blank
WHERE id_user = :id_user',
password_hash = {string:hash},
reset_key = {string:blank}
WHERE id_user = {int:id_user}',
[
'id_user' => $id_user,
'hash' => $hash,
'blank' => '',
]);
}
public static function updateResetTimeOut($id_user)
{
$currentResetTimeOut = static::getResetTimeOut($id_user);
// New timeout: between 30 seconds, double the current timeout, and a full day
$newResetTimeOut = min(max(static::DEFAULT_RESET_TIMEOUT, $currentResetTimeOut * 2), 60 * 60 * 24);
$success = Registry::get('db')->query('
UPDATE users
SET reset_blocked_until = {int:new_time_out}
WHERE id_user = {int:id_user}',
[
'id_user' => $id_user,
'new_time_out' => time() + $newResetTimeOut,
]);
if (!$success)
throw new UnexpectedValueException('Could not set password reset timeout!');
return $newResetTimeOut;
}
}

View File

@ -1,56 +0,0 @@
<?php
/*****************************************************************************
* CachedPDOIterator.php
* Contains model class CachedPDOIterator.
*
* Based on https://gist.github.com/hakre/5152090
*
* Kabuki CMS (C) 2013-2021, Aaron van Geffen
*****************************************************************************/
class CachedPDOIterator extends CachingIterator
{
private $index;
public function __construct(PDOStatement $statement)
{
parent::__construct(new IteratorIterator($statement), self::FULL_CACHE);
}
public function rewind(): void
{
if ($this->index === null)
{
parent::rewind();
}
$this->index = 0;
}
public function current(): mixed
{
if ($this->offsetExists($this->index))
{
return $this->offsetGet($this->index);
}
return parent::current();
}
public function key(): mixed
{
return $this->index;
}
public function next(): void
{
$this->index++;
if (!$this->offsetExists($this->index))
{
parent::next();
}
}
public function valid(): bool
{
return $this->offsetExists($this->index) || parent::valid();
}
}

