Public/pics
2
2
Fork 2
Code Issues 6 Pull Requests Releases Wiki Activity

Compare commits

base: Public:master
Branches Tags
Public:master
Joost:master
Joost:elaborate-dev-setup
Joost:improve_thumbs
Joost:exif-date-time-original
Joost:refactor-tables
Joost:autosuggest
Public:version-1.2
Public:version-1.1
Public:version-1.0
Joost:version-1.2
Joost:version-1.1
Joost:version-1.0
..
compare: Joost:master
Branches Tags
Joost:master
Joost:elaborate-dev-setup
Joost:improve_thumbs
Joost:exif-date-time-original
Joost:refactor-tables
Joost:autosuggest
Public:master
Joost:version-1.2
Joost:version-1.1
Joost:version-1.0
Public:version-1.2
Public:version-1.1
Public:version-1.0

No commits in common. "master" and "master" have entirely different histories.
master ... master

32 changed files with 727 additions and 789 deletions
Show Stats Expand all files Collapse all files

15
controllers/EditAlbum.php
View File

@ -41,13 +41,13 @@ class EditAlbum extends HTMLController
exit;
}
else
throw new Exception('Cannot delete album: an error occured while processing the request.');
trigger_error('Cannot delete album: an error occured while processing the request.', E_USER_ERROR);
}
// Editing one, then, surely.
else
{
if ($album->kind !== 'Album')
throw new Exception('Cannot edit album: not an album.');
trigger_error('Cannot edit album: not an album.', E_USER_ERROR);
parent::__construct('Edit album \'' . $album->tag . '\'');
$form_title = 'Edit album \'' . $album->tag . '\'';
@ -67,7 +67,7 @@ class EditAlbum extends HTMLController
// Gather possible parents for this album to be filed into
$parentChoices = [0 => '-root-'];
foreach (Tag::getOffset(0, 9999, 'tag', 'up', true) as $parent)
foreach (PhotoAlbum::getHierarchy('tag', 'up') as $parent)
{
if (!empty($id_tag) && $parent['id_tag'] == $id_tag)
continue;
@ -139,10 +139,6 @@ class EditAlbum extends HTMLController
];
}
}
elseif (empty($_POST) && isset($album))
{
$formDefaults = get_object_vars($album);
}
elseif (empty($_POST) && count($parentChoices) > 1)
{
// Choose the first non-root album as the default parent
@ -150,8 +146,9 @@ class EditAlbum extends HTMLController
next($parentChoices);
$formDefaults = ['id_parent' => key($parentChoices)];
}
else
$formDefaults = $_POST;
if (!isset($formDefaults))
$formDefaults = isset($album) ? get_object_vars($album) : $_POST;
// Create the form, add in default values.
$this->form->setData($formDefaults);

2
controllers/EditAsset.php
View File

@ -67,7 +67,7 @@ class EditAsset extends HTMLController
// Get a list of available photo albums
$allAlbums = [];
foreach (Tag::getOffset(0, 9999, 'tag', 'up', true) as $album)
foreach (PhotoAlbum::getHierarchy('tag', 'up') as $album)
$allAlbums[$album['id_tag']] = $album['tag'];
// Figure out the current album id

4
controllers/EditTag.php
View File

@ -39,13 +39,13 @@ class EditTag extends HTMLController
exit;
}
else
throw new Exception('Cannot delete tag: an error occured while processing the request.');
trigger_error('Cannot delete tag: an error occured while processing the request.', E_USER_ERROR);
}
// Editing one, then, surely.
else
{
if ($tag->kind === 'Album')
throw new Exception('Cannot edit tag: is actually an album.');
trigger_error('Cannot edit tag: is actually an album.', E_USER_ERROR);
parent::__construct('Edit tag \'' . $tag->tag . '\'');
$form_title = 'Edit tag \'' . $tag->tag . '\'';

4
controllers/EditUser.php
View File

@ -33,7 +33,7 @@ class EditUser extends HTMLController
{
// Don't be stupid.
if ($current_user->getUserId() == $id_user)
throw new Exception('Sorry, I cannot allow you to delete yourself.');
trigger_error('Sorry, I cannot allow you to delete yourself.', E_USER_ERROR);
// So far so good?
$user = Member::fromId($id_user);
@ -43,7 +43,7 @@ class EditUser extends HTMLController
exit;
}
else
throw new Exception('Cannot delete user: an error occured while processing the request.');
trigger_error('Cannot delete user: an error occured while processing the request.', E_USER_ERROR);
}
// Editing one, then, surely.
else

4
controllers/Login.php
View File

@ -24,9 +24,7 @@ class Login extends HTMLController
if (Authentication::checkPassword($_POST['emailaddress'], $_POST['password']))
{
parent::__construct('Login');
$user = Member::fromEmailAddress($_POST['emailaddress']);
$_SESSION['user_id'] = $user->getUserId();
$_SESSION['user_id'] = Authentication::getUserId($_POST['emailaddress']);
if (isset($_POST['redirect_url']))
header('Location: ' . base64_decode($_POST['redirect_url']));

37
controllers/ManageAlbums.php
View File

@ -35,14 +35,18 @@ class ManageAlbums extends HTMLController
'tag' => [
'header' => 'Album',
'is_sortable' => true,
'link' => BASEURL . '/editalbum/?id={ID_TAG}',
'value' => 'tag',
'parse' => [
'link' => BASEURL . '/editalbum/?id={ID_TAG}',
'data' => 'tag',
],
],
'slug' => [
'header' => 'Slug',
'is_sortable' => true,
'link' => BASEURL . '/editalbum/?id={ID_TAG}',
'value' => 'slug',
'parse' => [
'link' => BASEURL . '/editalbum/?id={ID_TAG}',
'data' => 'slug',
],
],
'count' => [
'header' => '# Photos',
@ -50,21 +54,30 @@ class ManageAlbums extends HTMLController
'value' => 'count',
],
],
'default_sort_order' => 'tag',
'default_sort_direction' => 'up',
'start' => $_GET['start'] ?? 0,
'sort_order' => $_GET['order'] ?? '',
'sort_direction' => $_GET['dir'] ?? '',
'start' => !empty($_GET['start']) ? (int) $_GET['start'] : 0,
'sort_order' => !empty($_GET['order']) ? $_GET['order'] : null,
'sort_direction' => !empty($_GET['dir']) ? $_GET['dir'] : null,
'title' => 'Manage albums',
'no_items_label' => 'No albums meet the requirements of the current filter.',
'items_per_page' => 9999,
'index_class' => 'col-md-6',
'base_url' => BASEURL . '/managealbums/',
'get_data' => function($offset, $limit, $order, $direction) {
return Tag::getOffset($offset, $limit, $order, $direction, true);
'get_data' => function($offset = 0, $limit = 9999, $order = '', $direction = 'up') {
if (!in_array($order, ['id_tag', 'tag', 'slug', 'count']))
$order = 'tag';
if (!in_array($direction, ['up', 'down']))
$direction = 'up';
$rows = PhotoAlbum::getHierarchy($order, $direction);
return [
'rows' => $rows,
'order' => $order,
'direction' => ($direction == 'up' ? 'up' : 'down'),
];
},
'get_count' => function() {
return Tag::getCount(false, 'Album', true);
return 9999;
}
];

