FeaturedThumbnailManager: add pager widget; show only 20 thumbs per page

Reviewed-on: #54

LICENSE.md

@@ -0,0 +1,11 @@
+Copyright 2016-2021 Stichting HashRU
+
+Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
+
+3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

README

@@ -1 +0,0 @@
-This marks the development repository for the HashRU website.

README.md

@@ -0,0 +1,31 @@
+# HashRU Pics
+
+This is the development repository for the HashRU photo website.
+The CMS and its modules originate in [Kabuki CMS](https://aaronweb.net/projects/kabuki/), but have been extended and are maintained separately in this repository.
+
+## Requirements
+
+The Kabuki codebase requires the following PHP extensions to be enabled for full operation:
+
+* exif
+* imagick (PECL)
+* mysqli
+
+## Setup
+
+Copy `config.php.dist` to `config.php` and set-up the constants contained in the file.
+
+## Running
+
+For development purposes, simply run the `server` script provided in the root of this repository.
+This will start a PHP development server on `hashru.local:8080`.
+
+For a production environment, please set up a proper PHP-FPM environment instead.
+
+## Contributing
+
+Pull requests are welcome over at the [HashRU Gitea](https://gitea.hashru.nl/Public/pics/pulls).
+
+## License
+
+The HashRU Pics repository is licensed with a BSD 3-clause license, as is Kabuki CMS.

app.php

@@ -16,16 +16,15 @@ require_once 'vendor/autoload.php';
 Registry::set('start', microtime(true));
 Registry::set('db', new Database(DB_SERVER, DB_USER, DB_PASS, DB_NAME));
 
+// Handle errors our own way.
+ErrorHandler::enable();
+
 // Do some authentication checks.
 Session::start();
 $user = Authentication::isLoggedIn() ? Member::fromId($_SESSION['user_id']) : new Guest();
 $user->updateAccessTime();
 Registry::set('user', $user);
 
-// Handle errors our own way.
-set_error_handler('ErrorHandler::handleError');
-ini_set("display_errors", DEBUG ? "On" : "Off");
-
 // The real magic starts here!
 ob_start();
 Dispatcher::dispatch();

composer.json

@@ -14,5 +14,14 @@
             "models/",
             "templates/"
         ]
+    },
+    "require": {
+        "ext-mysqli": "*",
+        "ext-imagick": "*",
+        "ext-gd": "*",
+        "ext-imagick": "*",
+        "ext-mysqli": "*",
+        "twbs/bootstrap": "^5.3",
+        "twbs/bootstrap-icons": "^1.10"
     }
 }

config.php.dist

@@ -14,6 +14,9 @@ const CACHE_KEY_PREFIX = 'hashru_';
 const BASEDIR = __DIR__;
 const BASEURL = 'https://pics.hashru.nl'; // no trailing /
 
+// Reply-To e-mail header address
+const REPLY_TO_ADDRESS = 'no-reply@my.domain.tld';
+
 // Assets dir and url, where assets are plentiful. (In wwwroot!)
 const ASSETSDIR = BASEDIR . '/public/assets';
 const ASSETSURL = BASEURL . '/assets';
@@ -29,5 +32,5 @@ const DB_PASS = '';
 const DB_NAME = 'hashru_pics';
 const DB_LOG_QUERIES = false;
 
-const SITE_TITLE = 'HashRU';
+const SITE_TITLE = 'HashRU Pics';
 const SITE_SLOGAN = 'Nijmeegs Nerdclubje';

controllers/AccountSettings.php

@@ -0,0 +1,134 @@
+<?php
+/*****************************************************************************
+ * AccountSettings.php
+ * Contains the account settings controller.
+ *
+ * Kabuki CMS (C) 2013-2023, Aaron van Geffen
+ *****************************************************************************/
+
+class AccountSettings extends HTMLController
+{
+	public function __construct()
+	{
+		// Not logged in yet?
+		if (!Registry::get('user')->isLoggedIn())
+			throw new NotAllowedException('You need to be logged in to view this page.');
+
+		parent::__construct('Account settings');
+		$form_title = 'Account settings';
+
+		// Session checking!
+		if (empty($_POST))
+			Session::resetSessionToken();
+		else
+			Session::validateSession();
+
+		$fields = [
+			'first_name' => [
+				'type' => 'text',
+				'label' => 'First name',
+				'size' => 50,
+				'maxlength' => 255,
+			],
+			'surname' => [
+				'type' => 'text',
+				'label' => 'Family name',
+				'size' => 50,
+				'maxlength' => 255,
+			],
+			'emailaddress' => [
+				'type' => 'text',
+				'label' => 'Email address',
+				'size' => 50,
+				'maxlength' => 255,
+			],
+			'password1' => [
+				'before_html' => '<div class="offset-sm-2 mt-4"><p>To change your password, please fill out the fields below.</p></div>',
+				'type' => 'password',
+				'label' => 'Password',
+				'size' => 50,
+				'maxlength' => 255,
+				'is_optional' => true,
+			],
+			'password2' => [
+				'type' => 'password',
+				'label' => 'Password (repeat)',
+				'size' => 50,
+				'maxlength' => 255,
+				'is_optional' => true,
+			],
+		];
+
+		$form = new Form([
+			'request_url' => BASEURL . '/' . $_GET['action'] . '/',
+			'fields' => $fields,
+			'submit_caption' => 'Save details',
+		]);
+
+		$user = Registry::get('user');
+
+		// Create the form, add in default values.
+		$form->setData(empty($_POST) ? $user->getProps() : $_POST);
+		$formview = new FormView($form, $form_title);
+		$this->page->adopt($formview);
+
+		// Fetch user tags
+		$tags = Tag::getAllByOwner($user->getUserId());
+		if (!empty($tags))
+			$this->page->adopt(new MyTagsView($tags));
+
+		// Left a message?
+		if (isset($_SESSION['account_msg']))
+		{
+			$alert = $_SESSION['account_msg'];
+			$formview->adopt(new Alert($alert[0], $alert[1], $alert[2]));
+			unset($_SESSION['account_msg']);
+		}
+
+		// Just updating account settings?
+		if (!empty($_POST))
+		{
+			$form->verify($_POST);
+
+			// Anything missing?
+			if (!empty($form->getMissing()))
+			{
+				$missingFields = array_intersect_key($fields, array_flip($form->getMissing()));
+				$missingFields = array_map(function($field) { return strtolower($field['label']); }, $missingFields);
+				return $formview->adopt(new Alert('Some data missing', 'Please fill out the following fields: ' . implode(', ', $missingFields), 'danger'));
+			}
+
+			$data = $form->getData();
+
+			// Just to be on the safe side.
+			$data['first_name'] = htmlspecialchars(trim($data['first_name']));
+			$data['surname'] = htmlspecialchars(trim($data['surname']));
+			$data['emailaddress'] = trim($data['emailaddress']);
+
+			// If it looks like an e-mail address...
+			if (!empty($data['emailaddress']) && !preg_match('~^[^ ]+@[^ ]+\.[a-z]+$~', $data['emailaddress']))
+				return $formview->adopt(new Alert('Email addresses invalid', 'The email address you entered is not a valid email address.', 'danger'));
+			// Check whether email address is already linked to an account in the database -- just not to the account we happen to be editing, of course.
+			elseif (!empty($data['emailaddress']) && $user->getEmailAddress() !== $data['emailaddress'] && Member::exists($data['emailaddress']))
+				return $formview->adopt(new Alert('Email address already in use', 'Another account is already using this e-mail address.', 'danger'));
+
+			// Changing passwords?
+			if (!empty($data['password1']) && !empty($data['password2']))
+			{
+				if (strlen($data['password1']) < 6 || !preg_match('~[^A-z]~', $data['password1']))
+					return $formview->adopt(new Alert('Password not acceptable', 'Please use a password that is at least six characters long and contains at least one non-alphabetic character (e.g. a number or symbol).', 'danger'));
+				elseif ($data['password1'] !== $data['password2'])
+					return $formview->adopt(new Alert('Passwords do not match', 'The passwords you entered do not match. Please try again.', 'danger'));
+
+				// Keep just the one.
+				$data['password'] = $data['password1'];
+				unset($data['password1'], $data['password2']);
+				$formview->adopt(new Alert('Your password has been changed', 'Next time you log in, you can use your new password to authenticate yourself.', 'success'));
+			}
+			else
+				$formview->adopt(new Alert('Your account settings have been saved', 'Thank you for keeping your information current.', 'success'));
+
+			$user->update($data);
+		}
+	}
+}

controllers/Download.php

@@ -0,0 +1,133 @@
+<?php
+/*****************************************************************************
+ * Download.php
+ * Contains the code to download an album.
+ *
+ * Kabuki CMS (C) 2013-2019, Aaron van Geffen
+ *****************************************************************************/
+
+class Download
+{
+	public function __construct()
+	{
+		// Ensure we're logged in at this point.
+		$user = Registry::get('user');
+		if (!$user->isLoggedIn())
+			throw new NotAllowedException();
+
+		if (!isset($_GET['tag']))
+			throw new UserFacingException('No album or tag has been specified for download.');
+
+		$tag = (int)$_GET['tag'];
+		$album = Tag::fromId($tag);
+
+		if (isset($_GET['by']) && ($user = Member::fromSlug($_GET['by'])) !== false)
+			$id_user_uploaded = $user->getUserId();
+		else
+			$id_user_uploaded = null;
+
+		if (isset($_SESSION['current_export']))
+			throw new UserFacingException('You can only export one album at the same time. Please wait until the other download finishes, or try again later.');
+
+		// So far so good?
+		$this->exportAlbum($album, $id_user_uploaded);
+		exit;
+	}
+
+	private function exportAlbum(Tag $album, $id_user_uploaded)
+	{
+		$files = [];
+
+		$album_ids = array_merge([$album->id_tag], $this->getChildAlbumIds($album->id_tag));
+		foreach ($album_ids as $album_id)
+		{
+			$iterator = AssetIterator::getByOptions([
+				'id_tag' => $album_id,
+				'id_user_uploaded' => $id_user_uploaded,
+			]);
+			while ($asset = $iterator->next())
+				$files[] = join(DIRECTORY_SEPARATOR, [$asset->getSubdir(), $asset->getFilename()]);
+		}
+
+		$descriptorspec = [
+			0 => ['pipe', 'r'], // STDIN
+			1 => ['pipe', 'w'], // STDOUT
+		];
+
+		// Prevent simultaneous exports.
+		$_SESSION['current_export'] = $album->id_tag;
+
+		// Allow new exports if the connection is terminated unexpectedly (e.g. when a user aborts a download).
+		register_shutdown_function(function() {
+			if (isset($_SESSION['current_export']))
+				unset($_SESSION['current_export']);
+		});
+
+		$command = 'tar -cf - -C ' . escapeshellarg(ASSETSDIR) . ' --null -T -';
+
+		$proc = proc_open($command, $descriptorspec, $pipes, ASSETSDIR);
+
+		if(!$proc)
+			throw new UnexpectedValueException('Could not execute TAR command');
+
+		if(!$pipes[0])
+			throw new UnexpectedValueException('Could not open pipe for STDIN');
+
+		if(!$pipes[1])
+			throw new UnexpectedValueException('Could not open pipe for STDOUT');
+
+		// STDOUT should not block.
+		stream_set_blocking($pipes[1], 0);
+
+		// Allow this the download to take its time...
+		set_time_limit(0);
+
+		header('Pragma: no-cache');
+		header('Content-Description: File Download');
+		header('Content-disposition: attachment; filename="' . $album->tag . '.tar"');
+		header('Content-Type: application/octet-stream');
+		header('Content-Transfer-Encoding: binary');
+
+		// Write filenames to include to STDIN, separated by null bytes.
+		foreach ($files as $file)
+			fwrite($pipes[0], $file . "\0");
+
+		// Close STDIN pipe to start archiving.
+		fclose($pipes[0]);
+
+		// At this point, end output buffering so we can enjoy more than ~62MB of photos.
+		ob_end_flush();
+
+		do
+		{
+			// Read STDOUT as `tar` is doing its work.
+			echo stream_get_contents($pipes[1], 4096);
+
+			// Are we still running?
+			$status = proc_get_status($proc);
+		}
+		while (!empty($status) && $status['running']);
+
+		// Close STDOUT pipe and clean up process.
+		fclose($pipes[1]);
+
+		proc_close($proc);
+
+		// Allow new exports from this point onward.
+		unset($_SESSION['current_export']);
+	}
+
+	private function getChildAlbumIds($parent_id)
+	{
+		$ids = [];
+
+		$albums = Tag::getAlbums($parent_id, 0, PHP_INT_MAX);
+		foreach ($albums as $album)
+		{
+			$ids[] = $album['id_tag'];
+			$ids = array_merge($ids, $this->getChildAlbumIds($album['id_tag']));
+		}
+
+		return $ids;
+	}
+}

controllers/EditAlbum.php

@@ -6,8 +6,14 @@
  * Kabuki CMS (C) 2013-2017, Aaron van Geffen
  *****************************************************************************/
 
+// TODO: extend EditTag?
 class EditAlbum extends HTMLController
 {
+	private $form;
+	private $formview;
+
+	const THUMBS_PER_PAGE = 20;
+
 	public function __construct()
 	{
 		// Ensure it's just admins at this point.
@@ -18,6 +24,9 @@ class EditAlbum extends HTMLController
 		if (empty($id_tag) && !isset($_GET['add']) && $_GET['action'] !== 'addalbum')
 			throw new UnexpectedValueException('Requested album not found or not requesting a new album.');
 
+		if (!empty($id_tag))
+			$album = Tag::fromId($id_tag);
+
 		// Adding an album?
 		if (isset($_GET['add']) || $_GET['action'] === 'addalbum')
 		{
@@ -29,21 +38,19 @@ class EditAlbum extends HTMLController
 		elseif (isset($_GET['delete']))
 		{
 			// So far so good?
-			$album = Tag::fromId($id_tag);
 			if (Session::validateSession('get') && $album->kind === 'Album' && $album->delete())
 			{
 				header('Location: ' . BASEURL . '/managealbums/');
 				exit;
 			}
 			else
-				trigger_error('Cannot delete album: an error occured while processing the request.', E_USER_ERROR);
+				throw new Exception('Cannot delete album: an error occured while processing the request.');
 		}
 		// Editing one, then, surely.
 		else
 		{
-			$album = Tag::fromId($id_tag);
 			if ($album->kind !== 'Album')
-				trigger_error('Cannot edit album: not an album.', E_USER_ERROR);
+				throw new Exception('Cannot edit album: not an album.');
 
 			parent::__construct('Edit album \'' . $album->tag . '\'');
 			$form_title = 'Edit album \'' . $album->tag . '\'';
@@ -61,41 +68,50 @@ class EditAlbum extends HTMLController
 		elseif (!$id_tag)
 			$after_form = '<button name="submit_and_new" class="btn">Save and add another</button>';
 
-		$form = new Form([
-			'request_url' => BASEURL . '/editalbum/?' . ($id_tag ? 'id=' . $id_tag : 'add'),
-			'content_below' => $after_form,
-			'fields' => [
-				'id_parent' => [
-					'type' => 'numeric',
-					'label' => 'Parent album ID',
-				],
-				'id_asset_thumb' => [
-					'type' => 'numeric',
-					'label' => 'Thumbnail asset ID',
-					'is_optional' => true,
-				],
-				'tag' => [
-					'type' => 'text',
-					'label' => 'Album title',
-					'size' => 50,
-					'maxlength' => 255,
-				],
-				'slug' => [
-					'type' => 'text',
-					'label' => 'URL slug',
-					'size' => 50,
-					'maxlength' => 255,
-				],
-				'description' => [
-					'type' => 'textbox',
-					'label' => 'Description',
-					'size' => 50,
-					'maxlength' => 255,
-					'is_optional' => true,
-				],
+		// Gather possible parents for this album to be filed into
+		$parentChoices = [0 => '-root-'];
+		foreach (Tag::getOffset(0, 9999, 'tag', 'up', true) as $parent)
+		{
+			if (!empty($id_tag) && $parent['id_tag'] == $id_tag)
+				continue;
+
+			$parentChoices[$parent['id_tag']] = $parent['tag'];
+		}
+
+		$fields = [
+			'id_parent' => [
+				'type' => 'select',
+				'label' => 'Parent album',
+				'options' => $parentChoices,
 			],
+			'tag' => [
+				'type' => 'text',
+				'label' => 'Album title',
+				'size' => 50,
+				'maxlength' => 255,
+			],
+			'slug' => [
+				'type' => 'text',
+				'label' => 'URL slug',
+				'size' => 50,
+				'maxlength' => 255,
+			],
+			'description' => [
+				'type' => 'textbox',
+				'label' => 'Description',
+				'size' => 50,
+				'maxlength' => 255,
+				'is_optional' => true,
+			],
+		];
+
+		$this->form = new Form([
+			'request_url' => BASEURL . '/editalbum/?' . ($id_tag ? 'id=' . $id_tag : 'add'),
+			'buttons_extra' => $after_form,
+			'fields' => $fields,
 		]);
 
+		// Add defaults for album if none present
 		if (empty($_POST) && isset($_GET['tag']))
 		{
 			$parentTag = Tag::fromId($_GET['tag']);
@@ -108,29 +124,97 @@ class EditAlbum extends HTMLController
 				];
 			}
 		}
-
-		if (!isset($formDefaults))
-			$formDefaults = isset($album) ? get_object_vars($album) : $_POST;
+		elseif (empty($_POST) && isset($album))
+		{
+			$formDefaults = get_object_vars($album);
+		}
+		elseif (empty($_POST) && count($parentChoices) > 1)
+		{
+			// Choose the first non-root album as the default parent
+			reset($parentChoices);
+			next($parentChoices);
+			$formDefaults = ['id_parent' => key($parentChoices)];
+		}
+		else
+			$formDefaults = $_POST;
 
 		// Create the form, add in default values.
-		$form->setData($formDefaults);
-		$formview = new FormView($form, $form_title ?? '');
-		$this->page->adopt($formview);
+		$this->form->setData($formDefaults);
+		$this->formview = new FormView($this->form, $form_title ?? '');
+		$this->page->adopt($this->formview);
 
+		if (!empty($id_tag))
+		{
+			$current_page = isset($_GET['page']) ? (int) $_GET['page'] : 1;
+
+			list($assets, $num_assets) = AssetIterator::getByOptions([
+				'direction' => 'desc',
+				'limit' => self::THUMBS_PER_PAGE,
+				'page' => $current_page,
+				'id_tag' => $id_tag,
+			], true);
+
+			// If we have asset images, show the thumbnail manager
+			if ($num_assets > 0)
+			{
+				$manager = new FeaturedThumbnailManager($assets, $id_tag ? $album->id_asset_thumb : 0);
+				$this->page->adopt($manager);
+
+				// Make a page index as needed, while we're at it.
+				if ($num_assets > self::THUMBS_PER_PAGE)
+				{
+					$index = new PageIndex([
+						'recordCount' => $num_assets,
+						'items_per_page' => self::THUMBS_PER_PAGE,
+						'start' => ($current_page - 1) * self::THUMBS_PER_PAGE,
+						'base_url' => BASEURL . '/editalbum/?id=' . $id_tag,
+						'page_slug' => '&page=%PAGE%',
+					]);
+					$manager->adopt(new PageIndexWidget($index));
+				}
+			}
+		}
+
+		if (isset($_POST['changeThumbnail']))
+			$this->processThumbnail($album);
+		elseif (!empty($_POST))
+			$this->processTagDetails($id_tag, $album ?? null);
+	}
+
+	private function processThumbnail($tag)
+	{
+		if (empty($_POST))
+			return;
+
+		$tag->id_asset_thumb = $_POST['featuredThumbnail'];
+		$tag->save();
+
+		header('Location: ' . BASEURL . '/editalbum/?id=' . $tag->id_tag);
+		exit;
+	}
+
+	private function processTagDetails($id_tag, $album)
+	{
 		if (!empty($_POST))
 		{
-			$form->verify($_POST);
+			$this->form->verify($_POST);
 
 			// Anything missing?
-			if (!empty($form->getMissing()))
-				return $formview->adopt(new Alert('Some data missing', 'Please fill out the following fields: ' . implode(', ', $form->getMissing()), 'error'));
+			if (!empty($this->form->getMissing()))
+				return $this->formview->adopt(new Alert('Some data missing', 'Please fill out the following fields: ' . implode(', ', $this->form->getMissing()), 'danger'));
 
-			$data = $form->getData();
+			$data = $this->form->getData();
+
+			// Sanity check: don't let an album be its own parent
+			if ($data['id_parent'] == $id_tag)
+			{
+				return $this->formview->adopt(new Alert('Invalid parent', 'An album cannot be its own parent.', 'danger'));
+			}
 
 			// Quick stripping.
-			$data['tag'] = htmlentities($data['tag']);
-			$data['description'] = htmlentities($data['description']);
-			$data['slug'] = strtr(strtolower($data['slug']), [' ' => '-', '--' => '-', '&' => 'and', '=>' => '', "'" => "", ":"=> "", '/' => '-', '\\' => '-']);
+			$data['tag'] = htmlspecialchars($data['tag']);
+			$data['description'] = htmlspecialchars($data['description']);
+			$data['slug'] = strtr($data['slug'], [' ' => '-', '--' => '-', '&' => 'and', '=>' => '', "'" => "", ":"=> "", '\\' => '-']);
 
 			// TODO: when updating slug, update slug for all photos in this album.
 
@@ -140,7 +224,7 @@ class EditAlbum extends HTMLController
 				$data['kind'] = 'Album';
 				$newTag = Tag::createNew($data);
 				if ($newTag === false)
-					return $formview->adopt(new Alert('Cannot create this album', 'Something went wrong while creating the album...', 'error'));
+					return $this->formview->adopt(new Alert('Cannot create this album', 'Something went wrong while creating the album...', 'danger'));
 
 				if (isset($_POST['submit_and_new']))
 				{

controllers/EditAsset.php

@@ -10,10 +10,6 @@ class EditAsset extends HTMLController
 {
 	public function __construct()
 	{
-		// Ensure it's just admins at this point.
-		if (!Registry::get('user')->isAdmin())
-			throw new NotAllowedException();
-
 		if (empty($_GET['id']))
 			throw new Exception('Invalid request.');
 
@@ -21,8 +17,72 @@ class EditAsset extends HTMLController
 		if (empty($asset))
 			throw new NotFoundException('Asset not found');
 
-		if (isset($_REQUEST['delete']))
-			throw new Exception('Not implemented.');
+		// Can we edit this asset?
+		$user = Registry::get('user');
+		if (!($user->isAdmin() || $asset->isOwnedBy($user)))
+			throw new NotAllowedException();
+
+		if (isset($_REQUEST['delete']) && Session::validateSession('get'))
+		{
+			$redirectUrl = BASEURL . '/' . $asset->getSubdir();
+			$asset->delete();
+
+			header('Location: ' . $redirectUrl);
+			exit;
+		}
+		else
+		{
+			$isPrioChange = isset($_REQUEST['inc_prio']) || isset($_REQUEST['dec_prio']);
+			$isCoverChange = isset($_REQUEST['album_cover'], $_REQUEST['in']);
+			$madeChanges = false;
+
+			if ($user->isAdmin() && $isPrioChange && Session::validateSession('get'))
+			{
+				if (isset($_REQUEST['inc_prio']))
+					$priority = $asset->priority + 1;
+				else
+					$priority = $asset->priority - 1;
+
+				$asset->priority = max(0, min(100, $priority));
+				$asset->save();
+				$madeChanges = true;
+			}
+			elseif ($user->isAdmin() && $isCoverChange && Session::validateSession('get'))
+			{
+				$tag = Tag::fromId($_REQUEST['in']);
+				$tag->id_asset_thumb = $asset->getId();
+				$tag->save();
+				$madeChanges = true;
+			}
+
+			if ($madeChanges)
+			{
+				if (isset($_SERVER['HTTP_REFERER']))
+					header('Location: ' . $_SERVER['HTTP_REFERER']);
+				else
+					header('Location: ' . BASEURL . '/' . $asset->getSubdir());
+				exit;
+			}
+		}
+
+		// Get a list of available photo albums
+		$allAlbums = [];
+		foreach (Tag::getOffset(0, 9999, 'tag', 'up', true) as $album)
+			$allAlbums[$album['id_tag']] = $album['tag'];
+
+		// Figure out the current album id
+		$currentAlbumId = 0;
+		$currentAlbumSlug = '';
+		$currentTags = $asset->getTags();
+		foreach ($currentTags as $tag)
+		{
+			if ($tag->kind === 'Album')
+			{
+				$currentAlbumId = $tag->id_tag;
+				$currentAlbumSlug = $tag->slug;
+				break;
+			}
+		}
 
 		if (!empty($_POST))
 		{
@@ -33,18 +93,48 @@ class EditAsset extends HTMLController
 			}
 
 			// Key info
-			if (isset($_POST['title'], $_POST['date_captured'], $_POST['priority']))
+			if (isset($_POST['title'], $_POST['slug'], $_POST['date_captured'], $_POST['priority']))
 			{
-				$date_captured = !empty($_POST['date_captured']) ? new DateTime($_POST['date_captured']) : null;
-				$asset->setKeyData(htmlentities($_POST['title']), $date_captured, intval($_POST['priority']));
+				$asset->date_captured = !empty($_POST['date_captured']) ?
+					new DateTime(str_replace('T', ' ', $_POST['date_captured'])) : null;
+				$asset->slug = Asset::cleanSlug($_POST['slug']);
+				$asset->title = htmlspecialchars($_POST['title']);
+				$asset->priority = intval($_POST['priority']);
+				$asset->save();
+			}
+
+			// Changing parent album?
+			if ($_POST['id_album'] != $currentAlbumId)
+			{
+				$targetAlbum = Tag::fromId($_POST['id_album']);
+
+				// First move the asset, then sort out the album tag
+				if (($retCode = $asset->moveToSubDir($targetAlbum->slug)) === true)
+				{
+					if (!isset($_POST['tag']))
+						$_POST['tag'] = [];
+
+					// Unset tag for current parent album
+					if (isset($_POST['tag'][$currentAlbumId]))
+						unset($_POST['tag'][$currentAlbumId]);
+
+					// Set tag for new parent album
+					$_POST['tag'][$_POST['id_album']] = true;
+				}
+			}
+			else
+			{
+				$_POST['tag'][$currentAlbumId] = true;
 			}
 
 			// Handle tags
 			$new_tags = [];
 			if (isset($_POST['tag']) && is_array($_POST['tag']))
+			{
 				foreach ($_POST['tag'] as $id_tag => $bool)
 					if (is_numeric($id_tag))
 						$new_tags[] = $id_tag;
+			}
 
 			$current_tags = array_keys($asset->getTags());
 
@@ -76,47 +166,63 @@ class EditAsset extends HTMLController
 						$image->removeAllThumbnails();
 					}
 				}
-				elseif (preg_match('~^thumb_(\d+)x(\d+)(_c[best]?)?$~', $_POST['replacement_target']))
+				elseif (preg_match('~^thumb_(\d+x\d+(?:_c[best]?)?)$~', $_POST['replacement_target'], $match))
 				{
 					$image = $asset->getImage();
-					if (($replace_result = $image->replaceThumbnail($_POST['replacement_target'], $_FILES['replacement']['tmp_name'])) !== 0)
-						throw new Exception('Could not replace thumbnail \'' . $_POST['replacement_target'] . '\' with the uploaded file. Error code: ' . $replace_result);
+					if (($replace_result = $image->replaceThumbnail($match[1], $_FILES['replacement']['tmp_name'])) !== 0)
+						throw new Exception('Could not replace thumbnail \'' . $match[1] . '\' with the uploaded file. Error code: ' . $replace_result);
 				}
 			}
 
 			header('Location: ' . BASEURL . '/editasset/?id=' . $asset->getId());
 		}
 
-		// Get list of thumbnails
-		$thumbs = $this->getThumbs($asset);
+		$page = new EditAssetForm([
+			'asset' => $asset,
+			'thumbs' => $this->getThumbs($asset),
+			'allAlbums' => $allAlbums,
+			'currentAlbumId' => $currentAlbumId,
+		]);
 
-		$page = new EditAssetForm($asset, $thumbs);
 		parent::__construct('Edit asset \'' . $asset->getTitle() . '\' (' . $asset->getFilename() . ') - ' . SITE_TITLE);
 		$this->page->adopt($page);
 	}
 
 	private function getThumbs(Asset $asset)
 	{
-		$path = $asset->getPath();
+		if (!$asset->isImage())
+			return [];
+
+		$image = $asset->getImage();
+		$subdir = $image->getSubdir();
+		$metadata = $image->getMeta();
+		$thumb_selectors = $image->getThumbnails();
+
 		$thumbs = [];
-		$metadata = $asset->getMeta();
-		foreach ($metadata as $key => $meta)
+		foreach ($thumb_selectors as $selector => $filename)
 		{
-			if (!preg_match('~^thumb_(?<width>\d+)x(?<height>\d+)(?<suffix>_c(?<method>[best]?))?$~', $key, $thumb))
+			if (!preg_match('~^(?<width>\d+)x(?<height>\d+)(?<suffix>_c(?<method>[best]?))?$~', $selector, $thumb))
 				continue;
 
-			$has_crop_boundary = isset($metadata['crop_' . $thumb['width'] . 'x' . $thumb['height']]);
-			$has_custom_image = isset($metadata['custom_' . $thumb['width'] . 'x' . $thumb['height']]);
+			$dimensions = $thumb['width'] . 'x' . $thumb['height'];
+
+			// Does the thumbnail exist on disk? If not, use an url to generate it.
+			if (!$filename || !file_exists(THUMBSDIR . '/' . $subdir . '/' . $filename))
+				$thumb_url = BASEURL . '/thumbnail/' . $image->getId() . '/' . $dimensions . ($thumb['suffix'] ?? '') . '/';
+			else
+				$thumb_url = THUMBSURL . '/' . $subdir . '/' . $filename;
+
+			$has_crop_boundary = isset($metadata['crop_' . $dimensions]);
+			$has_custom_image = isset($metadata['custom_' . $dimensions]);
+
 			$thumbs[] = [
 				'dimensions' => [(int) $thumb['width'], (int) $thumb['height']],
 				'cropped' => !$has_custom_image && (!empty($thumb['suffix']) || $has_crop_boundary),
 				'crop_method' => !$has_custom_image && !empty($thumb['method']) ? $thumb['method'] : (!empty($thumb['suffix']) ? 'c' : null),
-				'crop_region' => $has_crop_boundary ? $metadata['crop_' . $thumb['width'] . 'x' . $thumb['height']] : null,
+				'crop_region' => $has_crop_boundary ? $metadata['crop_' . $dimensions] : null,
 				'custom_image' => $has_custom_image,
-				'filename' => $meta,
-				'full_path' => THUMBSDIR . '/' . $path . '/' . $meta,
-				'url' => THUMBSURL . '/' . $path . '/' . $meta,
-				'status' => file_exists(THUMBSDIR . '/' . $path . '/' . $meta),
+				'filename' => $filename,
+				'url' => $thumb_url,
 			];
 		}
 
@@ -133,18 +239,19 @@ class EditAsset extends HTMLController
 		$crop_value = $data->crop_width . ',' . $data->crop_height . ',' . $data->source_x . ',' . $data->source_y;
 		$meta[$crop_key] = $crop_value;
 
-		// If we uploaded a custom thumbnail, stop considering it such.
+		// If we previously uploaded a custom thumbnail, stop considering it such.
 		$custom_key = 'custom_' . $data->thumb_width . 'x' . $data->thumb_height;
 		if (isset($meta[$custom_key]))
+		{
+			// TODO: delete from disk
 			unset($meta[$custom_key]);
+		}
+
+		// Save meta changes so far.
+		$image->setMetaData($meta);
 
 		// Force a rebuild of related thumbnails.
-		$thumb_key = 'thumb_' . $data->thumb_width . 'x' . $data->thumb_height;
-		foreach ($meta as $meta_key => $meta_value)
-			if ($meta_key === $thumb_key || strpos($meta_key, $thumb_key . '_') !== false)
-				unset($meta[$meta_key]);
-
-		$image->setMetaData($meta);
+		$image->removeThumbnailsOfSize($data->thumb_width, $data->thumb_height);
 
 		$payload = [
 			'key' => $crop_key,

controllers/EditTag.php

@@ -8,16 +8,22 @@
 
 class EditTag extends HTMLController
 {
+	const THUMBS_PER_PAGE = 20;
+
 	public function __construct()
 	{
-		// Ensure it's just admins at this point.
-		if (!Registry::get('user')->isAdmin())
-			throw new NotAllowedException();
-
 		$id_tag = isset($_GET['id']) ? (int) $_GET['id'] : 0;
 		if (empty($id_tag) && !isset($_GET['add']))
 			throw new UnexpectedValueException('Requested tag not found or not requesting a new tag.');
 
+		if (!empty($id_tag))
+			$tag = Tag::fromId($id_tag);
+
+		// Are we allowed to edit this tag?
+		$user = Registry::get('user');
+		if (!($user->isAdmin() || $user->getUserId() == $tag->id_user_owner))
+			throw new NotAllowedException();
+
 		// Adding an tag?
 		if (isset($_GET['add']))
 		{
@@ -29,21 +35,19 @@ class EditTag extends HTMLController
 		elseif (isset($_GET['delete']))
 		{
 			// So far so good?
-			$tag = Tag::fromId($id_tag);
 			if (Session::validateSession('get') && $tag->kind !== 'Album' && $tag->delete())
 			{
 				header('Location: ' . BASEURL . '/managetags/');
 				exit;
 			}
 			else
-				trigger_error('Cannot delete tag: an error occured while processing the request.', E_USER_ERROR);
+				throw new Exception('Cannot delete tag: an error occured while processing the request.');
 		}
 		// Editing one, then, surely.
 		else
 		{
-			$tag = Tag::fromId($id_tag);
 			if ($tag->kind === 'Album')
-				trigger_error('Cannot edit tag: is actually an album.', E_USER_ERROR);
+				throw new Exception('Cannot edit tag: is actually an album.');
 
 			parent::__construct('Edit tag \'' . $tag->tag . '\'');
 			$form_title = 'Edit tag \'' . $tag->tag . '\'';
@@ -61,47 +65,51 @@ class EditTag extends HTMLController
 		elseif (!$id_tag)
 			$after_form = '<button name="submit_and_new" class="btn">Save and add another</button>';
 
-		$form = new Form([
-			'request_url' => BASEURL . '/edittag/?' . ($id_tag ? 'id=' . $id_tag : 'add'),
-			'content_below' => $after_form,
-			'fields' => [
-				'id_parent' => [
-					'type' => 'numeric',
-					'label' => 'Parent tag ID',
-				],
-				'id_asset_thumb' => [
-					'type' => 'numeric',
-					'label' => 'Thumbnail asset ID',
-					'is_optional' => true,
-				],
-				'kind' => [
-					'type' => 'select',
-					'label' => 'Kind of tag',
-					'options' => [
-						'Location' => 'Location',
-						'Person' => 'Person',
-					],
-				],
-				'tag' => [
-					'type' => 'text',
-					'label' => 'Tag title',
-					'size' => 50,
-					'maxlength' => 255,
-				],
-				'slug' => [
-					'type' => 'text',
-					'label' => 'URL slug',
-					'size' => 50,
-					'maxlength' => 255,
-				],
-				'description' => [
-					'type' => 'textbox',
-					'label' => 'Description',
-					'size' => 50,
-					'maxlength' => 255,
-					'is_optional' => true,
+		$fields = [
+			'kind' => [
+				'type' => 'select',
+				'label' => 'Kind of tag',
+				'options' => [
+					'Location' => 'Location',
+					'Person' => 'Person',
 				],
 			],
+			'id_user_owner' => [
+				'type' => 'select',
+				'label' => 'Owner',
+				'options' => [0 => '(nobody)'] + Member::getMemberMap(),
+			],
+			'tag' => [
+				'type' => 'text',
+				'label' => 'Tag title',
+				'size' => 50,
+				'maxlength' => 255,
+			],
+			'slug' => [
+				'type' => 'text',
+				'label' => 'URL slug',
+				'size' => 50,
+				'maxlength' => 255,
+			],
+			'description' => [
+				'type' => 'textbox',
+				'label' => 'Description',
+				'size' => 50,
+				'maxlength' => 255,
+				'is_optional' => true,
+			],
+		];
+
+		if (!$user->isAdmin())
+		{
+			unset($fields['kind']);
+			unset($fields['id_user_owner']);
+		}
+
+		$form = new Form([
+			'request_url' => BASEURL . '/edittag/?' . ($id_tag ? 'id=' . $id_tag : 'add'),
+			'buttons_extra' => $after_form,
+			'fields' => $fields,
 		]);
 
 		// Create the form, add in default values.
@@ -109,25 +117,78 @@ class EditTag extends HTMLController
 		$formview = new FormView($form, $form_title ?? '');
 		$this->page->adopt($formview);
 
+		if (!empty($id_tag))
+		{
+			$current_page = isset($_GET['page']) ? (int) $_GET['page'] : 1;
+
+			list($assets, $num_assets) = AssetIterator::getByOptions([
+				'direction' => 'desc',
+				'limit' => self::THUMBS_PER_PAGE,
+				'page' => $current_page,
+				'id_tag' => $id_tag,
+			], true);
+
+			// If we have asset images, show the thumbnail manager
+			if ($num_assets > 0)
+			{
+				$manager = new FeaturedThumbnailManager($assets, $id_tag ? $tag->id_asset_thumb : 0);
+				$this->page->adopt($manager);
+
+				// Make a page index as needed, while we're at it.
+				if ($num_assets > self::THUMBS_PER_PAGE)
+				{
+					$index = new PageIndex([
+						'recordCount' => $num_assets,
+						'items_per_page' => self::THUMBS_PER_PAGE,
+						'start' => ($current_page - 1) * self::THUMBS_PER_PAGE,
+						'base_url' => BASEURL . '/edittag/?id=' . $id_tag,
+						'page_slug' => '&page=%PAGE%',
+					]);
+					$manager->adopt(new PageIndexWidget($index));
+				}
+			}
+		}
+
+		if (isset($_POST['changeThumbnail']))
+			$this->processThumbnail($tag);
+		elseif (!empty($_POST))
+			$this->processTagDetails($form, $id_tag, $tag ?? null);
+	}
+
+	private function processThumbnail($tag)
+	{
+		if (empty($_POST))
+			return;
+
+		$tag->id_asset_thumb = $_POST['featuredThumbnail'];
+		$tag->save();
+
+		header('Location: ' . BASEURL . '/edittag/?id=' . $tag->id_tag);
+		exit;
+	}
+
+	private function processTagDetails($form, $id_tag, $tag)
+	{
 		if (!empty($_POST))
 		{
 			$form->verify($_POST);
 
 			// Anything missing?
 			if (!empty($form->getMissing()))
-				return $formview->adopt(new Alert('Some data missing', 'Please fill out the following fields: ' . implode(', ', $form->getMissing()), 'error'));
+				return $formview->adopt(new Alert('Some data missing', 'Please fill out the following fields: ' . implode(', ', $form->getMissing()), 'danger'));
 
 			$data = $form->getData();
+			$data['id_parent'] = 0;
 
 			// Quick stripping.
-			$data['slug'] = strtr(strtolower($data['slug']), [' ' => '-', '--' => '-', '&' => 'and', '=>' => '', "'" => "", ":"=> "", '/' => '-', '\\' => '-']);
+			$data['slug'] = strtr($data['slug'], [' ' => '-', '--' => '-', '&' => 'and', '=>' => '', "'" => "", ":"=> "", '/' => '-', '\\' => '-']);
 
 			// Creating a new tag?
 			if (!$id_tag)
 			{
 				$return = Tag::createNew($data);
 				if ($return === false)
-					return $formview->adopt(new Alert('Cannot create this tag', 'Something went wrong while creating the tag...', 'error'));
+					return $formview->adopt(new Alert('Cannot create this tag', 'Something went wrong while creating the tag...', 'danger'));
 
 				if (isset($_POST['submit_and_new']))
 				{
@@ -144,8 +205,11 @@ class EditTag extends HTMLController
 				$tag->save();
 			}
 
-			// Redirect to the tag management page.
-			header('Location: ' . BASEURL . '/managetags/');
+			// Redirect to a clean page
+			if (Registry::get('user')->isAdmin())
+				header('Location: ' . BASEURL . '/managetags/');
+			else
+				header('Location: ' . BASEURL . '/edittag/?id=' . $id_tag);
 			exit;
 		}
 	}

controllers/EditUser.php

@@ -24,9 +24,8 @@ class EditUser extends HTMLController
 		// Adding a user?
 		if (isset($_GET['add']))
 		{
-			parent::__construct('Add a new user');
-			$view = new DummyBox('Add a new user');
-			$this->page->adopt($view);
+			$form_title = 'Add a new user';
+			parent::__construct($form_title);
 			$this->page->addClass('edituser');
 		}
 		// Deleting one?
@@ -34,7 +33,7 @@ class EditUser extends HTMLController
 		{
 			// Don't be stupid.
 			if ($current_user->getUserId() == $id_user)
-				trigger_error('Sorry, I cannot allow you to delete yourself.', E_USER_ERROR);
+				throw new Exception('Sorry, I cannot allow you to delete yourself.');
 