View File

@ -1,34 +1,44 @@
<?php
/*****************************************************************************
* Database.php
* Contains model class Database.
* Contains key class Database.
*
* Kabuki CMS (C) 2013-2025, Aaron van Geffen
* Adapted from SMF 2.0's DBA (C) 2011 Simple Machines
* Used under BSD 3-clause license.
*
* Kabuki CMS (C) 2013-2015, Aaron van Geffen
*****************************************************************************/
/**
* The database model used to communicate with the MySQL server.
*/
class Database
{
private $connection;
private $query_count = 0;
private $logged_queries = [];
private array $db_callback;
public function __construct($host, $user, $password, $name)
/**
* Initialises a new database connection.
* @param server: server to connect to.
* @param user: username to use for authentication.
* @param password: password to use for authentication.
* @param name: database to select.
*/
public function __construct($server, $user, $password, $name)
{
try
{
$this->connection = new PDO("mysql:host=$host;dbname=$name;charset=utf8mb4", $user, $password, [
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
PDO::ATTR_EMULATE_PREPARES => false,
]);
}
$this->connection = @mysqli_connect($server, $user, $password, $name);
// Give up if we have a connection error.
catch (PDOException $e)
if (mysqli_connect_error())
{
http_response_code(503);
header('HTTP/1.1 503 Service Temporarily Unavailable');
echo '<h2>Database Connection Problems</h2><p>Our software could not connect to the database. We apologise for any inconvenience and ask you to check back later.</p>';
exit;
}
$this->query('SET NAMES {string:utf8mb4}', ['utf8mb4' => 'utf8mb4']);
}
public function getQueryCount()
@ -42,227 +52,305 @@ class Database
}
/**
* Fetches a row from a given statement/recordset, using field names as keys.
* Fetches a row from a given recordset, using field names as keys.
*/
public function fetchAssoc($stmt)
public function fetch_assoc($resource)
{
return $stmt->fetch(PDO::FETCH_ASSOC);
return mysqli_fetch_assoc($resource);
}
/**
* Fetches a row from a given statement/recordset, encapsulating into an object.
* Fetches a row from a given recordset, using numeric keys.
*/
public function fetchObject($stmt, $class)
public function fetch_row($resource)
{
return $stmt->fetchObject($class);
return mysqli_fetch_row($resource);
}
/**
* Fetches a row from a given statement/recordset, using numeric keys.
* Destroys a given recordset.
*/
public function fetchNum($stmt)
public function free_result($resource)
{
return $stmt->fetch(PDO::FETCH_NUM);
return mysqli_free_result($resource);
}
public function data_seek($result, $row_num)
{
return mysqli_data_seek($result, $row_num);
}
/**
* Destroys a given statement/recordset.
* Returns the amount of rows in a given recordset.
*/
public function free($stmt)
public function num_rows($resource)
{
return $stmt->closeCursor();
return mysqli_num_rows($resource);
}
/**
* Returns the amount of rows in a given statement/recordset.
* Returns the amount of fields in a given recordset.
*/
public function rowCount($stmt)
public function num_fields($resource)
{
return $stmt->rowCount();
return mysqli_num_fields($resource);
}
/**
* Returns the amount of fields in a given statement/recordset.
* Escapes a string.
*/
public function columnCount($stmt)
public function escape_string($string)
{
return $stmt->columnCount();
return mysqli_real_escape_string($this->connection, $string);
}
/**
* Unescapes a string.
*/
public function unescape_string($string)
{
return stripslashes($string);
}
/**
* Returns the last MySQL error.
*/
public function error()
{
return mysqli_error($this->connection);
}
public function server_info()
{
return mysqli_get_server_info($this->connection);
}
/**
* Selects a database on a given connection.
*/
public function select_db($database)
{
return mysqli_select_db($database, $this->connection);
}
/**
* Returns the amount of rows affected by the previous query.
*/
public function affected_rows()
{
return mysqli_affected_rows($this->connection);
}
/**
* Returns the id of the row created by a previous query.
*/
public function insertId($name = null)
public function insert_id()
{
return $this->connection->lastInsertId($name);
return mysqli_insert_id($this->connection);
}
/**
* Start a transaction.
* Do a MySQL transaction.
*/
public function beginTransaction()
public function transaction($operation = 'commit')
{
return $this->connection->beginTransaction();
}
/**
* Rollback changes in a transaction.
*/
public function rollback()
{
return $this->connection->rollBack();
}
/**
* Commit changes in a transaction.
*/
public function commit()
{
return $this->connection->commit();
}
private function expandPlaceholders($db_string, array &$db_values)
{
foreach ($db_values as $key => &$value)
switch ($operation)
{
if (str_contains($db_string, ':' . $key))
{
if (is_array($value))
{
throw new UnexpectedValueException('Array ' . $key .
' is used as a scalar placeholder. Did you mean to use \'@\' instead?');
}
// Prepare date/time values
if (is_a($value, 'DateTime'))
{
$value = $value->format('Y-m-d H:i:s');
}
}
elseif (str_contains($db_string, '@' . $key))
{
if (!is_array($value))
{
throw new UnexpectedValueException('Scalar value ' . $key .
' is used as an array placeholder. Did you mean to use \':\' instead?');
}
// Create placeholders for all array elements
$placeholders = array_map(fn($num) => ':' . $key . $num, range(0, count($value) - 1));
$db_string = str_replace('@' . $key, implode(', ', $placeholders), $db_string);
}
else
{
// throw new Exception('Warning: unused key in query: ' . $key);
}
case 'begin':
case 'rollback':
case 'commit':
return @mysqli_query($this->connection, strtoupper($operation));
default:
return false;
}
}
return $db_string;
/**
* Function used as a callback for the preg_match function that parses variables into database queries.
*/
private function replacement_callback($matches)
{
list ($values, $connection) = $this->db_callback;
if (!isset($matches[2]))
trigger_error('Invalid value inserted or no type specified.', E_USER_ERROR);
if (!isset($values[$matches[2]]))
trigger_error('The database value you\'re trying to insert does not exist: ' . htmlspecialchars($matches[2]), E_USER_ERROR);
$replacement = $values[$matches[2]];
switch ($matches[1])
{
case 'int':
if ((!is_numeric($replacement) || (string) $replacement !== (string) (int) $replacement) && $replacement !== 'NULL')
trigger_error('Wrong value type sent to the database for field: ' . $matches[2] . '. Integer expected.', E_USER_ERROR);
return $replacement !== 'NULL' ? (string) (int) $replacement : 'NULL';
break;
case 'string':
case 'text':
return $replacement !== 'NULL' ? sprintf('\'%1$s\'', mysqli_real_escape_string($connection, $replacement)) : 'NULL';
break;
case 'array_int':
if (is_array($replacement))
{
if (empty($replacement))
trigger_error('Database error, given array of integer values is empty.', E_USER_ERROR);
foreach ($replacement as $key => $value)
{
if (!is_numeric($value) || (string) $value !== (string) (int) $value)
trigger_error('Wrong value type sent to the database for field: ' . $matches[2] . '. Array of integers expected.', E_USER_ERROR);
$replacement[$key] = (string) (int) $value;
}
return implode(', ', $replacement);
}
else
trigger_error('Wrong value type sent to the database for field: ' . $matches[2] . '. Array of integers expected.', E_USER_ERROR);
break;
case 'array_string':
if (is_array($replacement))
{
if (empty($replacement))
trigger_error('Database error, given array of string values is empty.', E_USER_ERROR);
foreach ($replacement as $key => $value)
$replacement[$key] = sprintf('\'%1$s\'', mysqli_real_escape_string($connection, $value));
return implode(', ', $replacement);
}
else
trigger_error('Wrong value type sent to the database for field: ' . $matches[2] . '. Array of strings expected.', E_USER_ERROR);
break;
case 'date':
if (preg_match('~^(\d{4})-([0-1]?\d)-([0-3]?\d)$~', $replacement, $date_matches) === 1)
return sprintf('\'%04d-%02d-%02d\'', $date_matches[1], $date_matches[2], $date_matches[3]);
elseif ($replacement === 'NULL')
return 'NULL';
else
trigger_error('Wrong value type sent to the database for field: ' . $matches[2] . '. Date expected.', E_USER_ERROR);
break;
case 'datetime':
if (is_a($replacement, 'DateTime'))
return $replacement->format('\'Y-m-d H:i:s\'');
elseif (preg_match('~^(\d{4})-([0-1]?\d)-([0-3]?\d) (\d{2}):(\d{2}):(\d{2})$~', $replacement, $date_matches) === 1)
return sprintf('\'%04d-%02d-%02d %02d:%02d:%02d\'', $date_matches[1], $date_matches[2], $date_matches[3], $date_matches[4], $date_matches[5], $date_matches[6]);
elseif ($replacement === 'NULL')
return 'NULL';
else
trigger_error('Wrong value type sent to the database for field: ' . $matches[2] . '. DateTime expected.', E_USER_ERROR);
break;
case 'float':
if (!is_numeric($replacement) && $replacement !== 'NULL')
trigger_error('Wrong value type sent to the database for field: ' . $matches[2] . '. Floating point number expected.', E_USER_ERROR);
return $replacement !== 'NULL' ? (string) (float) $replacement : 'NULL';
break;
case 'identifier':
// Backticks inside identifiers are supported as of MySQL 4.1. We don't need them here.
return '`' . strtr($replacement, ['`' => '', '.' => '']) . '`';
break;
case 'raw':
return $replacement;
break;
case 'bool':
case 'boolean':
// In mysql this is a synonym for tinyint(1)
return (bool)$replacement ? 1 : 0;
break;
default:
trigger_error('Undefined type <b>' . $matches[1] . '</b> used in the database query', E_USER_ERROR);
break;
}
}
/**
* Escapes and quotes a string using values passed, and executes the query.
*/
public function query($db_string, array $db_values = []): PDOStatement
public function query($db_string, $db_values = [])
{
// One more query...
$this->query_count++;
// One more query....
$this->query_count ++;
// Error out if hardcoded strings are detected
if (strpos($db_string, '\'') !== false)
throw new UnexpectedValueException('Hack attempt: illegal character (\') used in query.');
// Overriding security? This is evil!
$security_override = $db_values === 'security_override' || !empty($db_values['security_override']);
if (defined('DB_LOG_QUERIES') && DB_LOG_QUERIES)
// Please, just use new style queries.
if (strpos($db_string, '\'') !== false && !$security_override)
trigger_error('Hack attempt!', 'Illegal character (\') used in query.', E_USER_ERROR);
if (!$security_override && !empty($db_values))
{
// Set some values for use in the callback function.
$this->db_callback = [$db_values, $this->connection];
// Insert the values passed to this function.
$db_string = preg_replace_callback('~{([a-z_]+)(?::([a-zA-Z0-9_-]+))?}~', [&$this, 'replacement_callback'], $db_string);
// Save some memory.
$this->db_callback = [];
}
if (defined("DB_LOG_QUERIES") && DB_LOG_QUERIES)
$this->logged_queries[] = $db_string;
try
$return = @mysqli_query($this->connection, $db_string, empty($this->unbuffered) ? MYSQLI_STORE_RESULT : MYSQLI_USE_RESULT);
if (!$return)
{
// Preprocessing/checks: prepare any arrays for binding
$db_string = $this->expandPlaceholders($db_string, $db_values);
// Prepare query for execution
$statement = $this->connection->prepare($db_string);
// Bind parameters... the hard way, due to a limit/offset hack.
// NB: bindParam binds by reference, hence &$value here.
foreach ($db_values as $key => &$value)
{
// Assumption: both scalar and array values are preprocessed to use named ':' placeholders
if (!str_contains($db_string, ':' . $key))
continue;
if (!is_array($value))
{
$statement->bindParam(':' . $key, $value);
continue;
}
foreach (array_values($value) as $num => &$element)
{
$statement->bindParam(':' . $key . $num, $element);
}
}
$statement->execute();
return $statement;
$clean_sql = implode("\n", array_map('trim', explode("\n", $db_string)));
trigger_error($this->error() . '<br>' . $clean_sql, E_USER_ERROR);
}
catch (PDOException $e)
{
ob_start();
$debug = ob_get_clean();
throw new Exception($e->getMessage() . "\n" . var_export($e->errorInfo, true) . "\n" . var_export($db_values, true));
}
return $return;
}
/**
* Executes a query, returning an object of the row it returns.
* Escapes and quotes a string just like db_query, but does not execute the query.
* Useful for debugging purposes.
*/
public function queryObject($class, $db_string, $db_values = [])
public function quote($db_string, $db_values = [])
{
$res = $this->query($db_string, $db_values);
// Please, just use new style queries.
if (strpos($db_string, '\'') !== false)
trigger_error('Hack attempt!', 'Illegal character (\') used in query.', E_USER_ERROR);
if (!$res || $this->rowCount($res) === 0)
return null;
// Save some values for use in the callback function.
$this->db_callback = [$db_values, $this->connection];
$object = $this->fetchObject($res, $class);
$this->free($res);
// Insert the values passed to this function.
$db_string = preg_replace_callback('~{([a-z_]+)(?::([a-zA-Z0-9_-]+))?}~', [&$this, 'replacement_callback'], $db_string);
return $object;
}
// Save some memory.
$this->db_callback = [];
/**
* Executes a query, returning an array of objects of all the rows returns.
*/
public function queryObjects($class, $db_string, $db_values = [])
{
$res = $this->query($db_string, $db_values);
if (!$res || $this->rowCount($res) === 0)
return [];
$rows = [];
while ($object = $this->fetchObject($res, $class))
$rows[] = $object;
$this->free($res);
return $rows;
return $db_string;
}
/**
* Executes a query, returning an array of all the rows it returns.
*/
public function queryRow($db_string, array $db_values = [])
public function queryRow($db_string, $db_values = [])
{
$res = $this->query($db_string, $db_values);
if ($this->rowCount($res) === 0)
if (!$res || $this->num_rows($res) == 0)
return [];
$row = $this->fetchNum($res);
$this->free($res);
$row = $this->fetch_row($res);
$this->free_result($res);
return $row;
}
@ -270,18 +358,18 @@ class Database
/**
* Executes a query, returning an array of all the rows it returns.
*/
public function queryRows($db_string, array $db_values = [])
public function queryRows($db_string, $db_values = [])
{
$res = $this->query($db_string, $db_values);
if ($this->rowCount($res) === 0)
if (!$res || $this->num_rows($res) == 0)
return [];
$rows = [];
while ($row = $this->fetchNum($res))
while ($row = $this->fetch_row($res))
$rows[] = $row;
$this->free($res);
$this->free_result($res);
return $rows;
}
@ -289,18 +377,18 @@ class Database
/**
* Executes a query, returning an array of all the rows it returns.
*/
public function queryPair($db_string, array $db_values = [])
public function queryPair($db_string, $db_values = [])
{
$res = $this->query($db_string, $db_values);
if ($this->rowCount($res) === 0)
if (!$res || $this->num_rows($res) == 0)
return [];
$rows = [];
while ($row = $this->fetchNum($res))
while ($row = $this->fetch_row($res))
$rows[$row[0]] = $row[1];
$this->free($res);
$this->free_result($res);
return $rows;
}
@ -308,21 +396,21 @@ class Database
/**
* Executes a query, returning an array of all the rows it returns.
*/
public function queryPairs($db_string, $db_values = array())
public function queryPairs($db_string, $db_values = [])
{
$res = $this->query($db_string, $db_values);
if (!$res || $this->rowCount($res) === 0)
if (!$res || $this->num_rows($res) == 0)
return [];
$rows = [];
while ($row = $this->fetchAssoc($res))
while ($row = $this->fetch_assoc($res))
{
$key_value = reset($row);
$rows[$key_value] = $row;
}
$this->free($res);
$this->free_result($res);
return $rows;
}
@ -330,15 +418,15 @@ class Database
/**
* Executes a query, returning an associative array of all the rows it returns.
*/
public function queryAssoc($db_string, array $db_values = [])
public function queryAssoc($db_string, $db_values = [])
{
$res = $this->query($db_string, $db_values);
if ($this->rowCount($res) === 0)
if (!$res || $this->num_rows($res) == 0)
return [];
$row = $this->fetchAssoc($res);
$this->free($res);
$row = $this->fetch_assoc($res);
$this->free_result($res);
return $row;
}
@ -346,18 +434,18 @@ class Database
/**
* Executes a query, returning an associative array of all the rows it returns.
*/
public function queryAssocs($db_string, array $db_values = [])
public function queryAssocs($db_string, $db_values = [], $connection = null)
{
$res = $this->query($db_string, $db_values);
if ($this->rowCount($res) === 0)
if (!$res || $this->num_rows($res) == 0)
return [];
$rows = [];
while ($row = $this->fetchAssoc($res))
while ($row = $this->fetch_assoc($res))
$rows[] = $row;
$this->free($res);
$this->free_result($res);
return $rows;
}
@ -365,16 +453,16 @@ class Database
/**
* Executes a query, returning the first value of the first row.
*/
public function queryValue($db_string, array $db_values = [])
public function queryValue($db_string, $db_values = [])
{
$res = $this->query($db_string, $db_values);
// If this happens, you're doing it wrong.
if ($this->rowCount($res) === 0)
if (!$res || $this->num_rows($res) == 0)
return null;
list($value) = $this->fetchNum($res);
$this->free($res);
list($value) = $this->fetch_row($res);
$this->free_result($res);
return $value;
}
@ -382,18 +470,18 @@ class Database
/**
* Executes a query, returning an array of the first value of each row.
*/
public function queryValues($db_string, array $db_values = [])
public function queryValues($db_string, $db_values = [])
{
$res = $this->query($db_string, $db_values);
if ($this->rowCount($res) === 0)
if (!$res || $this->num_rows($res) == 0)
return [];
$rows = [];
while ($row = $this->fetchNum($res))
while ($row = $this->fetch_row($res))
$rows[] = $row[0];
$this->free($res);
$this->free_result($res);
return $rows;
}
@ -411,45 +499,35 @@ class Database
if (!is_array($data[array_rand($data)]))
$data = [$data];
// Determine the method of insertion.
$method = $method == 'replace' ? 'REPLACE' : ($method == 'ignore' ? 'INSERT IGNORE' : 'INSERT');
// What columns are we inserting?
$columns = array_keys($data[0]);
// Start building the query.
$db_string = $method . ' INTO ' . $table . ' (' . implode(',', $columns) . ') VALUES ';
// Create the mold for a single row insert.
$placeholders = '(' . substr(str_repeat('?, ', count($columns)), 0, -2) . '), ';
// Append it for every row we're to insert.
$values = [];
foreach ($data as $row)
$insertData = '(';
foreach ($columns as $columnName => $type)
{
$values = array_merge($values, array_values($row));
$db_string .= $placeholders;
// Are we restricting the length?
if (strpos($type, 'string-') !== false)
$insertData .= sprintf('SUBSTRING({string:%1$s}, 1, ' . substr($type, 7) . '), ', $columnName);
else
$insertData .= sprintf('{%1$s:%2$s}, ', $type, $columnName);
}
$insertData = substr($insertData, 0, -2) . ')';
// Get rid of the tailing comma.
$db_string = substr($db_string, 0, -2);
// Create an array consisting of only the columns.
$indexed_columns = array_keys($columns);
// Prepare for your impending demise!
$statement = $this->connection->prepare($db_string);
// Here's where the variables are injected to the query.
$insertRows = [];
foreach ($data as $dataRow)
$insertRows[] = $this->quote($insertData, array_combine($indexed_columns, $dataRow));
// Bind parameters... the hard way, due to a limit/offset hack.
foreach ($values as $key => $value)
$statement->bindValue($key + 1, $values[$key]);
// Determine the method of insertion.
$queryTitle = $method === 'replace' ? 'REPLACE' : ($method === 'ignore' ? 'INSERT IGNORE' : 'INSERT');
// Handle errors.
try
{
$statement->execute();
return $statement;
}
catch (PDOException $e)
{
throw new Exception($e->getMessage() . '<br><br>' . $db_string . '<br><br>' . print_r($values, true));
}
// Do the insert.
return $this->query('
' . $queryTitle . ' INTO ' . $table . ' (`' . implode('`, `', $indexed_columns) . '`)
VALUES
' . implode(',
', $insertRows),
['security_override' => true]);
}
}