105
controllers/ManageAssets.php
View File

@ -38,33 +38,12 @@ class ManageAssets extends HTMLController
'checkbox' => [
'header' => '<input type="checkbox" id="selectall">',
'is_sortable' => false,
'format' => fn($row) =>
'<input type="checkbox" class="asset_select" name="delete[]" value="' . $row['id_asset'] . '">',
],
'thumbnail' => [
'header' => '&nbsp;',
'is_sortable' => false,
'cell_class' => 'text-center',
'format' => function($row) {
$asset = Image::byRow($row);
$width = $height = 65;
if ($asset->isImage())
{
if ($asset->isPortrait())
$width = null;
else
$height = null;
$thumb = $asset->getThumbnailUrl($width, $height);
}
else
$thumb = BASEURL . '/images/nothumb.svg';
$width = isset($width) ? $width . 'px' : 'auto';
$height = isset($height) ? $height . 'px' : 'auto';
return sprintf('<img src="%s" style="width: %s; height: %s;">', $thumb, $width, $height);
},
'parse' => [
'type' => 'function',
'data' => function($row) {
return '<input type="checkbox" class="asset_select" name="delete[]" value="' . $row['id_asset'] . '">';
},
],
],
'id_asset' => [
'value' => 'id_asset',
@ -80,42 +59,72 @@ class ManageAssets extends HTMLController
'value' => 'filename',
'header' => 'Filename',
'is_sortable' => true,
'link' => BASEURL . '/editasset/?id={ID_ASSET}',
'value' => 'filename',
'parse' => [
'type' => 'value',
'link' => BASEURL . '/editasset/?id={ID_ASSET}',
'data' => 'filename',
],
],
'id_user_uploaded' => [
'header' => 'User uploaded',
'is_sortable' => true,
'format' => function($row) {
if (!empty($row['id_user']))
return sprintf('<a href="%s/edituser/?id=%d">%s</a>', BASEURL, $row['id_user'],
$row['first_name'] . ' ' . $row['surname']);
else
return 'n/a';
},
'parse' => [
'type' => 'function',
'data' => function($row) {
if (!empty($row['id_user']))
return sprintf('<a href="%s/edituser/?id=%d">%s</a>', BASEURL, $row['id_user'],
$row['first_name'] . ' ' . $row['surname']);
else
return 'n/a';
},
],
],
'dimensions' => [
'header' => 'Dimensions',
'is_sortable' => false,
'format' => function($row) {
if (!empty($row['image_width']))
return $row['image_width'] . ' x ' . $row['image_height'];
else
return 'n/a';
},
'parse' => [
'type' => 'function',
'data' => function($row) {
if (!empty($row['image_width']))
return $row['image_width'] . ' x ' . $row['image_height'];
else
return 'n/a';
},
],
],
],
'default_sort_order' => 'id_asset',
'default_sort_direction' => 'down',
'start' => $_GET['start'] ?? 0,
'sort_order' => $_GET['order'] ?? '',
'sort_direction' => $_GET['dir'] ?? '',
'start' => !empty($_GET['start']) ? (int) $_GET['start'] : 0,
'sort_order' => !empty($_GET['order']) ? $_GET['order'] : '',
'sort_direction' => !empty($_GET['dir']) ? $_GET['dir'] : '',
'title' => 'Manage assets',
'no_items_label' => 'No assets meet the requirements of the current filter.',
'items_per_page' => 30,
'index_class' => 'col-md-6',
'base_url' => BASEURL . '/manageassets/',
'get_data' => 'Asset::getOffset',
'get_data' => function($offset = 0, $limit = 30, $order = '', $direction = 'down') {
if (!in_array($order, ['id_asset', 'id_user_uploaded', 'title', 'subdir', 'filename']))
$order = 'id_asset';
$data = Registry::get('db')->queryAssocs('
SELECT a.id_asset, a.subdir, a.filename,
a.image_width, a.image_height,
u.id_user, u.first_name, u.surname
FROM assets AS a
LEFT JOIN users AS u ON a.id_user_uploaded = u.id_user
ORDER BY {raw:order}
LIMIT {int:offset}, {int:limit}',
[
'order' => $order . ($direction == 'up' ? ' ASC' : ' DESC'),
'offset' => $offset,
'limit' => $limit,
]);
return [
'rows' => $data,
'order' => $order,
'direction' => $direction,
];
},
'get_count' => 'Asset::getCount',
];

73
controllers/ManageErrors.php
View File

@ -14,8 +14,8 @@ class ManageErrors extends HTMLController
if (!Registry::get('user')->isAdmin())
throw new NotAllowedException();
// Clearing, are we?
if (isset($_POST['clear']) && Session::validateSession('get'))
// Flushing, are we?
if (isset($_POST['flush']) && Session::validateSession('get'))
{
ErrorLog::flush();
header('Location: ' . BASEURL . '/manageerrors/');
@ -31,7 +31,7 @@ class ManageErrors extends HTMLController
'method' => 'post',
'class' => 'col-md-6 text-end',
'buttons' => [
'clear' => [
'flush' => [
'type' => 'submit',
'caption' => 'Delete all',
'class' => 'btn-danger',
@ -39,23 +39,26 @@ class ManageErrors extends HTMLController
],
],
'columns' => [
'id_entry' => [
'id' => [
'value' => 'id_entry',
'header' => '#',
'is_sortable' => true,
],
'message' => [
'parse' => [
'type' => 'function',
'data' => function($row) {
return $row['message'] . '<br>' .
'<div><a onclick="this.parentNode.childNodes[1].style.display=\'block\';this.style.display=\'none\';">Show debug info</a>' .
'<pre style="display: none">' . htmlspecialchars($row['debug_info']) .
'</pre></div>' .
'<small><a href="' . BASEURL .
htmlspecialchars($row['request_uri']) . '">' .
htmlspecialchars($row['request_uri']) . '</a></small>';
}
],
'header' => 'Message / URL',
'is_sortable' => false,
'format' => function($row) {
return $row['message'] . '<br>' .
'<div><a onclick="this.parentNode.childNodes[1].style.display=\'block\';this.style.display=\'none\';">Show debug info</a>' .
'<pre style="display: none">' . htmlspecialchars($row['debug_info']) .
'</pre></div>' .
'<small><a href="' . BASEURL .
htmlspecialchars($row['request_uri']) . '">' .
htmlspecialchars($row['request_uri']) . '</a></small>';
},
],
'file' => [
'value' => 'file',
@ -68,10 +71,12 @@ class ManageErrors extends HTMLController
'is_sortable' => true,
],
'time' => [
'format' => [
'parse' => [
'type' => 'timestamp',
'pattern' => 'long',
'value' => 'time',
'data' => [
'timestamp' => 'time',
'pattern' => 'long',
],
],
'header' => 'Time',
'is_sortable' => true,
@ -84,21 +89,41 @@ class ManageErrors extends HTMLController
'uid' => [
'header' => 'UID',
'is_sortable' => true,
'link' => BASEURL . '/edituser/?id={ID_USER}',
'value' => 'id_user',
'parse' => [
'link' => BASEURL . '/edituser/?id={ID_USER}',
'data' => 'id_user',
],
],
],
'default_sort_order' => 'id_entry',
'default_sort_direction' => 'down',
'start' => $_GET['start'] ?? 0,
'sort_order' => $_GET['order'] ?? '',
'sort_direction' => $_GET['dir'] ?? '',
'start' => !empty($_GET['start']) ? (int) $_GET['start'] : 0,
'sort_order' => !empty($_GET['order']) ? $_GET['order'] : '',
'sort_direction' => !empty($_GET['dir']) ? $_GET['dir'] : '',
'no_items_label' => "No errors to display -- we're all good!",
'items_per_page' => 20,
'index_class' => 'col-md-6',
'base_url' => BASEURL . '/manageerrors/',
'get_count' => 'ErrorLog::getCount',
'get_data' => 'ErrorLog::getOffset',
'get_data' => function($offset = 0, $limit = 20, $order = '', $direction = 'down') {
if (!in_array($order, ['id_entry', 'file', 'line', 'time', 'ipaddress', 'id_user']))
$order = 'id_entry';
$data = Registry::get('db')->queryAssocs('
SELECT *
FROM log_errors
ORDER BY {raw:order}
LIMIT {int:offset}, {int:limit}',
[
'order' => $order . ($direction === 'up' ? ' ASC' : ' DESC'),
'offset' => $offset,
'limit' => $limit,
]);
return [
'rows' => $data,
'order' => $order,
'direction' => $direction,
];
},
];
$error_log = new GenericTable($options);

70
controllers/ManageTags.php
View File

@ -37,25 +37,32 @@ class ManageTags extends HTMLController
'tag' => [
'header' => 'Tag',
'is_sortable' => true,
'link' => BASEURL . '/edittag/?id={ID_TAG}',
'value' => 'tag',
'parse' => [
'link' => BASEURL . '/edittag/?id={ID_TAG}',
'data' => 'tag',
],
],
'slug' => [
'header' => 'Slug',
'is_sortable' => true,
'link' => BASEURL . '/edittag/?id={ID_TAG}',
'value' => 'slug',
'parse' => [
'link' => BASEURL . '/edittag/?id={ID_TAG}',
'data' => 'slug',
],
],
'id_user_owner' => [
'header' => 'Owning user',
'is_sortable' => true,
'format' => function($row) {
if (!empty($row['id_user']))
return sprintf('<a href="%s/edituser/?id=%d">%s</a>', BASEURL, $row['id_user'],
$row['first_name'] . ' ' . $row['surname']);
else
return 'n/a';
},
'parse' => [
'type' => 'function',
'data' => function($row) {
if (!empty($row['id_user']))
return sprintf('<a href="%s/edituser/?id=%d">%s</a>', BASEURL, $row['id_user'],
$row['first_name'] . ' ' . $row['surname']);
else
return 'n/a';
},
],
],
'count' => [
'header' => 'Cardinality',
@ -63,21 +70,46 @@ class ManageTags extends HTMLController
'value' => 'count',
],
],
'default_sort_order' => 'tag',
'default_sort_direction' => 'up',
'start' => $_GET['start'] ?? 0,
'sort_order' => $_GET['order'] ?? '',
'sort_direction' => $_GET['dir'] ?? '',
'start' => !empty($_GET['start']) ? (int) $_GET['start'] : 0,
'sort_order' => !empty($_GET['order']) ? $_GET['order'] : null,
'sort_direction' => !empty($_GET['dir']) ? $_GET['dir'] : null,
'title' => 'Manage tags',
'no_items_label' => 'No tags meet the requirements of the current filter.',
'items_per_page' => 30,
'index_class' => 'col-md-6',
'base_url' => BASEURL . '/managetags/',
'get_data' => function($offset, $limit, $order, $direction) {
return Tag::getOffset($offset, $limit, $order, $direction, false);
'get_data' => function($offset = 0, $limit = 30, $order = '', $direction = 'up') {
if (!in_array($order, ['id_tag', 'tag', 'slug', 'kind', 'count']))
$order = 'tag';
if (!in_array($direction, ['up', 'down']))
$direction = 'up';
$data = Registry::get('db')->queryAssocs('
SELECT t.*, u.id_user, u.first_name, u.surname
FROM tags AS t
LEFT JOIN users AS u ON t.id_user_owner = u.id_user
WHERE kind != {string:album}
ORDER BY {raw:order}
LIMIT {int:offset}, {int:limit}',
[
'order' => $order . ($direction == 'up' ? ' ASC' : ' DESC'),
'offset' => $offset,
'limit' => $limit,
'album' => 'Album',
]);
return [
'rows' => $data,
'order' => $order,
'direction' => ($direction == 'up' ? 'up' : 'down'),
];
},
'get_count' => function() {
return Tag::getCount(false, null, false);
return Registry::get('db')->queryValue('
SELECT COUNT(*)
FROM tags
WHERE kind != {string:album}',
['album' => 'Album']);
}
];