 			// So far so good?
 			$user = Member::fromId($id_user);
@@ -44,15 +43,14 @@ class EditUser extends HTMLController
 				exit;
 			}
 			else
-				trigger_error('Cannot delete user: an error occured while processing the request.', E_USER_ERROR);
+				throw new Exception('Cannot delete user: an error occured while processing the request.');
 		}
 		// Editing one, then, surely.
 		else
 		{
 			$user = Member::fromId($id_user);
-			parent::__construct('Edit user \'' . $user->getFullName() . '\'');
-			$view = new DummyBox('Edit user \'' . $user->getFullName() . '\'');
-			$this->page->adopt($view);
+			$form_title = 'Edit user \'' . $user->getFullName() . '\'';
+			parent::__construct($form_title);
 			$this->page->addClass('edituser');
 		}
 
@@ -71,7 +69,7 @@ class EditUser extends HTMLController
 
 		$form = new Form([
 			'request_url' => BASEURL . '/edituser/?' . ($id_user ? 'id=' . $id_user : 'add'),
-			'content_below' => $after_form,
+			'buttons_extra' => $after_form,
 			'fields' => [
 				'first_name' => [
 					'type' => 'text',
@@ -122,8 +120,8 @@ class EditUser extends HTMLController
 
 		// Create the form, add in default values.
 		$form->setData($id_user ? $user->getProps() : $_POST);
-		$formview = new FormView($form);
-		$view->adopt($formview);
+		$formview = new FormView($form, $form_title);
+		$this->page->adopt($formview);
 
 		if (!empty($_POST))
 		{
@@ -131,13 +129,13 @@ class EditUser extends HTMLController
 
 			// Anything missing?
 			if (!empty($form->getMissing()))
-				return $formview->adopt(new DummyBox('Some data missing', 'Please fill out the following fields: ' . implode(', ', $form->getMissing())));
+				return $formview->adopt(new Alert('Some data missing', 'Please fill out the following fields: ' . implode(', ', $form->getMissing()), 'danger'));
 
 			$data = $form->getData();
 
 			// Just to be on the safe side.
-			$data['first_name'] = htmlentities(trim($data['first_name']));
-			$data['surname'] = htmlentities(trim($data['surname']));
+			$data['first_name'] = htmlspecialchars(trim($data['first_name']));
+			$data['surname'] = htmlspecialchars(trim($data['surname']));
 			$data['emailaddress'] = trim($data['emailaddress']);
 
 			// Make sure there's a slug.
@@ -152,18 +150,18 @@ class EditUser extends HTMLController
 
 			// If it looks like an e-mail address...
 			if (!empty($data['emailaddress']) && !preg_match('~^[^ ]+@[^ ]+\.[a-z]+$~', $data['emailaddress']))
-				return $formview->adopt(new DummyBox('Email addresses invalid', 'The email address you entered is not a valid email address.'));
+				return $formview->adopt(new Alert('Email addresses invalid', 'The email address you entered is not a valid email address.', 'danger'));
 			// Check whether email address is already linked to an account in the database -- just not to the account we happen to be editing, of course.
 			elseif (!empty($data['emailaddress']) && Member::exists($data['emailaddress']) && !($id_user && $user->getEmailAddress() == $data['emailaddress']))
-				return $formview->adopt(new DummyBox('Email address already in use', 'Another account is already using the e-mail address you entered.'));
+				return $formview->adopt(new Alert('Email address already in use', 'Another account is already using the e-mail address you entered.', 'danger'));
 
 			// Setting passwords? We'll need two!
 			if (!$id_user || !empty($data['password1']) && !empty($data['password2']))
 			{
 				if (strlen($data['password1']) < 6 || !preg_match('~[^A-z]~', $data['password1']))
-					return $formview->adopt(new DummyBox('Password not acceptable', 'Please fill in a password that is at least six characters long and contains at least one non-alphabetic character (e.g. a number or symbol).'));
+					return $formview->adopt(new Alert('Password not acceptable', 'Please fill in a password that is at least six characters long and contains at least one non-alphabetic character (e.g. a number or symbol).', 'danger'));
 				elseif ($data['password1'] !== $data['password2'])
-					return $formview->adopt(new DummyBox('Passwords do not match', 'The passwords you entered do not match. Please try again.'));
+					return $formview->adopt(new Alert('Passwords do not match', 'The passwords you entered do not match. Please try again.', 'danger'));
 				else
 					$data['password'] = $data['password1'];
 
@@ -175,7 +173,7 @@ class EditUser extends HTMLController
 			{
 				$return = Member::createNew($data);
 				if ($return === false)
-					return $formview->adopt(new DummyBox('Cannot create this user', 'Something went wrong while creating the user...'));
+					return $formview->adopt(new Alert('Cannot create this user', 'Something went wrong while creating the user...', 'danger'));
 
 				if (isset($_POST['submit_and_new']))
 				{

controllers/GenerateThumbnail.php

@@ -0,0 +1,27 @@
+<?php
+/*****************************************************************************
+ * GenerateThumbnail.php
+ * Contains the asynchronous thumbnail generation controller
+ *
+ * Kabuki CMS (C) 2013-2017, Aaron van Geffen
+ *****************************************************************************/
+
+class GenerateThumbnail extends HTMLController
+{
+	public function __construct()
+	{
+		$asset = Asset::fromId($_GET['id']);
+		if (empty($asset) || !$asset->isImage())
+			throw new NotFoundException('Image not found');
+
+		$image = $asset->getImage();
+		$crop_mode = isset($_GET['mode']) ? $_GET['mode'] : false;
+		$url = $image->getThumbnailUrl($_GET['width'], $_GET['height'], $crop_mode, true, true);
+
+		if ($url)
+		{
+			header('Location: ' . $url);
+			exit;
+		}
+	}
+}

controllers/HTMLController.php

@@ -12,7 +12,6 @@
 abstract class HTMLController
 {
 	protected $page;
-	protected $admin_bar;
 
 	public function __construct($title)
 	{
@@ -22,8 +21,6 @@ abstract class HTMLController
 		if (Registry::get('user')->isAdmin())
 		{
 			$this->page->appendStylesheet(BASEURL . '/css/admin.css');
-			$this->admin_bar = new AdminBar();
-			$this->page->adopt($this->admin_bar);
 		}
 	}
 

controllers/JSONController.php

@@ -3,19 +3,16 @@
  * JSONController.php
  * Contains the key JSON controller
  *
- * Kabuki CMS (C) 2013-2015, Aaron van Geffen
+ * Kabuki CMS (C) 2013-2019, Aaron van Geffen
  *****************************************************************************/
 
-/**
- * The abstract class that allows easy creation of json replies.
- */
 class JSONController
 {
 	protected $payload;
 
 	public function showContent()
 	{
-		header('Content-Type: text/json; charset=utf-8');
+		header('Content-Type: application/json; charset=utf-8');
 		echo json_encode($this->payload);
 	}
 }

controllers/Login.php

@@ -24,7 +24,9 @@ class Login extends HTMLController
 			if (Authentication::checkPassword($_POST['emailaddress'], $_POST['password']))
 			{
 				parent::__construct('Login');
-				$_SESSION['user_id'] = Authentication::getUserId($_POST['emailaddress']);
+
+				$user = Member::fromEmailAddress($_POST['emailaddress']);
+				$_SESSION['user_id'] = $user->getUserId();
 
 				if (isset($_POST['redirect_url']))
 					header('Location: ' . base64_decode($_POST['redirect_url']));
@@ -44,7 +46,7 @@ class Login extends HTMLController
 		parent::__construct('Log in - ' . SITE_TITLE);
 		$form = new LogInForm('Log in');
 		if ($login_error)
-			$form->adopt(new Alert('', 'Invalid email address or password.', 'error'));
+			$form->adopt(new Alert('', 'Invalid email address or password.', 'danger'));
 
 		// Tried anything? Be helpful, at least.
 		if (isset($_POST['emailaddress']))

controllers/Logout.php

@@ -11,7 +11,7 @@ class Logout extends HTMLController
 	public function __construct()
 	{
 		// Clear the entire sesssion.
-		$_SESSION = [];
+		Session::clear();
 
 		// Back to the frontpage you go.
 		header('Location: ' . BASEURL);

controllers/ManageAlbums.php

@@ -18,8 +18,7 @@ class ManageAlbums extends HTMLController
 			'form' => [
 				'action' => BASEURL . '/editalbum/',
 				'method' => 'get',
-				'class' => 'floatright',
-				'buttons' => [
+				'controls' => [
 					'add' => [
 						'type' => 'submit',
 						'caption' => 'Add new album',
@@ -35,18 +34,14 @@ class ManageAlbums extends HTMLController
 				'tag' => [
 					'header' => 'Album',
 					'is_sortable' => true,
-					'parse' => [
-						'link' => BASEURL . '/editalbum/?id={ID_TAG}',
-						'data' => 'tag',
-					],
+					'link' => BASEURL . '/editalbum/?id={ID_TAG}',
+					'value' => 'tag',
 				],
 				'slug' => [
 					'header' => 'Slug',
 					'is_sortable' => true,
-					'parse' => [
-						'link' => BASEURL . '/editalbum/?id={ID_TAG}',
-						'data' => 'slug',
-					],
+					'link' => BASEURL . '/editalbum/?id={ID_TAG}',
+					'value' => 'slug',
 				],
 				'count' => [
 					'header' => '# Photos',
@@ -54,51 +49,20 @@ class ManageAlbums extends HTMLController
 					'value' => 'count',
 				],
 			],
-			'start' => !empty($_GET['start']) ? (int) $_GET['start'] : 0,
-			'sort_order' => !empty($_GET['order']) ? $_GET['order'] : null,
-			'sort_direction' => !empty($_GET['dir']) ? $_GET['dir'] : null,
+			'default_sort_order' => 'tag',
+			'default_sort_direction' => 'up',
+			'start' => $_GET['start'] ?? 0,
+			'sort_order' => $_GET['order'] ?? '',
+			'sort_direction' => $_GET['dir'] ?? '',
 			'title' => 'Manage albums',
 			'no_items_label' => 'No albums meet the requirements of the current filter.',
 			'items_per_page' => 9999,
-			'index_class' => 'floatleft',
 			'base_url' => BASEURL . '/managealbums/',
-			'get_data' => function($offset = 0, $limit = 9999, $order = '', $direction = 'up') {
-				if (!in_array($order, ['id_tag', 'tag', 'slug', 'count']))
-					$order = 'tag';
-				if (!in_array($direction, ['up', 'down']))
-					$direction = 'up';
-
-				$db = Registry::get('db');
-				$res = $db->query('
-					SELECT *
-					FROM tags
-					WHERE kind = {string:album}
-					ORDER BY id_parent, {raw:order}',
-					[
-						'order' => $order . ($direction == 'up' ? ' ASC' : ' DESC'),
-						'album' => 'Album',
-					]);
-
-				$albums_by_parent = [];
-				while ($row = $db->fetch_assoc($res))
-				{
-					if (!isset($albums_by_parent[$row['id_parent']]))
-						$albums_by_parent[$row['id_parent']] = [];
-
-					$albums_by_parent[$row['id_parent']][] = $row + ['children' => []];
-				}
-
-				$albums = self::getChildrenRecursively(0, 0, $albums_by_parent);
-				$rows = self::flattenChildrenRecursively($albums);
-
-				return [
-					'rows' => $rows,
-					'order' => $order,
-					'direction' => ($direction == 'up' ? 'up' : 'down'),
-				];
+			'get_data' => function($offset, $limit, $order, $direction) {
+				return Tag::getOffset($offset, $limit, $order, $direction, true);
 			},
 			'get_count' => function() {
-				return 9999;
+				return Tag::getCount(false, 'Album', true);
 			}
 		];
 
@@ -106,42 +70,4 @@ class ManageAlbums extends HTMLController
 		parent::__construct('Album management - Page ' . $table->getCurrentPage() .' - ' . SITE_TITLE);
 		$this->page->adopt(new TabularData($table));
 	}
-
-	private static function getChildrenRecursively($id_parent, $level, &$albums_by_parent)
-	{
-		$children = [];
-		if (!isset($albums_by_parent[$id_parent]))
-			return $children;
-
-		foreach ($albums_by_parent[$id_parent] as $child)
-		{
-			if (isset($albums_by_parent[$child['id_tag']]))
-				$child['children'] = self::getChildrenRecursively($child['id_tag'], $level + 1, $albums_by_parent);
-
-			$child['tag'] = ($level ? str_repeat('—', $level * 2) . ' ' : '') . $child['tag'];
-			$children[] = $child;
-		}
-
-		return $children;
-	}
-
-	private static function flattenChildrenRecursively($albums)
-	{
-		if (empty($albums))
-			return [];
-
-		$rows = [];
-		foreach ($albums as $album)
-		{
-			$rows[] = array_intersect_key($album, array_flip(['id_tag', 'tag', 'slug', 'count']));
-			if (!empty($album['children']))
-			{
-				$children = self::flattenChildrenRecursively($album['children']);
-				foreach ($children as $child)
-					$rows[] = array_intersect_key($child, array_flip(['id_tag', 'tag', 'slug', 'count']));
-			}
-		}
-
-		return $rows;
-	}
 }

controllers/ManageAssets.php

@@ -0,0 +1,142 @@
+<?php
+/*****************************************************************************
+ * ManageAssets.php
+ * Contains the asset management controller.
+ *
+ * Kabuki CMS (C) 2013-2017, Aaron van Geffen
+ *****************************************************************************/
+
+class ManageAssets extends HTMLController
+{
+	public function __construct()
+	{
+		// Ensure it's just admins at this point.
+		if (!Registry::get('user')->isAdmin())
+			throw new NotAllowedException();
+
+		if (isset($_POST['deleteChecked'], $_POST['delete']) && Session::validateSession())
+			$this->handleAssetDeletion();
+
+		Session::resetSessionToken();
+
+		$options = [
+			'form' => [
+				'action' => BASEURL . '/manageassets/?' . Session::getSessionTokenKey() . '=' . Session::getSessionToken(),
+				'method' => 'post',
+				'is_embed' => true,
+				'controls' => [
+					'deleteChecked' => [
+						'type' => 'submit',
+						'caption' => 'Delete checked',
+						'class' => 'btn-danger',
+						'onclick' => 'return confirm(\'Are you sure you want to delete these items?\')',
+					],
+				],
+			],
+			'columns' => [
+				'checkbox' => [
+					'header' => '<input type="checkbox" id="selectall">',
+					'is_sortable' => false,
+					'format' => fn($row) =>
+						'<input type="checkbox" class="asset_select" name="delete[]" value="' . $row['id_asset'] . '">',
+				],
+				'thumbnail' => [
+					'header' => '&nbsp;',
+					'is_sortable' => false,
+					'cell_class' => 'text-center',
+					'format' => function($row) {
+						$asset = Image::byRow($row);
+						$width = $height = 65;
+						if ($asset->isImage())
+						{
+							if ($asset->isPortrait())
+								$width = null;
+							else
+								$height = null;
+
+							$thumb = $asset->getThumbnailUrl($width, $height);
+						}
+						else
+							$thumb = BASEURL . '/images/nothumb.svg';
+
+						$width = isset($width) ? $width . 'px' : 'auto';
+						$height = isset($height) ? $height . 'px' : 'auto';
+
+						return sprintf('<img src="%s" style="width: %s; height: %s;">', $thumb, $width, $height);
+					},
+				],
+				'id_asset' => [
+					'value' => 'id_asset',
+					'header' => 'ID',
+					'is_sortable' => true,
+				],
+				'subdir' => [
+					'value' => 'subdir',
+					'header' => 'Subdirectory',
+					'is_sortable' => true,
+				],
+				'filename' => [
+					'value' => 'filename',
+					'header' => 'Filename',
+					'is_sortable' => true,
+					'link' => BASEURL . '/editasset/?id={ID_ASSET}',
+					'value' => 'filename',
+				],
+				'id_user_uploaded' => [
+					'header' => 'User uploaded',
+					'is_sortable' => true,
+					'format' => function($row) {
+						if (!empty($row['id_user']))
+							return sprintf('<a href="%s/edituser/?id=%d">%s</a>', BASEURL, $row['id_user'],
+								$row['first_name'] . ' ' . $row['surname']);
+						else
+							return 'n/a';
+					},
+				],
+				'dimensions' => [
+					'header' => 'Dimensions',
+					'is_sortable' => false,
+					'format' => function($row) {
+						if (!empty($row['image_width']))
+							return $row['image_width'] . ' x ' . $row['image_height'];
+						else
+							return 'n/a';
+					},
+				],
+			],
+			'default_sort_order' => 'id_asset',
+			'default_sort_direction' => 'down',
+			'start' => $_GET['start'] ?? 0,
+			'sort_order' => $_GET['order'] ?? '',
+			'sort_direction' => $_GET['dir'] ?? '',
+			'title' => 'Manage assets',
+			'no_items_label' => 'No assets meet the requirements of the current filter.',
+			'items_per_page' => 30,
+			'base_url' => BASEURL . '/manageassets/',
+			'get_data' => 'Asset::getOffset',
+			'get_count' => 'Asset::getCount',
+		];
+
+		$table = new GenericTable($options);
+		parent::__construct('Asset management - Page ' . $table->getCurrentPage());
+
+		$wrapper = new AssetManagementWrapper();
+		$this->page->adopt($wrapper);
+		$wrapper->adopt(new TabularData($table));
+	}
+
+	private function handleAssetDeletion()
+	{
+		if (!isset($_POST['delete']) || !is_array($_POST['delete']))
+			throw new UnexpectedValueException();
+
+		foreach ($_POST['delete'] as $id_asset)
+		{
+			$asset = Asset::fromId($id_asset);
+			$asset->delete();
+		}
+
+		header('Location: ' . BASEURL . '/manageassets/');
+		exit;
+	}
+}

controllers/ManageErrors.php

@@ -14,8 +14,8 @@ class ManageErrors extends HTMLController
 		if (!Registry::get('user')->isAdmin())
 			throw new NotAllowedException();
 
-		// Flushing, are we?
-		if (isset($_POST['flush']) && Session::validateSession('get'))
+		// Clearing, are we?
+		if (isset($_POST['clear']) && Session::validateSession('get'))
 		{
 			ErrorLog::flush();
 			header('Location: ' . BASEURL . '/manageerrors/');
@@ -29,31 +29,32 @@ class ManageErrors extends HTMLController
 			'form' => [
 				'action' => BASEURL . '/manageerrors/?' . Session::getSessionTokenKey() . '=' . Session::getSessionToken(),
 				'method' => 'post',
-				'class' => 'floatright',
-				'buttons' => [
-					'flush' => [
+				'controls' => [
+					'clear' => [
 						'type' => 'submit',
 						'caption' => 'Delete all',
+						'class' => 'btn-danger',
 					],
 				],
 			],
 			'columns' => [
-				'id' => [
+				'id_entry' => [
 					'value' => 'id_entry',
 					'header' => '#',
 					'is_sortable' => true,
 				],
 				'message' => [
-					'parse' => [
-						'type' => 'function',
-						'data' => function($row) {
-							return $row['message'] . '<br><div><a onclick="this.parentNode.childNodes[1].style.display=\'block\';this.style.display=\'none\';">Show debug info</a>' .
-								'<pre style="display: none">' . $row['debug_info'] . '</pre></div>' .
-								'<small><a href="' . BASEURL . $row['request_uri'] . '">' . $row['request_uri'] . '</a></small>';
-						}
-					],
 					'header' => 'Message / URL',
 					'is_sortable' => false,
+					'format' => function($row) {
+						return $row['message'] . '<br>' .
+							'<div><a onclick="this.parentNode.childNodes[1].style.display=\'block\';this.style.display=\'none\';">Show debug info</a>' .
+							'<pre style="display: none">' . htmlspecialchars($row['debug_info']) .
+							'</pre></div>' .
+							'<small><a href="' . BASEURL .
+								htmlspecialchars($row['request_uri']) . '">' .
+								htmlspecialchars($row['request_uri']) . '</a></small>';
+					},
 				],
 				'file' => [
 					'value' => 'file',
@@ -66,12 +67,10 @@ class ManageErrors extends HTMLController
 					'is_sortable' => true,
 				],
 				'time' => [
-					'parse' => [
+					'format' => [
 						'type' => 'timestamp',
-						'data' => [
-							'timestamp' => 'time',
-							'pattern' => 'long',
-						],
+						'pattern' => 'long',
+						'value' => 'time',
 					],
 					'header' => 'Time',
 					'is_sortable' => true,
@@ -84,41 +83,20 @@ class ManageErrors extends HTMLController
 				'uid' => [
 					'header' => 'UID',
 					'is_sortable' => true,
-					'parse' => [
-						'link' => BASEURL . '/member/?id={ID_USER}',
-						'data' => 'id_user',
-					],
+					'link' => BASEURL . '/edituser/?id={ID_USER}',
+					'value' => 'id_user',
 				],
 			],
-			'start' => !empty($_GET['start']) ? (int) $_GET['start'] : 0,
-			'sort_order' => !empty($_GET['order']) ? $_GET['order'] : '',
-			'sort_direction' => !empty($_GET['dir']) ? $_GET['dir'] : '',
+			'default_sort_order' => 'id_entry',
+			'default_sort_direction' => 'down',
+			'start' => $_GET['start'] ?? 0,
+			'sort_order' => $_GET['order'] ?? '',
+			'sort_direction' => $_GET['dir'] ?? '',
 			'no_items_label' => "No errors to display -- we're all good!",
 			'items_per_page' => 20,
-			'index_class' => 'floatleft',
 			'base_url' => BASEURL . '/manageerrors/',
 			'get_count' => 'ErrorLog::getCount',
-			'get_data' => function($offset = 0, $limit = 20, $order = '', $direction = 'down') {
-				if (!in_array($order, ['id_entry', 'file', 'line', 'time', 'ipaddress', 'id_user']))
-					$order = 'id_entry';
-
-				$data = Registry::get('db')->queryAssocs('
-					SELECT *
-					FROM log_errors
-					ORDER BY {raw:order}
-					LIMIT {int:offset}, {int:limit}',
-					[
-						'order' => $order . ($direction === 'up' ? ' ASC' : ' DESC'),
-						'offset' => $offset,
-						'limit' => $limit,
-					]);
-
-				return [
-					'rows' => $data,
-					'order' => $order,
-					'direction' => $direction,
-				];
-			},
+			'get_data' => 'ErrorLog::getOffset',
 		];
 
 		$error_log = new GenericTable($options);

controllers/ManageTags.php

@@ -14,12 +14,13 @@ class ManageTags extends HTMLController
 		if (!Registry::get('user')->isAdmin())
 			throw new NotAllowedException();
 
+		Session::resetSessionToken();
+
 		$options = [
 			'form' => [
 				'action' => BASEURL . '/edittag/',
 				'method' => 'get',
-				'class' => 'floatright',
-				'buttons' => [
+				'controls' => [
 					'add' => [
 						'type' => 'submit',
 						'caption' => 'Add new tag',
@@ -27,7 +28,7 @@ class ManageTags extends HTMLController
 				],
 			],
 			'columns' => [
-				'id_post' => [
+				'id_tag' => [
 					'value' => 'id_tag',
 					'header' => 'ID',
 					'is_sortable' => true,
@@ -35,23 +36,25 @@ class ManageTags extends HTMLController
 				'tag' => [
 					'header' => 'Tag',
 					'is_sortable' => true,
-					'parse' => [
-						'link' => BASEURL . '/edittag/?id={ID_TAG}',
-						'data' => 'tag',
-					],
+					'link' => BASEURL . '/edittag/?id={ID_TAG}',
+					'value' => 'tag',
 				],
 				'slug' => [
 					'header' => 'Slug',
 					'is_sortable' => true,
-					'parse' => [
-						'link' => BASEURL . '/edittag/?id={ID_TAG}',
-						'data' => 'slug',
-					],
+					'link' => BASEURL . '/edittag/?id={ID_TAG}',
+					'value' => 'slug',
 				],
-				'kind' => [
-					'header' => 'Kind',
+				'id_user_owner' => [
+					'header' => 'Owning user',
 					'is_sortable' => true,
-					'value' => 'kind',
+					'format' => function($row) {
+						if (!empty($row['id_user']))
+							return sprintf('<a href="%s/edituser/?id=%d">%s</a>', BASEURL, $row['id_user'],
+								$row['first_name'] . ' ' . $row['surname']);
+						else
+							return 'n/a';
+					},
 				],
 				'count' => [
 					'header' => 'Cardinality',
@@ -59,45 +62,20 @@ class ManageTags extends HTMLController
 					'value' => 'count',
 				],
 			],
-			'start' => !empty($_GET['start']) ? (int) $_GET['start'] : 0,
-			'sort_order' => !empty($_GET['order']) ? $_GET['order'] : null,
-			'sort_direction' => !empty($_GET['dir']) ? $_GET['dir'] : null,
+			'default_sort_order' => 'tag',
+			'default_sort_direction' => 'up',
+			'start' => $_GET['start'] ?? 0,
+			'sort_order' => $_GET['order'] ?? '',
+			'sort_direction' => $_GET['dir'] ?? '',
 			'title' => 'Manage tags',
 			'no_items_label' => 'No tags meet the requirements of the current filter.',
-			'items_per_page' => 30,
-			'index_class' => 'floatleft',
+			'items_per_page' => 9999,
 			'base_url' => BASEURL . '/managetags/',
-			'get_data' => function($offset = 0, $limit = 30, $order = '', $direction = 'up') {
-				if (!in_array($order, ['id_post', 'tag', 'slug', 'kind', 'count']))
-					$order = 'tag';
-				if (!in_array($direction, ['up', 'down']))
-					$direction = 'up';
-
-				$data = Registry::get('db')->queryAssocs('
-					SELECT *
-					FROM tags
-					WHERE kind != {string:album}
-					ORDER BY {raw:order}
-					LIMIT {int:offset}, {int:limit}',
-					[
-						'order' => $order . ($direction == 'up' ? ' ASC' : ' DESC'),
-						'offset' => $offset,
-						'limit' => $limit,
-						'album' => 'Album',
-					]);
-
-				return [
-					'rows' => $data,
-					'order' => $order,
-					'direction' => ($direction == 'up' ? 'up' : 'down'),
-				];
+			'get_data' => function($offset, $limit, $order, $direction) {
+				return Tag::getOffset($offset, $limit, $order, $direction, false);
 			},
 			'get_count' => function() {
-				return Registry::get('db')->queryValue('
-					SELECT COUNT(*)
-					FROM tags
-					WHERE kind != {string:album}',
-					['album' => 'Album']);
+				return Tag::getCount(false, null, false);
 			}
 		];
 

controllers/ManageUsers.php

@@ -14,12 +14,13 @@ class ManageUsers extends HTMLController
 		if (!Registry::get('user')->isAdmin())
 			throw new NotAllowedException();
 
+		Session::resetSessionToken();
+
 		$options = [
 			'form' => [
 				'action' => BASEURL . '/edituser/',
 				'method' => 'get',
-				'class' => 'floatright',
-				'buttons' => [
+				'controls' => [
 					'add' => [
 						'type' => 'submit',
 						'caption' => 'Add new user',
@@ -35,26 +36,20 @@ class ManageUsers extends HTMLController
 				'surname' => [
 					'header' => 'Last name',
 					'is_sortable' => true,
-					'parse' => [
-						'link' => BASEURL . '/edituser/?id={ID_USER}',
-						'data' => 'surname',
-					],
+					'link' => BASEURL . '/edituser/?id={ID_USER}',
+					'value' => 'surname',
 				],
 				'first_name' => [
 					'header' => 'First name',
 					'is_sortable' => true,
-					'parse' => [
-						'link' => BASEURL . '/edituser/?id={ID_USER}',
-						'data' => 'first_name',
-					],
+					'link' => BASEURL . '/edituser/?id={ID_USER}',
+					'value' => 'first_name',
 				],
 				'slug' => [
 					'header' => 'Slug',
 					'is_sortable' => true,
-					'parse' => [
-						'link' => BASEURL . '/edituser/?id={ID_USER}',
-						'data' => 'slug',
-					],
+					'link' => BASEURL . '/edituser/?id={ID_USER}',
+					'value' => 'slug',
 				],
 				'emailaddress' => [
 					'value' => 'emailaddress',
@@ -62,12 +57,11 @@ class ManageUsers extends HTMLController
 					'is_sortable' => true,
 				],
 				'last_action_time' => [
-					'parse' => [
+					'format' => [
 						'type' => 'timestamp',
-						'data' => [
-							'timestamp' => 'last_action_time',
-							'pattern' => 'long',
-						],
+						'pattern' => 'long',
+						'value' => 'last_action_time',
+						'if_null' => 'n/a',
 					],
 					'header' => 'Last activity',
 					'is_sortable' => true,
@@ -80,48 +74,20 @@ class ManageUsers extends HTMLController
 				'is_admin' => [
 					'is_sortable' => true,
 					'header' => 'Admin?',
-					'parse' => [
-						'type' => 'function',
-						'data' => function($row) {
-							return $row['is_admin'] ? 'yes' : 'no';
-						}
-					],
+					'format' => fn($row) => $row['is_admin'] ? 'yes' : 'no',
 				],
 			],
-			'start' => !empty($_GET['start']) ? (int) $_GET['start'] : 0,
-			'sort_order' => !empty($_GET['order']) ? $_GET['order'] : '',
-			'sort_direction' => !empty($_GET['dir']) ? $_GET['dir'] : '',
+			'default_sort_order' => 'id_user',
+			'default_sort_direction' => 'down',
+			'start' => $_GET['start'] ?? 0,
+			'sort_order' => $_GET['order'] ?? '',
+			'sort_direction' => $_GET['dir'] ?? '',
 			'title' => 'Manage users',
 			'no_items_label' => 'No users meet the requirements of the current filter.',
 			'items_per_page' => 30,
-			'index_class' => 'floatleft',
 			'base_url' => BASEURL . '/manageusers/',
-			'get_data' => function($offset = 0, $limit = 30, $order = '', $direction = 'down') {
-				if (!in_array($order, ['id_user', 'surname', 'first_name', 'slug', 'emailaddress', 'last_action_time', 'ip_address', 'is_admin']))
-					$order = 'id_user';
-
-				$data = Registry::get('db')->queryAssocs('
-					SELECT *
-					FROM users
-					ORDER BY {raw:order}
-					LIMIT {int:offset}, {int:limit}',
-					[
-						'order' => $order . ($direction == 'up' ? ' ASC' : ' DESC'),
-						'offset' => $offset,
-						'limit' => $limit,
-					]);
-
-				return [
-					'rows' => $data,
-					'order' => $order,
-					'direction' => $direction,
-				];
-			},
-			'get_count' => function() {
-				return Registry::get('db')->queryValue('
-					SELECT COUNT(*)
-					FROM users');
-			}
+			'get_data' => 'Member::getOffset',
+			'get_count' => 'Member::getCount',
 		];
 
 		$table = new GenericTable($options);

controllers/ProvideAutoSuggest.php

@@ -41,8 +41,9 @@ class ProvideAutoSuggest extends JSONController
 			$results = Tag::matchPeople($data);
 			foreach ($results as $id_tag => $tag)
 				$this->payload['items'][] = [
-					'label' => $tag,
+					'label' => $tag['tag'],
 					'id_tag' => $id_tag,
+					'url' => BASEURL . '/' . $tag['slug'] . '/',
 				];
 		}
 	}
@@ -52,11 +53,11 @@ class ProvideAutoSuggest extends JSONController
 		// It better not already exist!
 		if (Tag::exactMatch($_REQUEST['tag']))
 		{
-			$this->payload = ['error' => true, 'msg' => "Tag already exists!"];
+			$this->payload = ['error' => true, 'msg' => 'Tag already exists!'];
 			return;
 		}
 
-		$label = htmlentities(trim($_REQUEST['tag']));
+		$label = htmlspecialchars(trim($_REQUEST['tag']));
 		$slug = strtr($label, [' ' => '-']);
 		$tag = Tag::createNew([
 			'tag' => $label,
@@ -67,7 +68,7 @@ class ProvideAutoSuggest extends JSONController
 		// Did we succeed?
 		if (!$tag)
 		{
-			$this->payload = ['error' => true, 'msg' => "Could not create tag."];
+			$this->payload = ['error' => true, 'msg' => 'Could not create tag.'];
 			return;
 		}
 

controllers/ResetPassword.php

@@ -16,66 +16,94 @@ class ResetPassword extends HTMLController
 
 		// Verifying an existing reset key?
 		if (isset($_GET['step'], $_GET['email'], $_GET['key']) && $_GET['step'] == 2)
-		{
-			$email = rawurldecode($_GET['email']);
-			$id_user = Authentication::getUserid($email);
-			if ($id_user === false)
-				throw new UserFacingException('Invalid email address. Please make sure you copied the full link in the email you received.');
-
-			$key = $_GET['key'];
-			if (!Authentication::checkResetKey($id_user, $key))
-				throw new UserFacingException('Invalid reset token. Please make sure you copied the full link in the email you received. Note: you cannot use the same token twice.');
-
-			parent::__construct('Reset password - ' . SITE_TITLE);
-			$form = new PasswordResetForm($email, $key);
-			$this->page->adopt($form);
-
-			// Are they trying to set something already?
-			if (isset($_POST['password1'], $_POST['password2']))
-			{
-				$missing = [];
-		 		if (strlen($_POST['password1']) < 6 || !preg_match('~[^A-z]~', $_POST['password1']))
-		 			$missing[] = 'Please fill in a password that is at least six characters long and contains at least one non-alphabetic character (e.g. a number or symbol).';
-				if ($_POST['password1'] != $_POST['password2'])
-					$missing[] = 'The passwords you entered do not match.';
-
-				// So, are we good to go?
-				if (empty($missing))
-				{
-					Authentication::updatePassword($id_user, Authentication::computeHash($_POST['password1']));
-					$_SESSION['login_msg'] = ['Your password has been reset', 'You can now use the form below to log in to your account.', 'success'];
-					header('Location: ' . BASEURL . '/login/');
-					exit;
-				}
-				else
-					$form->adopt(new Alert('Some fields require your attention', '<ul><li>' . implode('</li><li>', $missing) . '</li></ul>', 'error'));
-		 	}
-		}
+			$this->verifyResetKey();
 		else
+			$this->requestResetKey();
+	}
+
+	private function requestResetKey()
+	{
+		parent::__construct('Reset password - ' . SITE_TITLE);
+		$form = new ForgotPasswordForm();
+		$this->page->adopt($form);
+
+		// Have they submitted an email address yet?
+		if (isset($_POST['emailaddress']) && preg_match('~^.+@.+\.[a-z]+$~', trim($_POST['emailaddress'])))
 		{
-			parent::__construct('Reset password - ' . SITE_TITLE);
-			$form = new ForgotPasswordForm();
-			$this->page->adopt($form);
-
-			// Have they submitted an email address yet?
-			if (isset($_POST['emailaddress']) && preg_match('~^.+@.+\.[a-z]+$~', trim($_POST['emailaddress'])))
+			$user = Member::fromEmailAddress($_POST['emailaddress']);
+			if (!$user)
 			{
-				$id_user = Authentication::getUserid(trim($_POST['emailaddress']));
-				if ($id_user === false)
-				{
-					$form->adopt(new Alert('Invalid email address', 'The email address you provided could not be found in our system. Please try again.', 'error'));
-					return;
-				}
-
-				Authentication::setResetKey($id_user);
-				Email::resetMail($id_user);
-
-				// Show the success message
-				$this->page->clear();
-				$box = new DummyBox('An email has been sent');
-				$box->adopt(new Alert('', 'We have sent an email to ' . $_POST['emailaddress'] . ' containing details on how to reset your password.', 'success'));
-				$this->page->adopt($box);
+				$form->adopt(new Alert('Invalid email address', 'The email address you provided could not be found in our system. Please try again.', 'danger'));
+				return;
 			}
+
+			if (Authentication::getResetTimeOut($user->getUserId()) > 0)
+			{
+				// Update the reset time-out to prevent hammering
+				$resetTimeOut = Authentication::updateResetTimeOut($user->getUserId());
+
+				// Present it to the user in a readable way
+				if ($resetTimeOut > 3600)
+					$timeOut = sprintf('%d hours', ceil($resetTimeOut / 3600));
+				elseif ($resetTimeOut > 60)
+					$timeOut = sprintf('%d minutes', ceil($resetTimeOut / 60));
+				else
+					$timeOut = sprintf('%d seconds', $resetTimeOut);
+
+				$form->adopt(new Alert('Password reset token already sent', 'We already sent a password reset token to this email address recently. ' .
+					'If no email was received, please wait ' . $timeOut . ' to try again.', 'error'));
+				return;
+			}
+
+			Authentication::setResetKey($user->getUserId());
+			Email::resetMail($user->getUserId());
+
+			// Show the success message
+			$this->page->clear();
+			$box = new DummyBox('An email has been sent');
+			$box->adopt(new Alert('', 'We have sent an email to ' . $_POST['emailaddress'] . ' containing details on how to reset your password.', 'success'));
+			$this->page->adopt($box);
+		}
+	}
+
+	private function verifyResetKey()
+	{
+		$email = rawurldecode($_GET['email']);
+		$user = Member::fromEmailAddress($email);
+		if (!$user)
+			throw new UserFacingException('Invalid email address. Please make sure you copied the full link in the email you received.');
+
+		$key = $_GET['key'];
+		if (!Authentication::checkResetKey($user->getUserId(), $key))
+			throw new UserFacingException('Invalid reset token. Please make sure you copied the full link in the email you received. Note: you cannot use the same token twice.');
+
+		parent::__construct('Reset password - ' . SITE_TITLE);
+		$form = new PasswordResetForm($email, $key);
+		$this->page->adopt($form);
+
+		// Are they trying to set something already?
+		if (isset($_POST['password1'], $_POST['password2']))
+		{
+			$missing = [];
+			if (strlen($_POST['password1']) < 6 || !preg_match('~[^A-z]~', $_POST['password1']))
+				$missing[] = 'Please fill in a password that is at least six characters long and contains at least one non-alphabetic character (e.g. a number or symbol).';
+			if ($_POST['password1'] != $_POST['password2'])
+				$missing[] = 'The passwords you entered do not match.';
+
+			// So, are we good to go?
+			if (empty($missing))
+			{
+				Authentication::updatePassword($user->getUserId(), Authentication::computeHash($_POST['password1']));
+
+				// Consume token, ensuring it isn't used again
+				Authentication::consumeResetKey($user->getUserId());
+
+				$_SESSION['login_msg'] = ['Your password has been reset', 'You can now use the form below to log in to your account.', 'success'];
+				header('Location: ' . BASEURL . '/login/');
+				exit;
+			}
+			else
+				$form->adopt(new Alert('Some fields require your attention', '<ul><li>' . implode('</li><li>', $missing) . '</li></ul>', 'danger'));
 		}
 	}
 }

controllers/UploadMedia.php

@@ -42,8 +42,11 @@ class UploadMedia extends HTMLController
 				$new_ids[] = $asset->getId();
 				$asset->linkTags([$tag->id_tag]);
 
-				$tag->id_asset_thumb = $asset->getId();
-				$tag->save();
+				if (empty($tag->id_asset_thumb))
+				{
+					$tag->id_asset_thumb = $asset->getId();
+					$tag->save();
+				}
 			}
 
 			if (isset($_REQUEST['format']) && $_REQUEST['format'] === 'json')

controllers/ViewPeople.php

@@ -52,8 +52,9 @@ class ViewPeople extends HTMLController
 			'start' => $start,
 			'base_url' => BASEURL . '/people/',
 			'page_slug' => 'page/%PAGE%/',
+			'index_class' => 'pagination-lg mt-5 justify-content-around justify-content-lg-center',
 		]);
-		$this->page->adopt(new Pagination($pagination));
+		$this->page->adopt(new PageIndexWidget($pagination));
 
 		$this->page->setCanonicalUrl(BASEURL . '/people/' . ($page > 1 ? 'page/' . $page . '/' : ''));
 	}

controllers/ViewPhoto.php

@@ -8,50 +8,61 @@
 
 class ViewPhoto extends HTMLController
 {
+	private Image $photo;
+
 	public function __construct()
 	{
 		// Ensure we're logged in at this point.
-		if (!Registry::get('user')->isLoggedIn())
+		$user = Registry::get('user');
+		if (!$user->isLoggedIn())
 			throw new NotAllowedException();
 
 		$photo = Asset::fromSlug($_GET['slug']);
 		if (empty($photo))
 			throw new NotFoundException();
 
+		$this->photo = $photo->getImage();
+
+		Session::resetSessionToken();
+
+		parent::__construct($this->photo->getTitle() . ' - ' . SITE_TITLE);
+
 		if (!empty($_POST))
-			$this->handleTagging($photo->getImage());
+			$this->handleTagging();
+		else
+			$this->handleViewPhoto();
+	}
 
-		parent::__construct($photo->getTitle() . ' - ' . SITE_TITLE);
-		$page = new PhotoPage($photo->getImage());
+	private function handleViewPhoto()
+	{
+		$page = new PhotoPage($this->photo);
 