View File

@ -44,19 +44,6 @@ class Dispatcher
}
}
public static function errorPage($title, $body)
{
$page = new MainTemplate($title);
$page->adopt(new ErrorPage($title, $body));
if (Registry::get('user')->isAdmin())
{
$page->appendStylesheet(BASEURL . '/css/admin.css');
}
$page->html_main();
}
/**
* Kicks a guest to a login form, redirecting them back to this page upon login.
*/
@ -73,24 +60,37 @@ class Dispatcher
exit;
}
private static function trigger400()
public static function trigger400()
{
http_response_code(400);
self::errorPage('Bad request', 'The server does not understand your request.');
header('HTTP/1.1 400 Bad Request');
$page = new MainTemplate('Bad request');
$page->adopt(new DummyBox('Bad request', '<p>The server does not understand your request.</p>'));
$page->html_main();
exit;
}
private static function trigger403()
public static function trigger403()
{
http_response_code(403);
self::errorPage('Forbidden', 'You do not have access to this page.');
header('HTTP/1.1 403 Forbidden');
$page = new MainTemplate('Access denied');
$page->adopt(new DummyBox('Forbidden', '<p>You do not have access to the page you requested.</p>'));
$page->html_main();
exit;
}
private static function trigger404()
public static function trigger404()
{
http_response_code(404);
$page = new ViewErrorPage('Page not found!');
$page->showContent();
header('HTTP/1.1 404 Not Found');
$page = new MainTemplate('Page not found');
if (Registry::has('user') && Registry::get('user')->isAdmin())
{
$page->appendStylesheet(BASEURL . '/css/admin.css');
}
$page->adopt(new DummyBox('Well, this is a bit embarrassing!', '<p>The page you requested could not be found. Don\'t worry, it\'s probably not your fault. You\'re welcome to browse the website, though!</p>', 'errormsg'));
$page->addClass('errorpage');
$page->html_main();
exit;
}
}