69
controllers/ManageUsers.php
View File

@ -37,20 +37,26 @@ class ManageUsers extends HTMLController
'surname' => [
'header' => 'Last name',
'is_sortable' => true,
'link' => BASEURL . '/edituser/?id={ID_USER}',
'value' => 'surname',
'parse' => [
'link' => BASEURL . '/edituser/?id={ID_USER}',
'data' => 'surname',
],
],
'first_name' => [
'header' => 'First name',
'is_sortable' => true,
'link' => BASEURL . '/edituser/?id={ID_USER}',
'value' => 'first_name',
'parse' => [
'link' => BASEURL . '/edituser/?id={ID_USER}',
'data' => 'first_name',
],
],
'slug' => [
'header' => 'Slug',
'is_sortable' => true,
'link' => BASEURL . '/edituser/?id={ID_USER}',
'value' => 'slug',
'parse' => [
'link' => BASEURL . '/edituser/?id={ID_USER}',
'data' => 'slug',
],
],
'emailaddress' => [
'value' => 'emailaddress',
@ -58,10 +64,12 @@ class ManageUsers extends HTMLController
'is_sortable' => true,
],
'last_action_time' => [
'format' => [
'parse' => [
'type' => 'timestamp',
'pattern' => 'long',
'value' => 'last_action_time',
'data' => [
'timestamp' => 'last_action_time',
'pattern' => 'long',
],
],
'header' => 'Last activity',
'is_sortable' => true,
@ -74,21 +82,48 @@ class ManageUsers extends HTMLController
'is_admin' => [
'is_sortable' => true,
'header' => 'Admin?',
'format' => fn($row) => $row['is_admin'] ? 'yes' : 'no',
'parse' => [
'type' => 'function',
'data' => function($row) {
return $row['is_admin'] ? 'yes' : 'no';
}
],
],
],
'default_sort_order' => 'id_user',
'default_sort_direction' => 'down',
'start' => $_GET['start'] ?? 0,
'sort_order' => $_GET['order'] ?? '',
'sort_direction' => $_GET['dir'] ?? '',
'start' => !empty($_GET['start']) ? (int) $_GET['start'] : 0,
'sort_order' => !empty($_GET['order']) ? $_GET['order'] : '',
'sort_direction' => !empty($_GET['dir']) ? $_GET['dir'] : '',
'title' => 'Manage users',
'no_items_label' => 'No users meet the requirements of the current filter.',
'items_per_page' => 30,
'index_class' => 'col-md-6',
'base_url' => BASEURL . '/manageusers/',
'get_data' => 'Member::getOffset',
'get_count' => 'Member::getCount',
'get_data' => function($offset = 0, $limit = 30, $order = '', $direction = 'down') {
if (!in_array($order, ['id_user', 'surname', 'first_name', 'slug', 'emailaddress', 'last_action_time', 'ip_address', 'is_admin']))
$order = 'id_user';
$data = Registry::get('db')->queryAssocs('
SELECT *
FROM users
ORDER BY {raw:order}
LIMIT {int:offset}, {int:limit}',
[
'order' => $order . ($direction == 'up' ? ' ASC' : ' DESC'),
'offset' => $offset,
'limit' => $limit,
]);
return [
'rows' => $data,
'order' => $order,
'direction' => $direction,
];
},
'get_count' => function() {
return Registry::get('db')->queryValue('
SELECT COUNT(*)
FROM users');
}
];
$table = new GenericTable($options);

126
controllers/ResetPassword.php
View File

@ -16,94 +16,66 @@ class ResetPassword extends HTMLController
// Verifying an existing reset key?
if (isset($_GET['step'], $_GET['email'], $_GET['key']) && $_GET['step'] == 2)
$this->verifyResetKey();
else
$this->requestResetKey();
}
private function requestResetKey()
{
parent::__construct('Reset password - ' . SITE_TITLE);
$form = new ForgotPasswordForm();
$this->page->adopt($form);
// Have they submitted an email address yet?
if (isset($_POST['emailaddress']) && preg_match('~^.+@.+\.[a-z]+$~', trim($_POST['emailaddress'])))
{
$user = Member::fromEmailAddress($_POST['emailaddress']);
if (!$user)
{
$form->adopt(new Alert('Invalid email address', 'The email address you provided could not be found in our system. Please try again.', 'danger'));
return;
}
$email = rawurldecode($_GET['email']);
$id_user = Authentication::getUserid($email);
if ($id_user === false)
throw new UserFacingException('Invalid email address. Please make sure you copied the full link in the email you received.');
if (Authentication::getResetTimeOut($user->getUserId()) > 0)
{
// Update the reset time-out to prevent hammering
$resetTimeOut = Authentication::updateResetTimeOut($user->getUserId());
$key = $_GET['key'];
if (!Authentication::checkResetKey($id_user, $key))
throw new UserFacingException('Invalid reset token. Please make sure you copied the full link in the email you received. Note: you cannot use the same token twice.');
// Present it to the user in a readable way
if ($resetTimeOut > 3600)
$timeOut = sprintf('%d hours', ceil($resetTimeOut / 3600));
elseif ($resetTimeOut > 60)
$timeOut = sprintf('%d minutes', ceil($resetTimeOut / 60));
parent::__construct('Reset password - ' . SITE_TITLE);
$form = new PasswordResetForm($email, $key);
$this->page->adopt($form);
// Are they trying to set something already?
if (isset($_POST['password1'], $_POST['password2']))
{
$missing = [];
if (strlen($_POST['password1']) < 6 || !preg_match('~[^A-z]~', $_POST['password1']))
$missing[] = 'Please fill in a password that is at least six characters long and contains at least one non-alphabetic character (e.g. a number or symbol).';
if ($_POST['password1'] != $_POST['password2'])
$missing[] = 'The passwords you entered do not match.';
// So, are we good to go?
if (empty($missing))
{
Authentication::updatePassword($id_user, Authentication::computeHash($_POST['password1']));
$_SESSION['login_msg'] = ['Your password has been reset', 'You can now use the form below to log in to your account.', 'success'];
header('Location: ' . BASEURL . '/login/');
exit;
}
else
$timeOut = sprintf('%d seconds', $resetTimeOut);
$form->adopt(new Alert('Password reset token already sent', 'We already sent a password reset token to this email address recently. ' .
'If no email was received, please wait ' . $timeOut . ' to try again.', 'error'));
return;
}
Authentication::setResetKey($user->getUserId());
Email::resetMail($user->getUserId());
// Show the success message
$this->page->clear();
$box = new DummyBox('An email has been sent');
$box->adopt(new Alert('', 'We have sent an email to ' . $_POST['emailaddress'] . ' containing details on how to reset your password.', 'success'));
$this->page->adopt($box);
$form->adopt(new Alert('Some fields require your attention', '<ul><li>' . implode('</li><li>', $missing) . '</li></ul>', 'danger'));
}
}
}
private function verifyResetKey()
{
$email = rawurldecode($_GET['email']);
$user = Member::fromEmailAddress($email);
if (!$user)
throw new UserFacingException('Invalid email address. Please make sure you copied the full link in the email you received.');
$key = $_GET['key'];
if (!Authentication::checkResetKey($user->getUserId(), $key))
throw new UserFacingException('Invalid reset token. Please make sure you copied the full link in the email you received. Note: you cannot use the same token twice.');
parent::__construct('Reset password - ' . SITE_TITLE);
$form = new PasswordResetForm($email, $key);
$this->page->adopt($form);
// Are they trying to set something already?
if (isset($_POST['password1'], $_POST['password2']))
else
{
$missing = [];
if (strlen($_POST['password1']) < 6 || !preg_match('~[^A-z]~', $_POST['password1']))
$missing[] = 'Please fill in a password that is at least six characters long and contains at least one non-alphabetic character (e.g. a number or symbol).';
if ($_POST['password1'] != $_POST['password2'])
$missing[] = 'The passwords you entered do not match.';
parent::__construct('Reset password - ' . SITE_TITLE);
$form = new ForgotPasswordForm();
$this->page->adopt($form);
// So, are we good to go?
if (empty($missing))
// Have they submitted an email address yet?
if (isset($_POST['emailaddress']) && preg_match('~^.+@.+\.[a-z]+$~', trim($_POST['emailaddress'])))
{
Authentication::updatePassword($user->getUserId(), Authentication::computeHash($_POST['password1']));
$id_user = Authentication::getUserid(trim($_POST['emailaddress']));
if ($id_user === false)
{
$form->adopt(new Alert('Invalid email address', 'The email address you provided could not be found in our system. Please try again.', 'danger'));
return;
}
// Consume token, ensuring it isn't used again
Authentication::consumeResetKey($user->getUserId());
Authentication::setResetKey($id_user);
Email::resetMail($id_user);
$_SESSION['login_msg'] = ['Your password has been reset', 'You can now use the form below to log in to your account.', 'success'];
header('Location: ' . BASEURL . '/login/');
exit;
// Show the success message
$this->page->clear();
$box = new DummyBox('An email has been sent');
$box->adopt(new Alert('', 'We have sent an email to ' . $_POST['emailaddress'] . ' containing details on how to reset your password.', 'success'));
$this->page->adopt($box);
}
else
$form->adopt(new Alert('Some fields require your attention', '<ul><li>' . implode('</li><li>', $missing) . '</li></ul>', 'danger'));
}
}
}