-		// Exif data?
-		$exif = EXIF::fromFile($photo->getFullPath());
-		if ($exif)
-			$page->setExif($exif);
+		// Any (EXIF) meta data?
+		$metaData = $this->prepareMetaData();
+		$page->setMetaData($metaData);
 
 		// What tag are we browsing?
 		$tag = isset($_GET['in']) ? Tag::fromId($_GET['in']) : null;
-		$id_tag = isset($tag) ? $tag->id_tag : null;
+		if (isset($tag))
+			$page->setTag($tag);
 
-		// Find previous photo in set.
-		$previous_url = $photo->getUrlForPreviousInSet($id_tag);
-		if ($previous_url)
-			$page->setPreviousPhotoUrl($previous_url);
+		// Keeping tabs on a filter?
+		if (isset($_GET['by']))
+		{
+			// Let's first verify that the filter is valid
+			$user = Member::fromSlug($_GET['by']);
+			if (!$user)
+				throw new UnexpectedValueException('Invalid filter for this album or tag.');
 
-		// ... and the next photo, too.
-		$next_url = $photo->getUrlForNextInSet($id_tag);
-		if ($next_url)
-			$page->setNextPhotoUrl($next_url);
+			// Alright, let's run with it then
+			$page->setActiveFilter($user->getSlug());
+		}
 
 		$this->page->adopt($page);
-		$this->page->setCanonicalUrl($photo->getPageUrl());
-
-		// Add an edit button to the admin bar.
-		if (Registry::get('user')->isAdmin())
-			$this->admin_bar->appendItem(BASEURL . '/editasset/?id=' . $photo->getId(), 'Edit this photo');
+		$this->page->setCanonicalUrl($this->photo->getPageUrl());
 	}
 
-	private function handleTagging(Image $photo)
+	private function handleTagging()
 	{
 		header('Content-Type: text/json; charset=utf-8');
 
@@ -63,8 +74,53 @@ class ViewPhoto extends HTMLController
 		}
 
 		// We are!
-		$photo->linkTags([(int) $_POST['id_tag']]);
-		echo json_encode(['success' => true]);
-		exit;
+		if (!isset($_POST['delete']))
+		{
+			$this->photo->linkTags([(int) $_POST['id_tag']]);
+			echo json_encode(['success' => true]);
+			exit;
+		}
+
+		// ... deleting, that is.
+		else
+		{
+			$this->photo->unlinkTags([(int) $_POST['id_tag']]);
+			echo json_encode(['success' => true]);
+			exit;
+		}
+	}
+
+	private function prepareMetaData()
+	{
+		if (!($exif = EXIF::fromFile($this->photo->getFullPath())))
+			throw new UnexpectedValueException('Photo file not found!');
+
+		$metaData = [];
+
+		if (!empty($exif->created_timestamp))
+			$metaData['Date Taken'] = date("j M Y, H:i:s", $exif->created_timestamp);
+
+		if ($author = $this->photo->getAuthor())
+			$metaData['Uploaded by'] = $author->getfullName();
+
+		if (!empty($exif->camera))
+			$metaData['Camera Model'] = $exif->camera;
+
+		if (!empty($exif->shutter_speed))
+			$metaData['Shutter Speed'] = $exif->shutterSpeedFraction();
+
+		if (!empty($exif->aperture))
+			$metaData['Aperture'] = 'f/' . number_format($exif->aperture, 1);
+
+		if (!empty($exif->focal_length))
+			$metaData['Focal Length'] = $exif->focal_length . ' mm';
+
+		if (!empty($exif->iso))
+			$metaData['ISO Speed'] = $exif->iso;
+
+		if (!empty($exif->software))
+			$metaData['Software'] = $exif->software;
+
+		return $metaData;
 	}
 }

controllers/ViewPhotoAlbum.php

@@ -26,72 +26,92 @@ class ViewPhotoAlbum extends HTMLController
 			$tag = Tag::fromSlug($_GET['tag']);
 			$id_tag = $tag->id_tag;
 			$title = $tag->tag;
-			$description = !empty($tag->description) ? $tag->description : '';
-
-			// Can we go up a level?
-			if ($tag->id_parent != 0)
-			{
-				$ptag = Tag::fromId($tag->id_parent);
-				$back_link = BASEURL . '/' . (!empty($ptag->slug) ? $ptag->slug . '/' : '');
-				$back_link_title = 'Back to "' . $ptag->tag . '"';
-			}
-			elseif ($tag->kind === 'Person')
-			{
-				$back_link = BASEURL . '/people/';
-				$back_link_title = 'Back to "People"';
-				$is_person = true;
-			}
-
-			$header_box = new AlbumHeaderBox($title, $description, $back_link, $back_link_title);
+			$header_box = $this->getHeaderBox($tag);
 		}
 		// View the album root.
 		else
 		{
 			$id_tag = 1;
+			$tag = Tag::fromId($id_tag);
 			$title = 'Albums';
 		}
 
 		// What page are we at?
-		$page = isset($_GET['page']) ? (int) $_GET['page'] : 1;
+		$current_page = isset($_GET['page']) ? (int) $_GET['page'] : 1;
 
-		parent::__construct($title . ' - Page ' . $page . ' - ' . SITE_TITLE);
+		parent::__construct($title . ' - Page ' . $current_page . ' - ' . SITE_TITLE);
 		if (isset($header_box))
 			$this->page->adopt($header_box);
 
-		// Can we do fancy things here?
-		// !!! TODO: permission system?
-		$buttons = [];
-		if (Registry::get('user')->isLoggedIn())
-			$buttons[] = [
-				'url' => BASEURL . '/uploadmedia/?tag=' . $id_tag,
-				'caption' => 'Upload new photos here',
-			];
-		if (Registry::get('user')->isAdmin())
-			$buttons[] = [
-				'url' => BASEURL . '/addalbum/?tag=' . $id_tag,
-				'caption' => 'Create new subalbum here',
-			];
+		// Who contributed to this album?
+		$contributors = $tag->getContributorList();
 
-		// Enough actions for a button box?
-		if (!empty($buttons))
-			$this->page->adopt(new AlbumButtonBox($buttons));
+		// Enumerate possible filters
+		$filters = [];
+		if (!empty($contributors))
+		{
+			$filters[''] = ['id_user' => null, 'label' => '', 'caption' => 'All photos',
+				'link' => $tag->getUrl()];
+
+			foreach ($contributors as $contributor)
+			{
+				$filters[$contributor['slug']] = [
+					'id_user' => $contributor['id_user'],
+					'label' => $contributor['first_name'],
+					'caption' => sprintf('By %s (%s photos)',
+						$contributor['first_name'], $contributor['num_assets']),
+					'link' => $tag->getUrl() . '?by=' . $contributor['slug'],
+				];
+			}
+		}
+
+		// Limit to a particular uploader?
+		$active_filter = '';
+		$id_user_uploaded = null;
+		if (!empty($_GET['by']))
+		{
+			if (!isset($filters[$_GET['by']]))
+				throw new UnexpectedValueException('Invalid filter for this album or tag.');
+
+			$active_filter = $_GET['by'];
+			$id_user_uploaded = $filters[$active_filter]['id_user'];
+			$filters[$active_filter]['is_active'] = true;
+		}
+
+		// Add an interface to query and modify the album/tag
+		$buttons = $this->getAlbumButtons($tag, $active_filter);
+		$button_strip = new AlbumButtonBox($buttons, $filters, $active_filter);
+		$this->page->adopt($button_strip);
 
 		// Fetch subalbums, but only if we're on the first page.
-		if ($page === 1)
+		if ($current_page === 1)
 		{
 			$albums = $this->getAlbums($id_tag);
 			$index = new AlbumIndex($albums);
 			$this->page->adopt($index);
 		}
 
+		// Are we viewing a person tag?
+		$is_person = $tag->kind === 'Person';
+
 		// Load a photo mosaic for the current tag.
-		list($mosaic, $total_count) = $this->getPhotoMosaic($id_tag, $page, !isset($is_person));
+		list($mosaic, $total_count) = $this->getPhotoMosaic($id_tag, $id_user_uploaded, $current_page, !$is_person);
 		if (isset($mosaic))
 		{
 			$index = new PhotosIndex($mosaic, Registry::get('user')->isAdmin());
 			$this->page->adopt($index);
-			if ($id_tag > 1)
-				$index->setUrlSuffix('?in=' . $id_tag);
+
+			$url_params = [];
+			if (isset($tag))
+				$url_params['in'] = $tag->id_tag;
+			if (!empty($active_filter))
+				$url_params['by'] = $active_filter;
+
+			$url_suffix = http_build_query($url_params);
+			$index->setUrlSuffix('?' . $url_suffix);
+
+			$menu_items = $this->getEditMenuItems('&' . $url_suffix);
+			$index->setEditMenuItems($menu_items);
 		}
 
 		// Make a page index as needed, while we're at it.
@@ -100,23 +120,24 @@ class ViewPhotoAlbum extends HTMLController
 			$index = new PageIndex([
 				'recordCount' => $total_count,
 				'items_per_page' => self::PER_PAGE,
-				'start' => (isset($_GET['page']) ? $_GET['page'] - 1 : 0) * self::PER_PAGE,
-				'base_url' => BASEURL . '/' . (isset($_GET['tag']) ? $_GET['tag'] . '/' : ''),
-				'page_slug' => 'page/%PAGE%/',
+				'start' => ($current_page - 1) * self::PER_PAGE,
+				'base_url' => $tag->getUrl(),
+				'page_slug' => 'page/%PAGE%/' . (!empty($active_filter) ? '?by=' . $active_filter : ''),
+				'index_class' => 'pagination-lg justify-content-around justify-content-lg-center',
 			]);
-			$this->page->adopt(new Pagination($index));
+			$this->page->adopt(new PageIndexWidget($index));
 		}
 
 		// Set the canonical url.
-		$this->page->setCanonicalUrl(BASEURL . '/' . (isset($_GET['tag']) ? $_GET['tag'] . '/' : '') .
-			($page > 1 ? 'page/' . $page . '/' : ''));
+		$this->page->setCanonicalUrl($tag->getUrl() . ($current_page > 1 ? 'page/' . $current_page . '/' : ''));
 	}
 
-	public function getPhotoMosaic($id_tag, $page, $sort_linear)
+	public function getPhotoMosaic($id_tag, $id_user_uploaded, $page, $sort_linear)
 	{
 		// Create an iterator.
 		list($this->iterator, $total_count) = AssetIterator::getByOptions([
 			'id_tag' => $id_tag,
+			'id_user_uploaded' => $id_user_uploaded,
 			'order' => 'date_captured',
 			'direction' => $sort_linear ? 'asc' : 'desc',
 			'limit' => self::PER_PAGE,
@@ -148,16 +169,124 @@ class ViewPhotoAlbum extends HTMLController
 				'id_tag' => $album['id_tag'],
 				'caption' => $album['tag'],
 				'link' => BASEURL . '/' . $album['slug'] . '/',
-				'thumbnail' => !empty($album['id_asset_thumb']) ? $assets[$album['id_asset_thumb']]->getImage() : null,
+				'thumbnail' => !empty($album['id_asset_thumb']) && isset($assets[$album['id_asset_thumb']])
+					? $assets[$album['id_asset_thumb']]->getImage() : null,
 			];
 		}
 
 		return $albums;
 	}
 
-	public function __destruct()
+	private function getAlbumButtons(Tag $tag, $active_filter)
 	{
-		if (isset($this->iterator))
-			$this->iterator->clean();
+		$buttons = [];
+		$user = Registry::get('user');
+
+		if ($user->isLoggedIn())
+		{
+			$suffix = !empty($active_filter) ? '&by=' . $active_filter : '';
+			$buttons[] = [
+				'url' => BASEURL . '/download/?tag=' . $tag->id_tag . $suffix,
+				'caption' => 'Download album',
+			];
+		}
+
+		if ($tag->id_parent != 0)
+		{
+			if ($tag->kind === 'Album')
+			{
+				$buttons[] = [
+					'url' => BASEURL . '/uploadmedia/?tag=' . $tag->id_tag,
+					'caption' => 'Upload photos here',
+				];
+			}
+
+			if ($user->isAdmin())
+			{
+				if ($tag->kind === 'Album')
+				{
+					$buttons[] = [
+						'url' => BASEURL . '/editalbum/?id=' . $tag->id_tag,
+						'caption' => 'Edit album',
+					];
+				}
+				elseif ($tag->kind === 'Person')
+				{
+					$buttons[] = [
+						'url' => BASEURL . '/edittag/?id=' . $tag->id_tag,
+						'caption' => 'Edit tag',
+					];
+				}
+			}
+		}
+
+		if ($user->isAdmin() && (!isset($tag) || $tag->kind === 'Album'))
+		{
+			$buttons[] = [
+				'url' => BASEURL . '/addalbum/?tag=' . $tag->id_tag,
+				'caption' => 'Create subalbum',
+			];
+		}
+
+		return $buttons;
+	}
+
+	private function getEditMenuItems($url_suffix)
+	{
+		$items = [];
+		$sess = '&' . Session::getSessionTokenKey() . '=' . Session::getSessionToken();
+
+		if (Registry::get('user')->isLoggedIn())
+		{
+			$items[] = [
+				'label' => 'Edit image',
+				'uri' => fn($image) => $image->getEditUrl() . $url_suffix,
+			];
+
+			$items[] = [
+				'label' => 'Delete image',
+				'uri' => fn($image) => $image->getDeleteUrl() . $url_suffix . $sess,
+				'onclick' => 'return confirm(\'Are you sure you want to delete this image?\');',
+			];
+		}
+
+		if (Registry::get('user')->isAdmin())
+		{
+			$items[] = [
+				'label' => 'Make album cover',
+				'uri' => fn($image) => $image->getEditUrl() . $url_suffix . '&album_cover' . $sess,
+			];
+
+			$items[] = [
+				'label' => 'Increase priority',
+				'uri' => fn($image) => $image->getEditUrl() . $url_suffix . '&inc_prio' . $sess,
+			];
+
+			$items[] = [
+				'label' => 'Decrease priority',
+				'uri' => fn($image) => $image->getEditUrl() . $url_suffix . '&dec_prio' . $sess,
+			];
+		}
+
+		return $items;
+	}
+
+	private function getHeaderBox(Tag $tag)
+	{
+		// Can we go up a level?
+		if ($tag->id_parent != 0)
+		{
+			$ptag = Tag::fromId($tag->id_parent);
+			$back_link = BASEURL . '/' . (!empty($ptag->slug) ? $ptag->slug . '/' : '');
+			$back_link_title = 'Back to "' . $ptag->tag . '"';
+		}
+		elseif ($tag->kind === 'Person')
+		{
+			$back_link = BASEURL . '/people/';
+			$back_link_title = 'Back to "People"';
+		}
+
+		$description = !empty($tag->description) ? $tag->description : '';
+		return new AlbumHeaderBox($tag->tag, $description, $back_link, $back_link_title);
 	}
 }

controllers/ViewTimeline.php

@@ -46,17 +46,12 @@ class ViewTimeline extends HTMLController
 				'start' => (isset($_GET['page']) ? $_GET['page'] - 1 : 0) * self::PER_PAGE,
 				'base_url' => BASEURL . '/timeline/',
 				'page_slug' => 'page/%PAGE%/',
+				'index_class' => 'pagination-lg justify-content-around justify-content-lg-center',
 			]);
-			$this->page->adopt(new Pagination($index));
+			$this->page->adopt(new PageIndexWidget($index));
 		}
 
 		// Set the canonical url.
 		$this->page->setCanonicalUrl(BASEURL . '/timeline/');
 	}
-
-	public function __destruct()
-	{
-		if (isset($this->iterator))
-			$this->iterator->clean();
-	}
 }

import_albums.php

@@ -1,319 +0,0 @@
-<?php
-/*****************************************************************************
- * import_albums.php
- * Imports albums from a Gallery 3 database.
- *
- * Kabuki CMS (C) 2013-2016, Aaron van Geffen
- *****************************************************************************/
-
-// Include the project's configuration.
-require_once 'config.php';
-
-// Set up the autoloader.
-require_once 'vendor/autoload.php';
-
-// Initialise the database.
-$db = new Database(DB_SERVER, DB_USER, DB_PASS, DB_NAME);
-$pdb = new Database(DB_SERVER, DB_USER, DB_PASS, "hashru_gallery");
-Registry::set('db', $db);
-
-// Do some authentication checks.
-Session::start();
-Registry::set('user', Authentication::isLoggedIn() ? Member::fromId($_SESSION['user_id']) : new Guest());
-
-// Enable debugging.
-//set_error_handler('ErrorHandler::handleError');
-ini_set("display_errors", DEBUG ? "On" : "Off");
-
-/*******************************
- * STEP 0: USERS
- *******************************/
-
-$num_users = $pdb->queryValue('
-	SELECT COUNT(*)
-	FROM users');
-
-echo $num_users, ' users to import.', "\n";
-
-$rs_users = $pdb->query('
-	SELECT id, name, full_name, password, last_login, email, admin
-	FROM users
-	WHERE id > 1
-	ORDER BY id ASC');
-
-$old_user_id_to_new_user_id = [];
-
-while ($user = $pdb->fetch_assoc($rs_users))
-{
-	// Check whether a user already exists for this e-mail address.
-	if (!($id_user = Authentication::getUserId($user['email'])))
-	{
-		$bool = $db->insert('insert', 'users', [
-			'first_name' => 'string-30',
-			'surname' => 'string-60',
-			'slug' => 'string-90',
-			'emailaddress' => 'string-255',
-			'password_hash' => 'string-255',
-			'creation_time' => 'int',
-			'last_action_time' => 'int',
-			'ip_address' => 'string-15',
-			'is_admin' => 'int',
-		], [
-			'first_name' => substr($user['full_name'], 0, strpos($user['full_name'], ' ')),
-			'surname' => substr($user['full_name'], strpos($user['full_name'], ' ') + 1),
-			'slug' => $user['name'],
-			'emailaddress' => $user['email'],
-			'password_hash' => $user['password'],
-			'creation_time' => 0,
-			'last_action_time' => $user['last_login'],
-			'ip_address' => '0.0.0.0',
-			'is_admin' => $user['admin'],
-		], ['id_user']);
-
-		if ($bool)
-			$id_user = $db->insert_id();
-		else
-			die("User creation failed!");
-	}
-
-	$old_user_id_to_new_user_id[$user['id']] = $id_user;
-}
-
-$pdb->free_result($rs_users);
-
-/*******************************
- * STEP 1: ALBUMS
- *******************************/
-
-$num_albums = $pdb->queryValue('
-	SELECT COUNT(*)
-	FROM items
-	WHERE type = {string:album}
-	ORDER BY id ASC',
-	['album' => 'album']);
-
-echo $num_albums, ' albums to import.', "\n";
-
-$albums = $pdb->query('
-	SELECT id, album_cover_item_id, parent_id, title, description, relative_path_cache, relative_url_cache
-	FROM items
-	WHERE type = {string:album}
-	ORDER BY id ASC',
-	['album' => 'album']);
-
-$tags = [];
-$old_album_id_to_new_tag_id = [];
-$dirnames_by_old_album_id = [];
-$old_thumb_id_by_tag_id = [];
-
-while ($album = $pdb->fetch_assoc($albums))
-{
-	$tag = Tag::createNew([
-		'tag' => $album['title'],
-		'slug' => $album['relative_url_cache'],
-		'kind' => 'Album',
-		'description' => $album['description'],
-	]);
-
-	if (!empty($album['parent_id']))
-		$parent_to_set[$tag->id_tag] = $album['parent_id'];
-
-	$tags[$tag->id_tag] = $tag;
-	$old_album_id_to_new_tag_id[$album['id']] = $tag->id_tag;
-	$dirnames_by_old_album_id[$album['id']] = str_replace('#', '', urldecode($album['relative_path_cache']));
-	$old_thumb_id_by_tag_id[$tag->id_tag] = $album['album_cover_item_id'];
-}
-
-$pdb->free_result($albums);
-
-foreach ($parent_to_set as $id_tag => $old_album_id)
-{
-	$id_parent = $old_album_id_to_new_tag_id[$old_album_id];
-	$db->query('
-		UPDATE tags
-		SET id_parent = ' . $id_parent . '
-		WHERE id_tag = ' . $id_tag);
-}
-
-unset($parent_to_set);
-
-/*******************************
- * STEP 2: PHOTOS
- *******************************/
-
-$num_photos = $pdb->queryValue('
-	SELECT COUNT(*)
-	FROM items
-	WHERE type = {string:photo}',
-	['photo' => "photo"]);
-
-echo $num_photos, " photos to import.\n";
-
-$old_photo_id_to_asset_id = [];
-for ($i = 0; $i < $num_photos; $i += 50)
-{
-	echo 'Offset ' . $i . "...\n";
-
-	$photos = $pdb->query('
-		SELECT id, owner_id, parent_id, captured, created, name, title, description, relative_url_cache, width, height, mime_type, weight
-		FROM items
-		WHERE type = {string:photo}
-		ORDER BY id ASC
-		LIMIT ' . $i . ', 50',
-		['photo' => 'photo']);
-
-	while ($photo = $pdb->fetch_assoc($photos))
-	{
-		$res = $db->query('
-			INSERT INTO assets
-			(id_user_uploaded, subdir, filename, title, slug, mimetype, image_width, image_height, date_captured, priority)
-			VALUES
-			({int:id_user_uploaded}, {string:subdir}, {string:filename}, {string:title}, {string:slug}, {string:mimetype},
-			 {int:image_width}, {int:image_height},
-			 IF({int:date_captured} > 0, FROM_UNIXTIME({int:date_captured}), NULL),
-			 {int:priority})',
-			[
-				'id_user_uploaded' => $old_user_id_to_new_user_id[$photo['owner_id']],
-				'subdir' => $dirnames_by_old_album_id[$photo['parent_id']],
-				'filename' => str_replace('#', '', $photo['name']),
-				'title' => $photo['title'],
-				'slug' => str_replace('#', '', urldecode($photo['relative_url_cache'])),
-				'mimetype' => $photo['mime_type'],
-				'image_width' => !empty($photo['width']) ? $photo['width'] : 'NULL',
-				'image_height' => !empty($photo['height']) ? $photo['height'] : 'NULL',
-				'date_captured' => !empty($photo['captured']) ? $photo['captured'] : $photo['created'],
-				'priority' => !empty($photo['weight']) ? (int) $photo['weight'] : 0,
-			]);
-
-		$id_asset = $db->insert_id();
-		$old_photo_id_to_asset_id[$photo['id']] = $id_asset;
-
-		// Link to album.
-		$db->query('
-			INSERT INTO assets_tags
-			(id_asset, id_tag)
-			VALUES
-			({int:id_asset}, {int:id_tag})',
-			[
-				'id_asset' => $id_asset,
-				'id_tag' => $old_album_id_to_new_tag_id[$photo['parent_id']],
-			]);
-	}
-}
-
-/*******************************
- * STEP 3: TAGS
- *******************************/
-
-$num_tags = $pdb->queryValue('
-	SELECT COUNT(*)
-	FROM tags');
-
-echo $num_tags, " tags to import.\n";
-
-$rs_tags = $pdb->query('
-	SELECT id, name, count
-	FROM tags');
-
-$old_tag_id_to_new_tag_id = [];
-while ($person = $pdb->fetch_assoc($rs_tags))
-{
-	$tag = Tag::createNew([
-		'tag' => $person['name'],
-		'slug' => $person['name'],
-		'kind' => 'Person',
-		'description' => '',
-		'count' => $person['count'],
-	]);
-
-	$tags[$tag->id_tag] = $tag;
-	$old_tag_id_to_new_tag_id[$person['id']] = $tag->id_tag;
-}
-
-$pdb->free_result($rs_tags);
-
-/*******************************
- * STEP 4: TAGGED PHOTOS
- *******************************/
-
-$num_tagged = $pdb->queryValue('
-	SELECT COUNT(*)
-	FROM items_tags
-	WHERE item_id IN(
-		SELECT id
-		FROM items
-		WHERE type = {string:photo}
-	)',
-	['photo' => 'photo']);
-
-echo $num_tagged, " photo tags to import.\n";
-
-$rs_tags = $pdb->query('
-	SELECT item_id, tag_id
-	FROM items_tags
-	WHERE item_id IN(
-		SELECT id
-		FROM items
-		WHERE type = {string:photo}
-	)',
-	['photo' => 'photo']);
-
-while ($tag = $pdb->fetch_assoc($rs_tags))
-{
-	if (!isset($old_tag_id_to_new_tag_id[$tag['tag_id']], $old_photo_id_to_asset_id[$tag['item_id']]))
-		continue;
-
-	$id_asset = $old_photo_id_to_asset_id[$tag['item_id']];
-	$id_tag = $old_tag_id_to_new_tag_id[$tag['tag_id']];
-
-	// Link up.
-	$db->query('
-		INSERT IGNORE INTO assets_tags
-		(id_asset, id_tag)
-		VALUES
-		({int:id_asset}, {int:id_tag})',
-		[
-			'id_asset' => $id_asset,
-			'id_tag' => $id_tag,
-		]);
-}
-
-$pdb->free_result($rs_tags);
-
-/*******************************
- * STEP 5: THUMBNAIL IDS
- *******************************/
-
-foreach ($old_thumb_id_by_tag_id as $id_tag => $old_thumb_id)
-{
-	if (!isset($old_photo_id_to_asset_id[$old_thumb_id]))
-		continue;
-
-	$id_asset = $old_photo_id_to_asset_id[$old_thumb_id];
-	$db->query('
-		UPDATE tags
-		SET id_asset_thumb = ' . $id_asset . '
-		WHERE id_tag = ' . $id_tag);
-}
-
-/*******************************
- * STEP 6: THUMBNAILS FOR PEOPLE
- *******************************/
-
-$db->query('
-	UPDATE tags AS t
-	SET id_asset_thumb = (
-		SELECT id_asset
-		FROM assets_tags AS a
-		WHERE a.id_tag = t.id_tag
-		ORDER BY RAND()
-		LIMIT 1
-	)
-	WHERE kind = {string:person}',
-	['person' => 'Person']);
-
-/*******************************
- * STEP 7: CLEANING UP
- *******************************/
-
-Tag::recount();

import_postprocess.sh

@@ -1,20 +0,0 @@
-#!/bin/bash
-
-# ALBUM UPDATE
-
-# Hashes uit filenames.
-find . -name '*#*' -exec rename -v "s/#//" {} \;
-
-# Orientatie-tags goedzetten.
-find public/assets/borrel/april-2015/ -type f -exec exiftool -n -Orientation=1 "{}" \;
-find public/assets/Eetpartijtjes/ruwinterbbq/ -type f -exec exiftool -n -Orientation=1 "{}" \;
-find public/assets/Eetpartijtjes/Tapasavond-oktober-2011/ -type f -exec exiftool -n -Orientation=1 "{}" \;
-find public/assets/Eetpartijtjes/Verjaardag-IV-bij-Wally/ -type f -exec exiftool -n -Orientation=1 "{}" \;
-find public/assets/Uitstapjes/Final-Symphony-Wuppertal-2013-05-11/ -type f -exec exiftool -n -Orientation=1 "{}" \;
-find public/assets/Universiteit/Oude-sneeuwfoto\'s/ -type f -exec exiftool -n -Orientation=1 "{}" \;
-find public/assets/Weekenden/Susteren-2012 -type f -exec exiftool -n -Orientation=1 "{}" \;
-find public/assets/Weekenden/Susteren-2013 -type f -exec exiftool -n -Orientation=1 "{}" \;
-find public/assets/Weekenden/Wijhe-2016/ -type f -exec exiftool -n -Orientation=1 "{}" \;
-
-# Remove backup files.
-find public/assets/ -type f -name '*_original' -delete

migrations/2024-11-05.sql

@@ -0,0 +1,2 @@
+/* Add time-out to password reset keys, and prevent repeated mails */
+ALTER TABLE `users` ADD `reset_blocked_until` INT  UNSIGNED  NULL  AFTER `reset_key`;

models/AdminMenu.php

@@ -0,0 +1,61 @@
+<?php
+/*****************************************************************************
+ * AdminMenu.php
+ * Contains the admin navigation logic.
+ *
+ * Kabuki CMS (C) 2013-2023, Aaron van Geffen
+ *****************************************************************************/
+
+class AdminMenu extends Menu
+{
+	public function __construct()
+	{
+		$user = Registry::has('user') ? Registry::get('user') : new Guest();
+		if (!$user->isAdmin())
+			return;
+
+		$this->items[0] = [
+			'label' => 'Admin',
+			'icon' => 'gear',
+			'badge' => ErrorLog::getCount(),
+			'subs' => [
+				[
+					'uri' => '/managealbums/',
+					'label' => 'Albums',
+				],
+				[
+					'uri' => '/manageassets/',
+					'label' => 'Assets',
+				],
+				[
+					'uri' => '/managetags/',
+					'label' => 'Tags',
+				],
+				[
+					'uri' => '/manageusers/',
+					'label' => 'Users',
+				],
+				[
+					'uri' => '/manageerrors/',
+					'label' => 'Errors',
+					'badge' => ErrorLog::getCount(),
+				],
+			],
+		];
+
+		if ($this->items[0]['badge'] == 0)
+			unset($this->items[0]['badge']);
+
+		foreach ($this->items as $i => $item)
+		{
+			if (isset($item['uri']))
+				$this->items[$i]['url'] = BASEURL . $item['uri'];
+
+			if (!isset($item['subs']))
+				continue;
+
+			foreach ($item['subs'] as $j => $subitem)
+				$this->items[$i]['subs'][$j]['url'] = BASEURL . $subitem['uri'];
+		}
+	}
+}

models/Asset.php

@@ -8,34 +8,55 @@
 
 class Asset
 {
-	protected $id_asset;
-	protected $id_user_uploaded;
-	protected $subdir;
-	protected $filename;
-	protected $title;
-	protected $mimetype;
-	protected $image_width;
-	protected $image_height;
-	protected $date_captured;
-	protected $priority;
+	public $id_asset;
+	public $id_user_uploaded;
+	public $subdir;
+	public $filename;
+	public $title;
+	public $slug;
+	public $mimetype;
+	public $image_width;
+	public $image_height;
+	public $date_captured;
+	public $priority;
+
 	protected $meta;
 	protected $tags;
+	protected $thumbnails;
 
-	protected function __construct(array $data)
+	public function __construct(array $data)
 	{
 		foreach ($data as $attribute => $value)
-			$this->$attribute = $value;
+		{
+			if (property_exists($this, $attribute))
+				$this->$attribute = $value;
+		}
 
-		if (!empty($data['date_captured']) && $data['date_captured'] !== 'NULL')
+		if (isset($data['date_captured']) && $data['date_captured'] !== null && !is_object($data['date_captured']))
 			$this->date_captured = new DateTime($data['date_captured']);
 	}
 
+	public function canBeEditedBy(User $user)
+	{
+		return $this->isOwnedBy($user) || $user->isAdmin();
+	}
+
+	public static function cleanSlug($slug)
+	{
+		// Only alphanumerical chars, underscores and forward slashes are allowed
+		if (!preg_match_all('~([A-z0-9\/_]+)~', $slug, $allowedTokens, PREG_PATTERN_ORDER))
+			throw new UnexpectedValueException('Slug does not make sense.');
+
+		// Join valid substrings together with hyphens
+		return implode('-', $allowedTokens[1]);
+	}
+
 	public static function fromId($id_asset, $return_format = 'object')
 	{
 		$row = Registry::get('db')->queryAssoc('
 			SELECT *
 			FROM assets
-			WHERE id_asset = {int:id_asset}',
+			WHERE id_asset = :id_asset',
 			[
 				'id_asset' => $id_asset,
 			]);
@@ -48,7 +69,7 @@ class Asset
 		$row = Registry::get('db')->queryAssoc('
 			SELECT *
 			FROM assets
-			WHERE slug = {string:slug}',
+			WHERE slug = :slug',
 			[
 				'slug' => $slug,
 			]);
@@ -58,16 +79,35 @@ class Asset
 
 	public static function byRow(array $row, $return_format = 'object')
 	{
+		$db = Registry::get('db');
+
 		// Supplement with metadata.
-		$row['meta'] = Registry::get('db')->queryPair('
+		$row['meta'] = $db->queryPair('
 			SELECT variable, value
 			FROM assets_meta
-			WHERE id_asset = {int:id_asset}',
+			WHERE id_asset = :id_asset',
 			[
 				'id_asset' => $row['id_asset'],
 			]);
 
-		return $return_format == 'object' ? new Asset($row) : $row;
+		// And thumbnails.
+		$row['thumbnails'] = $db->queryPair('
+			SELECT
+				CONCAT(
+					width, :x, height,
+					IF(mode != :empty1, CONCAT(:_, mode), :empty2)
+				) AS selector, filename
+			FROM assets_thumbs
+			WHERE id_asset = :id_asset',
+			[
+				'id_asset' => $row['id_asset'],
+				'empty1' => '',
+				'empty2' => '',
+				'x' => 'x',
+				'_' => '_',
+			]);
+
+		return $return_format === 'object' ? new static($row) : $row;
 	}
 
 	public static function fromIds(array $id_assets, $return_format = 'array')
@@ -80,23 +120,24 @@ class Asset
 		$res = $db->query('
 			SELECT *
 			FROM assets
-			WHERE id_asset IN ({array_int:id_assets})
+			WHERE id_asset IN (@id_assets)
 			ORDER BY id_asset',
 			[
 				'id_assets' => $id_assets,
 			]);
 
 		$assets = [];
-		while ($asset = $db->fetch_assoc($res))
+		while ($asset = $db->fetchAssoc($res))
 		{
 			$assets[$asset['id_asset']] = $asset;
 			$assets[$asset['id_asset']]['meta'] = [];
+			$assets[$asset['id_asset']]['thumbnails'] = [];
 		}
 
 		$metas = $db->queryRows('
 			SELECT id_asset, variable, value
 			FROM assets_meta
-			WHERE id_asset IN ({array_int:id_assets})
+			WHERE id_asset IN (@id_assets)
 			ORDER BY id_asset',
 			[
 				'id_assets' => $id_assets,
@@ -105,8 +146,30 @@ class Asset
 		foreach ($metas as $meta)
 			$assets[$meta[0]]['meta'][$meta[1]] = $meta[2];
 
-		if ($return_format == 'array')
+		$thumbnails = $db->queryRows('
+			SELECT id_asset,
+				CONCAT(
+					width, :x, height,
+					IF(mode != :empty1, CONCAT(:_, mode), :empty2)
+				) AS selector, filename
+			FROM assets_thumbs
+			WHERE id_asset IN (@id_assets)
+			ORDER BY id_asset',
+			[
+				'id_assets' => $id_assets,
+				'empty1' => '',
+				'empty2' => '',
+				'x' => 'x',
+				'_' => '_',
+			]);
+
+		foreach ($thumbnails as $thumb)
+			$assets[$thumb[0]]['thumbnails'][$thumb[1]] = $thumb[2];
+
+		if ($return_format === 'array')
+		{
 			return $assets;
+		}
 		else
 		{
 			$objects = [];
@@ -139,9 +202,10 @@ class Asset
 
 		$new_filename = $preferred_filename;
 		$destination = ASSETSDIR . '/' . $preferred_subdir . '/' . $preferred_filename;
-		while (file_exists($destination))
+		for ($i = 1; file_exists($destination); $i++)
 		{
-			$filename = pathinfo($preferred_filename, PATHINFO_FILENAME) . '_' . mt_rand(10, 99);
+			$suffix = $i;
+			$filename = pathinfo($preferred_filename, PATHINFO_FILENAME) . ' (' . $suffix . ')';
 			$extension = pathinfo($preferred_filename, PATHINFO_EXTENSION);
 			$new_filename = $filename . '.' . $extension;
 			$destination = dirname($destination) . '/' . $new_filename;
@@ -158,11 +222,14 @@ class Asset
 		$mimetype = finfo_file($finfo, $destination);
 		finfo_close($finfo);
 
+		// We're going to need the base name a few times...
+		$basename = pathinfo($new_filename, PATHINFO_FILENAME);
+
 		// Do we have a title yet? Otherwise, use the filename.
-		$title = isset($data['title']) ? $data['title'] : pathinfo($preferred_filename, PATHINFO_FILENAME);
+		$title = $data['title'] ?? $basename;
 
 		// Same with the slug.
-		$slug = isset($data['slug']) ? $data['slug'] : $preferred_subdir . '/' . pathinfo($preferred_filename, PATHINFO_FILENAME);
+		$slug = $data['slug'] ?? self::cleanSlug(sprintf('%s/%s', $preferred_subdir, $basename));
 
 		// Detected an image?
 		if (substr($mimetype, 0, 5) == 'image')
@@ -195,10 +262,10 @@ class Asset
 			INSERT INTO assets
 			(id_user_uploaded, subdir, filename, title, slug, mimetype, image_width, image_height, date_captured, priority)
 			VALUES
-			({int:id_user_uploaded}, {string:subdir}, {string:filename}, {string:title}, {string:slug}, {string:mimetype},
-			 {int:image_width}, {int:image_height},
-			 IF({int:date_captured} > 0, FROM_UNIXTIME({int:date_captured}), NULL),
-			 {int:priority})',
+			(:id_user_uploaded, :subdir, :filename, :title, :slug, :mimetype,
+			 :image_width, :image_height,
+			 ' . (!empty($date_captured) ? 'FROM_UNIXTIME(:date_captured)' : 'NULL') . ',
+			 :priority)',
 			[
 				'id_user_uploaded' => isset($id_user) ? $id_user : Registry::get('user')->getUserId(),
 				'subdir' => $preferred_subdir,
@@ -206,9 +273,9 @@ class Asset
 				'title' => $title,
 				'slug' => $slug,
 				'mimetype' => $mimetype,
-				'image_width' => isset($image_width) ? $image_width : 'NULL',
-				'image_height' => isset($image_height) ? $image_height : 'NULL',
-				'date_captured' => isset($date_captured) ? $date_captured : 'NULL',
+				'image_width' => isset($image_width) ? $image_width : null,
+				'image_height' => isset($image_height) ? $image_height : null,
+				'date_captured' => isset($date_captured) ? $date_captured : null,
 				'priority' => isset($priority) ? (int) $priority : 0,
 			]);
 
@@ -218,8 +285,8 @@ class Asset
 			return false;
 		}
 
-		$data['id_asset'] = $db->insert_id();
-		return $return_format == 'object' ? new self($data) : $data;
+		$data['id_asset'] = $db->insertId();
+		return $return_format === 'object' ? new self($data) : $data;
 	}
 
 	public function getId()
@@ -237,6 +304,16 @@ class Asset
 		return $this->date_captured;
 	}
 
+	public function getDeleteUrl()
+	{
+		return BASEURL . '/editasset/?id=' . $this->id_asset . '&delete';
+	}
+
+	public function getEditUrl()
+	{
+		return BASEURL . '/editasset/?id=' . $this->id_asset;
+	}
+
 	public function getFilename()
 	{
 		return $this->filename;
@@ -247,7 +324,7 @@ class Asset
 		$posts = Registry::get('db')->queryValues('
 			SELECT id_post
 			FROM posts_assets
-			WHERE id_asset = {int:id_asset}',
+			WHERE id_asset = :id_asset',
 			['id_asset' => $this->id_asset]);
 
 		// TODO: fix empty post iterator.
@@ -270,7 +347,12 @@ class Asset
 		return ASSETSDIR . '/' . $this->subdir . '/' . $this->filename;
 	}
 
-	public function getPath()
+	public function getSlug()
+	{
+		return $this->slug;
+	}
+
+	public function getSubdir()
 	{
 		return $this->subdir;
 	}
@@ -315,7 +397,7 @@ class Asset
 
 	public function isImage()
 	{
-		return substr($this->mimetype, 0, 5) === 'image';
+		return isset($this->mimetype) && substr($this->mimetype, 0, 5) === 'image';
 	}
 
 	public function getImage()
@@ -326,6 +408,50 @@ class Asset
 		return new Image(get_object_vars($this));
 	}
 
+	public function isOwnedBy(User $user)
+	{
+		return $this->id_user_uploaded == $user->getUserId();
+	}
+
+	public function moveToSubDir($destSubDir)
+	{
+		// Verify the original exists
+		$source = ASSETSDIR . '/' . $this->subdir . '/' . $this->filename;
+		if (!file_exists($source))
+			return -1;
+
+		// Ensure the intended target file doesn't exist yet
+		$destDir = ASSETSDIR . '/' . $destSubDir;
+		$destFile = $destDir . '/' . $this->filename;
+
+		if (file_exists($destFile))
+			return -2;
+
+		// Can we write to the target directory?
+		if (!is_writable($destDir))
+			return -3;
+
+		// Perform move
+		if (rename($source, $destFile))
+		{
+			$this->subdir = $destSubDir;
+			$this->slug = $this->subdir . '/' . $this->title;
+			Registry::get('db')->query('
+				UPDATE assets
+				SET subdir = :subdir,
+					slug = :slug
+				WHERE id_asset = :id_asset',
+				[
+					'id_asset' => $this->id_asset,
+					'subdir' => $this->subdir,
+					'slug' => $this->slug,
+				]);
+			return true;
+		}
+
+		return -4;
+	}
+
 	public function replaceFile($filename)
 	{
 		// No filename? Abort!
@@ -345,7 +471,7 @@ class Asset
 		finfo_close($finfo);
 