View File

@ -3,7 +3,7 @@
* ErrorHandler.php
* Contains key class ErrorHandler.
*
* Kabuki CMS (C) 2013-2025, Aaron van Geffen
* Kabuki CMS (C) 2013-2016, Aaron van Geffen
*****************************************************************************/
class ErrorHandler
@ -47,8 +47,10 @@ class ErrorHandler
// Log the error in the database.
self::logError($error_message, $debug_info, $file, $line);
// Display error and exit.
self::display($error_message, $file, $line, $debug_info);
// Are we considering this fatal? Then display and exit.
// !!! TODO: should we consider warnings fatal?
if (true) // DEBUG || (!DEBUG && $error_level === E_WARNING || $error_level === E_USER_WARNING))
self::display($file . ' (' . $line . ')<br>' . $error_message, $debug_info);
// If it wasn't a fatal error, well...
self::$handling_error = false;
@ -116,7 +118,7 @@ class ErrorHandler
}
// Logs an error into the database.
public static function logError($error_message = '', $debug_info = '', $file = '', $line = 0)
private static function logError($error_message = '', $debug_info = '', $file = '', $line = 0)
{
if (!ErrorLog::log([
'message' => $error_message,
@ -128,7 +130,7 @@ class ErrorHandler
'request_uri' => isset($_SERVER['REQUEST_URI']) ? $_SERVER['REQUEST_URI'] : '',
]))
{
http_response_code(503);
header('HTTP/1.1 503 Service Temporarily Unavailable');
echo '<h2>An Error Occurred</h2><p>Our software could not connect to the database. We apologise for any inconvenience and ask you to check back later.</p>';
exit;
}
@ -136,7 +138,7 @@ class ErrorHandler
return $error_message;
}
public static function display($message, $file, $line, $debug_info, $is_sensitive = true)
public static function display($message, $debug_info, $is_sensitive = true)
{
$is_admin = Registry::has('user') && Registry::get('user')->isAdmin();
@ -165,8 +167,7 @@ class ErrorHandler
$is_admin = Registry::has('user') && Registry::get('user')->isAdmin();
if (DEBUG || $is_admin)
{
$debug_info = sprintf("Trigger point:\n%s (L%d)\n\n%s", $file, $line, $debug_info);
$page->adopt(new ErrorPage('An error occurred!', $message, $debug_info));
$page->adopt(new DummyBox('An error occurred!', '<p>' . $message . '</p><pre>' . $debug_info . '</pre>'));
// Let's provide the admin navigation despite it all!
if ($is_admin)
@ -175,9 +176,9 @@ class ErrorHandler
}
}
elseif (!$is_sensitive)
$page->adopt(new ErrorPage('An error occurred!', '<p>' . $message . '</p>'));
$page->adopt(new DummyBox('An error occurred!', '<p>' . $message . '</p>'));
else
$page->adopt(new ErrorPage('An error occurred!', 'Our apologies, an error occurred while we were processing your request. Please try again later, or contact us if the problem persists.'));
$page->adopt(new DummyBox('An error occurred!', '<p>Our apologies, an error occurred while we were processing your request. Please try again later, or contact us if the problem persists.</p>'));
// If we got this far, make sure we're not showing stuff twice.
ob_end_clean();

View File

@ -17,14 +17,14 @@ class ErrorLog
INSERT INTO log_errors
(id_user, message, debug_info, file, line, request_uri, time, ip_address)
VALUES
(:id_user, :message, :debug_info, :file, :line,
:request_uri, CURRENT_TIMESTAMP, :ip_address)',
({int:id_user}, {string:message}, {string:debug_info}, {string:file}, {int:line},
{string:request_uri}, CURRENT_TIMESTAMP, {string:ip_address})',
$data);
}
public static function flush()
{
return Registry::get('db')->query('DELETE FROM log_errors');
return Registry::get('db')->query('TRUNCATE log_errors');
}
public static function getCount()
@ -33,20 +33,4 @@ class ErrorLog
SELECT COUNT(*)
FROM log_errors');
}
public static function getOffset($offset, $limit, $order, $direction)
{
assert(in_array($order, ['id_entry', 'file', 'line', 'time', 'ipaddress', 'id_user']));
$order = $order . ($direction === 'up' ? ' ASC' : ' DESC');
return Registry::get('db')->queryAssocs('
SELECT *
FROM log_errors
ORDER BY ' . $order . '
LIMIT :offset, :limit',
[
'offset' => $offset,
'limit' => $limit,
]);
}
}

View File

@ -15,6 +15,7 @@ class GenericTable
private $title;
private $title_class;
private $tableIsSortable = false;
public $form_above;
public $form_below;
@ -28,22 +29,58 @@ class GenericTable
public function __construct($options)
{
$this->initOrder($options);
$this->initPagination($options);
// Make sure we're actually sorting on something sortable.
if (!isset($options['sort_order']) || (!empty($options['sort_order']) && empty($options['columns'][$options['sort_order']]['is_sortable'])))
$options['sort_order'] = '';
$data = $options['get_data']($this->start, $this->items_per_page,
$this->sort_order, $this->sort_direction);
// Order in which direction?
if (!empty($options['sort_direction']) && !in_array($options['sort_direction'], ['up', 'down']))
$options['sort_direction'] = 'up';
// Make sure we know whether we can actually sort on something.
$this->tableIsSortable = !empty($options['base_url']);
// How much data do we have?
$this->recordCount = $options['get_count'](...(!empty($options['get_count_params']) ? $options['get_count_params'] : []));
// How much data do we need to retrieve?
$this->items_per_page = !empty($options['items_per_page']) ? $options['items_per_page'] : 30;
// Figure out where to start.
$this->start = empty($options['start']) || !is_numeric($options['start']) || $options['start'] < 0 || $options['start'] > $this->recordCount ? 0 : $options['start'];
// Figure out where we are on the whole, too.
$numPages = max(1, ceil($this->recordCount / $this->items_per_page));
$this->currentPage = min(ceil($this->start / $this->items_per_page) + 1, $numPages);
// Let's bear a few things in mind...
$this->base_url = $options['base_url'];
// Gather parameters for the data gather function first.
$parameters = [$this->start, $this->items_per_page, $options['sort_order'], $options['sort_direction']];
if (!empty($options['get_data_params']) && is_array($options['get_data_params']))
$parameters = array_merge($parameters, $options['get_data_params']);
// Okay, let's fetch the data!
$data = $options['get_data'](...$parameters);
// Extract data into local variables.
$rawRowData = $data['rows'];
$this->sort_order = $data['order'];
$this->sort_direction = $data['direction'];
unset($data);
// Okay, now for the column headers...
$this->generateColumnHeaders($options);
// Should we create a page index?
if ($this->recordCount > $this->items_per_page)
$needsPageIndex = !empty($this->items_per_page) && $this->recordCount > $this->items_per_page;
if ($needsPageIndex)
$this->generatePageIndex($options);
// Process the data to be shown into rows.
if (!empty($data))
$this->processAllRows($data, $options);
if (!empty($rawRowData))
$this->processAllRows($rawRowData, $options);
else
$this->body = $options['no_items_label'] ?? '';
@ -58,38 +95,6 @@ class GenericTable
$this->form_below = $options['form_below'] ?? $options['form'] ?? null;
}
private function initOrder($options)
{
assert(isset($options['default_sort_order']));
assert(isset($options['default_sort_direction']));
// Validate sort order (column)
$this->sort_order = $options['sort_order'];
if (empty($this->sort_order) || empty($options['columns'][$this->sort_order]['is_sortable']))
$this->sort_order = $options['default_sort_order'];
// Validate sort direction
$this->sort_direction = $options['sort_direction'];
if (empty($this->sort_direction) || !in_array($this->sort_direction, ['up', 'down']))
$this->sort_direction = $options['default_sort_direction'];
}
private function initPagination(array $options)
{
assert(isset($options['base_url']));
assert(isset($options['items_per_page']));
$this->base_url = $options['base_url'];
$this->recordCount = $options['get_count']();
$this->items_per_page = !empty($options['items_per_page']) ? $options['items_per_page'] : 30;
$this->start = empty($options['start']) || !is_numeric($options['start']) || $options['start'] < 0 || $options['start'] > $this->recordCount ? 0 : $options['start'];
$numPages = max(1, ceil($this->recordCount / $this->items_per_page));
$this->currentPage = min(ceil($this->start / $this->items_per_page) + 1, $numPages);
}
private function generateColumnHeaders($options)
{
foreach ($options['columns'] as $key => $column)
@ -97,14 +102,14 @@ class GenericTable
if (empty($column['header']))
continue;
$isSortable = !empty($column['is_sortable']);
$isSortable = $this->tableIsSortable && !empty($column['is_sortable']);
$sortDirection = $key == $this->sort_order && $this->sort_direction === 'up' ? 'down' : 'up';
$header = [
'class' => isset($column['class']) ? $column['class'] : '',
'cell_class' => isset($column['cell_class']) ? $column['cell_class'] : null,
'colspan' => !empty($column['header_colspan']) ? $column['header_colspan'] : 1,
'href' => $isSortable ? $this->getHeaderLink($this->start, $key, $sortDirection) : null,
'href' => $isSortable ? $this->getLink($this->start, $key, $sortDirection) : null,
'label' => $column['header'],
'scope' => 'col',
'sort_mode' => $key == $this->sort_order ? $this->sort_direction : null,
@ -121,7 +126,7 @@ class GenericTable
'base_url' => $this->base_url,
'index_class' => $options['index_class'] ?? '',
'items_per_page' => $this->items_per_page,
'linkBuilder' => [$this, 'getHeaderLink'],
'linkBuilder' => [$this, 'getLink'],
'recordCount' => $this->recordCount,
'sort_direction' => $this->sort_direction,
'sort_order' => $this->sort_order,
@ -129,7 +134,7 @@ class GenericTable
]);
}
public function getHeaderLink($start = null, $order = null, $dir = null)
public function getLink($start = null, $order = null, $dir = null)
{
if ($start === null)
$start = $this->start;
@ -191,18 +196,12 @@ class GenericTable
foreach ($options['columns'] as $column)
{
// Process formatting
if (isset($column['format']) && is_callable($column['format']))
$value = $column['format']($row);
elseif (isset($column['format']))
$value = self::processFormatting($column['format'], $row);
// Process data for this particular cell.
if (isset($column['parse']))
$value = self::processCell($column['parse'], $row);
else
$value = $row[$column['value']];
// Turn value into a link?
if (!empty($column['link']))
$value = $this->processLink($column['link'], $value, $row);
// Append the cell to the row.
$newRow['cells'][] = [
'class' => $column['cell_class'] ?? '',
@ -215,47 +214,68 @@ class GenericTable
}
}
private function processFormatting($options, $rowData)
private function processCell($options, $rowData)
{
if ($options['type'] === 'timestamp')
if (!isset($options['type']))
$options['type'] = 'value';
// Parse the basic value first.
switch ($options['type'])
{
if (empty($options['pattern']) || $options['pattern'] === 'long')
$pattern = 'Y-m-d H:i';
elseif ($options['pattern'] === 'short')
$pattern = 'Y-m-d';
else
$pattern = $options['pattern'];
// Basic option: simply take a use a particular data property.
case 'value':
$value = htmlspecialchars($rowData[$options['data']]);
break;
assert(array_key_exists($options['value'], $rowData));
if (isset($rowData[$options['value']]) && !is_numeric($rowData[$options['value']]))
$timestamp = strtotime($rowData[$options['value']]);
else
$timestamp = (int) $rowData[$options['value']];
// Processing via a lambda function.
case 'function':
$value = $options['data']($rowData);
break;
if (isset($options['if_null']) && $timestamp == 0)
$value = $options['if_null'];
else
$value = date($pattern, $timestamp);
// Using sprintf to fill out a particular pattern.
case 'sprintf':
$parameters = [$options['data']['pattern']];
foreach ($options['data']['arguments'] as $identifier)
$parameters[] = $rowData[$identifier];
return $value;
$value = sprintf(...$parameters);
break;
// Timestamps get custom treatment.
case 'timestamp':
if (empty($options['data']['pattern']) || $options['data']['pattern'] === 'long')
$pattern = 'Y-m-d H:i';
elseif ($options['data']['pattern'] === 'short')
$pattern = 'Y-m-d';
else
$pattern = $options['data']['pattern'];
if (!isset($rowData[$options['data']['timestamp']]))
$timestamp = 0;
elseif (!is_numeric($rowData[$options['data']['timestamp']]))
$timestamp = strtotime($rowData[$options['data']['timestamp']]);
else
$timestamp = (int) $rowData[$options['data']['timestamp']];
if (isset($options['data']['if_null']) && $timestamp == 0)
$value = $options['data']['if_null'];
else
$value = date($pattern, $timestamp);
break;
}
else
throw ValueError('Unexpected formatter type: ' . $options['type']);
}
private function processLink($template, $value, array $rowData)
{
$href = $this->rowReplacements($template, $rowData);
return '<a href="' . $href . '">' . $value . '</a>';
}
// Generate a link, if requested.
if (!empty($options['link']))
{
// First, generate the replacement variables.
$keys = array_keys($rowData);
$values = array_values($rowData);
foreach ($keys as $keyKey => $keyValue)
$keys[$keyKey] = '{' . strtoupper($keyValue) . '}';
private function rowReplacements($template, array $rowData)
{
$keys = array_keys($rowData);
$values = array_values($rowData);
foreach ($keys as $keyKey => $keyValue)
$keys[$keyKey] = '{' . strtoupper($keyValue) . '}';
$value = '<a href="' . str_replace($keys, $values, $options['link']) . '">' . $value . '</a>';
}
return str_replace($keys, $values, $template);
return $value;
}
}