2
migrations/2024-11-05.sql
View File

@ -1,2 +0,0 @@
/* Add time-out to password reset keys, and prevent repeated mails */
ALTER TABLE `users` ADD `reset_blocked_until` INT UNSIGNED NULL AFTER `reset_key`;

23
models/Asset.php
View File

@ -32,7 +32,7 @@ class Asset
$this->$attribute = $value;
}
if (isset($data['date_captured']) && $data['date_captured'] !== 'NULL' && !is_object($data['date_captured']))
if (!empty($data['date_captured']) && $data['date_captured'] !== 'NULL')
$this->date_captured = new DateTime($data['date_captured']);
}
@ -108,7 +108,7 @@ class Asset
'_' => '_',
]);
return $return_format === 'object' ? new static($row) : $row;
return $return_format == 'object' ? new Asset($row) : $row;
}
public static function fromIds(array $id_assets, $return_format = 'array')
@ -168,7 +168,7 @@ class Asset
foreach ($thumbnails as $thumb)
$assets[$thumb[0]]['thumbnails'][$thumb[1]] = $thumb[2];
if ($return_format === 'array')
if ($return_format == 'array')
return $assets;
else
{
@ -680,23 +680,6 @@ class Asset
FROM assets');
}
public static function getOffset($offset, $limit, $order, $direction)
{
return Registry::get('db')->queryAssocs('
SELECT a.id_asset, a.subdir, a.filename,
a.image_width, a.image_height, a.mimetype,
u.id_user, u.first_name, u.surname
FROM assets AS a
LEFT JOIN users AS u ON a.id_user_uploaded = u.id_user
ORDER BY {raw:order}
LIMIT {int:offset}, {int:limit}',
[
'order' => $order . ($direction == 'up' ? ' ASC' : ' DESC'),
'offset' => $offset,
'limit' => $limit,
]);
}
public function save()
{
if (empty($this->id_asset))

187
models/Authentication.php
View File

@ -12,7 +12,92 @@
*/
class Authentication
{
const DEFAULT_RESET_TIMEOUT = 30;
/**
* Checks whether a user still exists in the database.
*/
public static function checkExists($id_user)
{
$res = Registry::get('db')->queryValue('
SELECT id_user
FROM users
WHERE id_user = {int:id}',
[
'id' => $id_user,
]);
return $res !== null;
}
/**
* Finds the user id belonging to a certain emailaddress.
*/
public static function getUserId($emailaddress)
{
$res = Registry::get('db')->queryValue('
SELECT id_user
FROM users
WHERE emailaddress = {string:emailaddress}',
[
'emailaddress' => $emailaddress,
]);
return empty($res) ? false : $res;
}
public static function setResetKey($id_user)
{
return Registry::get('db')->query('
UPDATE users
SET reset_key = {string:key}
WHERE id_user = {int:id}',
[
'id' => $id_user,
'key' => self::newActivationKey(),
]);
}
public static function checkResetKey($id_user, $reset_key)
{
$key = Registry::get('db')->queryValue('
SELECT reset_key
FROM users
WHERE id_user = {int:id}',
[
'id' => $id_user,
]);
return $key == $reset_key;
}
/**
* Verifies whether the user is currently logged in.
*/
public static function isLoggedIn()
{
// Check whether the active session matches the current user's environment.
if (isset($_SESSION['ip_address'], $_SESSION['user_agent']) && (
(isset($_SERVER['REMOTE_ADDR']) && $_SESSION['ip_address'] != $_SERVER['REMOTE_ADDR']) ||
(isset($_SERVER['HTTP_USER_AGENT']) && $_SESSION['user_agent'] != $_SERVER['HTTP_USER_AGENT'])))
{
session_destroy();
return false;
}
// A user is logged in if a user id exists in the session and this id is (still) in the database.
return isset($_SESSION['user_id']) && self::checkExists($_SESSION['user_id']);
}
/**
* Generates a new activation key.
*/
public static function newActivationKey()
{
$alpha = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
$string = '';
for ($i = 0; $i < 16; $i++)
$string .= $alpha[mt_rand(0, strlen($alpha) - 1)];
return $string;
}
/**
* Checks a password for a given username against the database.
@ -35,19 +120,6 @@ class Authentication
return password_verify($password, $password_hash);
}
public static function checkResetKey($id_user, $reset_key)
{
$key = Registry::get('db')->queryValue('
SELECT reset_key
FROM users
WHERE id_user = {int:id}',
[
'id' => $id_user,
]);
return $key == $reset_key;
}
/**
* Computes a password hash.
*/
@ -59,71 +131,6 @@ class Authentication
return $hash;
}
public static function consumeResetKey($id_user)
{
return Registry::get('db')->query('
UPDATE users
SET reset_key = NULL,
reset_blocked_until = NULL
WHERE id_user = {int:id_user}',
['id_user' => $id_user]);
}
public static function getResetTimeOut($id_user)
{
$resetTime = Registry::get('db')->queryValue('
SELECT reset_blocked_until
FROM users
WHERE id_user = {int:id_user}',
['id_user' => $id_user]);
return max(0, $resetTime - time());
}
/**
* Verifies whether the user is currently logged in.
*/
public static function isLoggedIn()
{
if (!isset($_SESSION['user_id']))
return false;
try
{
$exists = Member::fromId($_SESSION['user_id']);
return true;
}
catch (NotFoundException $e)
{
return false;
}
}
/**
* Generates a new activation key.
*/
public static function newActivationKey()
{
$alpha = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
$string = '';
for ($i = 0; $i < 16; $i++)
$string .= $alpha[mt_rand(0, strlen($alpha) - 1)];
return $string;
}
public static function setResetKey($id_user)
{
return Registry::get('db')->query('
UPDATE users
SET reset_key = {string:key},
reset_blocked_until = UNIX_TIMESTAMP() + ' . static::DEFAULT_RESET_TIMEOUT . '
WHERE id_user = {int:id}',
[
'id' => $id_user,
'key' => self::newActivationKey(),
]);
}
/**
* Resets a password for a certain user.
*/
@ -141,26 +148,4 @@ class Authentication
'blank' => '',
]);
}
public static function updateResetTimeOut($id_user)
{
$currentResetTimeOut = static::getResetTimeOut($id_user);
// New timeout: between 30 seconds, double the current timeout, and a full day
$newResetTimeOut = min(max(static::DEFAULT_RESET_TIMEOUT, $currentResetTimeOut * 2), 60 * 60 * 24);
$success = Registry::get('db')->query('
UPDATE users
SET reset_blocked_until = {int:new_time_out}
WHERE id_user = {int:id_user}',
[
'id_user' => $id_user,
'new_time_out' => time() + $newResetTimeOut,
]);
if (!$success)
throw new UnexpectedValueException('Could not set password reset timeout!');
return $newResetTimeOut;
}
}