 		// Detected an image?
-		if (substr($this->mimetype, 0, 5) == 'image')
+		if (substr($this->mimetype, 0, 5) === 'image')
 		{
 			$image = new Imagick($destination);
 			$d = $image->getImageGeometry();
@@ -369,18 +495,18 @@ class Asset
 		return Registry::get('db')->query('
 			UPDATE assets
 			SET
-				mimetype = {string:mimetype},
-				image_width = {int:image_width},
-				image_height = {int:image_height},
-				date_captured = {datetime:date_captured},
-				priority = {int:priority}
-			WHERE id_asset = {int:id_asset}',
+				mimetype = :mimetype,
+				image_width = :image_width,
+				image_height = :image_height,
+				date_captured = :date_captured,
+				priority = :priority
+			WHERE id_asset = :id_asset',
 			[
 				'id_asset' => $this->id_asset,
 				'mimetype' => $this->mimetype,
-				'image_width' => isset($this->image_width) ? $this->image_width : 'NULL',
-				'image_height' => isset($this->image_height) ? $this->image_height : 'NULL',
-				'date_captured' => isset($this->date_captured) ? $this->date_captured : 'NULL',
+				'image_width' => isset($this->image_width) ? $this->image_width : null,
+				'image_height' => isset($this->image_height) ? $this->image_height : null,
+				'date_captured' => isset($this->date_captured) ? $this->date_captured : null,
 				'priority' => $this->priority,
 			]);
 	}
@@ -401,8 +527,8 @@ class Asset
 			if (!empty($to_remove))
 				$db->query('
 					DELETE FROM assets_meta
-					WHERE id_asset = {int:id_asset} AND
-						variable IN({array_string:variables})',
+					WHERE id_asset = :id_asset AND
+						variable IN(@variables)',
 					[
 						'id_asset' => $this->id_asset,
 						'variables' => array_keys($to_remove),
@@ -433,22 +559,60 @@ class Asset
 	{
 		$db = Registry::get('db');
 
+		// Delete any and all thumbnails, if this is an image.
+		if ($this->isImage())
+		{
+			$image = $this->getImage();
+			$image->removeAllThumbnails();
+		}
+
+		// Delete all meta info for this asset.
+		$db->query('
+			DELETE FROM assets_meta
+			WHERE id_asset = :id_asset',
+			['id_asset' => $this->id_asset]);
+
+		// Figure out what tags to recount cardinality for
+		$recount_tags = $db->queryValues('
+			SELECT id_tag
+			FROM assets_tags
+			WHERE id_asset = :id_asset',
+			['id_asset' => $this->id_asset]);
+
+		// Delete asset association for these tags
+		$db->query('
+			DELETE FROM assets_tags
+			WHERE id_asset = :id_asset',
+			['id_asset' => $this->id_asset]);
+
+		Tag::recount($recount_tags);
+
+		// Reset asset ID for tags that use this asset for their thumbnail
+		$rows = $db->queryValues('
+			SELECT id_tag
+			FROM tags
+			WHERE id_asset_thumb = :id_asset',
+			['id_asset' => $this->id_asset]);
+
+		if (!empty($rows))
+		{
+			foreach ($rows as $row)
+			{
+				$tag = Tag::fromId($row['id_tag']);
+				$tag->resetIdAsset();
+			}
+		}
+
+		// Finally, delete the actual asset
 		if (!unlink(ASSETSDIR . '/' . $this->subdir . '/' . $this->filename))
 			return false;
 
-		$db->query('
-			DELETE FROM assets_meta
-			WHERE id_asset = {int:id_asset}',
-			[
-				'id_asset' => $this->id_asset,
-			]);
-
-		return $db->query('
+		$return = $db->query('
 			DELETE FROM assets
-			WHERE id_asset = {int:id_asset}',
-			[
-				'id_asset' => $this->id_asset,
-			]);
+			WHERE id_asset = :id_asset',
+			['id_asset' => $this->id_asset]);
+
+		return $return;
 	}
 
 	public function linkTags(array $id_tags)
@@ -475,7 +639,7 @@ class Asset
 
 		Registry::get('db')->query('
 			DELETE FROM assets_tags
-			WHERE id_asset = {int:id_asset} AND id_tag IN ({array_int:id_tags})',
+			WHERE id_asset = :id_asset AND id_tag IN (@id_tags)',
 			[
 				'id_asset' => $this->id_asset,
 				'id_tags' => $id_tags,
@@ -491,89 +655,117 @@ class Asset
 			FROM assets');
 	}
 
-	public function setKeyData($title, DateTime $date_captured = null, $priority)
+	public static function getOffset($offset, $limit, $order, $direction)
 	{
-		$params = [
-			'id_asset' => $this->id_asset,
-			'title' => $title,
-			'priority' => $priority,
-		];
+		$order = $order . ($direction == 'up' ? ' ASC' : ' DESC');
 
-		if (isset($date_captured))
-			$params['date_captured'] = $date_captured->format('Y-m-d H:i:s');
+		return Registry::get('db')->queryAssocs('
+			SELECT a.id_asset, a.subdir, a.filename,
+				a.image_width, a.image_height, a.mimetype,
+				u.id_user, u.first_name, u.surname
+			FROM assets AS a
+			LEFT JOIN users AS u ON a.id_user_uploaded = u.id_user
+			ORDER BY ' . $order . '
+			LIMIT :offset, :limit',
+			[
+				'offset' => $offset,
+				'limit' => $limit,
+			]);
+	}
+
+	public function save()
+	{
+		if (empty($this->id_asset))
+			throw new UnexpectedValueException();
 
 		return Registry::get('db')->query('
 			UPDATE assets
-			SET title = {string:title},' . (isset($date_captured) ? '
-				date_captured = {datetime:date_captured},' : '') . '
-				priority = {int:priority}
-			WHERE id_asset = {int:id_asset}',
+			SET subdir = :subdir,
+				filename = :filename,
+				title = :title,
+				slug = :slug,
+				mimetype = :mimetype,
+				image_width = :image_width,
+				image_height = :image_height,
+				date_captured = :date_captured,
+				priority = :priority
+			WHERE id_asset = :id_asset',
+			get_object_vars($this));
+	}
+
+	protected function getUrlForAdjacentInSet($prevNext, ?Tag $tag, $activeFilter)
+	{
+		$next = $prevNext === 'next';
+		$previous = !$next;
+
+		$where = [];
+		$params = [
+			'id_asset' => $this->id_asset,
+			'date_captured' => $this->date_captured,
+		];
+
+		// Direction depends on whether we're browsing a tag or timeline
+		if (isset($tag))
+		{
+			$where[] = 't.id_tag = :id_tag';
+			$params['id_tag'] = $tag->id_tag;
+			$where_op = $previous ? '<' : '>';
+			$order_dir = $previous ? 'DESC' : 'ASC';
+		}
+		else
+		{
+			$where_op = $previous ? '>' : '<';
+			$order_dir = $previous ? 'ASC' : 'DESC';
+		}
+
+		// Take active filter into account as well
+		if (!empty($activeFilter) && ($user = Member::fromSlug($activeFilter)) !== false)
+		{
+			$where[] = 'id_user_uploaded = :id_user_uploaded';
+			$params['id_user_uploaded'] = $user->getUserId();
+		}
+
+		// Use complete ordering when sorting the set
+		$where[] = '(a.date_captured, a.id_asset) ' . $where_op .
+			' (:date_captured, :id_asset)';
+
+		// Stringify conditions together
+		$where = '(' . implode(') AND (', $where) . ')';
+
+		// Run query, leaving out tags table if not required
+		$row = Registry::get('db')->queryAssoc('
+			SELECT a.*
+			FROM assets AS a
+			' . (isset($tag) ? '
+			INNER JOIN assets_tags AS t ON a.id_asset = t.id_asset' : '') . '
+			WHERE ' . $where . '
+			ORDER BY a.date_captured ' . $order_dir . ', a.id_asset ' . $order_dir . '
+			LIMIT 1',
 			$params);
+
+		if (!$row)
+			return false;
+
+		$obj = self::byRow($row, 'object');
+
+		$urlParams = [];
+		if (isset($tag))
+			$urlParams['in'] = $tag->id_tag;
+		if (!empty($activeFilter))
+			$urlParams['by'] = $activeFilter;
+
+		$queryString = !empty($urlParams) ? '?' . http_build_query($urlParams) : '';
+
+		return $obj->getPageUrl() . $queryString;
 	}
 
-	public function getUrlForPreviousInSet($id_tag = null)
+	public function getUrlForPreviousInSet(?Tag $tag, $activeFilter)
 	{
-		$row = Registry::get('db')->queryAssoc('
-			SELECT a.*
-			' . (isset($id_tag) ? '
-			FROM assets_tags AS t
-			INNER JOIN assets AS a ON a.id_asset = t.id_asset
-			WHERE t.id_tag = {int:id_tag} AND
-				a.date_captured <= {datetime:date_captured} AND
-				a.id_asset != {int:id_asset}
-			ORDER BY a.date_captured DESC'
-			: '
-			FROM assets AS a
-			WHERE date_captured >= {datetime:date_captured} AND
-				a.id_asset != {int:id_asset}
-			ORDER BY date_captured ASC')
-			 . '
-			LIMIT 1',
-			[
-				'id_asset' => $this->id_asset,
-				'id_tag' => $id_tag,
-				'date_captured' => $this->date_captured,
-			]);
-
-		if ($row)
-		{
-			$obj = self::byRow($row, 'object');
-			return $obj->getPageUrl() . ($id_tag ? '?in=' . $id_tag : '');
-		}
-		else
-			return false;
+		return $this->getUrlForAdjacentInSet('previous', $tag, $activeFilter);
 	}
 
-	public function getUrlForNextInSet($id_tag = null)
+	public function getUrlForNextInSet(?Tag $tag, $activeFilter)
 	{
-		$row = Registry::get('db')->queryAssoc('
-			SELECT a.*
-			' . (isset($id_tag) ? '
-			FROM assets_tags AS t
-			INNER JOIN assets AS a ON a.id_asset = t.id_asset
-			WHERE t.id_tag = {int:id_tag} AND
-				a.date_captured >= {datetime:date_captured} AND
-				a.id_asset != {int:id_asset}
-			ORDER BY a.date_captured ASC'
-			: '
-			FROM assets AS a
-			WHERE date_captured <= {datetime:date_captured} AND
-				a.id_asset != {int:id_asset}
-			ORDER BY date_captured DESC')
-			 . '
-			LIMIT 1',
-			[
-				'id_asset' => $this->id_asset,
-				'id_tag' => $id_tag,
-				'date_captured' => $this->date_captured,
-			]);
-
-		if ($row)
-		{
-			$obj = self::byRow($row, 'object');
-			return $obj->getPageUrl() . ($id_tag ? '?in=' . $id_tag : '');
-		}
-		else
-			return false;
+		return $this->getUrlForAdjacentInSet('next', $tag, $activeFilter);
 	}
 }

models/AssetIterator.php

@@ -1,36 +1,50 @@
 <?php
 /*****************************************************************************
  * AssetIterator.php
- * Contains key class AssetIterator.
+ * Contains model class AssetIterator.
  *
- * Kabuki CMS (C) 2013-2015, Aaron van Geffen
+ * Kabuki CMS (C) 2013-2025, Aaron van Geffen
  *****************************************************************************/
 
-class AssetIterator extends Asset
+class AssetIterator implements Iterator
 {
+	private $direction;
 	private $return_format;
-	private $res_assets;
-	private $res_meta;
+	private $rowCount;
 
-	protected function __construct($res_assets, $res_meta, $return_format)
+	private $assets_iterator;
+	private $meta_iterator;
+	private $thumbs_iterator;
+
+	protected function __construct(PDOStatement $stmt_assets, PDOStatement $stmt_meta, PDOStatement $stmt_thumbs,
+		$return_format, $direction)
 	{
-		$this->db = Registry::get('db');
-		$this->res_assets = $res_assets;
-		$this->res_meta = $res_meta;
+		$this->direction = $direction;
 		$this->return_format = $return_format;
+		$this->rowCount = $stmt_assets->rowCount();
+
+		$this->assets_iterator = new CachedPDOIterator($stmt_assets);
+		$this->assets_iterator->rewind();
+
+		$this->meta_iterator = new CachedPDOIterator($stmt_meta);
+		$this->thumbs_iterator = new CachedPDOIterator($stmt_thumbs);
 	}
 
-	public function next()
+	public static function all()
 	{
-		$row = $this->db->fetch_assoc($this->res_assets);
+		return self::getByOptions();
+	}
 
-		// No more rows?
+	public function current(): mixed
+	{
+		$row = $this->assets_iterator->current();
 		if (!$row)
-			return false;
+			return $row;
 
-		// Looks up metadata.
+		// Collect metadata
 		$row['meta'] = [];
-		while ($meta = $this->db->fetch_assoc($this->res_meta))
+		$this->meta_iterator->rewind();
+		foreach ($this->meta_iterator as $meta)
 		{
 			if ($meta['id_asset'] != $row['id_asset'])
 				continue;
@@ -38,40 +52,23 @@ class AssetIterator extends Asset
 			$row['meta'][$meta['variable']] = $meta['value'];
 		}
 
-		// Reset internal pointer for next asset.
-		$this->db->data_seek($this->res_meta, 0);
+		// Collect thumbnails
+		$row['thumbnails'] = [];
+		$this->thumbs_iterator->rewind();
+		foreach ($this->thumbs_iterator as $thumb)
+		{
+			if ($thumb['id_asset'] != $row['id_asset'])
+				continue;
 
-		if ($this->return_format == 'object')
+			$row['thumbnails'][$thumb['selector']] = $thumb['filename'];
+		}
+
+		if ($this->return_format === 'object')
 			return new Asset($row);
 		else
 			return $row;
 	}
 
-	public function reset()
-	{
-		$this->db->data_seek($this->res_assets, 0);
-		$this->db->data_seek($this->res_meta, 0);
-	}
-
-	public function clean()
-	{
-		if (!$this->res_assets)
-			return;
-
-		$this->db->free_result($this->res_assets);
-		$this->res_assets = null;
-	}
-
-	public function num()
-	{
-		return $this->db->num_rows($this->res_assets);
-	}
-
-	public static function all()
-	{
-		return self::getByOptions();
-	}
-
 	public static function getByOptions(array $options = [], $return_count = false, $return_format = 'object')
 	{
 		$params = [
@@ -94,9 +91,14 @@ class AssetIterator extends Asset
 		{
 			$params['mime_type'] = $options['mime_type'];
 			if (is_array($options['mime_type']))
-				$where[] = 'a.mimetype IN({array_string:mime_type})';
+				$where[] = 'a.mimetype IN(@mime_type)';
 			else
-				$where[] = 'a.mimetype = {string:mime_type}';
+				$where[] = 'a.mimetype = :mime_type';
+		}
+		if (isset($options['id_user_uploaded']))
+		{
+			$params['id_user_uploaded'] = $options['id_user_uploaded'];
+			$where[] = 'id_user_uploaded = :id_user_uploaded';
 		}
 		if (isset($options['id_tag']))
 		{
@@ -104,7 +106,17 @@ class AssetIterator extends Asset
 			$where[] = 'id_asset IN(
 				SELECT l.id_asset
 				FROM assets_tags AS l
-				WHERE l.id_tag = {int:id_tag})';
+				WHERE l.id_tag = :id_tag)';
+		}
+		elseif (isset($options['tag']))
+		{
+			$params['tag'] = $options['tag'];
+			$where[] = 'id_asset IN(
+				SELECT l.id_asset
+				FROM assets_tags AS l
+				INNER JOIN tags AS t
+				ON l.id_tag = t.id_tag
+				WHERE t.slug = :tag)';
 		}
 
 		// Make it valid SQL.
@@ -120,7 +132,7 @@ class AssetIterator extends Asset
 			FROM assets AS a
 			WHERE ' . $where . '
 			ORDER BY ' . $order . (!empty($params['limit']) ? '
-			LIMIT {int:offset}, {int:limit}' : ''),
+			LIMIT :offset, :limit' : ''),
 			$params);
 
 		// Get a resource object for the asset meta.
@@ -135,7 +147,30 @@ class AssetIterator extends Asset
 			ORDER BY id_asset',
 			$params);
 
-		$iterator = new self($res_assets, $res_meta, $return_format);
+		// Get a resource object for the asset thumbs.
+		$res_thumbs = $db->query('
+			SELECT id_asset, filename,
+				CONCAT(
+					width,
+					:x,
+					height,
+					IF(mode != :empty1, CONCAT(:_, mode), :empty2)
+				) AS selector
+			FROM assets_thumbs
+			WHERE id_asset IN(
+				SELECT id_asset
+				FROM assets AS a
+				WHERE ' . $where . '
+			)
+			ORDER BY id_asset',
+			$params + [
+				'empty1' => '',
+				'empty2' => '',
+				'x' => 'x',
+				'_' => '_',
+			]);
+
+		$iterator = new self($res_assets, $res_meta, $res_thumbs, $return_format, $params['direction']);
 
 		// Returning total count, too?
 		if ($return_count)
@@ -151,4 +186,39 @@ class AssetIterator extends Asset
 		else
 			return $iterator;
 	}
+
+	public function key(): mixed
+	{
+		return $this->assets_iterator->key();
+	}
+
+	public function isAscending(): bool
+	{
+		return $this->direction === 'asc';
+	}
+
+	public function isDescending(): bool
+	{
+		return $this->direction === 'desc';
+	}
+
+	public function next(): void
+	{
+		$this->assets_iterator->next();
+	}
+
+	public function num(): int
+	{
+		return $this->rowCount;
+	}
+
+	public function rewind(): void
+	{
+		$this->assets_iterator->rewind();
+	}
+
+	public function valid(): bool
+	{
+		return $this->assets_iterator->valid();
+	}
 }

models/Authentication.php

@@ -12,48 +12,27 @@
  */
 class Authentication
 {
-	/**
-	 * Checks whether a user still exists in the database.
-	 */
-	public static function checkExists($id_user)
-	{
-		$res = Registry::get('db')->queryValue('
-			SELECT id_user
-			FROM users
-			WHERE id_user = {int:id}',
-			[
-				'id' => $id_user,
-			]);
-
-		return $res !== null;
-	}
+	const DEFAULT_RESET_TIMEOUT = 30;
 
 	/**
-	 * Finds the user id belonging to a certain emailaddress.
+	 * Checks a password for a given username against the database.
 	 */
-	public static function getUserId($emailaddress)
+	public static function checkPassword($emailaddress, $password)
 	{
-		$res = Registry::get('db')->queryValue('
-			SELECT id_user
+		// Retrieve password hash for user matching the provided emailaddress.
+		$password_hash = Registry::get('db')->queryValue('
+			SELECT password_hash
 			FROM users
-			WHERE emailaddress = {string:emailaddress}',
+			WHERE emailaddress = :emailaddress',
 			[
 				'emailaddress' => $emailaddress,
 			]);
 
-		return empty($res) ? false : $res;
-	}
+		// If there's no hash, the user likely does not exist.
+		if (!$password_hash)
+			return false;
 
-	public static function setResetKey($id_user)
-	{
-		return Registry::get('db')->query('
-			UPDATE users
-			SET reset_key = {string:key}
-			WHERE id_user = {int:id}',
-			[
-				'id' => $id_user,
-				'key' => self::newActivationKey(),
-			]);
+		return password_verify($password, $password_hash);
 	}
 
 	public static function checkResetKey($id_user, $reset_key)
@@ -61,7 +40,7 @@ class Authentication
 		$key = Registry::get('db')->queryValue('
 			SELECT reset_key
 			FROM users
-			WHERE id_user = {int:id}',
+			WHERE id_user = :id',
 			[
 				'id' => $id_user,
 			]);
@@ -69,22 +48,55 @@ class Authentication
 		return $key == $reset_key;
 	}
 
+	/**
+	 * Computes a password hash.
+	 */
+	public static function computeHash($password)
+	{
+		$hash = password_hash($password, PASSWORD_DEFAULT);
+		if (!$hash)
+			throw new Exception('Hash creation failed!');
+		return $hash;
+	}
+
+	public static function consumeResetKey($id_user)
+	{
+		return Registry::get('db')->query('
+			UPDATE users
+			SET reset_key = NULL,
+				reset_blocked_until = NULL
+			WHERE id_user = :id_user',
+			['id_user' => $id_user]);
+	}
+
+	public static function getResetTimeOut($id_user)
+	{
+		$resetTime = Registry::get('db')->queryValue('
+			SELECT reset_blocked_until
+			FROM users
+			WHERE id_user = :id_user',
+			['id_user' => $id_user]);
+
+		return max(0, $resetTime - time());
+	}
+
 	/**
 	 * Verifies whether the user is currently logged in.
 	 */
 	public static function isLoggedIn()
 	{
-		// Check whether the active session matches the current user's environment.
-		if (isset($_SESSION['ip_address'], $_SESSION['user_agent']) && (
-			 (isset($_SERVER['REMOTE_ADDR']) && $_SESSION['ip_address'] != $_SERVER['REMOTE_ADDR']) ||
-			 (isset($_SERVER['HTTP_USER_AGENT']) && $_SESSION['user_agent'] != $_SERVER['HTTP_USER_AGENT'])))
+		if (!isset($_SESSION['user_id']))
+			return false;
+
+		try
+		{
+			$exists = Member::fromId($_SESSION['user_id']);
+			return true;
+		}
+		catch (NotFoundException $e)
 		{
-			session_destroy();
 			return false;
 		}
-
-		// A user is logged in if a user id exists in the session and this id is (still) in the database.
-		return isset($_SESSION['user_id']) && self::checkExists($_SESSION['user_id']);
 	}
 
 	/**
@@ -99,36 +111,17 @@ class Authentication
 		return $string;
 	}
 
-	/**
-	 * Checks a password for a given username against the database.
-	 */
-	public static function checkPassword($emailaddress, $password)
+	public static function setResetKey($id_user)
 	{
-		// Retrieve password hash for user matching the provided emailaddress.
-		$password_hash = Registry::get('db')->queryValue('
-			SELECT password_hash
-			FROM users
-			WHERE emailaddress = {string:emailaddress}',
+		return Registry::get('db')->query('
+			UPDATE users
+			SET reset_key = :key,
+				reset_blocked_until = UNIX_TIMESTAMP() + ' . static::DEFAULT_RESET_TIMEOUT . '
+			WHERE id_user = :id',
 			[
-				'emailaddress' => $emailaddress,
+				'id' => $id_user,
+				'key' => self::newActivationKey(),
 			]);
-
-		// If there's no hash, the user likely does not exist.
-		if (!$password_hash)
-			return false;
-
-		return password_verify($password, $password_hash);
-	}
-
-	/**
-	 * Computes a password hash.
-	 */
-	public static function computeHash($password)
-	{
-		$hash = password_hash($password, PASSWORD_DEFAULT);
-		if (!$hash)
-			throw new Exception('Hash creation failed!');
-		return $hash;
 	}
 
 	/**
@@ -139,13 +132,35 @@ class Authentication
 		return Registry::get('db')->query('
 			UPDATE users
 			SET
-				password_hash = {string:hash},
-				reset_key = {string:blank}
-			WHERE id_user = {int:id_user}',
+				password_hash = :hash,
+				reset_key = :blank
+			WHERE id_user = :id_user',
 			[
 				'id_user' => $id_user,
 				'hash' => $hash,
 				'blank' => '',
 			]);
 	}
+
+	public static function updateResetTimeOut($id_user)
+	{
+		$currentResetTimeOut = static::getResetTimeOut($id_user);
+
+		// New timeout: between 30 seconds, double the current timeout, and a full day
+		$newResetTimeOut = min(max(static::DEFAULT_RESET_TIMEOUT, $currentResetTimeOut * 2), 60 * 60 * 24);
+
+		$success = Registry::get('db')->query('
+			UPDATE users
+			SET reset_blocked_until = :new_time_out
+			WHERE id_user = :id_user',
+			[
+				'id_user' => $id_user,
+				'new_time_out' => time() + $newResetTimeOut,
+			]);
+
+		if (!$success)
+			throw new UnexpectedValueException('Could not set password reset timeout!');
+
+		return $newResetTimeOut;
+	}
 }

models/BestColor.php

@@ -1,149 +0,0 @@
-<?php
-/*****************************************************************************
- * BestColor.php
- * Contains key class BestColor.
- *
- * !!! Licensing?
- *****************************************************************************/
-
-class BestColor
-{
-	private $best;
-
-	public function __construct(Image $asset)
-	{
-		// Set fallback color.
-		$this->best = ['r' => 204, 'g' => 204, 'b' => 204]; // #cccccc
-
-		// We will be needing to read this...
-		if (!file_exists($asset->getPath()))
-			return;
-
-		// Try the arcane stuff again.
-		try
-		{
-			$image = new Imagick($asset->getPath());
-			$width  = $image->getImageWidth();
-			$height = $image->getImageHeight();
-
-			// Sample six points in the image: four based on the rule of thirds, as well as the horizontal and vertical centre.
-			$topy    = round($height / 3);
-			$bottomy = round(($height / 3) * 2);
-			$leftx   = round($width / 3);
-			$rightx  = round(($width / 3) * 2);
-			$centery = round($height / 2);
-			$centerx = round($width / 2);
-
-			// Grab their colours.
-			$rgb = [
-				$image->getImagePixelColor($leftx, $topy)->getColor(),
-				$image->getImagePixelColor($rightx, $topy)->getColor(),
-				$image->getImagePixelColor($leftx, $bottomy)->getColor(),
-				$image->getImagePixelColor($rightx, $bottomy)->getColor(),
-				$image->getImagePixelColor($centerx, $centery)->getColor(),
-			];
-
-			// We won't be needing this anymore, so save us some memory.
-			$image->clear();
-			$image->destroy();
-		}
-		// In case something does go wrong...
-		catch (ImagickException $e)
-		{
-			// Fall back to default color.
-			return;
-		}
-
-		// Process rgb values into hsv values
-		foreach ($rgb as $i => $color)
-		{
-			$colors[$i] = $color;
-			list($colors[$i]['h'], $colors[$i]['s'], $colors[$i]['v']) = self::rgb2hsv($color['r'], $color['g'], $color['b']);
-		}
-
-		// Figure out which color is the best saturated.
-		$best_saturation = $best_brightness = 0;
-		$the_best_s      = $the_best_v      = ['v' => 0];
-		foreach ($colors as $color)
-		{
-			if ($color['s'] > $best_saturation)
-			{
-				$best_saturation = $color['s'];
-				$the_best_s = $color;
-			}
-			if ($color['v'] > $best_brightness)
-			{
-				$best_brightness = $color['v'];
-				$the_best_v = $color;
-			}
-		}
-
-		// Is brightest the same as most saturated?
-		$this->best = ($the_best_s['v'] >= ($the_best_v['v'] - ($the_best_v['v'] / 2))) ? $the_best_s : $the_best_v;
-	}
-
-	public static function hex2rgb($hex)
-	{
-		return sscanf($hex, '%2X%2X%2X');
-	}
-
-	public static function rgb2hex($red, $green, $blue)
-	{
-		return sprintf('%02X%02X%02X', $red, $green, $blue);
-	}
-
-	public static function rgb2hsv($r, $g, $b)
-	{
-		$max = max($r, $g, $b);
-		$min = min($r, $g, $b);
-		$delta = $max - $min;
-		$v = round(($max / 255) * 100);
-		$s = ($max != 0) ? (round($delta / $max * 100)) : 0;
-		if ($s == 0)
-		{
-			$h = false;
-		}
-		else
-		{
-			if ($r == $max)
-				$h = ($g - $b) / $delta;
-			elseif ($g == $max)
-				$h = 2 + ($b - $r) / $delta;
-			elseif ($b == $max)
-				$h = 4 + ($r - $g) / $delta;
-
-			$h = round($h * 60);
-
-			if ($h > 360)
-				$h = 360;
-
-			if ($h < 0)
-				$h += 360;
-		}
-
-		return [$h, $s, $v];
-	}
-
-	/**
-	 * Get a normal (light) background color as hexadecimal value (without hash prefix).
-	 * @return color string
-	 */
-	public function hex()
-	{
-		$c = $this->best;
-		return self::rgb2hex($c['r'], $c['g'], $c['b']);
-	}
-
-	/**
-	 * Get a 50% darker version of the best color as string.
-	 * @param factor, defaults to 0.5
-	 * @param alpha, defaults to 0.7
-	 * @return rgba(r * factor, g * factor, b * factor, alpha)
-	 */
-	public function rgba($factor = 0.5, $alpha = 0.7)
-	{
-		$c = $this->best;
-		return 'rgba(' . round($c['r'] * $factor) . ', ' . round($c['g'] * $factor) . ', ' . round($c['b'] * $factor) . ', ' . $alpha . ')';
-	}
-
-}

models/Cache.php

@@ -1,61 +0,0 @@
-<?php
-/*****************************************************************************
- * Cache.php
- * Contains key class Cache.
- *
- * Kabuki CMS (C) 2013-2015, Aaron van Geffen
- *****************************************************************************/
-
-class Cache
-{
-	public static $hits = 0;
-	public static $misses = 0;
-	public static $puts = 0;
-	public static $removals = 0;
-
-	public static function put($key, $value, $ttl = 3600)
-	{
-		// If the cache is unavailable, don't bother.
-		if (!CACHE_ENABLED || !function_exists('apcu_store'))
-			return false;
-
-		// Keep track of the amount of cache puts.
-		self::$puts++;
-
-		// Store the data in serialized form.
-		return apcu_store(CACHE_KEY_PREFIX . $key, serialize($value), $ttl);
-	}
-
-	// Get some data from the cache.
-	public static function get($key)
-	{
-		// If the cache is unavailable, don't bother.
-		if (!CACHE_ENABLED || !function_exists('apcu_fetch'))
-			return false;
-
-		// Try to fetch it!
-		$value = apcu_fetch(CACHE_KEY_PREFIX . $key);
-
-		// Were we successful?
-		if (!empty($value))
-		{
-			self::$hits++;
-			return unserialize($value);
-		}
-		// Otherwise, it's a miss.
-		else
-		{
-			self::$misses++;
-			return null;
-		}
-	}
-
-	public static function remove($key)
-	{
-		if (!CACHE_ENABLED || !function_exists('apcu_delete'))
-			return false;
-
-		self::$removals++;
-		return apcu_delete(CACHE_KEY_PREFIX . $key);
-	}
-}

models/CachedPDOIterator.php

@@ -0,0 +1,56 @@
+<?php
+/*****************************************************************************
+ * CachedPDOIterator.php
+ * Contains model class CachedPDOIterator.
+ *
+ * Based on https://gist.github.com/hakre/5152090
+ *
+ * Kabuki CMS (C) 2013-2021, Aaron van Geffen
+ *****************************************************************************/
+
+class CachedPDOIterator extends CachingIterator
+{
+    private $index;
+
+    public function __construct(PDOStatement $statement)
+    {
+        parent::__construct(new IteratorIterator($statement), self::FULL_CACHE);
+    }
+
+    public function rewind(): void
+    {
+        if ($this->index === null)
+        {
+            parent::rewind();
+        }
+        $this->index = 0;
+    }
+
+    public function current(): mixed
+    {
+        if ($this->offsetExists($this->index))
+        {
+            return $this->offsetGet($this->index);
+        }
+        return parent::current();
+    }
+
+    public function key(): mixed
+    {
+        return $this->index;
+    }
+
+    public function next(): void
+    {
+        $this->index++;
+        if (!$this->offsetExists($this->index))
+        {
+            parent::next();
+        }
+    }
+
+    public function valid(): bool
+    {
+        return $this->offsetExists($this->index) || parent::valid();
+    }
+}

models/Database.php

@@ -1,43 +1,34 @@
 <?php
 /*****************************************************************************
  * Database.php
- * Contains key class Database.
+ * Contains model class Database.
  *
- * Adapted from SMF 2.0's DBA (C) 2011 Simple Machines
- * Used under BSD 3-clause license.
- *
- * Kabuki CMS (C) 2013-2015, Aaron van Geffen
+ * Kabuki CMS (C) 2013-2025, Aaron van Geffen
  *****************************************************************************/
 
-/**
- * The database model used to communicate with the MySQL server.
- */
 class Database
 {
 	private $connection;
 	private $query_count = 0;
 	private $logged_queries = [];
 
-	/**
-	 * Initialises a new database connection.
-	 * @param server: server to connect to.
-	 * @param user: username to use for authentication.
-	 * @param password: password to use for authentication.
-	 * @param name: database to select.
-	 */
-	public function __construct($server, $user, $password, $name)
+	public function __construct($host, $user, $password, $name)
 	{
-		$this->connection = @mysqli_connect($server, $user, $password, $name);
-
-		// Give up if we have a connection error.
-		if (mysqli_connect_error())
+		try
 		{
-			header('HTTP/1.1 503 Service Temporarily Unavailable');
+			$this->connection = new PDO("mysql:host=$host;dbname=$name;charset=utf8mb4", $user, $password, [
+				PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
+				PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
+				PDO::ATTR_EMULATE_PREPARES => false,
+			]);
+		}
+		// Give up if we have a connection error.
+		catch (PDOException $e)
+		{
+			http_response_code(503);
 			echo '<h2>Database Connection Problems</h2><p>Our software could not connect to the database. We apologise for any inconvenience and ask you to check back later.</p>';
 			exit;
 		}
-
-		$this->query('SET NAMES {string:utf8}', array('utf8' => 'utf8'));
 	}
 
 	public function getQueryCount()
@@ -51,324 +42,211 @@ class Database
 	}
 
 	/**
-	 * Fetches a row from a given recordset, using field names as keys.
+	 * Fetches a row from a given statement/recordset, using field names as keys.
 	 */
-	public function fetch_assoc($resource)
+	public function fetchAssoc($stmt)
 	{
-		return mysqli_fetch_assoc($resource);
+		return $stmt->fetch(PDO::FETCH_ASSOC);
 	}
 
 	/**
-	 * Fetches a row from a given recordset, using numeric keys.
+	 * Fetches a row from a given statement/recordset, encapsulating into an object.
 	 */
-	public function fetch_row($resource)
+	public function fetchObject($stmt, $class)
 	{
-		return mysqli_fetch_row($resource);
+		return $stmt->fetchObject($class);
 	}
 
 	/**
-	 * Destroys a given recordset.
+	 * Fetches a row from a given statement/recordset, using numeric keys.
 	 */
-	public function free_result($resource)
+	public function fetchNum($stmt)
 	{
-		return mysqli_free_result($resource);
-	}
-
-	public function data_seek($result, $row_num)
-	{
-		return mysqli_data_seek($result, $row_num);
+		return $stmt->fetch(PDO::FETCH_NUM);
 	}
 
 	/**
-	 * Returns the amount of rows in a given recordset.
+	 * Destroys a given statement/recordset.
 	 */
-	public function num_rows($resource)
+	public function free($stmt)
 	{
-		return mysqli_num_rows($resource);
+		return $stmt->closeCursor();
 	}
 
 	/**
-	 * Returns the amount of fields in a given recordset.
+	 * Returns the amount of rows in a given statement/recordset.
 	 */
-	public function num_fields($resource)
+	public function rowCount($stmt)
 	{
-		return mysqli_num_fields($resource);
+		return $stmt->rowCount();
 	}
 
 	/**
-	 * Escapes a string.
+	 * Returns the amount of fields in a given statement/recordset.
 	 */
-	public function escape_string($string)
+	public function columnCount($stmt)
 	{
-		return mysqli_real_escape_string($this->connection, $string);
-	}
-
-	/**
-	 * Unescapes a string.
-	 */
-	public function unescape_string($string)
-	{
-		return stripslashes($string);
-	}
-
-	/**
-	 * Returns the last MySQL error.
-	 */
-	public function error()
-	{
-		return mysqli_error($this->connection);
-	}
-
-	public function server_info()
-	{
-		return mysqli_get_server_info($this->connection);
-	}
-
-	/**
-	 * Selects a database on a given connection.
-	 */
-	public function select_db($database)
-	{
-		return mysqli_select_db($database, $this->connection);
-	}
-
-	/**
-	 * Returns the amount of rows affected by the previous query.
-	 */
-	public function affected_rows()
-	{
-		return mysqli_affected_rows($this->connection);
+		return $stmt->columnCount();
 	}
 
 	/**
 	 * Returns the id of the row created by a previous query.
 	 */
-	public function insert_id()
+	public function insertId($name = null)
 	{
-		return mysqli_insert_id($this->connection);
+		return $this->connection->lastInsertId($name);
 	}
 
 	/**
-	 * Do a MySQL transaction.
+	 * Start a transaction.
 	 */
-	public function transaction($operation = 'commit')
+	public function beginTransaction()
 	{
-		switch ($operation)
-		{
-				case 'begin':
-				case 'rollback':
-				case 'commit':
-					return @mysqli_query($this->connection, strtoupper($operation));
-			default:
-				return false;
-		}
+		return $this->connection->beginTransaction();
 	}
 
 	/**
-	 * Function used as a callback for the preg_match function that parses variables into database queries.
+	 * Rollback changes in a transaction.
 	 */
-	private function replacement_callback($matches)
+	public function rollback()
 	{
-		list ($values, $connection) = $this->db_callback;
+		return $this->connection->rollBack();
+	}
 
-		if (!isset($matches[2]))
-			trigger_error('Invalid value inserted or no type specified.', E_USER_ERROR);
+	/**
+	 * Commit changes in a transaction.
+	 */
+	public function commit()
+	{
+		return $this->connection->commit();
+	}
 
-		if (!isset($values[$matches[2]]))
-			trigger_error('The database value you\'re trying to insert does not exist: ' . htmlspecialchars($matches[2]), E_USER_ERROR);
-
-		$replacement = $values[$matches[2]];
-
-		switch ($matches[1])
+	private function expandPlaceholders($db_string, array &$db_values)
+	{
+		foreach ($db_values as $key => &$value)
 		{
-			case 'int':
-				if ((!is_numeric($replacement) || (string) $replacement !== (string) (int) $replacement) && $replacement !== 'NULL')
-					trigger_error('Wrong value type sent to the database for field: ' . $matches[2] . '. Integer expected.', E_USER_ERROR);
-				return $replacement !== 'NULL' ? (string) (int) $replacement : 'NULL';
-			break;
-
-			case 'string':
-			case 'text':
-				return $replacement !== 'NULL' ? sprintf('\'%1$s\'', mysqli_real_escape_string($connection, $replacement)) : 'NULL';
-			break;
-
-			case 'array_int':
-				if (is_array($replacement))
+			if (str_contains($db_string, ':' . $key))
+			{
+				if (is_array($value))
 				{
-					if (empty($replacement))
-						trigger_error('Database error, given array of integer values is empty.', E_USER_ERROR);
-
-					foreach ($replacement as $key => $value)
-					{
-						if (!is_numeric($value) || (string) $value !== (string) (int) $value)
-							trigger_error('Wrong value type sent to the database for field: ' . $matches[2] . '. Array of integers expected.', E_USER_ERROR);
-
-						$replacement[$key] = (string) (int) $value;
-					}
-
-					return implode(', ', $replacement);
+					throw new UnexpectedValueException('Array ' . $key .
+						' is used as a scalar placeholder. Did you mean to use \'@\' instead?');
 				}
-				else
-					trigger_error('Wrong value type sent to the database for field: ' . $matches[2] . '. Array of integers expected.', E_USER_ERROR);
 
-			break;
-
-			case 'array_string':
-				if (is_array($replacement))
+				// Prepare date/time values
+				if (is_a($value, 'DateTime'))
 				{
-					if (empty($replacement))
-						trigger_error('Database error, given array of string values is empty.', E_USER_ERROR);
-
-					foreach ($replacement as $key => $value)
-						$replacement[$key] = sprintf('\'%1$s\'', mysqli_real_escape_string($connection, $value));
-
-					return implode(', ', $replacement);
+					$value = $value->format('Y-m-d H:i:s');
+				}
+			}
+			elseif (str_contains($db_string, '@' . $key))
+			{
+				if (!is_array($value))
+				{
+					throw new UnexpectedValueException('Scalar value ' . $key .
+						' is used as an array placeholder. Did you mean to use \':\' instead?');
 				}
-				else
-					trigger_error('Wrong value type sent to the database for field: ' . $matches[2] . '. Array of strings expected.', E_USER_ERROR);
-			break;
 