View File

@ -12,6 +12,12 @@ class Image extends Asset
const TYPE_LANDSCAPE = 2;
const TYPE_PORTRAIT = 4;
protected function __construct(array $data)
{
foreach ($data as $attribute => $value)
$this->$attribute = $value;
}
public static function fromId($id_asset, $return_format = 'object')
{
$asset = parent::fromId($id_asset, 'array');
@ -165,7 +171,7 @@ class Image extends Asset
return Registry::get('db')->query('
DELETE FROM assets_thumbs
WHERE id_asset = :id_asset',
WHERE id_asset = {int:id_asset}',
['id_asset' => $this->id_asset]);
}
@ -183,9 +189,9 @@ class Image extends Asset
return Registry::get('db')->query('
DELETE FROM assets_thumbs
WHERE id_asset = :id_asset AND
width = :width AND
height = :height',
WHERE id_asset = {int:id_asset} AND
width = {int:width} AND
height = {int:height}',
[
'height' => $height,
'id_asset' => $this->id_asset,

View File

@ -8,7 +8,7 @@
class Member extends User
{
private function __construct($data = [])
private function __construct($data)
{
foreach ($data as $key => $value)
$this->$key = $value;
@ -18,21 +18,12 @@ class Member extends User
$this->is_admin = $this->is_admin == 1;
}
public static function fromEmailAddress($email_address)
{
return Registry::get('db')->queryObject(static::class, '
SELECT *
FROM users
WHERE emailaddress = :email_address',
['email_address' => $email_address]);
}
public static function fromId($id_user)
{
$row = Registry::get('db')->queryAssoc('
SELECT *
FROM users
WHERE id_user = :id_user',
WHERE id_user = {int:id_user}',
[
'id_user' => $id_user,
]);
@ -49,7 +40,7 @@ class Member extends User
$row = Registry::get('db')->queryAssoc('
SELECT *
FROM users
WHERE slug = :slug',
WHERE slug = {string:slug}',
[
'slug' => $slug,
]);
@ -77,7 +68,6 @@ class Member extends User
'creation_time' => time(),
'ip_address' => isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : '',
'is_admin' => empty($data['is_admin']) ? 0 : 1,
'reset_key' => '',
];
if ($error)
@ -93,13 +83,12 @@ class Member extends User
'creation_time' => 'int',
'ip_address' => 'string-45',
'is_admin' => 'int',
'reset_key' => 'string-16'
], $new_user, ['id_user']);
if (!$bool)
return false;
$new_user['id_user'] = $db->insertId();
$new_user['id_user'] = $db->insert_id();
$member = new Member($new_user);
return $member;
@ -127,14 +116,14 @@ class Member extends User
return Registry::get('db')->query('
UPDATE users
SET
first_name = :first_name,
surname = :surname,
slug = :slug,
emailaddress = :emailaddress,
password_hash = :password_hash,
is_admin = :is_admin
WHERE id_user = :id_user',
get_object_vars($this));
first_name = {string:first_name},
surname = {string:surname},
slug = {string:slug},
emailaddress = {string:emailaddress},
password_hash = {string:password_hash},
is_admin = {int:is_admin}
WHERE id_user = {int:id_user}',
$params);
}
/**
@ -145,7 +134,7 @@ class Member extends User
{
return Registry::get('db')->query('
DELETE FROM users
WHERE id_user = :id_user',
WHERE id_user = {int:id_user}',
['id_user' => $this->id_user]);
}
@ -160,7 +149,7 @@ class Member extends User
$res = Registry::get('db')->queryValue('
SELECT id_user
FROM users
WHERE emailaddress = :emailaddress',
WHERE emailaddress = {string:emailaddress}',
[
'emailaddress' => $emailaddress,
]);
@ -176,9 +165,9 @@ class Member extends User
return Registry::get('db')->query('
UPDATE users
SET
last_action_time = :now,
ip_address = :ip
WHERE id_user = :id',
last_action_time = {int:now},
ip_address = {string:ip}
WHERE id_user = {int:id}',
[
'now' => time(),
'id' => $this->id_user,
@ -198,22 +187,6 @@ class Member extends User
FROM users');
}
public static function getOffset($offset, $limit, $order, $direction)
{
assert(in_array($order, ['id_user', 'surname', 'first_name', 'slug', 'emailaddress', 'last_action_time', 'ip_address', 'is_admin']));
$order = $order . ($direction === 'up' ? ' ASC' : ' DESC');
return Registry::get('db')->queryAssocs('
SELECT *
FROM users
ORDER BY ' . $order . '
LIMIT :offset, :limit',
[
'offset' => $offset,
'limit' => $limit,
]);
}
public function getProps()
{
// We should probably phase out the use of this function, or refactor the access levels of member properties...
@ -223,7 +196,7 @@ class Member extends User
public static function getMemberMap()
{
return Registry::get('db')->queryPair('
SELECT id_user, CONCAT(first_name, :blank, surname) AS full_name
SELECT id_user, CONCAT(first_name, {string:blank}, surname) AS full_name
FROM users
ORDER BY first_name, surname',
[