95
models/Database.php
View File

@ -28,17 +28,17 @@ class Database
*/
public function __construct($server, $user, $password, $name)
{
try
$this->connection = @mysqli_connect($server, $user, $password, $name);
// Give up if we have a connection error.
if (mysqli_connect_error())
{
$this->connection = new mysqli($server, $user, $password, $name);
$this->connection->set_charset('utf8mb4');
}
catch (mysqli_sql_exception $e)
{
http_response_code(503);
header('HTTP/1.1 503 Service Temporarily Unavailable');
echo '<h2>Database Connection Problems</h2><p>Our software could not connect to the database. We apologise for any inconvenience and ask you to check back later.</p>';
exit;
}
$this->query('SET NAMES {string:utf8mb4}', ['utf8mb4' => 'utf8mb4']);
}
public function getQueryCount()
@ -59,14 +59,6 @@ class Database
return mysqli_fetch_assoc($resource);
}
/**
* Fetches a row from a given recordset, encapsulating into an object.
*/
public function fetch_object($resource, $class)
{
return mysqli_fetch_object($resource, $class);
}
/**
* Fetches a row from a given recordset, using numeric keys.
*/
@ -181,10 +173,10 @@ class Database
list ($values, $connection) = $this->db_callback;
if (!isset($matches[2]))
throw new UnexpectedValueException('Invalid value inserted or no type specified.');
trigger_error('Invalid value inserted or no type specified.', E_USER_ERROR);
if (!isset($values[$matches[2]]))
throw new UnexpectedValueException('The database value you\'re trying to insert does not exist: ' . htmlspecialchars($matches[2]));
trigger_error('The database value you\'re trying to insert does not exist: ' . htmlspecialchars($matches[2]), E_USER_ERROR);
$replacement = $values[$matches[2]];
@ -192,7 +184,7 @@ class Database
{
case 'int':
if ((!is_numeric($replacement) || (string) $replacement !== (string) (int) $replacement) && $replacement !== 'NULL')
throw new UnexpectedValueException('Wrong value type sent to the database for field: ' . $matches[2] . '. Integer expected.');
trigger_error('Wrong value type sent to the database for field: ' . $matches[2] . '. Integer expected.', E_USER_ERROR);
return $replacement !== 'NULL' ? (string) (int) $replacement : 'NULL';
break;
@ -205,12 +197,12 @@ class Database
if (is_array($replacement))
{
if (empty($replacement))
throw new UnexpectedValueException('Database error, given array of integer values is empty.');
trigger_error('Database error, given array of integer values is empty.', E_USER_ERROR);
foreach ($replacement as $key => $value)
{
if (!is_numeric($value) || (string) $value !== (string) (int) $value)
throw new UnexpectedValueException('Wrong value type sent to the database for field: ' . $matches[2] . '. Array of integers expected.');
trigger_error('Wrong value type sent to the database for field: ' . $matches[2] . '. Array of integers expected.', E_USER_ERROR);
$replacement[$key] = (string) (int) $value;
}
@ -218,7 +210,7 @@ class Database
return implode(', ', $replacement);
}
else
throw new UnexpectedValueException('Wrong value type sent to the database for field: ' . $matches[2] . '. Array of integers expected.');
trigger_error('Wrong value type sent to the database for field: ' . $matches[2] . '. Array of integers expected.', E_USER_ERROR);
break;
@ -226,7 +218,7 @@ class Database
if (is_array($replacement))
{
if (empty($replacement))
throw new UnexpectedValueException('Database error, given array of string values is empty.');
trigger_error('Database error, given array of string values is empty.', E_USER_ERROR);
foreach ($replacement as $key => $value)
$replacement[$key] = sprintf('\'%1$s\'', mysqli_real_escape_string($connection, $value));
@ -234,7 +226,7 @@ class Database
return implode(', ', $replacement);
}
else
throw new UnexpectedValueException('Wrong value type sent to the database for field: ' . $matches[2] . '. Array of strings expected.');
trigger_error('Wrong value type sent to the database for field: ' . $matches[2] . '. Array of strings expected.', E_USER_ERROR);
break;
case 'date':
@ -243,7 +235,7 @@ class Database
elseif ($replacement === 'NULL')
return 'NULL';
else
throw new UnexpectedValueException('Wrong value type sent to the database for field: ' . $matches[2] . '. Date expected.');
trigger_error('Wrong value type sent to the database for field: ' . $matches[2] . '. Date expected.', E_USER_ERROR);
break;
case 'datetime':
@ -254,12 +246,12 @@ class Database
elseif ($replacement === 'NULL')
return 'NULL';
else
throw new UnexpectedValueException('Wrong value type sent to the database for field: ' . $matches[2] . '. DateTime expected.');
trigger_error('Wrong value type sent to the database for field: ' . $matches[2] . '. DateTime expected.', E_USER_ERROR);
break;
case 'float':
if (!is_numeric($replacement) && $replacement !== 'NULL')
throw new UnexpectedValueException('Wrong value type sent to the database for field: ' . $matches[2] . '. Floating point number expected.');
trigger_error('Wrong value type sent to the database for field: ' . $matches[2] . '. Floating point number expected.', E_USER_ERROR);
return $replacement !== 'NULL' ? (string) (float) $replacement : 'NULL';
break;
@ -279,7 +271,7 @@ class Database
break;
default:
throw new UnexpectedValueException('Undefined type <b>' . $matches[1] . '</b> used in the database query');
trigger_error('Undefined type <b>' . $matches[1] . '</b> used in the database query', E_USER_ERROR);
break;
}
}
@ -297,7 +289,7 @@ class Database
// Please, just use new style queries.
if (strpos($db_string, '\'') !== false && !$security_override)
throw new UnexpectedValueException('Hack attempt!', 'Illegal character (\') used in query.');
trigger_error('Hack attempt!', 'Illegal character (\') used in query.', E_USER_ERROR);
if (!$security_override && !empty($db_values))
{
@ -314,14 +306,12 @@ class Database
if (defined("DB_LOG_QUERIES") && DB_LOG_QUERIES)
$this->logged_queries[] = $db_string;
try
{
$return = @mysqli_query($this->connection, $db_string, empty($this->unbuffered) ? MYSQLI_STORE_RESULT : MYSQLI_USE_RESULT);
}
catch (Exception $e)
$return = @mysqli_query($this->connection, $db_string, empty($this->unbuffered) ? MYSQLI_STORE_RESULT : MYSQLI_USE_RESULT);
if (!$return)
{
$clean_sql = implode("\n", array_map('trim', explode("\n", $db_string)));
throw new UnexpectedValueException($this->error() . '<br>' . $clean_sql);
trigger_error($this->error() . '<br>' . $clean_sql, E_USER_ERROR);
}
return $return;
@ -335,7 +325,7 @@ class Database
{
// Please, just use new style queries.
if (strpos($db_string, '\'') !== false)
throw new UnexpectedValueException('Hack attempt!', 'Illegal character (\') used in query.');
trigger_error('Hack attempt!', 'Illegal character (\') used in query.', E_USER_ERROR);
// Save some values for use in the callback function.
$this->db_callback = [$db_values, $this->connection];
@ -349,41 +339,6 @@ class Database
return $db_string;
}
/**
* Executes a query, returning an object of the row it returns.
*/
public function queryObject($class, $db_string, $db_values = [])
{
$res = $this->query($db_string, $db_values);
if (!$res || $this->num_rows($res) == 0)
return null;
$object = $this->fetch_object($res, $class);
$this->free_result($res);
return $object;
}
/**
* Executes a query, returning an array of objects of all the rows returns.
*/
public function queryObjects($class, $db_string, $db_values = [])
{
$res = $this->query($db_string, $db_values);
if (!$res || $this->num_rows($res) == 0)
return [];
$rows = [];
while ($object = $this->fetch_object($res, $class))
$rows[] = $object;
$this->free_result($res);
return $rows;
}
/**
* Executes a query, returning an array of all the rows it returns.
*/

46
models/Dispatcher.php
View File

@ -44,19 +44,6 @@ class Dispatcher
}
}
public static function errorPage($title, $body)
{
$page = new MainTemplate($title);
$page->adopt(new ErrorPage($title, $body));
if (Registry::get('user')->isAdmin())
{
$page->appendStylesheet(BASEURL . '/css/admin.css');
}
$page->html_main();
}
/**
* Kicks a guest to a login form, redirecting them back to this page upon login.
*/
@ -73,24 +60,37 @@ class Dispatcher
exit;
}
private static function trigger400()
public static function trigger400()
{
http_response_code(400);
self::errorPage('Bad request', 'The server does not understand your request.');
header('HTTP/1.1 400 Bad Request');
$page = new MainTemplate('Bad request');
$page->adopt(new DummyBox('Bad request', '<p>The server does not understand your request.</p>'));
$page->html_main();
exit;
}
private static function trigger403()
public static function trigger403()
{
http_response_code(403);
self::errorPage('Forbidden', 'You do not have access to this page.');
header('HTTP/1.1 403 Forbidden');
$page = new MainTemplate('Access denied');
$page->adopt(new DummyBox('Forbidden', '<p>You do not have access to the page you requested.</p>'));
$page->html_main();
exit;
}
private static function trigger404()
public static function trigger404()
{
http_response_code(404);
$page = new ViewErrorPage('Page not found!');
$page->showContent();
header('HTTP/1.1 404 Not Found');
$page = new MainTemplate('Page not found');
if (Registry::has('user') && Registry::get('user')->isAdmin())
{
$page->appendStylesheet(BASEURL . '/css/admin.css');
}
$page->adopt(new DummyBox('Well, this is a bit embarrassing!', '<p>The page you requested could not be found. Don\'t worry, it\'s probably not your fault. You\'re welcome to browse the website, though!</p>', 'errormsg'));
$page->addClass('errorpage');
$page->html_main();
exit;
}
}