-			case 'date':
-				if (preg_match('~^(\d{4})-([0-1]?\d)-([0-3]?\d)$~', $replacement, $date_matches) === 1)
-					return sprintf('\'%04d-%02d-%02d\'', $date_matches[1], $date_matches[2], $date_matches[3]);
-				elseif ($replacement === 'NULL')
-					return 'NULL';
-				else
-					trigger_error('Wrong value type sent to the database for field: ' . $matches[2] . '. Date expected.', E_USER_ERROR);
-			break;
-
-			case 'datetime':
-				if (is_a($replacement, 'DateTime'))
-					return $replacement->format('\'Y-m-d H:i:s\'');
-				elseif (preg_match('~^(\d{4})-([0-1]?\d)-([0-3]?\d) (\d{2}):(\d{2}):(\d{2})$~', $replacement, $date_matches) === 1)
-					return sprintf('\'%04d-%02d-%02d %02d:%02d:%02d\'', $date_matches[1], $date_matches[2], $date_matches[3], $date_matches[4], $date_matches[5], $date_matches[6]);
-				elseif ($replacement === 'NULL')
-					return 'NULL';
-				else
-					trigger_error('Wrong value type sent to the database for field: ' . $matches[2] . '. DateTime expected.', E_USER_ERROR);
-			break;
-
-			case 'float':
-				if (!is_numeric($replacement) && $replacement !== 'NULL')
-					trigger_error('Wrong value type sent to the database for field: ' . $matches[2] . '. Floating point number expected.', E_USER_ERROR);
-				return $replacement !== 'NULL' ? (string) (float) $replacement : 'NULL';
-			break;
-
-			case 'identifier':
-				// Backticks inside identifiers are supported as of MySQL 4.1. We don't need them here.
-				return '`' . strtr($replacement, array('`' => '', '.' => '')) . '`';
-			break;
-
-			case 'raw':
-				return $replacement;
-			break;
-
-			case 'bool':
-			case 'boolean':
-				// In mysql this is a synonym for tinyint(1)
-				return (bool)$replacement ? 1 : 0;
-			break;
-
-			default:
-				trigger_error('Undefined type <b>' . $matches[1] . '</b> used in the database query', E_USER_ERROR);
-			break;
+				// Create placeholders for all array elements
+				$placeholders = array_map(fn($num) => ':' . $key . $num, range(0, count($value) - 1));
+				$db_string = str_replace('@' . $key, implode(', ', $placeholders), $db_string);
+			}
+			else
+			{
+				// throw new Exception('Warning: unused key in query: ' . $key);
+			}
 		}
-	}
-
-	/**
-	 * Escapes and quotes a string using values passed, and executes the query.
-	 */
-	public function query($db_string, $db_values = array())
-	{
-		// One more query....
-		$this->query_count ++;
-
-		// Overriding security? This is evil!
-		$security_override = $db_values === 'security_override' || !empty($db_values['security_override']);
-
-		// Please, just use new style queries.
-		if (strpos($db_string, '\'') !== false && !$security_override)
-			trigger_error('Hack attempt!', 'Illegal character (\') used in query.', E_USER_ERROR);
-
-		if (!$security_override && !empty($db_values))
-		{
-			// Set some values for use in the callback function.
-			$this->db_callback = array($db_values, $this->connection);
-
-			// Insert the values passed to this function.
-			$db_string = preg_replace_callback('~{([a-z_]+)(?::([a-zA-Z0-9_-]+))?}~', array(&$this, 'replacement_callback'), $db_string);
-
-			// Save some memory.
-			$this->db_callback = [];
-		}
-
-		if (defined("DB_LOG_QUERIES") && DB_LOG_QUERIES)
-			$this->logged_queries[] = $db_string;
-
-		$return = @mysqli_query($this->connection, $db_string, empty($this->unbuffered) ? MYSQLI_STORE_RESULT : MYSQLI_USE_RESULT);
-
-		if (!$return)
-		{
-			$clean_sql = implode("\n", array_map('trim', explode("\n", $db_string)));
-			trigger_error($this->error() . '<br>' . $clean_sql, E_USER_ERROR);
-		}
-
-		return $return;
-	}
-
-	/**
-	 * Escapes and quotes a string just like db_query, but does not execute the query.
-	 * Useful for debugging purposes.
-	 */
-	public function quote($db_string, $db_values = array())
-	{
-		// Please, just use new style queries.
-		if (strpos($db_string, '\'') !== false)
-			trigger_error('Hack attempt!', 'Illegal character (\') used in query.', E_USER_ERROR);
-
-		// Save some values for use in the callback function.
-		$this->db_callback = array($db_values, $this->connection);
-
-		// Insert the values passed to this function.
-		$db_string = preg_replace_callback('~{([a-z_]+)(?::([a-zA-Z0-9_-]+))?}~', array(&$this, 'replacement_callback'), $db_string);
-
-		// Save some memory.
-		$this->db_callback = array();
 
 		return $db_string;
 	}
 
 	/**
-	 * Executes a query, returning an array of all the rows it returns.
+	 * Escapes and quotes a string using values passed, and executes the query.
 	 */
-	public function queryRow($db_string, $db_values = array())
+	public function query($db_string, array $db_values = []): PDOStatement
 	{
-		$res = $this->query($db_string, $db_values);
+		// One more query...
+		$this->query_count++;
 
-		if (!$res || $this->num_rows($res) == 0)
-			return array();
+		// Error out if hardcoded strings are detected
+		if (strpos($db_string, '\'') !== false)
+			throw new UnexpectedValueException('Hack attempt: illegal character (\') used in query.');
 
-		$row = $this->fetch_row($res);
-		$this->free_result($res);
+		if (defined('DB_LOG_QUERIES') && DB_LOG_QUERIES)
+			$this->logged_queries[] = $db_string;
 
-		return $row;
+		try
+		{
+			// Preprocessing/checks: prepare any arrays for binding
+			$db_string = $this->expandPlaceholders($db_string, $db_values);
+
+			// Prepare query for execution
+			$statement = $this->connection->prepare($db_string);
+
+			// Bind parameters... the hard way, due to a limit/offset hack.
+			// NB: bindParam binds by reference, hence &$value here.
+			foreach ($db_values as $key => &$value)
+			{
+				// Assumption: both scalar and array values are preprocessed to use named ':' placeholders
+				if (!str_contains($db_string, ':' . $key))
+					continue;
+
+				if (!is_array($value))
+				{
+					$statement->bindParam(':' . $key, $value);
+					continue;
+				}
+
+				foreach (array_values($value) as $num => &$element)
+				{
+					$statement->bindParam(':' . $key . $num, $element);
+				}
+			}
+
+			$statement->execute();
+			return $statement;
+		}
+		catch (PDOException $e)
+		{
+			ob_start();
+
+			$debug = ob_get_clean();
+
+			throw new Exception($e->getMessage() . "\n" . var_export($e->errorInfo, true) . "\n" . var_export($db_values, true));
+		}
 	}
 
 	/**
-	 * Executes a query, returning an array of all the rows it returns.
+	 * Executes a query, returning an object of the row it returns.
 	 */
-	public function queryRows($db_string, $db_values = array())
+	public function queryObject($class, $db_string, $db_values = [])
 	{
 		$res = $this->query($db_string, $db_values);
 
-		if (!$res || $this->num_rows($res) == 0)
-			return array();
+		if (!$res || $this->rowCount($res) === 0)
+			return null;
 
-		$rows = array();
-		while ($row = $this->fetch_row($res))
-			$rows[] = $row;
+		$object = $this->fetchObject($res, $class);
+		$this->free($res);
 
-		$this->free_result($res);
+		return $object;
+	}
+
+	/**
+	 * Executes a query, returning an array of objects of all the rows returns.
+	 */
+	public function queryObjects($class, $db_string, $db_values = [])
+	{
+		$res = $this->query($db_string, $db_values);
+
+		if (!$res || $this->rowCount($res) === 0)
+			return [];
+
+		$rows = [];
+		while ($object = $this->fetchObject($res, $class))
+			$rows[] = $object;
+
+		$this->free($res);
 
 		return $rows;
 	}
@@ -376,18 +254,53 @@ class Database
 	/**
 	 * Executes a query, returning an array of all the rows it returns.
 	 */
-	public function queryPair($db_string, $db_values = array())
+	public function queryRow($db_string, array $db_values = [])
 	{
 		$res = $this->query($db_string, $db_values);
 
-		if (!$res || $this->num_rows($res) == 0)
-			return array();
+		if ($this->rowCount($res) === 0)
+			return [];
 
-		$rows = array();
-		while ($row = $this->fetch_row($res))
+		$row = $this->fetchNum($res);
+		$this->free($res);
+
+		return $row;
+	}
+
+	/**
+	 * Executes a query, returning an array of all the rows it returns.
+	 */
+	public function queryRows($db_string, array $db_values = [])
+	{
+		$res = $this->query($db_string, $db_values);
+
+		if ($this->rowCount($res) === 0)
+			return [];
+
+		$rows = [];
+		while ($row = $this->fetchNum($res))
+			$rows[] = $row;
+
+		$this->free($res);
+
+		return $rows;
+	}
+
+	/**
+	 * Executes a query, returning an array of all the rows it returns.
+	 */
+	public function queryPair($db_string, array $db_values = [])
+	{
+		$res = $this->query($db_string, $db_values);
+
+		if ($this->rowCount($res) === 0)
+			return [];
+
+		$rows = [];
+		while ($row = $this->fetchNum($res))
 			$rows[$row[0]] = $row[1];
 
-		$this->free_result($res);
+		$this->free($res);
 
 		return $rows;
 	}
@@ -399,17 +312,17 @@ class Database
 	{
 		$res = $this->query($db_string, $db_values);
 
-		if (!$res || $this->num_rows($res) == 0)
-			return array();
+		if (!$res || $this->rowCount($res) === 0)
+			return [];
 
-		$rows = array();
-		while ($row = $this->fetch_assoc($res))
+		$rows = [];
+		while ($row = $this->fetchAssoc($res))
 		{
 			$key_value = reset($row);
 			$rows[$key_value] = $row;
 		}
 
-		$this->free_result($res);
+		$this->free($res);
 
 		return $rows;
 	}
@@ -417,15 +330,15 @@ class Database
 	/**
 	 * Executes a query, returning an associative array of all the rows it returns.
 	 */
-	public function queryAssoc($db_string, $db_values = array())
+	public function queryAssoc($db_string, array $db_values = [])
 	{
 		$res = $this->query($db_string, $db_values);
 
-		if (!$res || $this->num_rows($res) == 0)
-			return array();
+		if ($this->rowCount($res) === 0)
+			return [];
 
-		$row = $this->fetch_assoc($res);
-		$this->free_result($res);
+		$row = $this->fetchAssoc($res);
+		$this->free($res);
 
 		return $row;
 	}
@@ -433,18 +346,18 @@ class Database
 	/**
 	 * Executes a query, returning an associative array of all the rows it returns.
 	 */
-	public function queryAssocs($db_string, $db_values = array(), $connection = null)
+	public function queryAssocs($db_string, array $db_values = [])
 	{
 		$res = $this->query($db_string, $db_values);
 
-		if (!$res || $this->num_rows($res) == 0)
-			return array();
+		if ($this->rowCount($res) === 0)
+			return [];
 
-		$rows = array();
-		while ($row = $this->fetch_assoc($res))
+		$rows = [];
+		while ($row = $this->fetchAssoc($res))
 			$rows[] = $row;
 
-		$this->free_result($res);
+		$this->free($res);
 
 		return $rows;
 	}
@@ -452,16 +365,16 @@ class Database
 	/**
 	 * Executes a query, returning the first value of the first row.
 	 */
-	public function queryValue($db_string, $db_values = array())
+	public function queryValue($db_string, array $db_values = [])
 	{
 		$res = $this->query($db_string, $db_values);
 
 		// If this happens, you're doing it wrong.
-		if (!$res || $this->num_rows($res) == 0)
+		if ($this->rowCount($res) === 0)
 			return null;
 
-		list($value) = $this->fetch_row($res);
-		$this->free_result($res);
+		list($value) = $this->fetchNum($res);
+		$this->free($res);
 
 		return $value;
 	}
@@ -469,18 +382,18 @@ class Database
 	/**
 	 * Executes a query, returning an array of the first value of each row.
 	 */
-	public function queryValues($db_string, $db_values = array())
+	public function queryValues($db_string, array $db_values = [])
 	{
 		$res = $this->query($db_string, $db_values);
 
-		if (!$res || $this->num_rows($res) == 0)
-			return array();
+		if ($this->rowCount($res) === 0)
+			return [];
 
-		$rows = array();
-		while ($row = $this->fetch_row($res))
+		$rows = [];
+		while ($row = $this->fetchNum($res))
 			$rows[] = $row[0];
 
-		$this->free_result($res);
+		$this->free($res);
 
 		return $rows;
 	}
@@ -488,7 +401,7 @@ class Database
 	/**
 	 * This function can be used to insert data into the database in a secure way.
 	 */
-	public function insert($method = 'replace', $table, $columns, $data)
+	public function insert($method, $table, $columns, $data)
 	{
 		// With nothing to insert, simply return.
 		if (empty($data))
@@ -496,40 +409,47 @@ class Database
 
 		// Inserting data as a single row can be done as a single array.
 		if (!is_array($data[array_rand($data)]))
-			$data = array($data);
-
-		// Create the mold for a single row insert.
-		$insertData = '(';
-		foreach ($columns as $columnName => $type)
-		{
-			// Are we restricting the length?
-			if (strpos($type, 'string-') !== false)
-				$insertData .= sprintf('SUBSTRING({string:%1$s}, 1, ' . substr($type, 7) . '), ', $columnName);
-			else
-				$insertData .= sprintf('{%1$s:%2$s}, ', $type, $columnName);
-		}
-		$insertData = substr($insertData, 0, -2) . ')';
-
-		// Create an array consisting of only the columns.
-		$indexed_columns = array_keys($columns);
-
-		// Here's where the variables are injected to the query.
-		$insertRows = array();
-		foreach ($data as $dataRow)
-			$insertRows[] = $this->quote($insertData, array_combine($indexed_columns, $dataRow));
+			$data = [$data];
 
 		// Determine the method of insertion.
-		$queryTitle = $method == 'replace' ? 'REPLACE' : ($method == 'ignore' ? 'INSERT IGNORE' : 'INSERT');
+		$method = $method == 'replace' ? 'REPLACE' : ($method == 'ignore' ? 'INSERT IGNORE' : 'INSERT');
 
-		// Do the insert.
-		return $this->query('
-			' . $queryTitle . ' INTO ' . $table . ' (`' . implode('`, `', $indexed_columns) . '`)
-			VALUES
-				' . implode(',
-				', $insertRows),
-			array(
-				'security_override' => true,
-			)
-		);
+		// What columns are we inserting?
+		$columns = array_keys($data[0]);
+
+		// Start building the query.
+		$db_string = $method . ' INTO ' . $table . ' (' . implode(',', $columns) . ') VALUES ';
+
+		// Create the mold for a single row insert.
+		$placeholders = '(' . substr(str_repeat('?, ', count($columns)), 0, -2) . '), ';
+
+		// Append it for every row we're to insert.
+		$values = [];
+		foreach ($data as $row)
+		{
+			$values = array_merge($values, array_values($row));
+			$db_string .= $placeholders;
+		}
+
+		// Get rid of the tailing comma.
+		$db_string = substr($db_string, 0, -2);
+
+		// Prepare for your impending demise!
+		$statement = $this->connection->prepare($db_string);
+
+		// Bind parameters... the hard way, due to a limit/offset hack.
+		foreach ($values as $key => $value)
+			$statement->bindValue($key + 1, $values[$key]);
+
+		// Handle errors.
+		try
+		{
+			$statement->execute();
+			return $statement;
+		}
+		catch (PDOException $e)
+		{
+			throw new Exception($e->getMessage() . '<br><br>' . $db_string . '<br><br>' . print_r($values, true));
+		}
 	}
 }

models/Dispatcher.php

@@ -8,71 +8,12 @@
 
 class Dispatcher
 {
-	public static function route()
-	{
-		$possibleActions = [
-			'addalbum' => 'EditAlbum',
-			'albums' => 'ViewPhotoAlbums',
-			'editalbum' => 'EditAlbum',
-			'editasset' => 'EditAsset',
-			'edittag' => 'EditTag',
-			'edituser' => 'EditUser',
-			'login' => 'Login',
-			'logout' => 'Logout',
-			'managealbums' => 'ManageAlbums',
-			'manageerrors' => 'ManageErrors',
-			'managetags' => 'ManageTags',
-			'manageusers' => 'ManageUsers',
-			'people' => 'ViewPeople',
-			'resetpassword' => 'ResetPassword',
-			'suggest' => 'ProvideAutoSuggest',
-			'timeline' => 'ViewTimeline',
-			'uploadmedia' => 'UploadMedia',
-		];
-
-		// Work around PHP's FPM not always providing PATH_INFO.
-		if (empty($_SERVER['PATH_INFO']) && isset($_SERVER['REQUEST_URI']))
-		{
-			if (strpos($_SERVER['REQUEST_URI'], '?') === false)
-				$_SERVER['PATH_INFO'] = $_SERVER['REQUEST_URI'];
-			else
-				$_SERVER['PATH_INFO'] = substr($_SERVER['REQUEST_URI'], 0, strpos($_SERVER['REQUEST_URI'], '?'));
-		}
-
-		// Just showing the album index?
-		if (empty($_SERVER['PATH_INFO']) || $_SERVER['PATH_INFO'] == '/')
-		{
-			return new ViewPhotoAlbum();
-		}
-		// Look for particular actions...
-		elseif (preg_match('~^/(?<action>[a-z]+)(?:/page/(?<page>\d+))?/?~', $_SERVER['PATH_INFO'], $path) && isset($possibleActions[$path['action']]))
-		{
-			$_GET = array_merge($_GET, $path);
-			return new $possibleActions[$path['action']]();
-		}
-		// An album, person, or any other tag?
-		elseif (preg_match('~^/(?<tag>.+?)(?:/page/(?<page>\d+))?/?$~', $_SERVER['PATH_INFO'], $path) && Tag::matchSlug($path['tag']))
-		{
-			$_GET = array_merge($_GET, $path);
-			return new ViewPhotoAlbum();
-		}
-		// A photo for sure, then, right?
-		elseif (preg_match('~^/(?<slug>.+?)/?$~', $_SERVER['PATH_INFO'], $path))
-		{
-			$_GET = array_merge($_GET, $path);
-			return new ViewPhoto();
-		}
-		// No idea, then?
-		else
-			throw new NotFoundException();
-	}
-
 	public static function dispatch()
 	{
 		// Let's try to find our bearings!
 		try
 		{
-			$page = self::route();
+			$page = Router::route();
 			$page->showContent();
 		}
 		// Something wasn't found?
@@ -103,13 +44,26 @@ class Dispatcher
 		}
 	}
 
+	public static function errorPage($title, $body)
+	{
+		$page = new MainTemplate($title);
+		$page->adopt(new ErrorPage($title, $body));
+
+		if (Registry::get('user')->isAdmin())
+		{
+			$page->appendStylesheet(BASEURL . '/css/admin.css');
+		}
+
+		$page->html_main();
+	}
+
 	/**
 	 * Kicks a guest to a login form, redirecting them back to this page upon login.
 	 */
-	public static function kickGuest()
+	public static function kickGuest($title = null, $message = null)
 	{
 		$form = new LogInForm('Log in');
-		$form->adopt(new Alert('', 'You need to be logged in to view this page.', 'error'));
+		$form->adopt(new Alert($title ?? '', $message ?? 'You need to be logged in to view this page.', 'danger'));
 		$form->setRedirectUrl($_SERVER['REQUEST_URI']);
 
 		$page = new MainTemplate('Login required');
@@ -119,38 +73,24 @@ class Dispatcher
 		exit;
 	}
 
-	public static function trigger400()
+	private static function trigger400()
 	{
-		header('HTTP/1.1 400 Bad Request');
-		$page = new MainTemplate('Bad request');
-		$page->adopt(new DummyBox('Bad request', '<p>The server does not understand your request.</p>'));
-		$page->html_main();
+		http_response_code(400);
+		self::errorPage('Bad request', 'The server does not understand your request.');
 		exit;
 	}
 
-	public static function trigger403()
+	private static function trigger403()
 	{
-		header('HTTP/1.1 403 Forbidden');
-		$page = new MainTemplate('Access denied');
-		$page->adopt(new DummyBox('Forbidden', '<p>You do not have access to the page you requested.</p>'));
-		$page->html_main();
+		http_response_code(403);
+		self::errorPage('Forbidden', 'You do not have access to this page.');
 		exit;
 	}
 
-	public static function trigger404()
+	private static function trigger404()
 	{
-		header('HTTP/1.1 404 Not Found');
-		$page = new MainTemplate('Page not found');
-
-		if (Registry::has('user') && Registry::get('user')->isAdmin())
-		{
-			$page->appendStylesheet(BASEURL . '/css/admin.css');
-			$page->adopt(new AdminBar());
-		}
-
-		$page->adopt(new DummyBox('Well, this is a bit embarrassing!', '<p>The page you requested could not be found. Don\'t worry, it\'s probably not your fault. You\'re welcome to browse the website, though!</p>', 'errormsg'));
-		$page->addClass('errorpage');
-		$page->html_main();
-		exit;
+		http_response_code(404);
+		$page = new ViewErrorPage('Page not found!');
+		$page->showContent();
 	}
 }

models/EXIF.php

@@ -12,6 +12,7 @@ class EXIF
 	public $iso = 0;
 	public $shutter_speed = 0;
 	public $title = '';
+	public $software = '';
 
 	private function __construct(array $meta)
 	{
@@ -35,6 +36,7 @@ class EXIF
 			'iso' => 0,
 			'shutter_speed' => 0,
 			'title' => '',
+			'software' => '',
 		];
 
 		if (!function_exists('exif_read_data'))
@@ -88,7 +90,9 @@ class EXIF
 
 		if (!empty($exif['Model']))
 		{
-			if (!empty($exif['Make']) && strpos($exif['Model'], $exif['Make']) === false)
+			if (strpos($exif['Model'], 'PENTAX') !== false)
+				$meta['camera'] = trim($exif['Model']);
+			elseif (!empty($exif['Make']) && strpos($exif['Model'], $exif['Make']) === false)
 				$meta['camera'] = trim($exif['Make']) . ' ' . trim($exif['Model']);
 			else
 				$meta['camera'] = trim($exif['Model']);
@@ -96,9 +100,14 @@ class EXIF
 		elseif (!empty($exif['Make']))
 			$meta['camera'] = trim($exif['Make']);
 
-		if (!empty($exif['DateTimeDigitized']))
+		if (!empty($exif['DateTimeOriginal']))
+			$meta['created_timestamp'] = self::toUnixTime($exif['DateTimeOriginal']);
+		elseif (!empty($exif['DateTimeDigitized']))
 			$meta['created_timestamp'] = self::toUnixTime($exif['DateTimeDigitized']);
 
+		if (!empty($exif['Software']))
+			$meta['software'] = $exif['Software'];
+
 		return new self($meta);
 	}
 

models/Email.php

@@ -14,7 +14,7 @@ class Email
 		$boundary = uniqid('sr');
 
 		if (empty($headers))
-			$headers .= "From: HashRU Pics <no-reply@aaronweb.net>\r\n";
+			$headers .= "From: " . SITE_TITLE . " <" . REPLY_TO_ADDRESS . ">\r\n";
 
 		// Set up headers.
 		$headers .= "MIME-Version: 1.0\r\n";
@@ -69,7 +69,7 @@ class Email
 		$row = Registry::get('db')->queryAssoc('
 			SELECT first_name, surname, emailaddress, reset_key
 			FROM users
-			WHERE id_user = {int:id_user}',
+			WHERE id_user = :id_user',
 			[
 				'id_user' => $id_user,
 			]);

models/ErrorHandler.php

@@ -3,7 +3,7 @@
  * ErrorHandler.php
  * Contains key class ErrorHandler.
  *
- * Kabuki CMS (C) 2013-2016, Aaron van Geffen
+ * Kabuki CMS (C) 2013-2025, Aaron van Geffen
  *****************************************************************************/
 
 class ErrorHandler
@@ -47,10 +47,8 @@ class ErrorHandler
 		// Log the error in the database.
 		self::logError($error_message, $debug_info, $file, $line);
 
-		// Are we considering this fatal? Then display and exit.
-		// !!! TODO: should we consider warnings fatal?
-		if (true) // DEBUG || (!DEBUG && $error_level === E_WARNING || $error_level === E_USER_WARNING))
-			self::display($file . ' (' . $line . ')<br>' . $error_message, $debug_info);
+		// Display error and exit.
+		self::display($error_message, $file, $line, $debug_info);
 
 		// If it wasn't a fatal error, well...
 		self::$handling_error = false;
@@ -63,11 +61,11 @@ class ErrorHandler
 
 		// Include info on the contents of superglobals.
 		if (!empty($_SESSION))
-			$debug_info .= "\nSESSION: " . print_r($_SESSION, true);
+			$debug_info .= "\nSESSION: " . var_export($_SESSION, true);
 		if (!empty($_POST))
-			$debug_info .= "\nPOST: " . print_r($_POST, true);
+			$debug_info .= "\nPOST: " . var_export($_POST, true);
 		if (!empty($_GET))
-			$debug_info .= "\nGET: " . print_r($_GET, true);
+			$debug_info .= "\nGET: " . var_export($_GET, true);
 
 		return $debug_info;
 	}
@@ -96,12 +94,17 @@ class ErrorHandler
 			$object = isset($call['class']) ? $call['class'] . $call['type'] : '';
 
 			$args = [];
-			foreach ($call['args'] as $j => $arg)
+			if (isset($call['args']))
 			{
-				if (is_array($arg))
-					$args[$j] = print_r($arg, true);
-				elseif (is_object($arg))
-					$args[$j] = var_dump($arg);
+				foreach ($call['args'] as $j => $arg)
+				{
+					// Only include the class name for objects
+					if (is_object($arg))
+						$args[$j] = get_class($arg) . '{}';
+					// Export everything else -- including arrays
+					else
+						$args[$j] = var_export($arg, true);
+				}
 			}
 
 			$buffer .= '#' . str_pad($i, 3, ' ')
@@ -113,7 +116,7 @@ class ErrorHandler
 	}
 
 	// Logs an error into the database.
-	private static function logError($error_message = '', $debug_info = '', $file = '', $line = 0)
+	public static function logError($error_message = '', $debug_info = '', $file = '', $line = 0)
 	{
 		if (!ErrorLog::log([
 			'message' => $error_message,
@@ -125,15 +128,15 @@ class ErrorHandler
 			'request_uri' => isset($_SERVER['REQUEST_URI']) ? $_SERVER['REQUEST_URI'] : '',
 			]))
 		{
-			header('HTTP/1.1 503 Service Temporarily Unavailable');
-			echo '<h2>An Error Occured</h2><p>Our software could not connect to the database. We apologise for any inconvenience and ask you to check back later.</p>';
+			http_response_code(503);
+			echo '<h2>An Error Occurred</h2><p>Our software could not connect to the database. We apologise for any inconvenience and ask you to check back later.</p>';
 			exit;
 		}
 
 		return $error_message;
 	}
 
-	public static function display($message, $debug_info, $is_sensitive = true)
+	public static function display($message, $file, $line, $debug_info, $is_sensitive = true)
 	{
 		$is_admin = Registry::has('user') && Registry::get('user')->isAdmin();
 
@@ -151,30 +154,30 @@ class ErrorHandler
 			elseif (!$is_sensitive)
 				echo json_encode(['error' => $message]);
 			else
-				echo json_encode(['error' => 'Our apologies, an error occured while we were processing your request. Please try again later, or contact us if the problem persists.']);
+				echo json_encode(['error' => 'Our apologies, an error occurred while we were processing your request. Please try again later, or contact us if the problem persists.']);
 			exit;
 		}
 
 		// Initialise the main template to present a nice message to the user.
-		$page = new MainTemplate('An error occured!');
+		$page = new MainTemplate('An error occurred!');
 
 		// Show the error.
 		$is_admin = Registry::has('user') && Registry::get('user')->isAdmin();
 		if (DEBUG || $is_admin)
 		{
-			$page->adopt(new DummyBox('An error occured!', '<p>' . $message . '</p><pre>' . $debug_info . '</pre>'));
+			$debug_info = sprintf("Trigger point:\n%s (L%d)\n\n%s", $file, $line, $debug_info);
+			$page->adopt(new ErrorPage('An error occurred!', $message, $debug_info));
 
 			// Let's provide the admin navigation despite it all!
 			if ($is_admin)
 			{
 				$page->appendStylesheet(BASEURL . '/css/admin.css');
-				$page->adopt(new AdminBar());
 			}
 		}
 		elseif (!$is_sensitive)
-			$page->adopt(new DummyBox('An error occured!', '<p>' . $message . '</p>'));
+			$page->adopt(new ErrorPage('An error occurred!', '<p>' . $message . '</p>'));
 		else
-			$page->adopt(new DummyBox('An error occured!', '<p>Our apologies, an error occured while we were processing your request. Please try again later, or contact us if the problem persists.</p>'));
+			$page->adopt(new ErrorPage('An error occurred!', 'Our apologies, an error occurred while we were processing your request. Please try again later, or contact us if the problem persists.'));
 
 		// If we got this far, make sure we're not showing stuff twice.
 		ob_end_clean();

models/ErrorLog.php

@@ -17,14 +17,14 @@ class ErrorLog
 			INSERT INTO log_errors
 			(id_user, message, debug_info, file, line, request_uri, time, ip_address)
 			VALUES
-			({int:id_user}, {string:message}, {string:debug_info}, {string:file}, {int:line},
-			 {string:request_uri}, CURRENT_TIMESTAMP, {string:ip_address})',
+			(:id_user, :message, :debug_info, :file, :line,
+			 :request_uri, CURRENT_TIMESTAMP, :ip_address)',
 			$data);
 	}
 
 	public static function flush()
 	{
-		return Registry::get('db')->query('TRUNCATE log_errors');
+		return Registry::get('db')->query('DELETE FROM log_errors');
 	}
 
 	public static function getCount()
@@ -33,4 +33,20 @@ class ErrorLog
 			SELECT COUNT(*)
 			FROM log_errors');
 	}
+
+	public static function getOffset($offset, $limit, $order, $direction)
+	{
+		assert(in_array($order, ['id_entry', 'file', 'line', 'time', 'ipaddress', 'id_user']));
+		$order = $order . ($direction === 'up' ? ' ASC' : ' DESC');
+
+		return Registry::get('db')->queryAssocs('
+			SELECT *
+			FROM log_errors
+			ORDER BY ' . $order . '
+			LIMIT :offset, :limit',
+			[
+				'offset' => $offset,
+				'limit' => $limit,
+			]);
+	}
 }

models/Form.php

@@ -3,30 +3,77 @@
  * Form.php
  * Contains key class Form.
  *
- * Kabuki CMS (C) 2013-2015, Aaron van Geffen
+ * Kabuki CMS (C) 2013-2023, Aaron van Geffen
  *****************************************************************************/
 
 class Form
 {
 	public $request_method;
 	public $request_url;
-	public $content_above;
-	public $content_below;
-	private $fields;
-	private $data;
-	private $missing;
+
+	private $fields = [];
+	public $before_fields;
+	public $after_fields;
+
+	private $submit_caption;
+	public $buttons_extra;
+	private $trim_inputs;
+
+	private $data = [];
+	private $missing = [];
 
 	// NOTE: this class does not verify the completeness of form options.
 	public function __construct($options)
 	{
-		$this->request_method = !empty($options['request_method']) ? $options['request_method'] : 'POST';
-		$this->request_url = !empty($options['request_url']) ? $options['request_url'] : BASEURL;
-		$this->fields = !empty($options['fields']) ? $options['fields'] : [];
-		$this->content_below = !empty($options['content_below']) ? $options['content_below'] : null;
-		$this->content_above = !empty($options['content_above']) ? $options['content_above'] : null;
+		static $optionKeys = [
+			'request_method' => 'POST',
+			'request_url' => BASEURL,
+
+			'fields' => [],
+			'before_fields' => null,
+			'after_fields' => null,
+
+			'submit_caption' => 'Save information',
+			'buttons_extra' => null,
+			'trim_inputs' => true,
+		];
+
+		foreach ($optionKeys as $optionKey => $default)
+			$this->$optionKey = !empty($options[$optionKey]) ? $options[$optionKey] : $default;
 	}
 
-	public function verify($post)
+	public function getFields()
+	{
+		return $this->fields;
+	}
+
+	public function getData()
+	{
+		return $this->data;
+	}
+
+	public function getSubmitButtonCaption()
+	{
+		return $this->submit_caption;
+	}
+
+	public function getMissing()
+	{
+		return $this->missing;
+	}
+
+	public function setData($data)
+	{
+		$this->verify($data, true);
+		$this->missing = [];
+	}
+
+	public function setFieldAsMissing($field)
+	{
+		$this->missing[] = $field;
+	}
+
+	public function verify($post, $initalisation = false)
 	{
 		$this->data = [];
 		$this->missing = [];
@@ -41,30 +88,43 @@ class Form
 			}
 
 			// No data present at all for this field?
-			if ((!isset($post[$field_id]) || $post[$field_id] == '') && empty($field['is_optional']))
+			if ((!isset($post[$field_id]) || $post[$field_id] == '') &&
+				$field['type'] !== 'captcha')
 			{
-				$this->missing[] = $field_id;
-				$this->data[$field_id] = '';
+				if (empty($field['is_optional']))
+					$this->missing[] = $field_id;
+
+				if ($field['type'] === 'select' && !empty($field['multiple']))
+					$this->data[$field_id] = [];
+				else
+					$this->data[$field_id] = '';
+
 				continue;
 			}
 
-			// Verify data for all fields
+			// Should we trim this?
+			if ($this->trim_inputs && $field['type'] !== 'captcha' && empty($field['multiple']))
+				$post[$field_id] = trim($post[$field_id]);
+
+			// Using a custom validation function?
+			if (isset($field['validate']) && is_callable($field['validate']))
+			{
+				// Validation functions can clean up the data if passed by reference
+				$this->data[$field_id] = $post[$field_id];
+
+				// Evaluate validation functions as boolean to see if data is missing
+				if (!$field['validate']($post[$field_id]))
+					$this->missing[] = $field_id;
+
+				continue;
+			}
+
+			// Verify data by field type
 			switch ($field['type'])
 			{
 				case 'select':
 				case 'radio':
-					// Skip validation? Dangerous territory!
-					if (isset($field['verify_options']) && $field['verify_options'] === false)
-						$this->data[$field_id] = $post[$field_id];
-					// Check whether selected option is valid.
-					elseif (isset($post[$field_id]) && !isset($field['options'][$post[$field_id]]))
-					{
-						$this->missing[] = $field_id;
-						$this->data[$field_id] = '';
-						continue;
-					}
-					else
-						$this->data[$field_id] = $post[$field_id];
+					$this->validateSelect($field_id, $field, $post);
 					break;
 
 				case 'checkbox':
@@ -73,61 +133,22 @@ class Form
 					break;
 
 				case 'color':
-					// Colors are stored as a string of length 3 or 6 (hex)
-					if (!isset($post[$field_id]) || (strlen($post[$field_id]) != 3 && strlen($post[$field_id]) != 6))
-					{
-						$this->missing[] = $field_id;
-						$this->data[$field_id] = '';
-						continue;
-					}
-					else
-						$this->data[$field_id] = $post[$field_id];
+					$this->validateColor($field_id, $field, $post);
 					break;
 
 				case 'file':
-					// Needs to be verified elsewhere!
+					// Asset needs to be processed out of POST! This is just a filename.
+					$this->data[$field_id] = isset($post[$field_id]) ? $post[$field_id] : '';
 					break;
 
 				case 'numeric':
-					$data = isset($post[$field_id]) ? $post[$field_id] : '';
-					// Do we need to check bounds?
-					if (isset($field['min_value']) && is_numeric($data))
-					{
-						if (is_float($field['min_value']) && (float) $data < $field['min_value'])
-						{
-							$this->missing[] = $field_id;
-							$this->data[$field_id] = 0.0;
-						}
-						elseif (is_int($field['min_value']) && (int) $data < $field['min_value'])
-						{
-							$this->missing[] = $field_id;
-							$this->data[$field_id] = 0;
-						}
-						else
-							$this->data[$field_id] = $data;
-					}
-					elseif (isset($field['max_value']) && is_numeric($data))
-					{
-						if (is_float($field['max_value']) && (float) $data > $field['max_value'])
-						{
-							$this->missing[] = $field_id;
-							$this->data[$field_id] = 0.0;
-						}
-						elseif (is_int($field['max_value']) && (int) $data > $field['max_value'])
-						{
-							$this->missing[] = $field_id;
-							$this->data[$field_id] = 0;
-						}
-						else
-							$this->data[$field_id] = $data;
-					}
-					// Does it look numeric?
-					elseif (is_numeric($data))
-					{
-						$this->data[$field_id] = $data;
-					}
-					// Let's consider it missing, then.
-					else
+					$this->validateNumeric($field_id, $field, $post);
+					break;
+
+				case 'captcha':
+					if (isset($_POST['g-recaptcha-response']) && !$initalisation)
+						$this->validateCaptcha($field_id);
+					elseif (!$initalisation)
 					{
 						$this->missing[] = $field_id;
 						$this->data[$field_id] = 0;
@@ -137,29 +158,200 @@ class Form
 				case 'text':
 				case 'textarea':
 				default:
-					$this->data[$field_id] = isset($post[$field_id]) ? $post[$field_id] : '';
+					$this->validateText($field_id, $field, $post);
 			}
 		}
 	}
 
-	public function setData($data)
+	private function validateCaptcha($field_id)
 	{
-		$this->verify($data);
-		$this->missing = [];
+		$postdata = http_build_query([
+			'secret' => RECAPTCHA_API_SECRET,
+			'response' => $_POST['g-recaptcha-response'],
+		]);
+
+		$opts = [
+			'http' => [
+				'method'  => 'POST',
+				'header'  => 'Content-type: application/x-www-form-urlencoded',
+				'content' => $postdata,
+			]
+		];
+
+		$context  = stream_context_create($opts);
+		$result = file_get_contents('https://www.google.com/recaptcha/api/siteverify', false, $context);
+		$check = json_decode($result);
+
+		if ($check->success)
+		{
+			$this->data[$field_id] = 1;
+		}
+		else
+		{
+			$this->data[$field_id] = 0;
+			$this->missing[] = $field_id;
+		}
 	}
 
-	public function getFields()
+	private function validateColor($field_id, array $field, array $post)
 	{
-		return $this->fields;
+		// Colors are stored as a string of length 3 or 6 (hex)
+		if (!isset($post[$field_id]) || (strlen($post[$field_id]) != 3 && strlen($post[$field_id]) != 6))
+		{
+			$this->missing[] = $field_id;
+			$this->data[$field_id] = '';
+		}
+		else
+			$this->data[$field_id] = $post[$field_id];
 	}
 
-	public function getData()
+	private function validateNumeric($field_id, array $field, array $post)
 	{
-		return $this->data;
+		$data = isset($post[$field_id]) ? $post[$field_id] : '';
+
+		// Sanity check: does this even look numeric?
+		if (!is_numeric($data))
+		{
+			$this->missing[] = $field_id;
+			$this->data[$field_id] = 0;
+			return;
+		}
+
+		// Do we need to a minimum bound?
+		if (isset($field['min_value']))
+		{
+			if (is_float($field['min_value']) && (float) $data < $field['min_value'])
+			{
+				$this->missing[] = $field_id;
+				$this->data[$field_id] = 0.0;
+			}
+			elseif (is_int($field['min_value']) && (int) $data < $field['min_value'])
+			{
+				$this->missing[] = $field_id;
+				$this->data[$field_id] = 0;
+			}
+		}
+
+		// What about a maximum bound?
+		if (isset($field['max_value']))
+		{
+			if (is_float($field['max_value']) && (float) $data > $field['max_value'])
+			{
+				$this->missing[] = $field_id;
+				$this->data[$field_id] = 0.0;
+			}
+			elseif (is_int($field['max_value']) && (int) $data > $field['max_value'])
+			{
+				$this->missing[] = $field_id;
+				$this->data[$field_id] = 0;
+			}
+		}
+
+		$this->data[$field_id] = $data;
 	}
 
-	public function getMissing()
+	private function validateSelect($field_id, array $field, array $post)
 	{
-		return $this->missing;
+		// Skip validation? Dangerous territory!
+		if (isset($field['verify_options']) && $field['verify_options'] === false)
+		{
+			$this->data[$field_id] = $post[$field_id];
+			return;
+		}
+
+		// Check whether selected option is valid.
+		if (($field['type'] !== 'select' || empty($field['multiple'])) && empty($field['has_groups']))
+		{
+			if (isset($post[$field_id]) && !isset($field['options'][$post[$field_id]]))
+			{
+				$this->missing[] = $field_id;
+				$this->data[$field_id] = '';
+				return;
+			}
+			else
+				$this->data[$field_id] = $post[$field_id];
+		}
+		// Multiple selections involve a bit more work.
+		elseif (!empty($field['multiple']) && empty($field['has_groups']))
+		{
+			$this->data[$field_id] = [];
+			if (!is_array($post[$field_id]))
+			{
+				if (isset($field['options'][$post[$field_id]]))
+					$this->data[$field_id][] = $post[$field_id];
+				else
+					$this->missing[] = $field_id;
+				return;
+			}
+
+			foreach ($post[$field_id] as $option)
+			{
+				if (isset($field['options'][$option]))
+					$this->data[$field_id][] = $option;
+			}
+
+			if (empty($this->data[$field_id]))
+				$this->missing[] = $field_id;
+		}
+		// Any optgroups involved?
+		elseif (!empty($field['has_groups']))
+		{
+			if (!isset($post[$field_id]))
+			{
+				$this->missing[] = $field_id;
+				$this->data[$field_id] = '';
+				return;
+			}
+
+			// Expensive: iterate over all groups until the value selected has been found.
+			foreach ($field['options'] as $label => $options)
+			{
+				if (is_array($options))
+				{
+					// Consider each of the options as a valid a value.
+					foreach ($options as $value => $label)
+					{
+						if ($post[$field_id] === $value)
+						{
+							$this->data[$field_id] = $options;
+							return;
+						}
+					}
+				}
+				else
+				{
+					// This is an ungrouped value in disguise! Treat it as such.
+					if ($post[$field_id] === $options)
+					{
+						$this->data[$field_id] = $options;
+						return;
+					}
+					else
+						continue;
+				}
+			}
+
+			// If we've reached this point, we'll consider the data invalid.
+			$this->missing[] = $field_id;
+			$this->data[$field_id] = '';
+		}
+		else
+		{
+			throw new UnexpectedValueException('Unexpected field configuration in validateSelect!');
+		}
+	}
+
+	private function validateText($field_id, array $field, array $post)
+	{
+		$this->data[$field_id] = isset($post[$field_id]) ? $post[$field_id] : '';
+
+		// Trim leading and trailing whitespace?
+		if (!empty($field['trim']))
+			$this->data[$field_id] = trim($this->data[$field_id]);
+
+		// Is there a length limit to enforce?
+		if (isset($field['maxlength']) && strlen($post[$field_id]) > $field['maxlength']) {
+			$post[$field_id] = substr($post[$field_id], 0, $field['maxlength']);
+		}
 	}
 }

models/GenericTable.php

@@ -3,92 +3,91 @@
  * GenericTable.php
  * Contains key class GenericTable.
  *
- * Kabuki CMS (C) 2013-2015, Aaron van Geffen
+ * Kabuki CMS (C) 2013-2023, Aaron van Geffen
  *****************************************************************************/
 