76
models/PhotoAlbum.php Normal file
View File

@ -0,0 +1,76 @@
<?php
/*****************************************************************************
* PhotoAlbum.php
* Contains key class PhotoAlbum.
*
* Kabuki CMS (C) 2013-2015, Aaron van Geffen
*****************************************************************************/
class PhotoAlbum extends Tag
{
public static function getHierarchy($order, $direction)
{
$db = Registry::get('db');
$res = $db->query('
SELECT *
FROM tags
WHERE kind = {string:album}
ORDER BY id_parent, {raw:order}',
[
'order' => $order . ($direction == 'up' ? ' ASC' : ' DESC'),
'album' => 'Album',
]);
$albums_by_parent = [];
while ($row = $db->fetch_assoc($res))
{
if (!isset($albums_by_parent[$row['id_parent']]))
$albums_by_parent[$row['id_parent']] = [];
$albums_by_parent[$row['id_parent']][] = $row + ['children' => []];
}
$albums = self::getChildrenRecursively(0, 0, $albums_by_parent);
$rows = self::flattenChildrenRecursively($albums);
return $rows;
}
private static function getChildrenRecursively($id_parent, $level, &$albums_by_parent)
{
$children = [];
if (!isset($albums_by_parent[$id_parent]))
return $children;
foreach ($albums_by_parent[$id_parent] as $child)
{
if (isset($albums_by_parent[$child['id_tag']]))
$child['children'] = self::getChildrenRecursively($child['id_tag'], $level + 1, $albums_by_parent);
$child['tag'] = ($level ? str_repeat('—', $level * 2) . ' ' : '') . $child['tag'];
$children[] = $child;
}
return $children;
}
private static function flattenChildrenRecursively($albums)
{
if (empty($albums))
return [];
$rows = [];
foreach ($albums as $album)
{
$rows[] = array_intersect_key($album, array_flip(['id_tag', 'tag', 'slug', 'count']));
if (!empty($album['children']))
{
$children = self::flattenChildrenRecursively($album['children']);
foreach ($children as $child)
$rows[] = array_intersect_key($child, array_flip(['id_tag', 'tag', 'slug', 'count']));
}
}
return $rows;
}
}

View File

@ -8,11 +8,11 @@
class PhotoMosaic
{
private bool $descending;
private $descending;
private AssetIterator $iterator;
private array $layouts;
private int $processedImages = 0;
private array $queue = [];
private $layouts;
private $processedImages = 0;
private $queue = [];
const IMAGE_MASK_ALL = Image::TYPE_PORTRAIT | Image::TYPE_LANDSCAPE | Image::TYPE_PANORAMA;
const NUM_DAYS_CUTOFF = 7;
@ -25,6 +25,11 @@ class PhotoMosaic
$this->descending = $iterator->isDescending();
}
public function __destruct()
{
$this->iterator->clean();
}
private function availableLayouts()
{
static $layouts = [
@ -81,14 +86,9 @@ class PhotoMosaic
}
}
// Check whatever's up next!
// NB: not is not a `foreach` so as to not reset the iterator implicitly
while ($this->iterator->valid())
// Check whatever's next up!
while (($asset = $this->iterator->next()) && ($image = $asset->getImage()))
{
$asset = $this->iterator->current();
$image = $asset->getImage();
$this->iterator->next();
// Give up on the recordset once dates are too far apart
if (isset($refDate) && abs(self::daysApart($image->getDateCaptured(), $refDate)) > self::NUM_DAYS_CUTOFF)
{

View File

@ -24,7 +24,7 @@ class Registry
public static function get($key)
{
if (!isset(self::$storage[$key]))
throw new Exception('Key does not exist in Registry: ' . $key);
trigger_error('Key does not exist in Registry: ' . $key, E_USER_ERROR);
return self::$storage[$key];
}
@ -32,7 +32,7 @@ class Registry
public static function remove($key)
{
if (!isset(self::$storage[$key]))
throw new Exception('Key does not exist in Registry: ' . $key);
trigger_error('Key does not exist in Registry: ' . $key, E_USER_ERROR);
unset(self::$storage[$key]);
}

View File

@ -33,7 +33,7 @@ class Session
public static function getSessionToken()
{
if (empty($_SESSION['session_token']))
throw new Exception('Call to getSessionToken without a session token being set!');
trigger_error('Call to getSessionToken without a session token being set!', E_USER_ERROR);
return $_SESSION['session_token'];
}
@ -41,7 +41,7 @@ class Session
public static function getSessionTokenKey()
{
if (empty($_SESSION['session_token_key']))
throw new Exception('Call to getSessionTokenKey without a session token key being set!');
trigger_error('Call to getSessionTokenKey without a session token key being set!', E_USER_ERROR);
return $_SESSION['session_token_key'];
}

View File

@ -21,7 +21,7 @@ class Setting
REPLACE INTO settings
(id_user, variable, value, time_set)
VALUES
(:id_user, :key, :value, CURRENT_TIMESTAMP())',
({int:id_user}, {string:key}, {string:value}, CURRENT_TIMESTAMP())',
[
'id_user' => $id_user,
'key' => $key,
@ -45,7 +45,7 @@ class Setting
$value = Registry::get('db')->queryValue('
SELECT value
FROM settings
WHERE id_user = :id_user AND variable = :key',
WHERE id_user = {int:id_user} AND variable = {string:key}',
[
'id_user' => $id_user,
'key' => $key,
@ -63,30 +63,11 @@ class Setting
public static function remove($key, $id_user = null)
{
// User setting or global setting?
if ($id_user === null)
$id_user = Registry::get('user')->getUserId();
$pairs = Registry::get('db')->queryPair('
SELECT variable, value
FROM settings
WHERE id_user = :id_user',
[
'id_user' => $id_user,
]);
return $pairs;
}
public static function remove($key, $id_user = 0)
{
// User setting or global setting?
if ($id_user === null)
$id_user = Registry::get('user')->getUserId();
$id_user = Registry::get('user')->getUserId();
if (Registry::get('db')->query('
DELETE FROM settings
WHERE id_user = :id_user AND variable = :key',
WHERE id_user = {int:id_user} AND variable = {string:key}',
[
'id_user' => $id_user,
'key' => $key,