21
models/ErrorHandler.php
View File

@ -3,7 +3,7 @@
* ErrorHandler.php
* Contains key class ErrorHandler.
*
* Kabuki CMS (C) 2013-2025, Aaron van Geffen
* Kabuki CMS (C) 2013-2016, Aaron van Geffen
*****************************************************************************/
class ErrorHandler
@ -47,8 +47,10 @@ class ErrorHandler
// Log the error in the database.
self::logError($error_message, $debug_info, $file, $line);
// Display error and exit.
self::display($error_message, $file, $line, $debug_info);
// Are we considering this fatal? Then display and exit.
// !!! TODO: should we consider warnings fatal?
if (true) // DEBUG || (!DEBUG && $error_level === E_WARNING || $error_level === E_USER_WARNING))
self::display($file . ' (' . $line . ')<br>' . $error_message, $debug_info);
// If it wasn't a fatal error, well...
self::$handling_error = false;
@ -116,7 +118,7 @@ class ErrorHandler
}
// Logs an error into the database.
public static function logError($error_message = '', $debug_info = '', $file = '', $line = 0)
private static function logError($error_message = '', $debug_info = '', $file = '', $line = 0)
{
if (!ErrorLog::log([
'message' => $error_message,
@ -128,7 +130,7 @@ class ErrorHandler
'request_uri' => isset($_SERVER['REQUEST_URI']) ? $_SERVER['REQUEST_URI'] : '',
]))
{
http_response_code(503);
header('HTTP/1.1 503 Service Temporarily Unavailable');
echo '<h2>An Error Occurred</h2><p>Our software could not connect to the database. We apologise for any inconvenience and ask you to check back later.</p>';
exit;
}
@ -136,7 +138,7 @@ class ErrorHandler
return $error_message;
}
public static function display($message, $file, $line, $debug_info, $is_sensitive = true)
public static function display($message, $debug_info, $is_sensitive = true)
{
$is_admin = Registry::has('user') && Registry::get('user')->isAdmin();
@ -165,8 +167,7 @@ class ErrorHandler
$is_admin = Registry::has('user') && Registry::get('user')->isAdmin();
if (DEBUG || $is_admin)
{
$debug_info = sprintf("Trigger point:\n%s (L%d)\n\n%s", $file, $line, $debug_info);
$page->adopt(new ErrorPage('An error occurred!', $message, $debug_info));
$page->adopt(new DummyBox('An error occurred!', '<p>' . $message . '</p><pre>' . $debug_info . '</pre>'));
// Let's provide the admin navigation despite it all!
if ($is_admin)
@ -175,9 +176,9 @@ class ErrorHandler
}
}
elseif (!$is_sensitive)
$page->adopt(new ErrorPage('An error occurred!', '<p>' . $message . '</p>'));
$page->adopt(new DummyBox('An error occurred!', '<p>' . $message . '</p>'));
else
$page->adopt(new ErrorPage('An error occurred!', 'Our apologies, an error occurred while we were processing your request. Please try again later, or contact us if the problem persists.'));
$page->adopt(new DummyBox('An error occurred!', '<p>Our apologies, an error occurred while we were processing your request. Please try again later, or contact us if the problem persists.</p>'));
// If we got this far, make sure we're not showing stuff twice.
ob_end_clean();

18
models/ErrorLog.php
View File

@ -24,7 +24,7 @@ class ErrorLog
public static function flush()
{
return Registry::get('db')->query('DELETE FROM log_errors');
return Registry::get('db')->query('TRUNCATE log_errors');
}
public static function getCount()
@ -33,20 +33,4 @@ class ErrorLog
SELECT COUNT(*)
FROM log_errors');
}
public static function getOffset($offset, $limit, $order, $direction)
{
assert(in_array($order, ['id_entry', 'file', 'line', 'time', 'ipaddress', 'id_user']));
return Registry::get('db')->queryAssocs('
SELECT *
FROM log_errors
ORDER BY {raw:order}
LIMIT {int:offset}, {int:limit}',
[
'order' => $order . ($direction === 'up' ? ' ASC' : ' DESC'),
'offset' => $offset,
'limit' => $limit,
]);
}
}

190
models/GenericTable.php
View File

@ -15,6 +15,7 @@ class GenericTable
private $title;
private $title_class;
private $tableIsSortable = false;
public $form_above;
public $form_below;
@ -28,22 +29,58 @@ class GenericTable
public function __construct($options)
{
$this->initOrder($options);
$this->initPagination($options);
// Make sure we're actually sorting on something sortable.
if (!isset($options['sort_order']) || (!empty($options['sort_order']) && empty($options['columns'][$options['sort_order']]['is_sortable'])))
$options['sort_order'] = '';
$data = $options['get_data']($this->start, $this->items_per_page,
$this->sort_order, $this->sort_direction);
// Order in which direction?
if (!empty($options['sort_direction']) && !in_array($options['sort_direction'], ['up', 'down']))
$options['sort_direction'] = 'up';
// Make sure we know whether we can actually sort on something.
$this->tableIsSortable = !empty($options['base_url']);
// How much data do we have?
$this->recordCount = $options['get_count'](...(!empty($options['get_count_params']) ? $options['get_count_params'] : []));
// How much data do we need to retrieve?
$this->items_per_page = !empty($options['items_per_page']) ? $options['items_per_page'] : 30;
// Figure out where to start.
$this->start = empty($options['start']) || !is_numeric($options['start']) || $options['start'] < 0 || $options['start'] > $this->recordCount ? 0 : $options['start'];
// Figure out where we are on the whole, too.
$numPages = max(1, ceil($this->recordCount / $this->items_per_page));
$this->currentPage = min(ceil($this->start / $this->items_per_page) + 1, $numPages);
// Let's bear a few things in mind...
$this->base_url = $options['base_url'];
// Gather parameters for the data gather function first.
$parameters = [$this->start, $this->items_per_page, $options['sort_order'], $options['sort_direction']];
if (!empty($options['get_data_params']) && is_array($options['get_data_params']))
$parameters = array_merge($parameters, $options['get_data_params']);
// Okay, let's fetch the data!
$data = $options['get_data'](...$parameters);
// Extract data into local variables.
$rawRowData = $data['rows'];
$this->sort_order = $data['order'];
$this->sort_direction = $data['direction'];
unset($data);
// Okay, now for the column headers...
$this->generateColumnHeaders($options);
// Should we create a page index?
if ($this->recordCount > $this->items_per_page)
$needsPageIndex = !empty($this->items_per_page) && $this->recordCount > $this->items_per_page;
if ($needsPageIndex)
$this->generatePageIndex($options);
// Process the data to be shown into rows.
if (!empty($data))
$this->processAllRows($data, $options);
if (!empty($rawRowData))
$this->processAllRows($rawRowData, $options);
else
$this->body = $options['no_items_label'] ?? '';
@ -58,38 +95,6 @@ class GenericTable
$this->form_below = $options['form_below'] ?? $options['form'] ?? null;
}
private function initOrder($options)
{
assert(isset($options['default_sort_order']));
assert(isset($options['default_sort_direction']));
// Validate sort order (column)
$this->sort_order = $options['sort_order'];
if (empty($this->sort_order) || empty($options['columns'][$this->sort_order]['is_sortable']))
$this->sort_order = $options['default_sort_order'];
// Validate sort direction
$this->sort_direction = $options['sort_direction'];
if (empty($this->sort_direction) || !in_array($this->sort_direction, ['up', 'down']))
$this->sort_direction = $options['default_sort_direction'];
}
private function initPagination(array $options)
{
assert(isset($options['base_url']));
assert(isset($options['items_per_page']));
$this->base_url = $options['base_url'];
$this->recordCount = $options['get_count']();
$this->items_per_page = !empty($options['items_per_page']) ? $options['items_per_page'] : 30;
$this->start = empty($options['start']) || !is_numeric($options['start']) || $options['start'] < 0 || $options['start'] > $this->recordCount ? 0 : $options['start'];
$numPages = max(1, ceil($this->recordCount / $this->items_per_page));
$this->currentPage = min(ceil($this->start / $this->items_per_page) + 1, $numPages);
}
private function generateColumnHeaders($options)
{
foreach ($options['columns'] as $key => $column)
@ -97,14 +102,14 @@ class GenericTable
if (empty($column['header']))
continue;
$isSortable = !empty($column['is_sortable']);
$isSortable = $this->tableIsSortable && !empty($column['is_sortable']);
$sortDirection = $key == $this->sort_order && $this->sort_direction === 'up' ? 'down' : 'up';
$header = [
'class' => isset($column['class']) ? $column['class'] : '',
'cell_class' => isset($column['cell_class']) ? $column['cell_class'] : null,
'colspan' => !empty($column['header_colspan']) ? $column['header_colspan'] : 1,
'href' => $isSortable ? $this->getHeaderLink($this->start, $key, $sortDirection) : null,
'href' => $isSortable ? $this->getLink($this->start, $key, $sortDirection) : null,
'label' => $column['header'],
'scope' => 'col',
'sort_mode' => $key == $this->sort_order ? $this->sort_direction : null,
@ -121,7 +126,7 @@ class GenericTable
'base_url' => $this->base_url,
'index_class' => $options['index_class'] ?? '',
'items_per_page' => $this->items_per_page,
'linkBuilder' => [$this, 'getHeaderLink'],
'linkBuilder' => [$this, 'getLink'],
'recordCount' => $this->recordCount,
'sort_direction' => $this->sort_direction,
'sort_order' => $this->sort_order,
@ -129,7 +134,7 @@ class GenericTable
]);
}
public function getHeaderLink($start = null, $order = null, $dir = null)
public function getLink($start = null, $order = null, $dir = null)
{
if ($start === null)
$start = $this->start;
@ -191,18 +196,12 @@ class GenericTable
foreach ($options['columns'] as $column)
{
// Process formatting
if (isset($column['format']) && is_callable($column['format']))
$value = $column['format']($row);
elseif (isset($column['format']))
$value = self::processFormatting($column['format'], $row);
// Process data for this particular cell.
if (isset($column['parse']))
$value = self::processCell($column['parse'], $row);
else
$value = $row[$column['value']];
// Turn value into a link?
if (!empty($column['link']))
$value = $this->processLink($column['link'], $value, $row);
// Append the cell to the row.
$newRow['cells'][] = [
'class' => $column['cell_class'] ?? '',
@ -215,47 +214,68 @@ class GenericTable
}
}
private function processFormatting($options, $rowData)
private function processCell($options, $rowData)
{
if ($options['type'] === 'timestamp')
if (!isset($options['type']))
$options['type'] = 'value';
// Parse the basic value first.
switch ($options['type'])
{
if (empty($options['pattern']) || $options['pattern'] === 'long')
$pattern = 'Y-m-d H:i';
elseif ($options['pattern'] === 'short')
$pattern = 'Y-m-d';
else
$pattern = $options['pattern'];
// Basic option: simply take a use a particular data property.
case 'value':
$value = htmlspecialchars($rowData[$options['data']]);
break;
assert(isset($rowData[$options['value']]));
if (!is_numeric($rowData[$options['value']]))
$timestamp = strtotime($rowData[$options['value']]);
else
$timestamp = (int) $rowData[$options['value']];
// Processing via a lambda function.
case 'function':
$value = $options['data']($rowData);
break;
if (isset($options['if_null']) && $timestamp == 0)
$value = $options['if_null'];
else
$value = date($pattern, $timestamp);
// Using sprintf to fill out a particular pattern.
case 'sprintf':
$parameters = [$options['data']['pattern']];
foreach ($options['data']['arguments'] as $identifier)
$parameters[] = $rowData[$identifier];
return $value;
$value = sprintf(...$parameters);
break;
// Timestamps get custom treatment.
case 'timestamp':
if (empty($options['data']['pattern']) || $options['data']['pattern'] === 'long')
$pattern = 'Y-m-d H:i';
elseif ($options['data']['pattern'] === 'short')
$pattern = 'Y-m-d';
else
$pattern = $options['data']['pattern'];
if (!isset($rowData[$options['data']['timestamp']]))
$timestamp = 0;
elseif (!is_numeric($rowData[$options['data']['timestamp']]))
$timestamp = strtotime($rowData[$options['data']['timestamp']]);
else
$timestamp = (int) $rowData[$options['data']['timestamp']];
if (isset($options['data']['if_null']) && $timestamp == 0)
$value = $options['data']['if_null'];
else
$value = date($pattern, $timestamp);
break;
}
else
throw ValueError('Unexpected formatter type: ' . $options['type']);
}
private function processLink($template, $value, array $rowData)
{
$href = $this->rowReplacements($template, $rowData);
return '<a href="' . $href . '">' . $value . '</a>';
}
// Generate a link, if requested.
if (!empty($options['link']))
{
// First, generate the replacement variables.
$keys = array_keys($rowData);
$values = array_values($rowData);
foreach ($keys as $keyKey => $keyValue)
$keys[$keyKey] = '{' . strtoupper($keyValue) . '}';
private function rowReplacements($template, array $rowData)
{
$keys = array_keys($rowData);
$values = array_values($rowData);
foreach ($keys as $keyKey => $keyValue)
$keys[$keyKey] = '{' . strtoupper($keyValue) . '}';
$value = '<a href="' . str_replace($keys, $values, $options['link']) . '">' . $value . '</a>';
}
return str_replace($keys, $values, $template);
return $value;
}
}