-class GenericTable extends PageIndex
+class GenericTable
 {
-	protected $header = [];
-	protected $body = [];
-	protected $page_index = [];
+	private $header = [];
+	private $body = [];
+	private $pageIndex = null;
+	private $currentPage = 1;
 
-	protected $title;
-	protected $title_class;
-	protected $tableIsSortable = false;
-	protected $recordCount;
-	protected $needsPageIndex = false;
-	protected $current_page;
-	protected $num_pages;
+	private $title;
+	private $title_class;
 
 	public $form_above;
 	public $form_below;
+	private $table_class;
+	private $sort_direction;
+	private $sort_order;
+	private $base_url;
+	private $start;
+	private $items_per_page;
+	private $recordCount;
 
 	public function __construct($options)
 	{
-		// Make sure we're actually sorting on something sortable.
-		if (!isset($options['sort_order']) || (!empty($options['sort_order']) && empty($options['columns'][$options['sort_order']]['is_sortable'])))
-			$options['sort_order'] = '';
+		$this->initOrder($options);
+		$this->initPagination($options);
 
-		// Order in which direction?
-		if (!empty($options['sort_direction']) && !in_array($options['sort_direction'], array('up', 'down')))
-			$options['sort_direction'] = 'up';
-
-		// Make sure we know whether we can actually sort on something.
-		$this->tableIsSortable = !empty($options['base_url']);
-
-		// How much stuff do we have?
-		$this->recordCount = call_user_func_array($options['get_count'], !empty($options['get_count_params']) ? $options['get_count_params'] : array());
-
-		// Should we create a page index?
-		$this->items_per_page = !empty($options['items_per_page']) ? $options['items_per_page'] : 30;
-		$this->needsPageIndex = !empty($this->items_per_page) && $this->recordCount > $this->items_per_page;
-		$this->index_class = isset($options['index_class']) ? $options['index_class'] : '';
-
-		// Figure out where to start.
-		$this->start = empty($options['start']) || !is_numeric($options['start']) || $options['start'] < 0 || $options['start'] > $this->recordCount ? 0 : $options['start'];
-
-		// Let's bear a few things in mind...
-		$this->base_url = $options['base_url'];
-
-		// This should be set at all times, too.
-		if (empty($options['no_items_label']))
-			$options['no_items_label'] = '';
-
-		// Gather parameters for the data gather function first.
-		$parameters = array($this->start, $this->items_per_page, $options['sort_order'], $options['sort_direction']);
-		if (!empty($options['get_data_params']) && is_array($options['get_data_params']))
-			$parameters = array_merge($parameters, $options['get_data_params']);
-
-		// Okay, let's fetch the data!
-		$data = call_user_func_array($options['get_data'], $parameters);
-
-		// Clean up a bit.
-		$rows = $data['rows'];
-		$this->sort_order = $data['order'];
-		$this->sort_direction = $data['direction'];
-		unset($data);
+		$data = $options['get_data']($this->start, $this->items_per_page,
+			$this->sort_order, $this->sort_direction);
 
 		// Okay, now for the column headers...
 		$this->generateColumnHeaders($options);
 
-		// Generate a pagination if requested
-		if ($this->needsPageIndex)
-			$this->generatePageIndex();
+		// Should we create a page index?
+		if ($this->recordCount > $this->items_per_page)
+			$this->generatePageIndex($options);
 
-		// Not a single row in sight?
-		if (empty($rows))
-			$this->body = $options['no_items_label'];
-		// Otherwise, parse it all!
+		// Process the data to be shown into rows.
+		if (!empty($data))
+			$this->processAllRows($data, $options);
 		else
-			$this->parseAllRows($rows, $options);
+			$this->body = $options['no_items_label'] ?? '';
+
+		$this->table_class = $options['table_class'] ?? '';
 
 		// Got a title?
-		$this->title = isset($options['title']) ? htmlentities($options['title']) : '';
-		$this->title_class = isset($options['title_class']) ? $options['title_class'] : '';
+		$this->title = $options['title'] ?? '';
+		$this->title_class = $options['title_class'] ?? '';
 
 		// Maybe even a form or two?
-		$this->form_above = isset($options['form_above']) ? $options['form_above'] : (isset($options['form']) ? $options['form'] : null);
-		$this->form_below = isset($options['form_below']) ? $options['form_below'] : (isset($options['form']) ? $options['form'] : null);
+		$this->form_above = $options['form_above'] ?? $options['form'] ?? null;
+		$this->form_below = $options['form_below'] ?? $options['form'] ?? null;
+	}
+
+	private function initOrder($options)
+	{
+		assert(isset($options['default_sort_order']));
+		assert(isset($options['default_sort_direction']));
+
+		// Validate sort order (column)
+		$this->sort_order = $options['sort_order'];
+		if (empty($this->sort_order) || empty($options['columns'][$this->sort_order]['is_sortable']))
+			$this->sort_order = $options['default_sort_order'];
+
+		// Validate sort direction
+		$this->sort_direction = $options['sort_direction'];
+		if (empty($this->sort_direction) || !in_array($this->sort_direction, ['up', 'down']))
+			$this->sort_direction = $options['default_sort_direction'];
+	}
+
+	private function initPagination(array $options)
+	{
+		assert(isset($options['base_url']));
+		assert(isset($options['items_per_page']));
+
+		$this->base_url = $options['base_url'];
+
+		$this->recordCount = $options['get_count']();
+		$this->items_per_page = !empty($options['items_per_page']) ? $options['items_per_page'] : 30;
+
+		$this->start = empty($options['start']) || !is_numeric($options['start']) || $options['start'] < 0 || $options['start'] > $this->recordCount ? 0 : $options['start'];
+
+		$numPages = max(1, ceil($this->recordCount / $this->items_per_page));
+		$this->currentPage = min(ceil($this->start / $this->items_per_page) + 1, $numPages);
 	}
 
 	private function generateColumnHeaders($options)
@@ -98,116 +97,39 @@ class GenericTable extends PageIndex
 			if (empty($column['header']))
 				continue;
 
-			$header = array(
+			$isSortable = !empty($column['is_sortable']);
+			$sortDirection = $key == $this->sort_order && $this->sort_direction === 'up' ? 'down' : 'up';
+
+			$header = [
 				'class' => isset($column['class']) ? $column['class'] : '',
+				'cell_class' => isset($column['cell_class']) ? $column['cell_class'] : null,
 				'colspan' => !empty($column['header_colspan']) ? $column['header_colspan'] : 1,
-				'href' => !$this->tableIsSortable || empty($column['is_sortable']) ? '' : $this->getLink($this->start, $key, $key == $this->sort_order && $this->sort_direction == 'up' ? 'down' : 'up'),
+				'href' => $isSortable ? $this->getHeaderLink($this->start, $key, $sortDirection) : null,
 				'label' => $column['header'],
 				'scope' => 'col',
 				'sort_mode' => $key == $this->sort_order ? $this->sort_direction : null,
 				'width' => !empty($column['header_width']) && is_int($column['header_width']) ? $column['header_width'] : null,
-			);
+			];
 
 			$this->header[] = $header;
 		}
 	}
 
-	private function parseAllRows($rows, $options)
+	private function generatePageIndex($options)
 	{
-		foreach ($rows as $i => $row)
-		{
-			$className = $i & 1 ? 'even' : 'odd';
-			if (isset($options['row_classifier']))
-				$className .= $options['row_classifier']($row);
-
-			$newRow = [
-				'class' => $className,
-				'cells' => [],
-			];
-
-			foreach ($options['columns'] as $column)
-			{
-				if (isset($column['enabled']) && $column['enabled'] == false)
-					continue;
-
-				// The hard way?
-				if (isset($column['parse']))
-				{
-					if (!isset($column['parse']['type']))
-						$column['parse']['type'] = 'value';
-
-					// Parse the basic value first.
-					switch ($column['parse']['type'])
-					{
-						// value: easy as pie.
-						default:
-						case 'value':
-							$value = $row[$column['parse']['data']];
-							break;
-
-						// sprintf: filling the gaps!
-						case 'sprintf':
-							$parameters = array($column['parse']['data']['pattern']);
-							foreach ($column['parse']['data']['arguments'] as $identifier)
-								$parameters[] = $row[$identifier];
-							$value = call_user_func_array('sprintf', $parameters);
-							break;
-
-						// timestamps: let's make them readable!
-						case 'timestamp':
-							if (empty($column['parse']['data']['pattern']) || $column['parse']['data']['pattern'] === 'long')
-								$pattern = '%F %H:%M';
-							elseif ($column['parse']['data']['pattern'] === 'short')
-								$pattern = '%F';
-							else
-								$pattern = $column['parse']['data']['pattern'];
-
-							if (!is_numeric($row[$column['parse']['data']['timestamp']]))
-								$timestamp = strtotime($row[$column['parse']['data']['timestamp']]);
-							else
-								$timestamp = (int) $row[$column['parse']['data']['timestamp']];
-
-							if (isset($column['parse']['data']['if_null']) && $timestamp == 0)
-								$value = $column['parse']['data']['if_null'];
-							else
-								$value = strftime($pattern, $timestamp);
-							break;
-
-						// function: the flexible way!
-						case 'function':
-							$value = $column['parse']['data']($row);
-							break;
-					}
-
-					// Generate a link, if requested.
-					if (!empty($column['parse']['link']))
-					{
-						// First, generate the replacement variables.
-						$keys = array_keys($row);
-						$values = array_values($row);
-						foreach ($keys as $keyKey => $keyValue)
-							$keys[$keyKey] = '{' . strtoupper($keyValue) . '}';
-
-						$value = '<a href="' . str_replace($keys, $values, $column['parse']['link']) . '">' . $value . '</a>';
-					}
-				}
-				// The easy way!
-				else
-					$value = $row[$column['value']];
-
-				// Append the cell to the row.
-				$newRow['cells'][] = array(
-					'width' => !empty($column['cell_width']) && is_int($column['cell_width']) ? $column['cell_width'] : null,
-					'value' => $value,
-				);
-			}
-
-			// Append the new row in the body.
-			$this->body[] = $newRow;
-		}
+		$this->pageIndex = new PageIndex([
+			'base_url' => $this->base_url,
+			'index_class' => $options['index_class'] ?? '',
+			'items_per_page' => $this->items_per_page,
+			'linkBuilder' => [$this, 'getHeaderLink'],
+			'recordCount' => $this->recordCount,
+			'sort_direction' => $this->sort_direction,
+			'sort_order' => $this->sort_order,
+			'start' => $this->start,
+		]);
 	}
 
-	public function getLink($start = null, $order = null, $dir = null)
+	public function getHeaderLink($start = null, $order = null, $dir = null)
 	{
 		if ($start === null)
 			$start = $this->start;
@@ -224,12 +146,6 @@ class GenericTable extends PageIndex
 		return $this->start;
 	}
 
-	public function getArray()
-	{
-		// Makes no sense to call it for a table, but inherits from PageIndex due to poor design, sorry.
-		throw new Exception('Function call is ambiguous.');
-	}
-
 	public function getHeader()
 	{
 		return $this->header;
@@ -240,6 +156,21 @@ class GenericTable extends PageIndex
 		return $this->body;
 	}
 
+	public function getCurrentPage()
+	{
+		return $this->currentPage;
+	}
+
+	public function getPageIndex()
+	{
+		return $this->pageIndex;
+	}
+
+	public function getTableClass()
+	{
+		return $this->table_class;
+	}
+
 	public function getTitle()
 	{
 		return $this->title;
@@ -249,4 +180,82 @@ class GenericTable extends PageIndex
 	{
 		return $this->title_class;
 	}
+
+	private function processAllRows($rows, $options)
+	{
+		foreach ($rows as $i => $row)
+		{
+			$newRow = [
+				'cells' => [],
+			];
+
+			foreach ($options['columns'] as $column)
+			{
+				// Process formatting
+				if (isset($column['format']) && is_callable($column['format']))
+					$value = $column['format']($row);
+				elseif (isset($column['format']))
+					$value = self::processFormatting($column['format'], $row);
+				else
+					$value = $row[$column['value']];
+
+				// Turn value into a link?
+				if (!empty($column['link']))
+					$value = $this->processLink($column['link'], $value, $row);
+
+				// Append the cell to the row.
+				$newRow['cells'][] = [
+					'class' => $column['cell_class'] ?? '',
+					'value' => $value,
+				];
+			}
+
+			// Append the new row in the body.
+			$this->body[] = $newRow;
+		}
+	}
+
+	private function processFormatting($options, $rowData)
+	{
+		if ($options['type'] === 'timestamp')
+		{
+			if (empty($options['pattern']) || $options['pattern'] === 'long')
+				$pattern = 'Y-m-d H:i';
+			elseif ($options['pattern'] === 'short')
+				$pattern = 'Y-m-d';
+			else
+				$pattern = $options['pattern'];
+
+			assert(array_key_exists($options['value'], $rowData));
+			if (isset($rowData[$options['value']]) && !is_numeric($rowData[$options['value']]))
+				$timestamp = strtotime($rowData[$options['value']]);
+			else
+				$timestamp = (int) $rowData[$options['value']];
+
+			if (isset($options['if_null']) && $timestamp == 0)
+				$value = $options['if_null'];
+			else
+				$value = date($pattern, $timestamp);
+
+			return $value;
+		}
+		else
+			throw ValueError('Unexpected formatter type: ' . $options['type']);
+	}
+
+	private function processLink($template, $value, array $rowData)
+	{
+		$href = $this->rowReplacements($template, $rowData);
+		return '<a href="' . $href . '">' . $value . '</a>';
+	}
+
+	private function rowReplacements($template, array $rowData)
+	{
+		$keys = array_keys($rowData);
+		$values = array_values($rowData);
+		foreach ($keys as $keyKey => $keyValue)
+			$keys[$keyKey] = '{' . strtoupper($keyValue) . '}';
+
+		return str_replace($keys, $values, $template);
+	}
 }

models/Guest.php

@@ -21,7 +21,7 @@ class Guest extends User
 		$this->is_guest = true;
 		$this->is_admin = false;
 		$this->first_name = 'Guest';
-		$this->last_name = '';
+		$this->surname = '';
 	}
 
 	public function updateAccessTime()

models/Image.php

@@ -12,17 +12,11 @@ class Image extends Asset
 	const TYPE_LANDSCAPE = 2;
 	const TYPE_PORTRAIT = 4;
 
-	protected function __construct(array $data)
-	{
-		foreach ($data as $attribute => $value)
-			$this->$attribute = $value;
-	}
-
 	public static function fromId($id_asset, $return_format = 'object')
 	{
 		$asset = parent::fromId($id_asset, 'array');
 		if ($asset)
-			return $return_format == 'object' ? new Image($asset) : $asset;
+			return $return_format === 'object' ? new Image($asset) : $asset;
 		else
 			return false;
 	}
@@ -34,7 +28,7 @@ class Image extends Asset
 
 		$assets = parent::fromIds($id_assets, 'array');
 
-		if ($return_format == 'array')
+		if ($return_format === 'array')
 			return $assets;
 		else
 		{
@@ -67,14 +61,33 @@ class Image extends Asset
 		return EXIF::fromFile($this->getPath());
 	}
 
-	public function getPath()
+	public function getImageUrls($width = null, $height = null)
 	{
-		return ASSETSDIR . '/' . $this->subdir . '/' . $this->filename;
+		$image_urls = [];
+		if (isset($width) || isset($height))
+		{
+			$thumbnail = new Thumbnail($this);
+			$image_urls[1] = $this->getThumbnailUrl($width, $height, false);
+
+			// Can we afford to generate double-density thumbnails as well?
+			if ((!isset($width) || $this->image_width >= $width * 2) &&
+				(!isset($height) || $this->image_height >= $height * 2))
+				$image_urls[2] = $this->getThumbnailUrl($width * 2, $height * 2, false);
+			else
+				$image_urls[2] = $this->getThumbnailUrl($this->image_width, $this->image_height, true);
+		}
+		else
+			$image_urls[1] = $this->getUrl();
+
+		return $image_urls;
 	}
 
-	public function getUrl()
+	public function getInlineImage($width = null, $height = null, $className = 'inline-image')
 	{
-		return ASSETSURL . '/' . $this->subdir . '/' . $this->filename;
+		$image_urls = $this->getImageUrls($width, $height);
+
+		return '<img class="' . $className . '" src="' . $image_urls[1] . '" alt=""' .
+			(isset($image_urls[2]) ? ' srcset="' . $image_urls[2] . ' 2x"' : '') . '>';
 	}
 
 	/**
@@ -82,221 +95,17 @@ class Image extends Asset
 	 * @param height: height of the thumbnail.
 	 * @param crop: whether and how to crop original image to fit. [false|true|'top'|'center'|'bottom']
 	 * @param fit: whether to fit the image to given boundaries [true], or use them merely as an estimation [false].
+	 * @param generate: whether or not to generate a thumbnail if no existing file was found.
 	 */
-	public function getThumbnailUrl($width, $height, $crop = true, $fit = true)
+	public function getThumbnailUrl($width, $height, $crop = true, $fit = true, $generate = false)
 	{
-		// First, assert the image's dimensions are properly known in the database.
-		if (!isset($this->image_height, $this->image_width))
-			throw new UnexpectedValueException('Image width or height is undefined -- inconsistent database?');
-
-		// Inferring width or height?
-		if (!$height)
-			$height = ceil($width / $this->image_width * $this->image_height);
-		elseif (!$width)
-			$width = ceil($height / $this->image_height * $this->image_width);
-
-		// Inferring the height from the original image's ratio?
-		if (!$fit)
-			$height = floor($width / ($this->image_width / $this->image_height));
-
-		// Assert we have both, now...
-		if (empty($width) || empty($height))
-			throw new InvalidArgumentException('Expecting at least either width or height as argument.');
-
-		// If we're cropping, verify we're in the right mode.
-		if ($crop)
-		{
-			// If the original image's aspect ratio is much wider, take a slice instead.
-			if ($this->image_width / $this->image_height > $width / $height)
-				$crop = 'slice';
-
-			// We won't be cropping if the thumbnail is proportional to its original.
-			if (abs($width / $height - $this->image_width / $this->image_height) <= 0.05)
-				$crop = false;
-		}
-
-		// Do we have an exact crop boundary for these dimensions?
-		$crop_selector = "crop_{$width}x{$height}";
-		if (isset($this->meta[$crop_selector]))
-			$crop = 'exact';
-
-		// Now, do we need to suffix the filename?
-		if ($crop)
-			$suffix = '_c' . (is_string($crop) && $crop !== 'center' ? substr($crop, 0, 1) : '');
-		else
-			$suffix = '';
-
-		// Check whether we already resized this earlier.
-		$thumb_selector = "thumb_{$width}x{$height}{$suffix}";
-		if (isset($this->meta[$thumb_selector]) && file_exists(THUMBSDIR . '/' . $this->subdir . '/' . $this->meta[$thumb_selector]))
-			return THUMBSURL . '/' . $this->subdir . '/' . $this->meta[$thumb_selector];
-
-		// Do we have a custom thumbnail on file?
-		$custom_selector = "custom_{$width}x{$height}";
-		if (isset($this->meta[$custom_selector]))
-		{
-			if (file_exists(ASSETSDIR . '/' . $this->subdir . '/' . $this->meta[$custom_selector]))
-			{
-				// Copy the custom thumbail to the general thumbnail directory.
-				copy(ASSETSDIR . '/' . $this->subdir . '/' . $this->meta[$custom_selector],
-					THUMBSDIR . '/' . $this->subdir . '/' . $this->meta[$custom_selector]);
-
-				// Let's remember this for future reference.
-				$this->meta[$thumb_selector] = $this->meta[$custom_selector];
-				$this->save();
-
-				return THUMBSURL . '/' . $this->subdir . '/' . $this->meta[$custom_selector];
-			}
-			else
-				throw new UnexpectedValueException('Custom thumbnail expected, but missing in file system!');
-		}
-
-		// Let's try some arcane stuff...
-		try
-		{
-			if (!class_exists('Imagick'))
-				throw new Exception("The PHP module 'imagick' appears to be disabled. Please enable it to use image resampling functions.");
-
-			$thumb = new Imagick(ASSETSDIR . '/' . $this->subdir . '/' . $this->filename);
-
-			// The image might have some orientation set through EXIF. Let's apply this first.
-			self::applyRotation($thumb);
-
-			// Just resizing? Easy peasy.
-			if (!$crop)
-				$thumb->resizeImage($width, $height, Imagick::FILTER_LANCZOS, 1);
-			// Cropping in the center?
-			elseif ($crop === true || $crop === 'center')
-				$thumb->cropThumbnailImage($width, $height);
-			// Exact cropping? We can do that.
-			elseif ($crop === 'exact')
-			{
-				list($crop_width, $crop_height, $crop_x_pos, $crop_y_pos) = explode(',', $this->meta[$crop_selector]);
-				$thumb->cropImage($crop_width, $crop_height, $crop_x_pos, $crop_y_pos);
-				$thumb->resizeImage($width, $height, Imagick::FILTER_LANCZOS, 1);
-			}
-			// Advanced cropping? Fun!
-			else
-			{
-				$size = $thumb->getImageGeometry();
-
-				// Taking a horizontal slice from the top or bottom of the original image?
-				if ($crop === 'top' || $crop === 'bottom')
-				{
-					$crop_width = $size['width'];
-					$crop_height = floor($size['width'] / $width * $height);
-					$target_x = 0;
-					$target_y = $crop === 'top' ? 0 : $size['height'] - $crop_height;
-				}
-				// Otherwise, we're taking a vertical slice from the centre.
-				else
-				{
-					$crop_width = floor($size['height'] / $height * $width);
-					$crop_height = $size['height'];
-					$target_x = floor(($size['width'] - $crop_width) / 2);
-					$target_y = 0;
-				}
-
-				$thumb->cropImage($crop_width, $crop_height, $target_x, $target_y);
-				$thumb->resizeImage($width, $height, Imagick::FILTER_LANCZOS, 1);
-			}
-
-			// What sort of image is this? Fall back to PNG if we must.
-			switch ($thumb->getImageFormat())
-			{
-				case 'JPEG':
-					$ext = 'jpg';
-					$thumb->setImageCompressionQuality(60);
-					break;
-
-				case 'GIF':
-					$ext = 'gif';
-					break;
-
-				case 'PNG':
-				default:
-					$thumb->setFormat('PNG');
-					$ext = 'png';
-					break;
-			}
-
-			// So, how do we name this?
-			$thumbfilename = substr($this->filename, 0, strrpos($this->filename, '.')) . "_{$width}x{$height}{$suffix}.$ext";
-
-			// Ensure the thumbnail subdirectory exists.
-			if (!is_dir(THUMBSDIR . '/' . $this->subdir))
-				mkdir(THUMBSDIR . '/' . $this->subdir, 0755, true);
-
-			// Save it in a public spot.
-			$thumb->writeImage(THUMBSDIR . '/' . $this->subdir . '/' . $thumbfilename);
-			$thumb->clear();
-			$thumb->destroy();
-		}
-		// Blast! Curse your sudden but inevitable betrayal!
-		catch (ImagickException $e)
-		{
-			throw new Exception('ImageMagick error occurred while generating thumbnail. Output: ' . $e->getMessage());
-		}
-
-		// Let's remember this for future reference.
-		$this->meta[$thumb_selector] = $thumbfilename;
-		$this->save();
-
-		// Ah yes, you wanted a URL, didn't you...
-		return THUMBSURL . '/' . $this->subdir . '/' . $this->meta[$thumb_selector];
+		$thumbnail = new Thumbnail($this);
+		return $thumbnail->getUrl($width, $height, $crop, $fit, $generate);
 	}
 
-	private static function applyRotation(Imagick $image)
+	public function getId()
 	{
-		switch ($image->getImageOrientation())
-		{
-			// Clockwise rotation
-			case Imagick::ORIENTATION_RIGHTTOP:
-				$image->rotateImage("#000", 90);
-				break;
-
-			// Counter-clockwise rotation
-			case Imagick::ORIENTATION_LEFTBOTTOM:
-				$image->rotateImage("#000", 270);
-				break;
-
-			// Upside down?
-			case Imagick::ORIENTATION_BOTTOMRIGHT:
-				$image->rotateImage("#000", 180);
-		}
-
-		// Having rotated the image, make sure the EXIF data is set properly.
-		$image->setImageOrientation(Imagick::ORIENTATION_TOPLEFT);
-	}
-
-	public function bestColor()
-	{
-		// Save some computations if we can.
-		if (isset($this->meta['best_color']))
-			return $this->meta['best_color'];
-
-		// Find out what colour is most prominent.
-		$color = new BestColor($this);
-		$this->meta['best_color'] = $color->hex();
-		$this->save();
-
-		// There's your colour.
-		return $this->meta['best_color'];
-	}
-
-	public function bestLabelColor()
-	{
-		// Save some computations if we can.
-		if (isset($this->meta['best_color_label']))
-			return $this->meta['best_color_label'];
-
-		// Find out what colour is most prominent.
-		$color = new BestColor($this);
-		$this->meta['best_color_label'] = $color->rgba();
-		$this->save();
-
-		// There's your colour.
-		return $this->meta['best_color_label'];
+		return $this->id_asset;
 	}
 
 	public function width()
@@ -309,37 +118,79 @@ class Image extends Asset
 		return $this->image_height;
 	}
 
+	public function ratio()
+	{
+		return $this->image_width / $this->image_height;
+	}
+
 	public function isPanorama()
 	{
-		return $this->image_width / $this->image_height > 2;
+		return $this->ratio() >= 2;
 	}
 
 	public function isPortrait()
 	{
-		return $this->image_width / $this->image_height < 1;
+		return $this->ratio() < 1;
 	}
 
 	public function isLandscape()
 	{
-		$ratio = $this->image_width / $this->image_height;
+		$ratio = $this->ratio();
 		return $ratio >= 1 && $ratio <= 2;
 	}
 
+	public function getType()
+	{
+		if ($this->isPortrait())
+			return self::TYPE_PORTRAIT;
+		elseif ($this->isPanorama())
+			return self::TYPE_PANORAMA;
+		else
+			return self::TYPE_LANDSCAPE;
+	}
+
+	public function getThumbnails()
+	{
+		return $this->thumbnails;
+	}
+
 	public function removeAllThumbnails()
 	{
-		foreach ($this->meta as $key => $value)
+		foreach ($this->thumbnails as $key => $filename)
 		{
-			if (substr($key, 0, 6) !== 'thumb_')
-				continue;
-
-			$thumb_path = THUMBSDIR . '/' . $this->subdir . '/' . $value;
+			$thumb_path = THUMBSDIR . '/' . $this->subdir . '/' . $filename;
 			if (is_file($thumb_path))
 				unlink($thumb_path);
-
-			unset($this->meta[$key]);
 		}
 
-		$this->saveMetaData();
+		return Registry::get('db')->query('
+			DELETE FROM assets_thumbs
+			WHERE id_asset = :id_asset',
+			['id_asset' => $this->id_asset]);
+	}
+
+	public function removeThumbnailsOfSize($width, $height)
+	{
+		foreach ($this->thumbnails as $key => $filename)
+		{
+			if (strpos($key, $width . 'x' . $height) !== 0)
+				continue;
+
+			$thumb_path = THUMBSDIR . '/' . $this->subdir . '/' . $filename;
+			if (is_file($thumb_path))
+				unlink($thumb_path);
+		}
+
+		return Registry::get('db')->query('
+			DELETE FROM assets_thumbs
+			WHERE id_asset = :id_asset AND
+				width = :width AND
+				height = :height',
+			[
+				'height' => $height,
+				'id_asset' => $this->id_asset,
+				'width' => $width,
+			]);
 	}
 
 	public function replaceThumbnail($descriptor, $tmp_file)
@@ -347,7 +198,7 @@ class Image extends Asset
 		if (!is_file($tmp_file))
 			return -1;
 
-		if (!isset($this->meta[$descriptor]))
+		if (!isset($this->thumbnails[$descriptor]))
 			return -2;
 
 		$image = new Imagick($tmp_file);
@@ -355,12 +206,12 @@ class Image extends Asset
 		unset($image);
 
 		// Check whether dimensions match.
-		$test_descriptor = 'thumb_' . $d['width'] . 'x' . $d['height'];
+		$test_descriptor = $d['width'] . 'x' . $d['height'];
 		if ($descriptor !== $test_descriptor && strpos($descriptor, $test_descriptor . '_') === false)
 			return -3;
 
 		// Save the custom thumbnail in the assets directory.
-		$destination = ASSETSDIR . '/' . $this->subdir . '/' . $this->meta[$descriptor];
+		$destination = ASSETSDIR . '/' . $this->subdir . '/' . $this->thumbnails[$descriptor];
 		if (file_exists($destination) && !is_writable($destination))
 			return -4;
 
@@ -368,7 +219,7 @@ class Image extends Asset
 			return -5;
 
 		// Copy it to the thumbnail directory, overwriting the automatically generated one, too.
-		$destination = THUMBSDIR . '/' . $this->subdir . '/' . $this->meta[$descriptor];
+		$destination = THUMBSDIR . '/' . $this->subdir . '/' . $this->thumbnails[$descriptor];
 		if (file_exists($destination) && !is_writable($destination))
 			return -6;
 
@@ -376,7 +227,7 @@ class Image extends Asset
 			return -7;
 
 		// A little bookkeeping
-		$this->meta['custom_' . $d['width'] . 'x' . $d['height']] = $this->meta[$descriptor];
+		$this->meta['custom_' . $d['width'] . 'x' . $d['height']] = $this->thumbnails[$descriptor];
 		$this->saveMetaData();
 		return 0;
 	}

models/MainMenu.php

@@ -0,0 +1,40 @@
+<?php
+/*****************************************************************************
+ * MainMenu.php
+ * Contains the main navigation logic.
+ *
+ * Kabuki CMS (C) 2013-2023, Aaron van Geffen
+ *****************************************************************************/
+
+class MainMenu extends Menu
+{
+	public function __construct()
+	{
+		$this->items = [
+			[
+				'uri' => '/',
+				'label' => 'Albums',
+			],
+			[
+				'uri' => '/people/',
+				'label' => 'People',
+			],
+			[
+				'uri' => '/timeline/',
+				'label' => 'Timeline',
+			],
+		];
+
+		foreach ($this->items as $i => $item)
+		{
+			if (isset($item['uri']))
+				$this->items[$i]['url'] = BASEURL . $item['uri'];
+
+			if (!isset($item['subs']))
+				continue;
+
+			foreach ($item['subs'] as $j => $subitem)
+				$this->items[$i]['subs'][$j]['url'] = BASEURL . $subitem['uri'];
+		}
+	}
+}

models/Member.php

@@ -8,7 +8,7 @@
 
 class Member extends User
 {
-	private function __construct($data)
+	private function __construct($data = [])
 	{
 		foreach ($data as $key => $value)
 			$this->$key = $value;
@@ -18,12 +18,21 @@ class Member extends User
 		$this->is_admin = $this->is_admin == 1;
 	}
 
+	public static function fromEmailAddress($email_address)
+	{
+		return Registry::get('db')->queryObject(static::class, '
+			SELECT *
+			FROM users
+			WHERE emailaddress = :email_address',
+			['email_address' => $email_address]);
+	}
+
 	public static function fromId($id_user)
 	{
 		$row = Registry::get('db')->queryAssoc('
 			SELECT *
 			FROM users
-			WHERE id_user = {int:id_user}',
+			WHERE id_user = :id_user',
 			[
 				'id_user' => $id_user,
 			]);
@@ -40,7 +49,7 @@ class Member extends User
 		$row = Registry::get('db')->queryAssoc('
 			SELECT *
 			FROM users
-			WHERE slug = {string:slug}',
+			WHERE slug = :slug',
 			[
 				'slug' => $slug,
 			]);
@@ -68,6 +77,7 @@ class Member extends User
 			'creation_time' => time(),
 			'ip_address' => isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : '',
 			'is_admin' => empty($data['is_admin']) ? 0 : 1,
+			'reset_key' => '',
 		];
 
 		if ($error)
@@ -83,12 +93,13 @@ class Member extends User
 			'creation_time' => 'int',
 			'ip_address' => 'string-45',
 			'is_admin' => 'int',
+			'reset_key' => 'string-16'
 		], $new_user, ['id_user']);
 
 		if (!$bool)
 			return false;
 
-		$new_user['id_user'] = $db->insert_id();
+		$new_user['id_user'] = $db->insertId();
 		$member = new Member($new_user);
 
 		return $member;
@@ -110,16 +121,19 @@ class Member extends User
 				$this->is_admin = $value == 1 ? 1 : 0;
 		}
 
+		$params = get_object_vars($this);
+		$params['is_admin'] = $this->is_admin ? 1 : 0;
+
 		return Registry::get('db')->query('
 			UPDATE users
 			SET
-				first_name = {string:first_name},
-				surname = {string:surname},
-				slug = {string:slug},
-				emailaddress = {string:emailaddress},
-				password_hash = {string:password_hash},
-				is_admin = {int:is_admin}
-			WHERE id_user = {int:id_user}',
+				first_name = :first_name,
+				surname = :surname,
+				slug = :slug,
+				emailaddress = :emailaddress,
+				password_hash = :password_hash,
+				is_admin = :is_admin
+			WHERE id_user = :id_user',
 			get_object_vars($this));
 	}
 
@@ -131,7 +145,7 @@ class Member extends User
 	{
 		return Registry::get('db')->query('
 			DELETE FROM users
-			WHERE id_user = {int:id_user}',
+			WHERE id_user = :id_user',
 			['id_user' => $this->id_user]);
 	}
 
@@ -146,7 +160,7 @@ class Member extends User
 		$res = Registry::get('db')->queryValue('
 			SELECT id_user
 			FROM users
-			WHERE emailaddress = {string:emailaddress}',
+			WHERE emailaddress = :emailaddress',
 			[
 				'emailaddress' => $emailaddress,
 			]);
@@ -162,9 +176,9 @@ class Member extends User
 		return Registry::get('db')->query('
 			UPDATE users
 			SET
-				last_action_time = {int:now},
-				ip_address = {string:ip}
-			WHERE id_user = {int:id}',
+				last_action_time = :now,
+				ip_address = :ip
+			WHERE id_user = :id',
 			[
 				'now' => time(),
 				'id' => $this->id_user,
@@ -184,9 +198,36 @@ class Member extends User
 			FROM users');
 	}
 
+	public static function getOffset($offset, $limit, $order, $direction)
+	{
+		assert(in_array($order, ['id_user', 'surname', 'first_name', 'slug', 'emailaddress', 'last_action_time', 'ip_address', 'is_admin']));
+		$order = $order . ($direction === 'up' ? ' ASC' : ' DESC');
+
+		return Registry::get('db')->queryAssocs('
+			SELECT *
+			FROM users
+			ORDER BY ' . $order . '
+			LIMIT :offset, :limit',
+			[
+				'offset' => $offset,
+				'limit' => $limit,
+			]);
+	}
+
 	public function getProps()
 	{
 		// We should probably phase out the use of this function, or refactor the access levels of member properties...
 		return get_object_vars($this);
 	}
+
+	public static function getMemberMap()
+	{
+		return Registry::get('db')->queryPair('
+			SELECT id_user, CONCAT(first_name, :blank, surname) AS full_name
+			FROM users
+			ORDER BY first_name, surname',
+			[
+				'blank' => ' ',
+			]);
+	}
 }

models/Menu.php

@@ -0,0 +1,17 @@
+<?php
+/*****************************************************************************
+ * Menu.php
+ * Contains all navigational menus.
+ *
+ * Kabuki CMS (C) 2013-2023, Aaron van Geffen
+ *****************************************************************************/
+
+abstract class Menu
+{
+	protected $items = [];
+
+	public function getItems()
+	{
+		return $this->items;
+	}
+}

models/PageIndex.php

@@ -8,26 +8,47 @@
 
 class PageIndex
 {
-	protected $page_index = [];
-	protected $current_page = 1;
-	protected $items_per_page = 0;
-	protected $needsPageIndex = false;
-	protected $num_pages = 1;
-	protected $recordCount = 0;
-	protected $start = 0;
-	protected $sort_order = null;
-	protected $sort_direction = null;
-	protected $base_url;
-	protected $index_class = 'pagination';
-	protected $page_slug = '%AMP%page=%PAGE%';
+	private $base_url;
+	private $current_page = 1;
+	private $index_class = 'pagination';
+	private $items_per_page = 0;
+	private $linkBuilder;
+	private $needsPageIndex = false;
+	private $num_pages = 1;
+	private $page_index = [];
+	private $page_slug = '%AMP%page=%PAGE%';
+	private $recordCount = 0;
+	private $sort_direction = null;
+	private $sort_order = null;
+	private $start = 0;
 
 	public function __construct($options)
 	{
-		foreach ($options as $key => $value)
-			$this->$key = $value;
+		static $neededKeys = ['base_url', 'items_per_page', 'recordCount'];
+		foreach ($neededKeys as $key)
+		{
+			if (!isset($options[$key]))
+				throw new Exception('PageIndex: argument ' . $key . ' missing in options');
+
+			$this->$key = $options[$key];
+		}
+
+		static $optionalKeys = ['index_class', 'linkBuilder', 'page_slug', 'sort_direction', 'sort_order', 'start'];
+		foreach ($optionalKeys as $key)
+			if (isset($options[$key]))
+				$this->$key = $options[$key];
+
 		$this->generatePageIndex();
 	}
 
+	private function buildLink($start = null, $order = null, $dir = null)
+	{
+		if (isset($this->linkBuilder))
+			return call_user_func($this->linkBuilder, $start, $order, $dir);
+		else
+			return $this->getLink($start, $order, $dir);
+	}
+
 	protected function generatePageIndex()
 	{
 		/*
@@ -42,9 +63,9 @@ class PageIndex
 			   lower     current/cont. pgs.       center            upper
 		*/
 
-		$this->num_pages = ceil($this->recordCount / $this->items_per_page);
+		$this->num_pages = max(1, ceil($this->recordCount / $this->items_per_page));
 		$this->current_page = min(ceil($this->start / $this->items_per_page) + 1, $this->num_pages);
-		if ($this->num_pages == 0)
+		if ($this->num_pages <= 1)
 		{
 			$this->needsPageIndex = false;
 			return;
@@ -68,7 +89,7 @@ class PageIndex
 			$this->page_index[$p] = [
 				'index' => $p,
 				'is_selected' => $this->current_page == $p,
-				'href'=> $this->getLink(($p - 1) * $this->items_per_page, $this->sort_order, $this->sort_direction),
+				'href'=> $this->buildLink(($p - 1) * $this->items_per_page, $this->sort_order, $this->sort_direction),
 			];
 
 		// The center of the page index.
@@ -81,7 +102,7 @@ class PageIndex
 			$this->page_index[$center] = [
 				'index' => $center,
 				'is_selected' => $this->current_page == $center,
-				'href'=> $this->getLink(($center - 1) * $this->items_per_page, $this->sort_order, $this->sort_direction),
+				'href'=> $this->buildLink(($center - 1) * $this->items_per_page, $this->sort_order, $this->sort_direction),
 			];
 		}
 
@@ -94,7 +115,7 @@ class PageIndex
 			$this->page_index[$p] = [
 				'index' => $p,
 				'is_selected' => $this->current_page == $p,
-				'href'=> $this->getLink(($p - 1) * $this->items_per_page, $this->sort_order, $this->sort_direction),
+				'href'=> $this->buildLink(($p - 1) * $this->items_per_page, $this->sort_order, $this->sort_direction),
 			];
 