View File

@ -24,11 +24,6 @@ class Tag
$this->$attribute = $value;
}
public function __toString()
{
return $this->tag;
}
public static function fromId($id_tag, $return_format = 'object')
{
$db = Registry::get('db');
@ -36,7 +31,7 @@ class Tag
$row = $db->queryAssoc('
SELECT *
FROM tags
WHERE id_tag = :id_tag',
WHERE id_tag = {int:id_tag}',
[
'id_tag' => $id_tag,
]);
@ -55,7 +50,7 @@ class Tag
$row = $db->queryAssoc('
SELECT *
FROM tags
WHERE slug = :slug',
WHERE slug = {string:slug}',
[
'slug' => $slug,
]);
@ -73,7 +68,7 @@ class Tag
SELECT *
FROM tags
ORDER BY ' . ($limit > 0 ? 'count
LIMIT :limit' : 'tag'),
LIMIT {int:limit}' : 'tag'),
[
'limit' => $limit,
]);
@ -107,14 +102,14 @@ class Tag
$res = $db->query('
SELECT *
FROM tags
WHERE id_user_owner = :id_user_owner
WHERE id_user_owner = {int:id_user_owner}
ORDER BY tag',
[
'id_user_owner' => $id_user_owner,
]);
$objects = [];
while ($row = $db->fetchAssoc($res))
while ($row = $db->fetch_assoc($res))
$objects[$row['id_tag']] = new Tag($row);
return $objects;
@ -125,9 +120,9 @@ class Tag
$rows = Registry::get('db')->queryAssocs('
SELECT *
FROM tags
WHERE id_parent = :id_parent AND kind = :kind
WHERE id_parent = {int:id_parent} AND kind = {string:kind}
ORDER BY tag ASC
LIMIT :offset, :limit',
LIMIT {int:offset}, {int:limit}',
[
'id_parent' => $id_parent,
'kind' => 'Album',
@ -153,7 +148,7 @@ class Tag
FROM assets_tags AS at
LEFT JOIN assets AS a ON at.id_asset = a.id_asset
LEFT JOIN users AS u ON a.id_user_uploaded = u.id_user
WHERE at.id_tag = :id_tag
WHERE at.id_tag = {int:id_tag}
GROUP BY a.id_user_uploaded
ORDER BY u.first_name, u.surname',
[
@ -166,9 +161,9 @@ class Tag
$rows = Registry::get('db')->queryAssocs('
SELECT *
FROM tags
WHERE id_parent = :id_parent AND kind = :kind
WHERE id_parent = {int:id_parent} AND kind = {string:kind}
ORDER BY tag ASC
LIMIT :offset, :limit',
LIMIT {int:offset}, {int:limit}',
[
'id_parent' => $id_parent,
'kind' => 'Person',
@ -195,7 +190,7 @@ class Tag
WHERE id_tag IN(
SELECT id_tag
FROM assets_tags
WHERE id_asset = :id_asset
WHERE id_asset = {int:id_asset}
)
ORDER BY count DESC',
[
@ -225,7 +220,7 @@ class Tag
WHERE id_tag IN(
SELECT id_tag
FROM posts_tags
WHERE id_post = :id_post
WHERE id_post = {int:id_post}
)
ORDER BY count DESC',
[
@ -255,7 +250,7 @@ class Tag
FROM `assets_tags` AS at
WHERE at.id_tag = t.id_tag
)' . (!empty($id_tags) ? '
WHERE t.id_tag IN(@id_tags)' : ''),
WHERE t.id_tag IN({array_int:id_tags})' : ''),
['id_tags' => $id_tags]);
}
@ -276,14 +271,14 @@ class Tag
INSERT IGNORE INTO tags
(id_parent, tag, slug, kind, description, count)
VALUES
(:id_parent, :tag, :slug, :kind, :description, :count)
({int:id_parent}, {string:tag}, {string:slug}, {string:kind}, {string:description}, {int:count})
ON DUPLICATE KEY UPDATE count = count + 1',
$data);
if (!$res)
throw new Exception('Could not create the requested tag.');
trigger_error('Could not create the requested tag.', E_USER_ERROR);
$data['id_tag'] = $db->insertId();
$data['id_tag'] = $db->insert_id();
return $return_format === 'object' ? new Tag($data) : $data;
}
@ -297,15 +292,14 @@ class Tag
return Registry::get('db')->query('
UPDATE tags
SET
id_parent = :id_parent,
id_asset_thumb = :id_asset_thumb,' . (isset($this->id_user_owner) ? '
id_user_owner = :id_user_owner,' : '') . '
tag = :tag,
slug = :slug,
kind = :kind,
description = :description,
count = :count
WHERE id_tag = :id_tag',
id_parent = {int:id_parent},
id_asset_thumb = {int:id_asset_thumb},' . (isset($this->id_user_owner) ? '
id_user_owner = {int:id_user_owner},' : '') . '
tag = {string:tag},
slug = {string:slug},
description = {string:description},
count = {int:count}
WHERE id_tag = {int:id_tag}',
get_object_vars($this));
}
@ -313,10 +307,9 @@ class Tag
{
$db = Registry::get('db');
// Unlink any tagged assets
$res = $db->query('
DELETE FROM assets_tags
WHERE id_tag = :id_tag',
WHERE id_tag = {int:id_tag}',
[
'id_tag' => $this->id_tag,
]);
@ -324,10 +317,9 @@ class Tag
if (!$res)
return false;
// Delete the actual tag
return $db->query('
DELETE FROM tags
WHERE id_tag = :id_tag',
WHERE id_tag = {int:id_tag}',
[
'id_tag' => $this->id_tag,
]);
@ -339,15 +331,15 @@ class Tag
$new_id = $db->queryValue('
SELECT MAX(id_asset) as new_id
FROM assets_tags
WHERE id_tag = :id_tag',
WHERE id_tag = {int:id_tag}',
[
'id_tag' => $this->id_tag,
]);
return $db->query('
UPDATE tags
SET id_asset_thumb = :new_id
WHERE id_tag = :id_tag',
SET id_asset_thumb = {int:new_id}
WHERE id_tag = {int:id_tag}',
[
'new_id' => $new_id ?? 0,
'id_tag' => $this->id_tag,
@ -362,7 +354,7 @@ class Tag
return Registry::get('db')->queryPair('
SELECT id_tag, tag
FROM tags
WHERE LOWER(tag) LIKE :tokens
WHERE LOWER(tag) LIKE {string:tokens}
ORDER BY tag ASC',
['tokens' => '%' . strtolower(implode('%', $tokens)) . '%']);
}
@ -392,7 +384,7 @@ class Tag
return Registry::get('db')->queryPair('
SELECT id_tag, tag
FROM tags
WHERE tag = :tag',
WHERE tag = {string:tag}',
['tag' => $tag]);
}
@ -404,7 +396,7 @@ class Tag
return Registry::get('db')->queryValue('
SELECT id_tag
FROM tags
WHERE slug = :slug',
WHERE slug = {string:slug}',
['slug' => $slug]);
}
@ -413,103 +405,31 @@ class Tag
return Registry::get('db')->queryPair('
SELECT tag, id_tag
FROM tags
WHERE tag IN (:tags)',
WHERE tag IN ({array_string:tags})',
['tags' => $tags]);
}
public static function getCount($only_used = true, $kind = '', $isAlbum = false)
public static function getCount($only_active = 1, $kind = '')
{
$where = [];
if ($only_used)
if ($only_active)
$where[] = 'count > 0';
if (empty($kind))
$kind = 'Album';
if (!empty($kind))
$where[] = 'kind = {string:kind}';
$operator = $isAlbum ? '=' : '!=';
$where[] = 'kind ' . $operator . ' :kind';
$where = implode(' AND ', $where);
if (!empty($where))
$where = 'WHERE ' . implode(' AND ', $where);
else
$where = '';
return Registry::get('db')->queryValue('
SELECT COUNT(*)
FROM tags
WHERE ' . $where,
[
'kind' => $kind,
]);
FROM tags ' . $where,
['kind' => $kind]);
}
public static function getOffset($offset, $limit, $order, $direction, $isAlbum = false)
public function __toString()
{
assert(in_array($order, ['id_tag', 'tag', 'slug', 'count']));
$order = $order . ($direction === 'up' ? ' ASC' : ' DESC');
$operator = $isAlbum ? '=' : '!=';
$db = Registry::get('db');
$res = $db->query('
SELECT t.*, u.id_user, u.first_name, u.surname
FROM tags AS t
LEFT JOIN users AS u ON t.id_user_owner = u.id_user
WHERE kind ' . $operator . ' :album
ORDER BY id_parent, ' . $order . '
LIMIT :offset, :limit',
[
'offset' => $offset,
'limit' => $limit,
'album' => 'Album',
]);
$albums_by_parent = [];
while ($row = $db->fetchAssoc($res))
{
if (!isset($albums_by_parent[$row['id_parent']]))
$albums_by_parent[$row['id_parent']] = [];
$albums_by_parent[$row['id_parent']][] = $row + ['children' => []];
}
$albums = self::getChildrenRecursively(0, 0, $albums_by_parent);
$rows = self::flattenChildrenRecursively($albums);
return $rows;
}
private static function getChildrenRecursively($id_parent, $level, &$albums_by_parent)
{
$children = [];
if (!isset($albums_by_parent[$id_parent]))
return $children;
foreach ($albums_by_parent[$id_parent] as $child)
{
if (isset($albums_by_parent[$child['id_tag']]))
$child['children'] = self::getChildrenRecursively($child['id_tag'], $level + 1, $albums_by_parent);
$child['tag'] = ($level ? str_repeat('—', $level * 2) . ' ' : '') . $child['tag'];
$children[] = $child;
}
return $children;
}
private static function flattenChildrenRecursively($albums)
{
if (empty($albums))
return [];
$rows = [];
foreach ($albums as $album)
{
static $headers_to_keep = ['id_tag', 'tag', 'slug', 'count', 'id_user', 'first_name', 'surname'];
$rows[] = array_intersect_key($album, array_flip($headers_to_keep));
if (!empty($album['children']))
{
$children = self::flattenChildrenRecursively($album['children']);
foreach ($children as $child)
$rows[] = array_intersect_key($child, array_flip($headers_to_keep));
}
}
return $rows;
return $this->tag;
}
}