6
models/Image.php
View File

@ -12,6 +12,12 @@ class Image extends Asset
const TYPE_LANDSCAPE = 2;
const TYPE_PORTRAIT = 4;
protected function __construct(array $data)
{
foreach ($data as $attribute => $value)
$this->$attribute = $value;
}
public static function fromId($id_asset, $return_format = 'object')
{
$asset = parent::fromId($id_asset, 'array');

27
models/Member.php
View File

@ -8,7 +8,7 @@
class Member extends User
{
private function __construct($data = [])
private function __construct($data)
{
foreach ($data as $key => $value)
$this->$key = $value;
@ -18,15 +18,6 @@ class Member extends User
$this->is_admin = $this->is_admin == 1;
}
public static function fromEmailAddress($email_address)
{
return Registry::get('db')->queryObject(static::class, '
SELECT *
FROM users
WHERE emailaddress = {string:email_address}',
['email_address' => $email_address]);
}
public static function fromId($id_user)
{
$row = Registry::get('db')->queryAssoc('
@ -196,22 +187,6 @@ class Member extends User
FROM users');
}
public static function getOffset($offset, $limit, $order, $direction)
{
assert(in_array($order, ['id_user', 'surname', 'first_name', 'slug', 'emailaddress', 'last_action_time', 'ip_address', 'is_admin']));
return Registry::get('db')->queryAssocs('
SELECT *
FROM users
ORDER BY {raw:order}
LIMIT {int:offset}, {int:limit}',
[
'order' => $order . ($direction === 'up' ? ' ASC' : ' DESC'),
'offset' => $offset,
'limit' => $limit,
]);
}
public function getProps()
{
// We should probably phase out the use of this function, or refactor the access levels of member properties...

76
models/PhotoAlbum.php Normal file
View File

@ -0,0 +1,76 @@
<?php
/*****************************************************************************
* PhotoAlbum.php
* Contains key class PhotoAlbum.
*
* Kabuki CMS (C) 2013-2015, Aaron van Geffen
*****************************************************************************/
class PhotoAlbum extends Tag
{
public static function getHierarchy($order, $direction)
{
$db = Registry::get('db');
$res = $db->query('
SELECT *
FROM tags
WHERE kind = {string:album}
ORDER BY id_parent, {raw:order}',
[
'order' => $order . ($direction == 'up' ? ' ASC' : ' DESC'),
'album' => 'Album',
]);
$albums_by_parent = [];
while ($row = $db->fetch_assoc($res))
{
if (!isset($albums_by_parent[$row['id_parent']]))
$albums_by_parent[$row['id_parent']] = [];
$albums_by_parent[$row['id_parent']][] = $row + ['children' => []];
}
$albums = self::getChildrenRecursively(0, 0, $albums_by_parent);
$rows = self::flattenChildrenRecursively($albums);
return $rows;
}
private static function getChildrenRecursively($id_parent, $level, &$albums_by_parent)
{
$children = [];
if (!isset($albums_by_parent[$id_parent]))
return $children;
foreach ($albums_by_parent[$id_parent] as $child)
{
if (isset($albums_by_parent[$child['id_tag']]))
$child['children'] = self::getChildrenRecursively($child['id_tag'], $level + 1, $albums_by_parent);
$child['tag'] = ($level ? str_repeat('—', $level * 2) . ' ' : '') . $child['tag'];
$children[] = $child;
}
return $children;
}
private static function flattenChildrenRecursively($albums)
{
if (empty($albums))
return [];
$rows = [];
foreach ($albums as $album)
{
$rows[] = array_intersect_key($album, array_flip(['id_tag', 'tag', 'slug', 'count']));
if (!empty($album['children']))
{
$children = self::flattenChildrenRecursively($album['children']);
foreach ($children as $child)
$rows[] = array_intersect_key($child, array_flip(['id_tag', 'tag', 'slug', 'count']));
}
}
return $rows;
}
}

4
models/Registry.php
View File

@ -24,7 +24,7 @@ class Registry
public static function get($key)
{
if (!isset(self::$storage[$key]))
throw new Exception('Key does not exist in Registry: ' . $key);
trigger_error('Key does not exist in Registry: ' . $key, E_USER_ERROR);
return self::$storage[$key];
}
@ -32,7 +32,7 @@ class Registry
public static function remove($key)
{
if (!isset(self::$storage[$key]))
throw new Exception('Key does not exist in Registry: ' . $key);
trigger_error('Key does not exist in Registry: ' . $key, E_USER_ERROR);
unset(self::$storage[$key]);
}

4
models/Session.php
View File

@ -33,7 +33,7 @@ class Session
public static function getSessionToken()
{
if (empty($_SESSION['session_token']))
throw new Exception('Call to getSessionToken without a session token being set!');
trigger_error('Call to getSessionToken without a session token being set!', E_USER_ERROR);
return $_SESSION['session_token'];
}
@ -41,7 +41,7 @@ class Session
public static function getSessionTokenKey()
{
if (empty($_SESSION['session_token_key']))
throw new Exception('Call to getSessionTokenKey without a session token key being set!');
trigger_error('Call to getSessionTokenKey without a session token key being set!', E_USER_ERROR);
return $_SESSION['session_token_key'];
}