 		// The center of the page index.
@@ -107,7 +128,7 @@ class PageIndex
 			$this->page_index[$center] = [
 				'index' => $center,
 				'is_selected' => $this->current_page == $center,
-				'href'=> $this->getLink(($center - 1) * $this->items_per_page, $this->sort_order, $this->sort_direction),
+				'href'=> $this->buildLink(($center - 1) * $this->items_per_page, $this->sort_order, $this->sort_direction),
 			];
 		}
 
@@ -120,7 +141,7 @@ class PageIndex
 			$this->page_index[$p] = [
 				'index' => $p,
 				'is_selected' => $this->current_page == $p,
-				'href'=> $this->getLink(($p - 1) * $this->items_per_page, $this->sort_order, $this->sort_direction),
+				'href'=> $this->buildLink(($p - 1) * $this->items_per_page, $this->sort_order, $this->sort_direction),
 			];
 
 		// Previous page?
@@ -134,34 +155,25 @@ class PageIndex
 
 	public function getLink($start = null, $order = null, $dir = null)
 	{
-		$url = $this->base_url;
-		$amp = strpos($this->base_url, '?') ? '&' : '?';
+		$page = !is_string($start) ? ($start / $this->items_per_page) + 1 : $start;
+		$url = $this->base_url . str_replace('%PAGE%', $page, $this->page_slug);
 
-		if (!empty($start))
-		{
-			$page = $start !== '%d' ? ($start / $this->items_per_page) + 1 : $start;
-			$url .= strtr($this->page_slug, ['%PAGE%' => $page, '%AMP%' => $amp]);
-			$amp = '&';
-		}
+		$urlParams = [];
 		if (!empty($order))
-		{
-			$url .= $amp . 'order=' . $order;
-			$amp = '&';
-		}
+			$urlParams['order'] = $order;
 		if (!empty($dir))
+			$urlParams['dir'] = $dir;
+
+		if (!empty($urlParams))
 		{
-			$url .= $amp . 'dir=' . $dir;
-			$amp = '&';
+			$queryString = (strpos($uri, '?') !== false ? '&' : '?');
+			$queryString .= http_build_query($urlParams);
+			$url .= $queryString;
 		}
 
 		return $url;
 	}
 
-	public function getArray()
-	{
-		return $this->page_index;
-	}
-
 	public function getPageIndex()
 	{
 		return $this->page_index;

models/PhotoMosaic.php

@@ -8,163 +8,255 @@
 
 class PhotoMosaic
 {
-	private $queue = [];
+	private bool $descending;
+	private AssetIterator $iterator;
+	private array $layouts;
+	private int $processedImages = 0;
+	private array $queue = [];
 
+	const IMAGE_MASK_ALL = Image::TYPE_PORTRAIT | Image::TYPE_LANDSCAPE | Image::TYPE_PANORAMA;
 	const NUM_DAYS_CUTOFF = 7;
+	const NUM_BATCH_PHOTOS = 6;
 
 	public function __construct(AssetIterator $iterator)
 	{
 		$this->iterator = $iterator;
+		$this->layouts = $this->availableLayouts();
+		$this->descending = $iterator->isDescending();
 	}
 
-	public function __destruct()
+	private function availableLayouts()
 	{
-		$this->iterator->clean();
+		static $layouts = [
+			// Single panorama
+			'panorama' => [Image::TYPE_PANORAMA],
+
+			// A whopping six landscapes?
+			'sixLandscapes' => [Image::TYPE_LANDSCAPE, Image::TYPE_LANDSCAPE, Image::TYPE_LANDSCAPE,
+								Image::TYPE_LANDSCAPE, Image::TYPE_LANDSCAPE, Image::TYPE_LANDSCAPE],
+
+			// Big-small juxtapositions
+			'sidePortrait' => [Image::TYPE_PORTRAIT, Image::TYPE_LANDSCAPE, Image::TYPE_LANDSCAPE,
+													 Image::TYPE_LANDSCAPE, Image::TYPE_LANDSCAPE],
+			'sideLandscape' => [Image::TYPE_LANDSCAPE, Image::TYPE_LANDSCAPE, Image::TYPE_LANDSCAPE],
+
+			// Single row of three
+			'threeLandscapes' => [Image::TYPE_LANDSCAPE, Image::TYPE_LANDSCAPE, Image::TYPE_LANDSCAPE],
+			'threePortraits' => [Image::TYPE_PORTRAIT, Image::TYPE_PORTRAIT, Image::TYPE_PORTRAIT],
+
+			// Dual layouts
+			'dualLandscapes' => [Image::TYPE_LANDSCAPE, Image::TYPE_LANDSCAPE],
+			'dualPortraits' => [Image::TYPE_PORTRAIT, Image::TYPE_PORTRAIT],
+			'dualMixed' => [Image::TYPE_LANDSCAPE, Image::TYPE_PORTRAIT],
+
+			// Fallback layouts
+			'singleLandscape' => [Image::TYPE_LANDSCAPE],
+			'singlePortrait' => [Image::TYPE_PORTRAIT],
+		];
+
+		return $layouts;
 	}
 
-	public static function getRecentPhotos()
+	private static function daysApart(DateTime $a, DateTime $b)
 	{
-		return new self(AssetIterator::getByOptions([
-			'tag' => 'photo',
-			'order' => 'date_captured',
-			'direction' => 'desc',
-			'limit' => 15, // worst case: 3 rows * (portrait + 4 thumbs)
-		]));
+		return $a->diff($b)->days;
 	}
 
-	private static function matchTypeMask(Image $image, $type_mask)
-	{
-		return ($type_mask & Image::TYPE_PANORAMA)  && $image->isPanorama()  ||
-			   ($type_mask & Image::TYPE_LANDSCAPE) && $image->isLandscape() ||
-			   ($type_mask & Image::TYPE_PORTRAIT)  && $image->isPortrait();
-	}
-
-	private function fetchImage($desired_type = Image::TYPE_PORTRAIT | Image::TYPE_LANDSCAPE | Image::TYPE_PANORAMA, Image $refDateImage = null)
+	private function fetchImage($desired_type = self::IMAGE_MASK_ALL, ?DateTime $refDate = null)
 	{
 		// First, check if we have what we're looking for in the queue.
 		foreach ($this->queue as $i => $image)
 		{
+			// Give up on the queue once the dates are too far apart
+			if (isset($refDate) && abs(self::daysApart($image->getDateCaptured(), $refDate)) > self::NUM_DAYS_CUTOFF)
+			{
+				break;
+			}
+
 			// Image has to match the desired type and be taken within a week of the reference image.
-			if (self::matchTypeMask($image, $desired_type) && !(isset($refDateImage) && abs(self::daysApart($image, $refDateImage)) > self::NUM_DAYS_CUTOFF))
+			if (self::matchTypeMask($image, $desired_type))
 			{
 				unset($this->queue[$i]);
 				return $image;
 			}
 		}
 
-		// Check whatever's next up!
-		while (($asset = $this->iterator->next()) && ($image = $asset->getImage()))
+		// Check whatever's up next!
+		// NB: not is not a `foreach` so as to not reset the iterator implicitly
+		while ($this->iterator->valid())
 		{
-			// Image has to match the desired type and be taken within a week of the reference image.
-			if (self::matchTypeMask($image, $desired_type) && !(isset($refDateImage) && abs(self::daysApart($image, $refDateImage)) > self::NUM_DAYS_CUTOFF))
-				return $image;
-			else
+			$asset = $this->iterator->current();
+			$image = $asset->getImage();
+			$this->iterator->next();
+
+			// Give up on the recordset once dates are too far apart
+			if (isset($refDate) && abs(self::daysApart($image->getDateCaptured(), $refDate)) > self::NUM_DAYS_CUTOFF)
+			{
 				$this->pushToQueue($image);
+				break;
+			}
+
+			// Image has to match the desired type and be taken within a week of the reference image.
+			if (self::matchTypeMask($image, $desired_type))
+			{
+				return $image;
+			}
+			else
+			{
+				$this->pushToQueue($image);
+			}
 		}
 
 		return false;
 	}
 
-	private function pushToQueue(Image $image)
+	public function fetchImages($num, $refDate = null, $spec = self::IMAGE_MASK_ALL)
 	{
-		$this->queue[] = $image;
-	}
+		$refDate = null;
+		$prevImage = true;
+		$images = [];
 
-	private static function orderPhotos(Image $a, Image $b)
-	{
-		// Show images of highest priority first.
-		$priority_diff = $a->getPriority() - $b->getPriority();
-		if ($priority_diff !== 0)
-			return -$priority_diff;
+		for ($i = 0; $i < $num || !$prevImage; $i++)
+		{
+			$image = $this->fetchImage($spec, $refDate);
+			if ($image !== false)
+			{
+				$images[] = $image;
+				$refDate = $image->getDateCaptured();
+				$prevImage = $image;
+			}
+		}
 
-		// In other cases, we'll just show the newest first.
-		return $a->getDateCaptured() > $b->getDateCaptured() ? -1 : 1;
-	}
-
-	private static function daysApart(Image $a, Image $b)
-	{
-		return $a->getDateCaptured()->diff($b->getDateCaptured())->days;
+		return $images;
 	}
 
 	public function getRow()
 	{
-		// Fetch the first image...
-		$image = $this->fetchImage();
+		$requiredImages = array_map('count', $this->layouts);
+		$currentImages = $this->fetchImages(self::NUM_BATCH_PHOTOS);
+		$selectedLayout = null;
 
-		// No image at all?
-		if (!$image)
+		if (empty($currentImages))
+		{
+			// Ensure we have no images left in the iterator before giving up
+			assert($this->processedImages === $this->iterator->num());
 			return false;
-
-		// Is it a panorama? Then we've got our row!
-		elseif ($image->isPanorama())
-			return [[$image], 'panorama'];
-
-		// Alright, let's initalise a proper row, then.
-		$photos = [$image];
-		$num_portrait  = $image->isPortrait()  ? 1 : 0;
-		$num_landscape = $image->isLandscape() ? 1 : 0;
-
-		// Get an initial batch of non-panorama images to work with.
-		for ($i = 1; $i < 3 && ($image = $this->fetchImage(Image::TYPE_LANDSCAPE | Image::TYPE_PORTRAIT, $image)); $i++)
-		{
-			$num_portrait  += $image->isPortrait()  ? 1 : 0;
-			$num_landscape += $image->isLandscape() ? 1 : 0;
-			$photos[] = $image;
 		}
 
-		// Sort photos by priority and date captured.
-		usort($photos, 'self::orderPhotos');
+		// Assign fitness score for each layout
+		$fitnessScores = $this->getScoresByLayout($currentImages);
+		$scoresByLayout = array_map(fn($el) => $el[0], $fitnessScores);
 
-		// Three portraits?
-		if ($num_portrait === 3)
-			return [$photos, 'portraits'];
+		// Select the best-fitting layout
+		$bestLayouts = array_keys($scoresByLayout, max($scoresByLayout));
+		$bestLayout = $bestLayouts[0];
+		$layoutImages = $fitnessScores[$bestLayout][1];
 
-		// At least one portrait?
-		if ($num_portrait >= 1)
+		// Push any unused back into the queue
+		if (count($layoutImages) < count($currentImages))
 		{
-			// Grab two more landscapes, so we can put a total of four tiles on the side.
-			for ($i = 0; $image && $i < 2 && ($image = $this->fetchImage(Image::TYPE_LANDSCAPE | Image::TYPE_PORTRAIT, $image)); $i++)
-				$photos[] = $image;
-
-			// We prefer to have the portrait on the side, so prepare to process that first.
-			usort($photos, function($a, $b) {
-				if ($a->isPortrait() && !$b->isPortrait())
-					return -1;
-				elseif ($b->isPortrait() && !$a->isPortrait())
-					return 1;
-				else
-					return self::orderPhotos($a, $b);
+			$diff = array_udiff($currentImages, $layoutImages, function($a, $b) {
+				return $a->getId() <=> $b->getId();
 			});
-
-			// We might not have a full set of photos, but only bother if we have at least three.
-			if (count($photos) > 3)
-				return [$photos, 'portrait'];
+			array_map([$this, 'pushToQueue'], $diff);
 		}
 
-		// One landscape at least, hopefully?
-		if ($num_landscape >= 1)
+		// Finally, allow tweaking image order through display priority
+		usort($layoutImages, [$this, 'orderPhotosByPriority']);
+
+		// Done! Return the result
+		$this->processedImages += count($layoutImages);
+		return [$layoutImages, $bestLayout];
+	}
+
+	public function getScoreForRow(array $images, array $specs)
+	{
+		assert(count($images) === count($specs));
+
+		$score = 0;
+		foreach ($images as $i => $image)
 		{
-			if (count($photos) === 3)
-			{
-				// We prefer to have the landscape on the side, so prepare to process that first.
-				usort($photos, function($a, $b) {
-					if ($a->isLandscape() && !$b->isLandscape())
-						return -1;
-					elseif ($b->isLandscape() && !$a->isLandscape())
-						return 1;
-					else
-						return self::orderPhotos($a, $b);
-				});
-
-				return [$photos, 'landscape'];
-			}
-			elseif (count($photos) === 2)
-				return [$photos, 'duo'];
+			if (self::matchTypeMask($image, $specs[$i]))
+				$score += 1;
 			else
-				return [$photos, 'single'];
+				$score -= 10;
 		}
 
-		// A boring set it is, then.
-		return [$photos, 'row'];
+		return $score;
+	}
+
+	public function getScoresByLayout(array $candidateImages)
+	{
+		$fitnessScores = [];
+		foreach ($this->layouts as $layout => $requiredImageTypes)
+		{
+			// If we don't have enough candidate images for this layout, skip it
+			if (count($candidateImages) < count($requiredImageTypes))
+				continue;
+
+			$imageSelection = [];
+			$remainingImages = $candidateImages;
+
+			// Try to satisfy the layout spec using the images available
+			foreach ($requiredImageTypes as $spec)
+			{
+				foreach ($remainingImages as $i => $candidate)
+				{
+					// Satisfied spec from selection?
+					if (self::matchTypeMask($candidate, $spec))
+					{
+						$imageSelection[] = $candidate;
+						unset($remainingImages[$i]);
+						continue 2;
+					}
+				}
+
+				// Unable to satisfy spec from selection
+				break;
+			}
+
+			// Have we satisfied the spec? Great, assign a score
+			if (count($imageSelection) === count($requiredImageTypes))
+			{
+				$score = $this->getScoreForRow($imageSelection, $requiredImageTypes);
+				$fitnessScores[$layout] = [$score, $imageSelection];
+
+				// Perfect score? Bail out early
+				if ($score === count($requiredImageTypes))
+					break;
+			}
+		}
+
+		return $fitnessScores;
+	}
+
+	private static function matchTypeMask(Image $image, $type_mask)
+	{
+		return $image->getType() & $type_mask;
+	}
+
+	private static function orderPhotosByPriority(Image $a, Image $b)
+	{
+		// Leave images of different types as-is
+		if ($a->isLandscape() !== $b->isLandscape())
+			return 0;
+
+		// Otherwise, show images of highest priority first
+		$priority_diff = $a->getPriority() - $b->getPriority();
+		return -$priority_diff;
+	}
+
+	private function orderQueueByDate()
+	{
+		usort($this->queue, function($a, $b) {
+			$score = $a->getDateCaptured() <=> $b->getDateCaptured();
+			return $score * ($this->descending ? -1 : 1);
+		});
+	}
+
+	private function pushToQueue(Image $image)
+	{
+		$this->queue[] = $image;
+		$this->orderQueueByDate();
 	}
 }

models/Registry.php

@@ -24,7 +24,7 @@ class Registry
 	public static function get($key)
 	{
 		if (!isset(self::$storage[$key]))
-			trigger_error('Key does not exist in Registry: ' . $key, E_USER_ERROR);
+			throw new Exception('Key does not exist in Registry: ' . $key);
 
 		return self::$storage[$key];
 	}
@@ -32,7 +32,7 @@ class Registry
 	public static function remove($key)
 	{
 		if (!isset(self::$storage[$key]))
-			trigger_error('Key does not exist in Registry: ' . $key, E_USER_ERROR);
+			throw new Exception('Key does not exist in Registry: ' . $key);
 
 		unset(self::$storage[$key]);
 	}

models/Router.php

@@ -0,0 +1,78 @@
+<?php
+/*****************************************************************************
+ * Router.php
+ * Contains key class Router.
+ *
+ * Kabuki CMS (C) 2013-2015, Aaron van Geffen
+ *****************************************************************************/
+
+class Router
+{
+	public static function route()
+	{
+		$possibleActions = [
+			'accountsettings' => 'AccountSettings',
+			'addalbum' => 'EditAlbum',
+			'albums' => 'ViewPhotoAlbums',
+			'editalbum' => 'EditAlbum',
+			'editasset' => 'EditAsset',
+			'edittag' => 'EditTag',
+			'edituser' => 'EditUser',
+			'login' => 'Login',
+			'logout' => 'Logout',
+			'managealbums' => 'ManageAlbums',
+			'manageassets' => 'ManageAssets',
+			'manageerrors' => 'ManageErrors',
+			'managetags' => 'ManageTags',
+			'manageusers' => 'ManageUsers',
+			'people' => 'ViewPeople',
+			'resetpassword' => 'ResetPassword',
+			'suggest' => 'ProvideAutoSuggest',
+			'timeline' => 'ViewTimeline',
+			'uploadmedia' => 'UploadMedia',
+			'download' => 'Download',
+		];
+
+		// Work around PHP's FPM not always providing PATH_INFO.
+		if (empty($_SERVER['PATH_INFO']) && isset($_SERVER['REQUEST_URI']))
+		{
+			if (strpos($_SERVER['REQUEST_URI'], '?') === false)
+				$_SERVER['PATH_INFO'] = $_SERVER['REQUEST_URI'];
+			else
+				$_SERVER['PATH_INFO'] = substr($_SERVER['REQUEST_URI'], 0, strpos($_SERVER['REQUEST_URI'], '?'));
+		}
+
+		// Just showing the album index?
+		if (empty($_SERVER['PATH_INFO']) || $_SERVER['PATH_INFO'] == '/')
+		{
+			return new ViewPhotoAlbum();
+		}
+		// Asynchronously generating thumbnails?
+		elseif (preg_match('~^/thumbnail/(?<id>\d+)/(?<width>\d+)x(?<height>\d+)(?:_(?<mode>c(t|b|s|)))?/?~', $_SERVER['PATH_INFO'], $path))
+		{
+			$_GET = array_merge($_GET, $path);
+			return new GenerateThumbnail();
+		}
+		// Look for particular actions...
+		elseif (preg_match('~^/(?<action>[a-z]+)(?:/page/(?<page>\d+))?/?~', $_SERVER['PATH_INFO'], $path) && isset($possibleActions[$path['action']]))
+		{
+			$_GET = array_merge($_GET, $path);
+			return new $possibleActions[$path['action']]();
+		}
+		// An album, person, or any other tag?
+		elseif (preg_match('~^/(?<tag>.+?)(?:/page/(?<page>\d+))?/?$~', $_SERVER['PATH_INFO'], $path) && Tag::matchSlug($path['tag']))
+		{
+			$_GET = array_merge($_GET, $path);
+			return new ViewPhotoAlbum();
+		}
+		// A photo for sure, then, right?
+		elseif (preg_match('~^/(?<slug>.+?)/?$~', $_SERVER['PATH_INFO'], $path))
+		{
+			$_GET = array_merge($_GET, $path);
+			return new ViewPhoto();
+		}
+		// No idea, then?
+		else
+			throw new NotFoundException();
+	}
+}

models/Session.php

@@ -3,47 +3,55 @@
  * Session.php
  * Contains the key class Session.
  *
- * Kabuki CMS (C) 2013-2015, Aaron van Geffen
+ * Kabuki CMS (C) 2013-2023, Aaron van Geffen
  *****************************************************************************/
 
 class Session
 {
+	public static function clear()
+	{
+		$_SESSION = [];
+	}
+
 	public static function start()
 	{
 		session_start();
 
-		// Resuming an existing session? Check what we know!
-		if (isset($_SESSION['user_id'], $_SESSION['ip_address'], $_SESSION['user_agent']))
-		{
-			// If we're not browsing over HTTPS, protect against session hijacking.
-			if (!isset($_SERVER['HTTPS']) && isset($_SERVER['REMOTE_ADDR']) && $_SESSION['ip_address'] !== $_SERVER['REMOTE_ADDR'])
-			{
-				$_SESSION = [];
-				throw new UserFacingException('Your session failed to validate: your IP address has changed. Please re-login and try again.');
-			}
-			// Either way, require re-login if the browser identifier has changed.
-			elseif (isset($_SERVER['HTTP_USER_AGENT']) && $_SESSION['user_agent'] !== $_SERVER['HTTP_USER_AGENT'])
-			{
-				$_SESSION = [];
-				throw new UserFacingException('Your session failed to validate: your browser identifier has changed. Please re-login and try again.');
-			}
-		}
-		elseif (!isset($_SESSION['ip_address'], $_SESSION['user_agent']))
-			$_SESSION = [
-				'ip_address' => isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : '',
-				'user_agent' => isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : '',
-			];
+		if (!isset($_SESSION['session_token_key'], $_SESSION['session_token']))
+			self::generateSessionToken();
 
 		return true;
 	}
 
-	public static function resetSessionToken()
+	public static function generateSessionToken()
 	{
 		$_SESSION['session_token'] = sha1(session_id() . mt_rand());
 		$_SESSION['session_token_key'] = substr(preg_replace('~^\d+~', '', sha1(mt_rand() . session_id() . mt_rand())), 0, rand(7, 12));
 		return true;
 	}
 
+	public static function getSessionToken()
+	{
+		if (empty($_SESSION['session_token']))
+			throw new Exception('Call to getSessionToken without a session token being set!');
+
+		return $_SESSION['session_token'];
+	}
+
+	public static function getSessionTokenKey()
+	{
+		if (empty($_SESSION['session_token_key']))
+			throw new Exception('Call to getSessionTokenKey without a session token key being set!');
+
+		return $_SESSION['session_token_key'];
+	}
+
+	public static function resetSessionToken()
+	{
+		// Old interface; now always true.
+		return true;
+	}
+
 	public static function validateSession($method = 'post')
 	{
 		// First, check whether the submitted token and key match the ones in storage.
@@ -67,23 +75,7 @@ class Session
 				throw new UserFacingException('Invalid referring URL. Please reload the page and try again.');
 		}
 
-		// All looks good from here! But you can only use this token once, so...
-		return self::resetSessionToken();
-	}
-
-	public static function getSessionToken()
-	{
-		if (empty($_SESSION['session_token']))
-			trigger_error('Call to getSessionToken without a session token being set!', E_USER_ERROR);
-
-		return $_SESSION['session_token'];
-	}
-
-	public static function getSessionTokenKey()
-	{
-		if (empty($_SESSION['session_token_key']))
-			trigger_error('Call to getSessionTokenKey without a session token key being set!', E_USER_ERROR);
-
-		return $_SESSION['session_token_key'];
+		// All looks good from here!
+		return true;
 	}
 }

models/Setting.php

@@ -21,7 +21,7 @@ class Setting
 			REPLACE INTO settings
 			(id_user, variable, value, time_set)
 			VALUES
-			({int:id_user}, {string:key}, {string:value}, CURRENT_TIMESTAMP())',
+			(:id_user, :key, :value, CURRENT_TIMESTAMP())',
 			[
 				'id_user' => $id_user,
 				'key' => $key,
@@ -45,7 +45,7 @@ class Setting
 		$value = Registry::get('db')->queryValue('
 			SELECT value
 			FROM settings
-			WHERE id_user = {int:id_user} AND variable = {string:key}',
+			WHERE id_user = :id_user AND variable = :key',
 			[
 				'id_user' => $id_user,
 				'key' => $key,
@@ -63,11 +63,30 @@ class Setting
 
 	public static function remove($key, $id_user = null)
 	{
-		$id_user = Registry::get('user')->getUserId();
+		// User setting or global setting?
+		if ($id_user === null)
+			$id_user = Registry::get('user')->getUserId();
+
+		$pairs = Registry::get('db')->queryPair('
+			SELECT variable, value
+			FROM settings
+			WHERE id_user = :id_user',
+			[
+				'id_user' => $id_user,
+			]);
+
+		return $pairs;
+	}
+
+	public static function remove($key, $id_user = 0)
+	{
+		// User setting or global setting?
+		if ($id_user === null)
+			$id_user = Registry::get('user')->getUserId();
 
 		if (Registry::get('db')->query('
 			DELETE FROM settings
-			WHERE id_user = {int:id_user} AND variable = {string:key}',
+			WHERE id_user = :id_user AND variable = :key',
 			[
 				'id_user' => $id_user,
 				'key' => $key,

models/Tag.php

@@ -11,6 +11,7 @@ class Tag
 	public $id_tag;
 	public $id_parent;
 	public $id_asset_thumb;
+	public $id_user_owner;
 	public $tag;
 	public $slug;
 	public $description;
@@ -23,6 +24,11 @@ class Tag
 			$this->$attribute = $value;
 	}
 
+	public function __toString()
+	{
+		return $this->tag;
+	}
+
 	public static function fromId($id_tag, $return_format = 'object')
 	{
 		$db = Registry::get('db');
@@ -30,7 +36,7 @@ class Tag
 		$row = $db->queryAssoc('
 			SELECT *
 			FROM tags
-			WHERE id_tag = {int:id_tag}',
+			WHERE id_tag = :id_tag',
 			[
 				'id_tag' => $id_tag,
 			]);
@@ -39,7 +45,7 @@ class Tag
 		if (empty($row))
 			throw new NotFoundException();
 
-		return $return_format == 'object' ? new Tag($row) : $row;
+		return $return_format === 'object' ? new Tag($row) : $row;
 	}
 
 	public static function fromSlug($slug, $return_format = 'object')
@@ -49,7 +55,7 @@ class Tag
 		$row = $db->queryAssoc('
 			SELECT *
 			FROM tags
-			WHERE slug = {string:slug}',
+			WHERE slug = :slug',
 			[
 				'slug' => $slug,
 			]);
@@ -58,7 +64,7 @@ class Tag
 		if (empty($row))
 			throw new NotFoundException();
 
-		return $return_format == 'object' ? new Tag($row) : $row;
+		return $return_format === 'object' ? new Tag($row) : $row;
 	}
 
 	public static function getAll($limit = 0, $return_format = 'array')
@@ -67,7 +73,7 @@ class Tag
 			SELECT *
 			FROM tags
 			ORDER BY ' . ($limit > 0 ? 'count
-			LIMIT {int:limit}' : 'tag'),
+			LIMIT :limit' : 'tag'),
 			[
 				'limit' => $limit,
 			]);
@@ -84,7 +90,7 @@ class Tag
 			});
 		}
 
-		if ($return_format == 'object')
+		if ($return_format === 'object')
 		{
 			$return = [];
 			foreach ($rows as $row)
@@ -95,14 +101,33 @@ class Tag
 			return $rows;
 	}
 
+	public static function getAllByOwner($id_user_owner)
+	{
+		$db = Registry::get('db');
+		$res = $db->query('
+			SELECT *
+			FROM tags
+			WHERE id_user_owner = :id_user_owner
+			ORDER BY tag',
+			[
+				'id_user_owner' => $id_user_owner,
+			]);
+
+		$objects = [];
+		while ($row = $db->fetchAssoc($res))
+			$objects[$row['id_tag']] = new Tag($row);
+
+		return $objects;
+	}
+
 	public static function getAlbums($id_parent = 0, $offset = 0, $limit = 24, $return_format = 'array')
 	{
 		$rows = Registry::get('db')->queryAssocs('
 			SELECT *
 			FROM tags
-			WHERE id_parent = {int:id_parent} AND kind = {string:kind}
+			WHERE id_parent = :id_parent AND kind = :kind
 			ORDER BY tag ASC
-			LIMIT {int:offset}, {int:limit}',
+			LIMIT :offset, :limit',
 			[
 				'id_parent' => $id_parent,
 				'kind' => 'Album',
@@ -110,7 +135,7 @@ class Tag
 				'limit' => $limit,
 			]);
 
-		if ($return_format == 'object')
+		if ($return_format === 'object')
 		{
 			$return = [];
 			foreach ($rows as $row)
@@ -121,14 +146,29 @@ class Tag
 			return $rows;
 	}
 
+	public function getContributorList()
+	{
+		return Registry::get('db')->queryPairs('
+			SELECT u.id_user, u.first_name, u.surname, u.slug, COUNT(*) AS num_assets
+			FROM assets_tags AS at
+			LEFT JOIN assets AS a ON at.id_asset = a.id_asset
+			LEFT JOIN users AS u ON a.id_user_uploaded = u.id_user
+			WHERE at.id_tag = :id_tag
+			GROUP BY a.id_user_uploaded
+			ORDER BY u.first_name, u.surname',
+			[
+				'id_tag' => $this->id_tag,
+			]);
+	}
+
 	public static function getPeople($id_parent = 0, $offset = 0, $limit = 24, $return_format = 'array')
 	{
 		$rows = Registry::get('db')->queryAssocs('
 			SELECT *
 			FROM tags
-			WHERE id_parent = {int:id_parent} AND kind = {string:kind}
+			WHERE id_parent = :id_parent AND kind = :kind
 			ORDER BY tag ASC
-			LIMIT {int:offset}, {int:limit}',
+			LIMIT :offset, :limit',
 			[
 				'id_parent' => $id_parent,
 				'kind' => 'Person',
@@ -136,7 +176,7 @@ class Tag
 				'limit' => $limit,
 			]);
 
-		if ($return_format == 'object')
+		if ($return_format === 'object')
 		{
 			$return = [];
 			foreach ($rows as $row)
@@ -155,7 +195,7 @@ class Tag
 			WHERE id_tag IN(
 				SELECT id_tag
 				FROM assets_tags
-				WHERE id_asset = {int:id_asset}
+				WHERE id_asset = :id_asset
 			)
 			ORDER BY count DESC',
 			[
@@ -166,7 +206,7 @@ class Tag
 		if (empty($rows))
 			return [];
 
-		if ($return_format == 'object')
+		if ($return_format === 'object')
 		{
 			$return = [];
 			foreach ($rows as $row)
@@ -185,7 +225,7 @@ class Tag
 			WHERE id_tag IN(
 				SELECT id_tag
 				FROM posts_tags
-				WHERE id_post = {int:id_post}
+				WHERE id_post = :id_post
 			)
 			ORDER BY count DESC',
 			[
@@ -196,7 +236,7 @@ class Tag
 		if (empty($rows))
 			return [];
 
-		if ($return_format == 'object')
+		if ($return_format === 'object')
 		{
 			$return = [];
 			foreach ($rows as $row)
@@ -215,7 +255,7 @@ class Tag
 				FROM `assets_tags` AS at
 				WHERE at.id_tag = t.id_tag
 			)' . (!empty($id_tags) ? '
-			WHERE t.id_tag IN({array_int:id_tags})' : ''),
+			WHERE t.id_tag IN(@id_tags)' : ''),
 			['id_tags' => $id_tags]);
 	}
 
@@ -236,15 +276,15 @@ class Tag
 			INSERT IGNORE INTO tags
 			(id_parent, tag, slug, kind, description, count)
 			VALUES
-			({int:id_parent}, {string:tag}, {string:slug}, {string:kind}, {string:description}, {int:count})
+			(:id_parent, :tag, :slug, :kind, :description, :count)
 			ON DUPLICATE KEY UPDATE count = count + 1',
 			$data);
 
 		if (!$res)
-			trigger_error('Could not create the requested tag.', E_USER_ERROR);
+			throw new Exception('Could not create the requested tag.');
 
-		$data['id_tag'] = $db->insert_id();
-		return $return_format == 'object' ? new Tag($data) : $data;
+		$data['id_tag'] = $db->insertId();
+		return $return_format === 'object' ? new Tag($data) : $data;
 	}
 
 	public function getUrl()
@@ -257,13 +297,15 @@ class Tag
 		return Registry::get('db')->query('
 			UPDATE tags
 			SET
-				id_parent = {int:id_parent},
-				id_asset_thumb = {int:id_asset_thumb},
-				tag = {string:tag},
-				slug = {string:slug},
-				description = {string:description},
-				count = {int:count}
-			WHERE id_tag = {int:id_tag}',
+				id_parent = :id_parent,
+				id_asset_thumb = :id_asset_thumb,' . (isset($this->id_user_owner) ? '
+				id_user_owner = :id_user_owner,' : '') . '
+				tag = :tag,
+				slug = :slug,
+				kind = :kind,
+				description = :description,
+				count = :count
+			WHERE id_tag = :id_tag',
 			get_object_vars($this));
 	}
 
@@ -271,9 +313,10 @@ class Tag
 	{
 		$db = Registry::get('db');
 
+		// Unlink any tagged assets
 		$res = $db->query('
 			DELETE FROM assets_tags
-			WHERE id_tag = {int:id_tag}',
+			WHERE id_tag = :id_tag',
 			[
 				'id_tag' => $this->id_tag,
 			]);
@@ -281,14 +324,36 @@ class Tag
 		if (!$res)
 			return false;
 
+		// Delete the actual tag
 		return $db->query('
 			DELETE FROM tags
-			WHERE id_tag = {int:id_tag}',
+			WHERE id_tag = :id_tag',
 			[
 				'id_tag' => $this->id_tag,
 			]);
 	}
 
+	public function resetIdAsset()
+	{
+		$db = Registry::get('db');
+		$new_id = $db->queryValue('
+			SELECT MAX(id_asset) as new_id
+			FROM assets_tags
+			WHERE id_tag = :id_tag',
+			[
+				'id_tag' => $this->id_tag,
+			]);
+
+		return $db->query('
+			UPDATE tags
+			SET id_asset_thumb = :new_id
+			WHERE id_tag = :id_tag',
+			[
+				'new_id' => $new_id ?? 0,
+				'id_tag' => $this->id_tag,
+			]);
+	}
+
 	public static function match($tokens)
 	{
 		if (!is_array($tokens))
@@ -297,7 +362,7 @@ class Tag
 		return Registry::get('db')->queryPair('
 			SELECT id_tag, tag
 			FROM tags
-			WHERE LOWER(tag) LIKE {string:tokens}
+			WHERE LOWER(tag) LIKE :tokens
 			ORDER BY tag ASC',
 			['tokens' => '%' . strtolower(implode('%', $tokens)) . '%']);
 	}
@@ -307,11 +372,11 @@ class Tag
 		if (!is_array($tokens))
 			$tokens = explode(' ', $tokens);
 
-		return Registry::get('db')->queryPair('
-			SELECT id_tag, tag
+		return Registry::get('db')->queryPairs('
+			SELECT id_tag, tag, slug
 			FROM tags
-			WHERE LOWER(tag) LIKE {string:tokens} AND
-				kind = {string:person}
+			WHERE LOWER(tag) LIKE :tokens AND
+				kind = :person
 			ORDER BY tag ASC',
 			[
 				'tokens' => '%' . strtolower(implode('%', $tokens)) . '%',
@@ -327,7 +392,7 @@ class Tag
 		return Registry::get('db')->queryPair('
 			SELECT id_tag, tag
 			FROM tags
-			WHERE tag = {string:tag}',
+			WHERE tag = :tag',
 			['tag' => $tag]);
 	}
 
@@ -339,7 +404,7 @@ class Tag
 		return Registry::get('db')->queryValue('
 			SELECT id_tag
 			FROM tags
-			WHERE slug = {string:slug}',
+			WHERE slug = :slug',
 			['slug' => $slug]);
 	}
 
@@ -348,31 +413,103 @@ class Tag
 		return Registry::get('db')->queryPair('
 			SELECT tag, id_tag
 			FROM tags
-			WHERE tag IN ({array_string:tags})',
+			WHERE tag IN (:tags)',
 			['tags' => $tags]);
 	}
 
-	public static function getCount($only_active = 1, $kind = '')
+	public static function getCount($only_used = true, $kind = '', $isAlbum = false)
 	{
 		$where = [];
-		if ($only_active)
+		if ($only_used)
 			$where[] = 'count > 0';
-		if (!empty($kind))
-			$where[] = 'kind = {string:kind}';
+		if (empty($kind))
+			$kind = 'Album';
 
-		if (!empty($where))
-			$where = 'WHERE ' . implode(' AND ', $where);
-		else
-			$where = '';
+		$operator = $isAlbum ? '=' : '!=';
+		$where[] = 'kind ' . $operator . ' :kind';
+		$where = implode(' AND ', $where);
 
 		return Registry::get('db')->queryValue('
 			SELECT COUNT(*)
-			FROM tags ' . $where,
-			['kind' => $kind]);
+			FROM tags
+			WHERE ' . $where,
+			[
+				'kind' => $kind,
+			]);
 	}
 