View File

@ -335,7 +335,7 @@ class Thumbnail
if ($success)
{
$thumb_selector = $this->width . 'x' . $this->height . $this->filename_suffix;
$this->thumbnails[$thumb_selector] = $filename ?? null;
$this->thumbnails[$thumb_selector] = $filename !== 'NULL' ? $filename : null;
// For consistency, write new thumbnail filename to parent Image object.
// TODO: there could still be an inconsistency if multiple objects exists for the same image asset.
@ -349,7 +349,7 @@ class Thumbnail
private function markAsQueued()
{
$this->updateDb(null);
$this->updateDb('NULL');
}
private function markAsGenerated($filename)

View File

@ -23,7 +23,6 @@ abstract class User
protected $ip_address;
protected $is_admin;
protected $reset_key;
protected $reset_blocked_until;
protected bool $is_logged;
protected bool $is_guest;

View File

@ -366,8 +366,8 @@ div.polaroid a {
/* Album button box
---------------------*/
.album_button_box {
float: right;
display: flex;
justify-content: flex-end;
margin-bottom: 3rem;
}
.album_button_box > a,

View File

@ -22,7 +22,7 @@ class AlbumButtonBox extends Template
public function html_main()
{
echo '
<div class="container album_button_box">';
<div class="album_button_box">';
foreach ($this->buttons as $button)
echo '

View File

@ -1,41 +0,0 @@
<?php
/*****************************************************************************
* ErrorPage.php
* Defines the template class ErrorPage.
*
* Kabuki CMS (C) 2013-2025, Aaron van Geffen
*****************************************************************************/
class ErrorPage extends Template
{
private $debug_info;
private $message;
private $title;
public function __construct($title, $message, $debug_info = null)
{
$this->title = $title;
$this->message = $message;
$this->debug_info = $debug_info;
}
public function html_main()
{
echo '
<div class="content-box container">
<h2>', $this->title, '</h2>
<p>', nl2br(htmlspecialchars($this->message)), '</p>';
if (isset($this->debug_info))
{
echo '
</div>
<div class="content-box container">
<h4>Debug Info</h4>
<pre>', htmlspecialchars($this->debug_info), '</pre>';
}
echo '
</div>';
}
}

View File

@ -8,12 +8,12 @@
class FeaturedThumbnailManager extends SubTemplate
{
private $iterator;
private $assets;
private $currentThumbnailId;
public function __construct(AssetIterator $iterator, $currentThumbnailId)
public function __construct(AssetIterator $assets, $currentThumbnailId)
{
$this->iterator = $iterator;
$this->assets = $assets;
$this->currentThumbnailId = $currentThumbnailId;
}
@ -25,7 +25,7 @@ class FeaturedThumbnailManager extends SubTemplate
<h2>Select thumbnail</h2>
<ul id="featuredThumbnail">';
foreach ($this->iterator as $asset)
while ($asset = $this->assets->next())
{
$image = $asset->getImage();
echo '
@ -36,6 +36,8 @@ class FeaturedThumbnailManager extends SubTemplate
</li>';
}
$this->assets->clean();
echo '
</ul>
<input type="hidden" name="', Session::getSessionTokenKey(), '" value="', Session::getSessionToken(), '">

View File

@ -33,7 +33,7 @@ class MainNavBar extends NavBar
<span class="navbar-toggler-icon"></span>
</button>';
if (Registry::has('user') && Registry::get('user')->isLoggedIn())
if (Registry::get('user')->isLoggedIn())
{
echo '
<div class="collapse navbar-collapse justify-content-end" id="', $this->innerMenuId, '">

View File

@ -174,10 +174,7 @@ class PhotoPage extends Template
echo '
</ul>';
if ($allowLinkingNewTags)
{
$this->printNewTagScript($tagKind, $tagListId, $newTagId);
}
$this->printNewTagScript($tagKind, $tagListId, $newTagId);
}
private function printNewTagScript($tagKind, $tagListId, $newTagId)

View File

@ -8,7 +8,7 @@
class TabularData extends SubTemplate
{
protected GenericTable $_t;
private GenericTable $_t;
public function __construct(GenericTable $table)
{
@ -16,47 +16,6 @@ class TabularData extends SubTemplate
}
protected function html_content()
{
$this->renderTitle();
foreach ($this->_subtemplates as $template)
$template->html_main();
// Showing an inline form?
$pager = $this->_t->getPageIndex();
if (!empty($pager) || isset($this->_t->form_above))
$this->renderPaginationForm($pager, $this->_t->form_above);
$tableClass = $this->_t->getTableClass();
if ($tableClass)
echo '
<div class="', $tableClass, '">';
// Build the table!
echo '
<table class="table table-striped table-condensed">';
$this->renderTableHead($this->_t->getHeader());
$this->renderTableBody($this->_t->getBody());
echo '
</table>';
if ($tableClass)
echo '
</div>';
// Showing an inline form?
if (!empty($pager) || isset($this->_t->form_below))
$this->renderPaginationForm($pager, $this->_t->form_below);
$title = $this->_t->getTitle();
if (!empty($title))
echo '
</div>';
}
protected function renderTitle()
{
$title = $this->_t->getTitle();
if (!empty($title))
@ -66,32 +25,43 @@ class TabularData extends SubTemplate
<div class="generic-table', !empty($titleclass) ? ' ' . $titleclass : '', '">
<h1>', htmlspecialchars($title), '</h1>';
}
}
protected function renderPaginationForm($pager, $form, $class='row')
{
echo '
<div class="', $class, ' clearfix justify-content-end">';
// Page index?
if (!empty($pager))
PageIndexWidget::paginate($pager);
// Form controls?
if (isset($form))
$this->renderInlineForm($form);
echo '
</div>';
}
protected function renderTableHead(array $headers)
{
foreach ($this->_subtemplates as $template)
$template->html_main();
// Showing an inline form?
$pager = $this->_t->getPageIndex();
if (!empty($pager) || isset($this->_t->form_above))
{
echo '
<div class="row clearfix justify-content-end">';
// Page index?
if (!empty($pager))
PageIndexWidget::paginate($pager);
// Form controls?
if (isset($this->_t->form_above))
$this->showForm($this->_t->form_above);
echo '
</div>';
}
$tableClass = $this->_t->getTableClass();
if ($tableClass)
echo '
<div class="', $tableClass, '">';
// Build the table!
echo '
<table class="table table-striped table-condensed">
<thead>
<tr>';
foreach ($headers as $th)
// Show all headers in their full glory!
$header = $this->_t->getHeader();
foreach ($header as $th)
{
echo '
<th', (!empty($th['width']) ? ' width="' . $th['width'] . '"' : ''), (!empty($th['class']) ? ' class="' . $th['class'] . '"' : ''), ($th['colspan'] > 1 ? ' colspan="' . $th['colspan'] . '"' : ''), ' scope="', $th['scope'], '">',
@ -105,14 +75,11 @@ class TabularData extends SubTemplate
echo '
</tr>
</thead>';
}
protected function renderTableBody($body)
{
echo '
</thead>
<tbody>';
// The body is what we came to see!
$body = $this->_t->getBody();
if (is_array($body))
{
foreach ($body as $tr)
@ -123,31 +90,59 @@ class TabularData extends SubTemplate
foreach ($tr['cells'] as $td)
{
echo '
<td',
(!empty($td['class']) ? ' class="' . $td['class'] . '"' : ''),
(!empty($td['width']) ? ' width="' . $td['width'] . '"' : ''), '>',
$td['value'],
'</td>';
<td', (!empty($td['width']) ? ' width="' . $td['width'] . '"' : ''), '>';
if (!empty($td['class']))
echo '<span class="', $td['class'], '">', $td['value'], '</span>';
else
echo $td['value'];
echo '</td>';
}
echo '
</tr>';
}
}
// !!! Sum colspan!
else
{
$header = $this->_t->getHeader();
echo '
<tr>
<td colspan="', count($header), '" class="fullwidth">', $body, '</td>
</tr>';
}
echo '
</tbody>';
</tbody>
</table>';
if ($tableClass)
echo '
</div>';
// Showing an inline form?
if (!empty($pager) || isset($this->_t->form_below))
{
echo '
<div class="row clearfix justify-content-end">';
// Page index?
if (!empty($pager))
PageIndexWidget::paginate($pager);
// Form controls?
if (isset($this->_t->form_below))
$this->showForm($this->_t->form_below);
echo '
</div>';
}
if (!empty($title))
echo '
</div>';
}
protected function renderInlineForm($form)
protected function showForm($form)
{
if (!isset($form['is_embed']))
echo '