102
models/Tag.php
View File

@ -24,11 +24,6 @@ class Tag
$this->$attribute = $value;
}
public function __toString()
{
return $this->tag;
}
public static function fromId($id_tag, $return_format = 'object')
{
$db = Registry::get('db');
@ -281,7 +276,7 @@ class Tag
$data);
if (!$res)
throw new Exception('Could not create the requested tag.');
trigger_error('Could not create the requested tag.', E_USER_ERROR);
$data['id_tag'] = $db->insert_id();
return $return_format === 'object' ? new Tag($data) : $data;
@ -414,98 +409,27 @@ class Tag
['tags' => $tags]);
}
public static function getCount($only_used = true, $kind = '', $isAlbum = false)
public static function getCount($only_active = 1, $kind = '')
{
$where = [];
if ($only_used)
if ($only_active)
$where[] = 'count > 0';
if (empty($kind))
$kind = 'Album';
if (!empty($kind))
$where[] = 'kind = {string:kind}';
$where[] = 'kind {raw:operator} {string:kind}';
$where = implode(' AND ', $where);
if (!empty($where))
$where = 'WHERE ' . implode(' AND ', $where);
else
$where = '';
return Registry::get('db')->queryValue('
SELECT COUNT(*)
FROM tags
WHERE ' . $where,
[
'kind' => $kind,
'operator' => $isAlbum ? '=' : '!=',
]);
FROM tags ' . $where,
['kind' => $kind]);
}
public static function getOffset($offset, $limit, $order, $direction, $isAlbum = false)
public function __toString()
{
assert(in_array($order, ['id_tag', 'tag', 'slug', 'count']));
$db = Registry::get('db');
$res = $db->query('
SELECT t.*, u.id_user, u.first_name, u.surname
FROM tags AS t
LEFT JOIN users AS u ON t.id_user_owner = u.id_user
WHERE kind {raw:operator} {string:album}
ORDER BY id_parent, {raw:order}
LIMIT {int:offset}, {int:limit}',
[
'order' => $order . ($direction === 'up' ? ' ASC' : ' DESC'),
'offset' => $offset,
'limit' => $limit,
'album' => 'Album',
'operator' => $isAlbum ? '=' : '!=',
]);
$albums_by_parent = [];
while ($row = $db->fetch_assoc($res))
{
if (!isset($albums_by_parent[$row['id_parent']]))
$albums_by_parent[$row['id_parent']] = [];
$albums_by_parent[$row['id_parent']][] = $row + ['children' => []];
}
$albums = self::getChildrenRecursively(0, 0, $albums_by_parent);
$rows = self::flattenChildrenRecursively($albums);
return $rows;
}
private static function getChildrenRecursively($id_parent, $level, &$albums_by_parent)
{
$children = [];
if (!isset($albums_by_parent[$id_parent]))
return $children;
foreach ($albums_by_parent[$id_parent] as $child)
{
if (isset($albums_by_parent[$child['id_tag']]))
$child['children'] = self::getChildrenRecursively($child['id_tag'], $level + 1, $albums_by_parent);
$child['tag'] = ($level ? str_repeat('—', $level * 2) . ' ' : '') . $child['tag'];
$children[] = $child;
}
return $children;
}
private static function flattenChildrenRecursively($albums)
{
if (empty($albums))
return [];
$rows = [];
foreach ($albums as $album)
{
static $headers_to_keep = ['id_tag', 'tag', 'slug', 'count', 'id_user', 'first_name', 'surname'];
$rows[] = array_intersect_key($album, array_flip($headers_to_keep));
if (!empty($album['children']))
{
$children = self::flattenChildrenRecursively($album['children']);
foreach ($children as $child)
$rows[] = array_intersect_key($child, array_flip($headers_to_keep));
}
}
return $rows;
return $this->tag;
}
}

1
models/User.php
View File

@ -23,7 +23,6 @@ abstract class User
protected $ip_address;
protected $is_admin;
protected $reset_key;
protected $reset_blocked_until;
protected bool $is_logged;
protected bool $is_guest;

2
public/css/default.css
View File

@ -366,8 +366,8 @@ div.polaroid a {
/* Album button box
---------------------*/
.album_button_box {
float: right;
display: flex;
justify-content: flex-end;
margin-bottom: 3rem;
}
.album_button_box > a,

2
templates/AlbumButtonBox.php
View File

@ -22,7 +22,7 @@ class AlbumButtonBox extends Template
public function html_main()
{
echo '
<div class="container album_button_box">';
<div class="album_button_box">';
foreach ($this->buttons as $button)
echo '

41
templates/ErrorPage.php
View File

@ -1,41 +0,0 @@
<?php
/*****************************************************************************
* ErrorPage.php
* Defines the template class ErrorPage.
*
* Kabuki CMS (C) 2013-2025, Aaron van Geffen
*****************************************************************************/
class ErrorPage extends Template
{
private $debug_info;
private $message;
private $title;
public function __construct($title, $message, $debug_info = null)
{
$this->title = $title;
$this->message = $message;
$this->debug_info = $debug_info;
}
public function html_main()
{
echo '
<div class="content-box container">
<h2>', $this->title, '</h2>
<p>', nl2br(htmlspecialchars($this->message)), '</p>';
if (isset($this->debug_info))
{
echo '
</div>
<div class="content-box container">
<h4>Debug Info</h4>
<pre>', htmlspecialchars($this->debug_info), '</pre>';
}
echo '
</div>';
}
}

2
templates/MainNavBar.php
View File

@ -33,7 +33,7 @@ class MainNavBar extends NavBar
<span class="navbar-toggler-icon"></span>
</button>';
if (Registry::has('user') && Registry::get('user')->isLoggedIn())
if (Registry::get('user')->isLoggedIn())
{
echo '
<div class="collapse navbar-collapse justify-content-end" id="', $this->innerMenuId, '">

5
templates/PhotoPage.php
View File

@ -174,10 +174,7 @@ class PhotoPage extends Template
echo '
</ul>';
if ($allowLinkingNewTags)
{
$this->printNewTagScript($tagKind, $tagListId, $newTagId);
}
$this->printNewTagScript($tagKind, $tagListId, $newTagId);
}
private function printNewTagScript($tagKind, $tagListId, $newTagId)

153
templates/TabularData.php
View File

@ -8,7 +8,7 @@
class TabularData extends SubTemplate
{
protected GenericTable $_t;
private GenericTable $_t;
public function __construct(GenericTable $table)
{
@ -16,47 +16,6 @@ class TabularData extends SubTemplate
}
protected function html_content()
{
$this->renderTitle();
foreach ($this->_subtemplates as $template)
$template->html_main();
// Showing an inline form?
$pager = $this->_t->getPageIndex();
if (!empty($pager) || isset($this->_t->form_above))
$this->renderPaginationForm($pager, $this->_t->form_above);
$tableClass = $this->_t->getTableClass();
if ($tableClass)
echo '
<div class="', $tableClass, '">';
// Build the table!
echo '
<table class="table table-striped table-condensed">';
$this->renderTableHead($this->_t->getHeader());
$this->renderTableBody($this->_t->getBody());
echo '
</table>';
if ($tableClass)
echo '
</div>';
// Showing an inline form?
if (!empty($pager) || isset($this->_t->form_below))
$this->renderPaginationForm($pager, $this->_t->form_below);
$title = $this->_t->getTitle();
if (!empty($title))
echo '
</div>';
}
protected function renderTitle()
{
$title = $this->_t->getTitle();
if (!empty($title))
@ -66,32 +25,43 @@ class TabularData extends SubTemplate
<div class="generic-table', !empty($titleclass) ? ' ' . $titleclass : '', '">
<h1>', htmlspecialchars($title), '</h1>';
}
}
protected function renderPaginationForm($pager, $form, $class='row')
{
echo '
<div class="', $class, ' clearfix justify-content-end">';
// Page index?
if (!empty($pager))
PageIndexWidget::paginate($pager);
// Form controls?
if (isset($form))
$this->renderInlineForm($form);
echo '
</div>';
}
protected function renderTableHead(array $headers)
{
foreach ($this->_subtemplates as $template)
$template->html_main();
// Showing an inline form?
$pager = $this->_t->getPageIndex();
if (!empty($pager) || isset($this->_t->form_above))
{
echo '
<div class="row clearfix justify-content-end">';
// Page index?
if (!empty($pager))
PageIndexWidget::paginate($pager);
// Form controls?
if (isset($this->_t->form_above))
$this->showForm($this->_t->form_above);
echo '
</div>';
}
$tableClass = $this->_t->getTableClass();
if ($tableClass)
echo '
<div class="', $tableClass, '">';
// Build the table!
echo '
<table class="table table-striped table-condensed">
<thead>
<tr>';
foreach ($headers as $th)
// Show all headers in their full glory!
$header = $this->_t->getHeader();
foreach ($header as $th)
{
echo '
<th', (!empty($th['width']) ? ' width="' . $th['width'] . '"' : ''), (!empty($th['class']) ? ' class="' . $th['class'] . '"' : ''), ($th['colspan'] > 1 ? ' colspan="' . $th['colspan'] . '"' : ''), ' scope="', $th['scope'], '">',
@ -105,14 +75,11 @@ class TabularData extends SubTemplate
echo '
</tr>
</thead>';
}
protected function renderTableBody($body)
{
echo '
</thead>
<tbody>';
// The body is what we came to see!
$body = $this->_t->getBody();
if (is_array($body))
{
foreach ($body as $tr)
@ -123,31 +90,59 @@ class TabularData extends SubTemplate
foreach ($tr['cells'] as $td)
{
echo '
<td',
(!empty($td['class']) ? ' class="' . $td['class'] . '"' : ''),
(!empty($td['width']) ? ' width="' . $td['width'] . '"' : ''), '>',
$td['value'],
'</td>';
<td', (!empty($td['width']) ? ' width="' . $td['width'] . '"' : ''), '>';
if (!empty($td['class']))
echo '<span class="', $td['class'], '">', $td['value'], '</span>';
else
echo $td['value'];
echo '</td>';
}
echo '
</tr>';
}
}
// !!! Sum colspan!
else
{
$header = $this->_t->getHeader();
echo '
<tr>
<td colspan="', count($header), '" class="fullwidth">', $body, '</td>
</tr>';
}
echo '
</tbody>';
</tbody>
</table>';
if ($tableClass)
echo '
</div>';
// Showing an inline form?
if (!empty($pager) || isset($this->_t->form_below))
{
echo '
<div class="row clearfix justify-content-end">';
// Page index?
if (!empty($pager))
PageIndexWidget::paginate($pager);
// Form controls?
if (isset($this->_t->form_below))
$this->showForm($this->_t->form_below);
echo '
</div>';
}
if (!empty($title))
echo '
</div>';
}
protected function renderInlineForm($form)
protected function showForm($form)
{
if (!isset($form['is_embed']))
echo '