-	public function __toString()
+	public static function getOffset($offset, $limit, $order, $direction, $isAlbum = false)
 	{
-		return $this->tag;
+		assert(in_array($order, ['id_tag', 'tag', 'slug', 'count']));
+		$order = $order . ($direction === 'up' ? ' ASC' : ' DESC');
+
+		$operator = $isAlbum ? '=' : '!=';
+
+		$db = Registry::get('db');
+		$res = $db->query('
+			SELECT t.*, u.id_user, u.first_name, u.surname
+			FROM tags AS t
+			LEFT JOIN users AS u ON t.id_user_owner = u.id_user
+			WHERE kind ' . $operator . ' :album
+			ORDER BY id_parent, ' . $order . '
+			LIMIT :offset, :limit',
+			[
+				'offset' => $offset,
+				'limit' => $limit,
+				'album' => 'Album',
+			]);
+
+		$albums_by_parent = [];
+		while ($row = $db->fetchAssoc($res))
+		{
+			if (!isset($albums_by_parent[$row['id_parent']]))
+				$albums_by_parent[$row['id_parent']] = [];
+
+			$albums_by_parent[$row['id_parent']][] = $row + ['children' => []];
+		}
+
+		$albums = self::getChildrenRecursively(0, 0, $albums_by_parent);
+		$rows = self::flattenChildrenRecursively($albums);
+
+		return $rows;
+	}
+
+	private static function getChildrenRecursively($id_parent, $level, &$albums_by_parent)
+	{
+		$children = [];
+		if (!isset($albums_by_parent[$id_parent]))
+			return $children;
+
+		foreach ($albums_by_parent[$id_parent] as $child)
+		{
+			if (isset($albums_by_parent[$child['id_tag']]))
+				$child['children'] = self::getChildrenRecursively($child['id_tag'], $level + 1, $albums_by_parent);
+
+			$child['tag'] = ($level ? str_repeat('—', $level * 2) . ' ' : '') . $child['tag'];
+			$children[] = $child;
+		}
+
+		return $children;
+	}
+
+	private static function flattenChildrenRecursively($albums)
+	{
+		if (empty($albums))
+			return [];
+
+		$rows = [];
+		foreach ($albums as $album)
+		{
+			static $headers_to_keep = ['id_tag', 'tag', 'slug', 'count', 'id_user', 'first_name', 'surname'];
+			$rows[] = array_intersect_key($album, array_flip($headers_to_keep));
+			if (!empty($album['children']))
+			{
+				$children = self::flattenChildrenRecursively($album['children']);
+				foreach ($children as $child)
+					$rows[] = array_intersect_key($child, array_flip($headers_to_keep));
+			}
+		}
+
+		return $rows;
 	}
 }

models/Thumbnail.php

@@ -0,0 +1,359 @@
+<?php
+/*****************************************************************************
+ * Thumbnail.php
+ * Contains key class Thumbnail.
+ *
+ * Kabuki CMS (C) 2013-2020, Aaron van Geffen
+ *****************************************************************************/
+
+class Thumbnail
+{
+	private $image;
+	private $image_meta;
+	private $thumbnails;
+
+	private $properly_initialised;
+	private $width;
+	private $height;
+	private $crop_mode;
+	private string $filename_suffix;
+
+	const CROP_MODE_NONE         = 0;
+	const CROP_MODE_BOUNDARY     = 1;
+	const CROP_MODE_CUSTOM_FILE  = 2;
+	const CROP_MODE_SLICE_TOP    = 3;
+	const CROP_MODE_SLICE_CENTRE = 4;
+	const CROP_MODE_SLICE_BOTTOM = 5;
+
+	public function __construct(Image $image)
+	{
+		$this->image      = $image;
+		$this->image_meta = $image->getMeta();
+		$this->thumbnails = $image->getThumbnails();
+	}
+
+	/**
+	 * @param width: width of the thumbnail.
+	 * @param height: height of the thumbnail.
+	 * @param crop: whether and how to crop original image to fit. [false|true|'top'|'center'|'bottom']
+	 * @param fit: whether to fit the image to given boundaries [true], or use them merely as an estimate [false].
+	 * @param generate: whether or not to generate a thumbnail if no existing file was found.
+	 */
+	public function getUrl($width, $height, $crop = true, $fit = true, $generate = false)
+	{
+		$this->init($width, $height, $crop, $fit);
+
+		// Check whether we've already resized this earlier.
+		$thumb_selector = $this->width . 'x' . $this->height . $this->filename_suffix;
+		if (!empty($this->thumbnails[$thumb_selector]))
+		{
+			$thumb_filename = $this->image->getSubdir() . '/' . $this->thumbnails[$thumb_selector];
+			if (file_exists(THUMBSDIR . '/' . $thumb_filename))
+				return THUMBSURL . '/' . $thumb_filename;
+		}
+
+		// Do we have a custom thumbnail on file?
+		$custom_selector = 'custom_' . $this->width . 'x' . $this->height;
+		if (isset($this->image_meta[$custom_selector]))
+		{
+			$custom_filename = $this->image->getSubdir() . '/' . $this->image_meta[$custom_selector];
+			if (file_exists(ASSETSDIR . '/' . $custom_filename))
+			{
+				// Copy the custom thumbail to the general thumbnail directory.
+				copy(ASSETSDIR . '/' . $custom_filename, THUMBSDIR . '/' . $custom_filename);
+
+				// Let's remember this for future reference.
+				$this->markAsGenerated($this->image_meta[$custom_selector]);
+
+				return THUMBSURL . '/' . $custom_filename;
+			}
+			else
+				throw new UnexpectedValueException('Custom thumbnail expected, but missing in file system!');
+		}
+
+		// Is this the right moment to generate a thumbnail, then?
+		if ($generate)
+		{
+			if (array_key_exists($thumb_selector, $this->thumbnails))
+				return $this->generate();
+			else
+				throw new Exception("Trying to generate a thumbnail not previously queued by the system\n" .
+					print_r(func_get_args(), true));
+		}
+
+		// If not, queue it for generation at another time, and return a URL to generate it with.
+		else
+		{
+			$this->markAsQueued();
+			return BASEURL . '/thumbnail/' . $this->image->getId() . '/' . $thumb_selector . '/';
+		}
+	}
+
+	/**
+	 * @param width: width of the thumbnail.
+	 * @param height: height of the thumbnail.
+	 * @param crop: whether and how to crop original image to fit. [false|true|'top'|'center'|'bottom']
+	 * @param fit: whether to fit the image to given boundaries [true], or use them merely as an estimate [false].
+	 */
+	private function init($width, $height, $crop = true, $fit = true)
+	{
+		$this->properly_initialised = false;
+
+		// First, assert the image's dimensions are properly known in the database.
+		if ($this->image->width() === null || $this->image->height() === null)
+			throw new UnexpectedValueException('Image width or height is undefined -- inconsistent database?');
+
+		$this->width = $width;
+		$this->height = $height;
+
+		// Inferring width or height?
+		if (!$this->height)
+			$this->height = ceil($this->width / $this->image->ratio());
+		elseif (!$this->width)
+			$this->width = ceil($this->height * $this->image->ratio());
+
+		// Inferring the height from the original image's ratio?
+		if (!$fit)
+			$this->height = floor($this->width / $this->image->ratio());
+
+		// Assert we have both, now...
+		if (empty($this->width) || empty($this->height))
+			throw new InvalidArgumentException('Expecting at least either width or height as argument.');
+
+		// If we're cropping, verify we're in the right mode.
+		if ($crop)
+		{
+			// Do we have an exact crop boundary set for these dimensions?
+			$crop_selector = 'crop_' . $this->width . 'x' . $this->height;
+			if (isset($this->image_meta[$crop_selector]))
+				$this->crop_mode = self::CROP_MODE_BOUNDARY;
+
+			// We won't be cropping if the thumbnail is proportional to its original.
+			elseif (abs($this->ratio() - $this->image->ratio()) <= 0.025)
+				$this->crop_mode = self::CROP_MODE_NONE;
+
+			// If the original image's aspect ratio is much wider, take a slice instead.
+			elseif ($this->image->ratio() > $this->ratio())
+				$this->crop_mode = self::CROP_MODE_SLICE_CENTRE;
+
+			// Slice from the top?
+			elseif ($crop === 'top' || $crop === 'ct')
+				$this->crop_mode = self::CROP_MODE_SLICE_TOP;
+
+			// Slice from the bottom?
+			elseif ($crop === 'bottom' || $crop === 'cb')
+				$this->crop_mode = self::CROP_MODE_SLICE_BOTTOM;
+
+			// Slice from the centre?
+			elseif ($crop === 'centre' || $crop === 'center' || $crop === 'cs' || $crop === true)
+				$this->crop_mode = self::CROP_MODE_SLICE_CENTRE;
+
+			// Unexpected value? Assume no crop.
+			else
+				$this->crop_mode = self::CROP_MODE_NONE;
+		}
+		else
+			$this->crop_mode = self::CROP_MODE_NONE;
+
+		// Now, do we need to suffix the filename?
+		if ($this->crop_mode !== self::CROP_MODE_NONE)
+		{
+			$this->filename_suffix = '_c';
+			if ($this->crop_mode === self::CROP_MODE_SLICE_TOP)
+				$this->filename_suffix .= 't';
+			elseif ($this->crop_mode === self::CROP_MODE_SLICE_CENTRE)
+				$this->filename_suffix .= 's';
+			elseif ($this->crop_mode === self::CROP_MODE_SLICE_BOTTOM)
+				$this->filename_suffix .= 'b';
+			elseif ($this->crop_mode === self::CROP_MODE_BOUNDARY)
+				$this->filename_suffix .= 'e';
+		}
+		else
+			$this->filename_suffix = '';
+
+		$this->properly_initialised = true;
+	}
+
+	private function generate()
+	{
+		if (!$this->properly_initialised)
+			throw new UnexpectedValueException('The thumbnail factory was not intialised before use!');
+
+		// Let's try some arcane stuff...
+		try
+		{
+			if (!class_exists('Imagick'))
+				throw new Exception("The PHP module 'imagick' appears to be disabled. Please enable it to use image resampling functions.");
+
+			$thumb = new Imagick(ASSETSDIR . '/' . $this->image->getSubdir() . '/' . $this->image->getFilename());
+
+			// The image might have some orientation set through EXIF. Let's apply this first.
+			self::applyRotation($thumb);
+
+			// Just resizing? Easy peasy.
+			if ($this->crop_mode === self::CROP_MODE_NONE)
+				$thumb->resizeImage($this->width, $this->height, Imagick::FILTER_LANCZOS, 1);
+
+			// // Cropping in the center?
+			elseif ($this->crop_mode === self::CROP_MODE_SLICE_CENTRE)
+				$thumb->cropThumbnailImage($this->width, $this->height);
+
+			// Exact cropping? We can do that.
+			elseif ($this->crop_mode === self::CROP_MODE_BOUNDARY)
+			{
+				$crop_selector = 'crop_' . $this->width . 'x' . $this->height;
+				list($crop_width, $crop_height, $crop_x_pos, $crop_y_pos) = explode(',', $this->image_meta[$crop_selector]);
+				$thumb->cropImage($crop_width, $crop_height, $crop_x_pos, $crop_y_pos);
+				$thumb->resizeImage($this->width, $this->height, Imagick::FILTER_LANCZOS, 1);
+			}
+
+			// Advanced cropping? Fun!
+			else
+			{
+				$size = $thumb->getImageGeometry();
+
+				// Taking a horizontal slice from the top or bottom of the original image?
+				if ($this->crop_mode === self::CROP_MODE_SLICE_TOP || $this->crop_mode === self::CROP_MODE_SLICE_BOTTOM)
+				{
+					$crop_width = $size['width'];
+					$crop_height = floor($size['width'] / $this->width * $this->height);
+					$target_x = 0;
+					$target_y = $this->crop_mode === self::CROP_MODE_SLICE_TOP ? 0 : $size['height'] - $crop_height;
+				}
+				// Otherwise, we're taking a vertical slice from the centre.
+				else
+				{
+					$crop_width = floor($size['height'] / $this->height * $this->width);
+					$crop_height = $size['height'];
+					$target_x = floor(($size['width'] - $crop_width) / 2);
+					$target_y = 0;
+				}
+
+				$thumb->cropImage($crop_width, $crop_height, $target_x, $target_y);
+				$thumb->resizeImage($this->width, $this->height, Imagick::FILTER_LANCZOS, 1);
+			}
+
+			// What sort of image is this? Fall back to PNG if we must.
+			switch ($thumb->getImageFormat())
+			{
+				case 'JPEG':
+					$ext = 'jpg';
+					break;
+
+				case 'GIF':
+					$ext = 'gif';
+					break;
+
+				case 'PNG':
+				default:
+					$thumb->setFormat('PNG');
+					$ext = 'png';
+					break;
+			}
+
+			// So, how do we name this?
+			$thumb_filename = substr($this->image->getFilename(), 0, strrpos($this->image->getFilename(), '.')) .
+				'_' . $this->width . 'x' . $this->height . $this->filename_suffix . '.' . $ext;
+
+			// Ensure the thumbnail subdirectory exists.
+			$target_dir = THUMBSDIR . '/' . $this->image->getSubdir();
+			if (!is_dir($target_dir))
+				mkdir($target_dir, 0755, true);
+
+			if (!is_writable($target_dir))
+				throw new Exception('Thumbnail directory is not writable!');
+
+			// No need to preserve every detail.
+			$thumb->setImageCompressionQuality(80);
+
+			// Save it in a public spot.
+			$thumb->writeImage($target_dir . '/' . $thumb_filename);
+
+			// Let's remember this for future reference...
+			$this->markAsGenerated($thumb_filename);
+
+			$thumb->clear();
+			$thumb->destroy();
+
+			// Finally, return the URL for the generated thumbnail image.
+			return THUMBSURL . '/' . $this->image->getSubdir() . '/' . $thumb_filename;
+		}
+		catch (ImagickException $e)
+		{
+			throw new Exception('ImageMagick error occurred while generating thumbnail. Output: ' . $e->getMessage());
+		}
+	}
+
+	private static function applyRotation(Imagick $image)
+	{
+		switch ($image->getImageOrientation())
+		{
+			// Clockwise rotation
+			case Imagick::ORIENTATION_RIGHTTOP:
+				$image->rotateImage("#000", 90);
+				break;
+
+			// Counter-clockwise rotation
+			case Imagick::ORIENTATION_LEFTBOTTOM:
+				$image->rotateImage("#000", 270);
+				break;
+
+			// Upside down?
+			case Imagick::ORIENTATION_BOTTOMRIGHT:
+				$image->rotateImage("#000", 180);
+		}
+
+		// Having rotated the image, make sure the EXIF data is set properly.
+		$image->setImageOrientation(Imagick::ORIENTATION_TOPLEFT);
+	}
+
+	private function ratio()
+	{
+		return $this->width / $this->height;
+	}
+
+	private function updateDb($filename)
+	{
+		if (!$this->properly_initialised)
+			throw new UnexpectedValueException('The thumbnail factory was not intialised before use!');
+
+		$mode = !empty($this->filename_suffix) ? substr($this->filename_suffix, 1) : '';
+		$success = Registry::get('db')->insert('replace', 'assets_thumbs', [
+			'id_asset' => 'int',
+			'width' => 'int',
+			'height' => 'int',
+			'mode' => 'string-3',
+			'filename' => 'string-255',
+		], [
+			'id_asset' => $this->image->getId(),
+			'width' => $this->width,
+			'height' => $this->height,
+			'mode' => $mode,
+			'filename' => $filename,
+		]);
+
+		if ($success)
+		{
+			$thumb_selector = $this->width . 'x' . $this->height . $this->filename_suffix;
+			$this->thumbnails[$thumb_selector] = $filename ?? null;
+
+			// For consistency, write new thumbnail filename to parent Image object.
+			// TODO: there could still be an inconsistency if multiple objects exists for the same image asset.
+			$this->image->getThumbnails()[$thumb_selector] = $this->thumbnails[$thumb_selector];
+
+			return $success;
+		}
+		else
+			throw new UnexpectedValueException('Thumbnail queuing query failed');
+	}
+
+	private function markAsQueued()
+	{
+		$this->updateDb(null);
+	}
+
+	private function markAsGenerated($filename)
+	{
+		$this->updateDb($filename);
+	}
+}

models/User.php

@@ -12,17 +12,21 @@
  */
 abstract class User
 {
-	protected $id_user;
-	protected $first_name;
-	protected $surname;
-	protected $emailaddress;
+	protected int $id_user;
+	protected string $first_name;
+	protected string $surname;
+	protected string $slug;
+	protected string $emailaddress;
+	protected string $password_hash;
 	protected $creation_time;
 	protected $last_action_time;
 	protected $ip_address;
 	protected $is_admin;
+	protected $reset_key;
+	protected $reset_blocked_until;
 
-	protected $is_logged;
-	protected $is_guest;
+	protected bool $is_logged;
+	protected bool $is_guest;
 
 	/**
 	 * Returns user id.
@@ -72,6 +76,11 @@ abstract class User
 		return $this->ip_address;
 	}
 
+	public function getSlug()
+	{
+		return $this->slug;
+	}
+
 	/**
 	 * Returns whether user is logged in.
 	 */

models/UserMenu.php

@@ -0,0 +1,59 @@
+<?php
+/*****************************************************************************
+ * UserMenu.php
+ * Contains the user navigation logic.
+ *
+ * Kabuki CMS (C) 2013-2023, Aaron van Geffen
+ *****************************************************************************/
+
+class UserMenu extends Menu
+{
+	public function __construct()
+	{
+		$user = Registry::has('user') ? Registry::get('user') : new Guest();
+		if ($user->isLoggedIn())
+		{
+			$this->items[] = [
+				'label' => $user->getFirstName(),
+				'icon' => 'person-circle',
+				'subs' => [
+
+					[
+						'label' => 'Settings',
+						'uri' => '/accountsettings/',
+					],
+					[
+						'label' => 'Log out',
+						'uri' => '/logout/',
+					],
+				],
+			];
+		}
+		else
+		{
+			$this->items[] = [
+				'label' => 'Log in',
+				'icon' => 'person-circle',
+				'uri' => '/login/',
+			];
+		}
+
+		$this->items[] = [
+			'label' => 'Home',
+			'icon' => 'house-door',
+			'uri' => '/',
+		];
+
+		foreach ($this->items as $i => $item)
+		{
+			if (isset($item['uri']))
+				$this->items[$i]['url'] = BASEURL . $item['uri'];
+
+			if (!isset($item['subs']))
+				continue;
+
+			foreach ($item['subs'] as $j => $subitem)
+				$this->items[$i]['subs'][$j]['url'] = BASEURL . $subitem['uri'];
+		}
+	}
+}

public/css/admin.css

@@ -1,304 +1,60 @@
-.admin_box {
-	margin: 0;
-	padding: 20px;
-	background: #fff;
-	box-shadow: 2px 2px 4px rgba(0, 0, 0, 0.3);
-	overflow: auto;
-}
-
-.admin_box h2 {
-	font: 700 24px "Open Sans", sans-serif;
-	margin: 0 0 0.2em;
-}
-
-.floatleft {
-	float: left;
-}
-.floatright {
-	float: right;
-}
-
-/* Admin bar styles
----------------------*/
-body {
-	padding-top: 30px;
-}
-#admin_bar {
-	background: #333;
-	color: #ccc;
-	left: 0;
-	position: fixed;
-	top: 0;
-	width: 100%;
-	z-index: 100;
-}
-#admin_bar ul {
-	list-style: none;
-	margin: 0 auto;
-	max-width: 1280px;
-	min-width: 900px;
-	padding: 2px;
-	width: 95%;
-}
-#admin_bar ul > li {
-	display: inline;
-	border-right: 1px solid #aaa;
-}
-#admin_bar ul > li:last-child {
-	border-right: none;
-}
-#admin_bar li > a {
-	color: inherit;
-	display: inline-block;
-	padding: 4px 6px;
-}
-#admin_bar li a:hover {
-	text-decoration: underline;
-}
-
-
-/* (Tag) autosuggest
-----------------------*/
-#new_tag_container {
-	display: block;
-	position: relative;
-}
-.autosuggest {
-	background: #fff;
-	border: 1px solid #ccc;
-	position: absolute;
-	top: 29px;
-	margin: 0;
-	padding: 0;
-}
-.autosuggest li {
-	display: block !important;
-	padding: 3px;
-}
-.autosuggest li:hover, .autosuggest li.selected {
-	background: #CFECF7;
-	cursor: pointer;
-}
-
-
-/* Edit user screen
----------------------*/
-.edituser dt {
-	clear: left;
-	float: left;
-	width: 150px;
-}
-.edituser dd {
-	float: left;
-	margin-bottom: 5px;
-}
-.edituser form div:last-child {
-	padding: 1em 0 0;
-}
-
-
-/* Admin widgets
-------------------*/
-.widget {
-	background: #fff;
-	padding: 25px;
-	box-shadow: 2px 2px 4px rgba(0, 0, 0, 0.3);
-}
-.widget h3 {
-	margin: 0 0 1em;
-	font: 400 18px "Raleway", sans-serif;
-}
-.widget p, .errormsg p {
-	margin: 0;
-}
-.widget ul {
-	margin: 0;
-	list-style: none;
-	padding: 0;
-}
-.widget li {
-	line-height: 1.7em;
-}
-
-
-/* Edit icon on tiled grids
------------------------------*/
-.tiled_grid div.landscape, .tiled_grid div.portrait, .tiled_grid div.panorama {
-	position: relative;
-}
-.tiled_grid div > a.edit {
-	background: #fff;
-	border-radius: 3px;
-	box-shadow: 1px 1px 2px rgba(0,0,0,0.3);
-	display: none;
-	left: 20px;
-	line-height: 1.5;
-	padding: 5px 10px;
-	position: absolute;
-	top: 20px;
-}
-.tiled_grid div:hover > a.edit {
-	display: block;
-}
-
-
 /* Crop editor
 ----------------*/
 #crop_editor {
+	display: flex;
+	flex-direction: column;
 	position: fixed;
 	top: 0;
 	left: 0;
 	height: 100%;
 	width: 100%;
-	background: #000;
+	background: rgba(0, 0, 0, 0.8);
 	z-index: 100;
 	color: #fff;
 }
-#crop_editor input {
-	width: 50px;
-	background: #555;
+#crop_editor .input-group-text {
+	background-color: rgba(233, 236, 239, 0.5);
+	border-color: rgba(233, 236, 239, 0.5);
 	color: #fff;
 }
-.crop_image_container {
-	position: relative;
+#crop_editor input[type=number] {
+	background: #555;
+	border-color: rgba(233, 236, 239, 0.5);
+	color: #fff;
+	width: 85px;
+}
+#crop_editor input[type=checkbox] {
+	vertical-align: middle;
 }
 .crop_position {
+	background: rgba(0, 0, 0, 1.0);
+	border: none;
+	display: flex;
 	padding: 5px;
 	text-align: center;
 }
 .crop_position input, .crop_position .btn {
 	margin: 0 5px;
 }
+
+.crop_image_container {
+	position: relative;
+	flex-grow: 1;
+	max-height: calc(100% - 34px);
+}
 .crop_image_container img {
-	height: auto;
-	width: auto;
+	border: 1px solid #000;
+	max-height: 100%;
 	max-width: 100%;
-	max-height: 700px;
 }
 #crop_boundary {
-	border: 1px solid rgba(255, 255, 255, 0.75);
-	background: rgba(255, 255, 255, 0.75);
+	border: 1px dashed rgb(255, 255, 255);
+	background: rgba(255, 255, 255, 0.4);
+	cursor: move;
 	position: absolute;
 	z-index: 200;
 	width: 500px;
 	height: 300px;
 	top: 400px;
 	left: 300px;
-	filter: invert(100%); /* temp */
-}
-
-
-/* The pagination styles below are based on Bootstrap 2.3.2
--------------------------------------------------------------*/
-
-.table_pagination, .table_form {
-	margin: 20px 0;
-}
-
-.table_pagination ul {
-	display: inline-block;
-	margin: 0;
-	padding: 0;
-	box-shadow: 0 1px 2px rgba(0, 0, 0, 0.05);
-}
-
-.table_pagination ul > li {
-	display: inline;
-}
-
-.table_pagination ul > li > a,
-.table_pagination ul > li > span {
-	float: left;
-	padding: 4px 12px;
-	line-height: 20px;
-	text-decoration: none;
-	background-color: #ffffff;
-	border: 1px solid #dddddd;
-	border-left-width: 0;
-}
-
-.table_pagination ul > li > a:hover,
-.table_pagination ul > li > a:focus,
-.table_pagination ul > .active > a,
-.table_pagination ul > .active > span {
-	background-color: #f5f5f5;
-}
-
-.table_pagination ul > .active > a,
-.table_pagination ul > .active > span {
-	color: #999999;
-	cursor: default;
-}
-
-.table_pagination ul > .disabled > span,
-.table_pagination ul > .disabled > a,
-.table_pagination ul > .disabled > a:hover,
-.table_pagination ul > .disabled > a:focus {
-	color: #999999;
-	cursor: default;
-	background-color: transparent;
-}
-
-.table_pagination ul > li:first-child > a,
-.table_pagination ul > li:first-child > span {
-	border-left-width: 1px;
-}
-
-
-/* The table styles below were taken from Bootstrap 2.3.2
------------------------------------------------------------*/
-table {
-	max-width: 100%;
-	background-color: transparent;
-	border-collapse: collapse;
-	border-spacing: 0;
-}
-
-.table {
-	width: 100%;
-	margin-bottom: 20px;
-}
-
-.table th,
-.table td {
-	border-top: 1px solid #dddddd;
-	line-height: 20px;
-	padding: 8px;
-	text-align: left;
-	vertical-align: top;
-}
-
-.table th {
-	font-weight: bold;
-}
-
-.table thead th {
-	vertical-align: bottom;
-}
-
-.table caption + thead tr:first-child th,
-.table caption + thead tr:first-child td,
-.table colgroup + thead tr:first-child th,
-.table colgroup + thead tr:first-child td,
-.table thead:first-child tr:first-child th,
-.table thead:first-child tr:first-child td {
-	border-top: 0;
-}
-
-.table tbody + tbody {
-	border-top: 2px solid #dddddd;
-}
-
-.table .table {
-	background-color: #ffffff;
-}
-
-.table-striped tbody > tr:nth-child(odd) > td,
-.table-striped tbody > tr:nth-child(odd) > th {
-	background-color: #f9f9f9;
-}
-
-.table-hover tbody tr:hover > td,
-.table-hover tbody tr:hover > th {
-	background-color: #f5f5f5;
 }

public/images/nothumb.svg

@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 480 150">
+<defs><style>.cls-2{fill:#cc9d9d;}</style></defs>
+<g>
+	<path class="cls-2" d="m221.34,135.39c-13.69,0-27.38-.09-41.07.06-3.43.04-4.94-.61-4.91-4.56.17-27.21.14-54.42.02-81.63-.02-3.41.9-4.57,4.45-4.56,27.69.13,55.38.12,83.07,0,3.36-.01,4.19,1.18,4.18,4.34-.1,27.37-.12,54.73.02,82.1.02,3.73-1.44,4.34-4.69,4.3-13.69-.14-27.38-.06-41.07-.06Zm-.11-27.1c11.37,0,22.74-.1,34.1.06,3.26.05,4.3-.97,4.28-4.25-.14-16.19-.14-32.38,0-48.56.03-3.28-1.01-4.27-4.27-4.25-22.74.12-45.47.12-68.21,0-3.26-.02-4.3.97-4.27,4.25.14,16.19.14,32.38,0,48.56-.03,3.28,1.01,4.3,4.27,4.26,11.37-.16,22.74-.06,34.1-.06Z"/>
+	<path class="cls-2" d="m271.69,111.12c.4-3.72-.27-8.33-.9-12.95-.4-2.96.59-3.73,3.62-3.01,6.71,1.61,6.75,1.45,8.74-5.81,3.66-13.3,7.37-26.59,10.95-39.91,1.64-6.09,1.55-6.23-4.53-7.87-20.8-5.63-41.65-11.12-62.43-16.82-3.48-.95-5.32-.26-6.11,3.33-.73,3.33-1.85,6.57-2.55,9.9-.71,3.39-3,4.22-5.87,3.73-3.34-.57-2.27-2.94-1.71-5.06,1.7-6.44,3.31-12.91,5.03-19.34.47-1.74.7-3.35,3.66-2.54,27.36,7.52,54.77,14.85,82.2,22.1,2.71.72,3.31,1.43,2.52,4.29-7.26,26.45-14.3,52.97-21.49,79.44-.5,1.84-.24,5.23-3.51,4.25-3.05-.92-8.22.3-7.68-5.77.21-2.32.03-4.67.03-7.96Z"/>
+	<path class="cls-2" d="m237.89,68.65c3.58,9.04,7.13,18.07,10.74,27.08.87,2.17.4,3.25-2.07,3.25-16.63-.01-33.25,0-49.88-.01-2.63,0-2.8-1.35-1.8-3.33.7-1.39,1.37-2.79,2.07-4.17,2.84-5.69,2.92-5.78,8.04-1.6,1.77,1.44,2.44,1.1,3.45-.67,1.69-2.95,3.7-5.72,5.45-8.64,1.39-2.31,2.67-2.5,4.73-.62,2.11,1.93,3.79,5.97,6.49,5.2,2.2-.63,3.51-4.41,5.19-6.81,2.13-3.04,4.23-6.1,6.37-9.13.15-.21.54-.25,1.23-.54Z"/>
+	<path class="cls-2" d="m201.38,75.62c-3.33.17-5.32-1.1-5.41-4.73-.09-3.64,1.37-6.17,5.12-6.38,3.38-.19,5.57,1.83,6,5.22.4,3.09-2.39,5.81-5.72,5.89Z"/>
+</g>
+</svg>

public/js/albumnav.js

@@ -1,14 +1,14 @@
 function enableKeyDownNavigation() {
 	document.addEventListener("keydown", function (event) {
 		if (event.keyCode == 37) {
-			var target = document.querySelector(".pagination ul > :first-child a");
+			var target = document.querySelector("ul.pagination > :first-child a");
 			if (target && target.href) {
 				event.preventDefault();
 				document.location.href = target.href;
 			}
 		}
 		else if (event.keyCode == 39) {
-			var target = document.querySelector(".pagination ul > :last-child a");
+			var target = document.querySelector("ul.pagination > :last-child a");
 			if (target && target.href) {
 				event.preventDefault();
 				document.location.href = target.href;

public/js/autosuggest.js

@@ -13,166 +13,165 @@ provided that the following conditions are met:
 
 'use strict';
 
-function AutoSuggest(opt) {
-    if (typeof opt.inputElement === "undefined" || typeof opt.listElement === "undefined" || typeof opt.baseUrl === "undefined" || typeof opt.appendCallback === "undefined") {
-        return;
+class AutoSuggest {
+    constructor(opt) {
+        if (typeof opt.inputElement === "undefined" || typeof opt.listElement === "undefined" ||
+            typeof opt.baseUrl === "undefined" || typeof opt.appendCallback === "undefined") {
+            return;
+        }
+
+        this.input = document.getElementById(opt.inputElement);
+        this.input.autocomplete = "off";
+        this.list = document.getElementById(opt.listElement);
+        this.appendCallback = opt.appendCallback;
+        this.baseurl = opt.baseUrl;
+
+        this.input.addEventListener('keydown', event => this.doSelection(event), false);
+        this.input.addEventListener('keyup', event => this.onType(event), false);
     }
 
-    this.input = document.getElementById(opt.inputElement);
-    this.input.autocomplete = "off";
-    this.list = document.getElementById(opt.listElement);
-    this.appendCallback = opt.appendCallback;
-    this.baseurl = opt.baseUrl;
+    doSelection(event) {
+        if (typeof this.container === "undefined" || this.container.children.length === 0) {
+            return;
+        }
 
-    var self = this;
-    this.input.addEventListener('keydown', function(event) {
-        self.doSelection(event);
-    }, false);
-    this.input.addEventListener('keyup', function(event) {
-        self.onType(this, event);
-    }, false);
+        switch (event.key) {
+            case 'Enter':
+                event.preventDefault();
+                this.container.children[this.selectedIndex].click();
+                break;
+
+            case 'ArrowUp':
+            case 'ArrowDown':
+                event.preventDefault();
+                this.findSelectedElement().className = '';
+                this.selectedIndex += event.key === 'ArrowUp' ? -1 : 1;
+                if (this.selectedIndex < 0) {
+                    this.selectedIndex = this.container.children.length - 1;
+                } else if (this.selectedIndex === this.container.children.length) {
+                    this.selectedIndex = 0;
+                }
+                let new_el = this.findSelectedElement().className = 'selected';
+                break;
+        }
+    };
+
+    findSelectedElement() {
+        return this.container.children[this.selectedIndex];
+    };
+
+    onType(event) {
+        if (['Enter', 'ArrowDown', 'ArrowUp'].indexOf(event.key) !== -1) {
+            return;
+        }
+
+        let tokens = event.target.value.split(/\s+/).filter(token => token.length >= 2);
+
+        if (tokens.length === 0) {
+            if (typeof this.container !== "undefined") {
+                this.clearContainer();
+            }
+            return false;
+        }
+
+        let request_uri = this.baseurl + '/suggest/?type=tags&data=' + window.encodeURIComponent(tokens.join(" "));
+        let request = new HttpRequest('get', request_uri, {}, this.onReceive, this);
+    };
+
+    onReceive(response, self) {
+        self.openContainer();
+        self.clearContainer();
+        self.fillContainer(response);
+    };
+
+    openContainer() {
+        if (this.container) {
+            if (!this.container.parentNode) {
+                this.input.parentNode.appendChild(this.container);
+            }
+            return this.container;
+        }
+
+        this.container = document.createElement('ul');
+        this.container.className = 'autosuggest';
+        this.input.parentNode.appendChild(this.container);
+        return this.container;
+    };
+
+    clearContainer() {
+        while (this.container.children.length > 0) {
+            this.container.removeChild(this.container.children[0]);
+        }
+    };
+
+    clearInput() {
+        this.input.value = "";
+        this.input.focus();
+    };
+
+    closeContainer() {
+        this.container.parentNode.removeChild(this.container);
+    };
+
+    fillContainer(response) {
+        this.selectedIndex = 0;
+
+        let query = this.input.value.trim().replace(/[\-\[\]{}()*+?.,\\\/^\$|#]/g, ' ');
+        let query_tokens = query.split(/ +/).sort((a,b) => a.length - b.length);
+
+        response.items.forEach((item, i) => {
+            let node = document.createElement('li');
+            node.innerHTML = this.highlightMatches(query_tokens, item.label);
+            node.jsondata = item;
+            node.addEventListener('click', event => {
+                this.appendCallback(node.jsondata);
+                this.closeContainer();
+                this.clearInput();
+            });
+            this.container.appendChild(node);
+            if (this.container.children.length === 1) {
+                node.className = 'selected';
+            }
+        });
+    };
+
+    highlightMatches(query_tokens, item) {
+        let itemTokens = item.split(/ +/);
+        let queryTokens = new RegExp('(' + query_tokens.join('\|') + ')', 'i');
+        itemTokens.forEach((token, index) => {
+            item = item.replace(token, token.replace(queryTokens, ($1, match) => '<strong>' + match + '</strong>'));
+        });
+        return item;
+    };
 }
 
-AutoSuggest.prototype.doSelection = function(event) {
-    if (typeof this.container === "undefined" || this.container.children.length === 0) {
-        return;
+class TagAutoSuggest extends AutoSuggest {
+    constructor(opt) {
+        super(opt);
+        this.type = "tags";
     }
 
-    switch (event.keyCode) {
-        case 13: // Enter
-            event.preventDefault();
-            this.container.children[this.selectedIndex].click();
-            break;
+    fillContainer(response) {
+        if (response.items.length > 0) {
+            super.fillContainer.call(this, response);
+        } else {
+            let node = document.createElement('li')
+            node.innerHTML = "<em>Tag does not exist yet. Create it?</em>";
 
-        case 38: // Arrow up
-        case 40: // Arrow down
-            event.preventDefault();
-            this.findSelectedElement().className = '';
-            this.selectedIndex += event.keyCode === 38 ? -1 : 1;
-            if (this.selectedIndex < 0) {
-                this.selectedIndex = this.container.children.length - 1;
-            } else if (this.selectedIndex === this.container.children.length) {
-                this.selectedIndex = 0;
-            }
-            var new_el = this.findSelectedElement().className = 'selected';
-            break;
-    }
-};
+            node.addEventListener('click', event => {
+                this.createNewTag(response => this.appendCallback(response));
+                this.closeContainer();
+                this.clearInput();
+            });
 
-AutoSuggest.prototype.findSelectedElement = function() {
-    return this.container.children[this.selectedIndex];
-};
-
-AutoSuggest.prototype.onType = function(input, event) {
-    if (event.keyCode === 13 || event.keyCode === 38 || event.keyCode === 40) {
-        return;
-    }
-
-    var tokens = input.value.split(/\s+/).filter(function(token) {
-        return token.length >= 2;
-    });
-
-    if (tokens.length === 0) {
-        if (typeof this.container !== "undefined") {
-            this.clearContainer();
-        }
-        return false;
-    }
-
-    var request_uri = this.baseurl + '/suggest/?type=tags&data=' + window.encodeURIComponent(tokens.join(" "));
-    var request = new HttpRequest('get', request_uri, {}, this.onReceive, this);
-};
-
-AutoSuggest.prototype.onReceive = function(response, self) {
-    self.openContainer();
-    self.clearContainer();
-    self.fillContainer(response);
-};
-
-AutoSuggest.prototype.openContainer = function() {
-    if (this.container) {
-        if (!this.container.parentNode) {
-            this.input.parentNode.appendChild(this.container);
-        }
-        return this.container;
-    }
-
-    this.container = document.createElement('ul');
-    this.container.className = 'autosuggest';
-    this.input.parentNode.appendChild(this.container);
-    return this.container;
-};
-
-AutoSuggest.prototype.clearContainer = function() {
-    while (this.container.children.length > 0) {
-        this.container.removeChild(this.container.children[0]);
-    }
-};
-
-AutoSuggest.prototype.clearInput = function() {
-    this.input.value = "";
-    this.input.focus();
-};
-
-AutoSuggest.prototype.closeContainer = function() {
-    this.container.parentNode.removeChild(this.container);
-};
-
-AutoSuggest.prototype.fillContainer = function(response) {
-    var self = this;
-    this.selectedIndex = 0;
-    response.items.forEach(function(item, i) {
-        var node = document.createElement('li');
-        var text = document.createTextNode(item.label);
-        node.jsondata = item;
-        node.addEventListener('click', function(event) {
-            self.appendCallback(this.jsondata);
-            self.closeContainer();
-            self.clearInput();
-        });
-        node.appendChild(text);
-        self.container.appendChild(node);
-        if (self.container.children.length === 1) {
+            this.container.appendChild(node);
+            this.selectedIndex = 0;
             node.className = 'selected';
         }
-    });
-};
+    };
 
-
-function TagAutoSuggest(opt) {
-    AutoSuggest.prototype.constructor.call(this, opt);
-    this.type = "tags";
-}
-
-TagAutoSuggest.prototype = Object.create(AutoSuggest.prototype);
-
-TagAutoSuggest.prototype.constructor = TagAutoSuggest;
-
-TagAutoSuggest.prototype.fillContainer = function(response) {
-    if (response.items.length > 0) {
-        AutoSuggest.prototype.fillContainer.call(this, response);
-    } else {
-        var node = document.createElement('li')
-        node.innerHTML = "<em>Tag does not exist yet. Create it?</em>";
-
-        var self = this;
-        node.addEventListener('click', function(event) {
-            self.createNewTag(function(response) {
-                console.log('Nieuwe tag!!');
-                console.log(response);
-                self.appendCallback(response);
-            });
-            self.closeContainer();
-            self.clearInput();
-        });
-
-        self.container.appendChild(node);
-        this.selectedIndex = 0;
-        node.className = 'selected';
+    createNewTag(callback) {
+        let request_uri = this.baseurl + '/suggest/?type=createtag';
+        let request = new HttpRequest('post', request_uri, 'tag=' + encodeURIComponent(this.input.value), callback, this);
     }
-};
-
-TagAutoSuggest.prototype.createNewTag = function(callback) {
-    var request_uri = this.baseurl + '/suggest/?type=createtag';
-    var request = new HttpRequest('post', request_uri, 'tag=' + encodeURIComponent(this.input.value), callback, this);
 }

public/js/color-modes.js

@@ -0,0 +1,77 @@
+/*!
+ * Color mode toggler for Bootstrap's docs (https://getbootstrap.com/)
+ * Copyright 2011-2023 The Bootstrap Authors
+ * Licensed under the Creative Commons Attribution 3.0 Unported License.
+ */
+
+(() => {
+	'use strict'
+
+	const getStoredTheme = () => localStorage.getItem('theme');
+	const setStoredTheme = theme => localStorage.setItem('theme', theme);
+
+	const getPreferredTheme = () => {
+		const storedTheme = getStoredTheme();
+		if (storedTheme) {
+			return storedTheme;
+		}
+
+		return window.matchMedia('(prefers-color-scheme: dark)').matches ? 'dark' : 'light';
+	}
+
+	const setTheme = theme => {
+		if (theme === 'auto') {
+			document.documentElement.setAttribute('data-bs-theme', (window.matchMedia('(prefers-color-scheme: dark)').matches ? 'dark' : 'light'))
+		} else {
+			document.documentElement.setAttribute('data-bs-theme', theme);
+		}
+	}
+
+	setTheme(getPreferredTheme());
+
+	const showActiveTheme = (theme, focus = false) => {
+		const themeSwitcher = document.querySelector('#bd-theme');
+
+		if (!themeSwitcher) {
+			return;
+		}
+
+		const themeSwitcherText = document.querySelector('#bd-theme-text');
+		const activeThemeIcon = document.querySelector('#theme-icon-active');
+		const btnToActive = document.querySelector(`[data-bs-theme-value="${theme}"]`);
+		const activeButtonIcon = btnToActive.querySelector('i.bi').className;
+
+		document.querySelectorAll('[data-bs-theme-value]').forEach(element => {
+			element.classList.remove('active');
+		});
+
+		btnToActive.classList.add('active');
+		activeThemeIcon.className = activeButtonIcon;
+		const themeSwitcherLabel = `${themeSwitcherText.textContent} (${btnToActive.dataset.bsThemeValue})`
+
+		if (focus) {
+			themeSwitcher.focus()
+		}
+	}
+
+	window.matchMedia('(prefers-color-scheme: dark)').addEventListener('change', () => {
+		const storedTheme = getStoredTheme()
+		if (storedTheme !== 'light' && storedTheme !== 'dark') {
+			setTheme(getPreferredTheme())
+		}
+	})
+
+	window.addEventListener('DOMContentLoaded', () => {
+		showActiveTheme(getPreferredTheme())
+
+		document.querySelectorAll('[data-bs-theme-value]')
+			.forEach(toggle => {
+				toggle.addEventListener('click', () => {
+					const theme = toggle.getAttribute('data-bs-theme-value')
+					setStoredTheme(theme)
+					setTheme(theme)
+					showActiveTheme(theme, true)
+				})
+			})
+	})
+})()

public/js/crop_editor.js

@@ -1,218 +1,378 @@
-function CropEditor(opt) {
-	this.opt = opt;
+class CropEditor {
+	constructor(opt) {
+		this.opt = opt;
 
-	this.edit_crop_button = document.createElement("span");
-	this.edit_crop_button.className = "btn";
-	this.edit_crop_button.innerHTML = "Edit crop";
-	this.edit_crop_button.addEventListener('click', this.show.bind(this));
+		this.edit_crop_button = document.createElement("span");
+		this.edit_crop_button.className = "btn btn-light";
+		this.edit_crop_button.textContent = "Edit crop";
+		this.edit_crop_button.addEventListener('click', this.show.bind(this));
 
-	this.thumbnail_select = document.getElementById(opt.thumbnail_select_id);
-	this.thumbnail_select.addEventListener('change', this.toggleCropButton.bind(this));
-	this.thumbnail_select.parentNode.insertBefore(this.edit_crop_button, this.thumbnail_select.nextSibling);
+		this.thumbnail_select = document.getElementById(opt.thumbnail_select_id);
+		this.thumbnail_select.addEventListener('change', this.toggleCropButton.bind(this));
+		this.thumbnail_select.parentNode.insertBefore(this.edit_crop_button, this.thumbnail_select.nextSibling);
 
-	this.toggleCropButton();
-}
+		this.toggleCropButton();
+	}
 
-CropEditor.prototype.buildContainer = function() {
-	this.container = document.createElement("div");
-	this.container.id = "crop_editor";
+	initDOM() {
+		this.container = document.createElement("div");
+		this.container.className = 'container-fluid';
+		this.container.id = "crop_editor";
 
-	this.position = document.createElement("div");
-	this.position.className = "crop_position";
-	this.container.appendChild(this.position);
+		this.initPositionForm();
+		this.initImageContainer();
 
-	var source_x_label = document.createTextNode("Source X:");
-	this.position.appendChild(source_x_label);
+		this.parent = document.getElementById(this.opt.editor_container_parent_id);
+		this.parent.appendChild(this.container);
+	}
 
-	this.source_x = document.createElement("input");
-	this.source_x.addEventListener("keyup", this.positionBoundary.bind(this));
-	this.position.appendChild(this.source_x);
+	initPositionForm() {
+		this.position = document.createElement("fieldset");
+		this.position.className = "crop_position flex-row justify-content-center";
+		this.container.appendChild(this.position);
 
-	var source_y_label = document.createTextNode("Source Y:");
-	this.position.appendChild(source_y_label);
+		const addNumericControl = (label, changeEvent) => {
+			const column = document.createElement('div');
+			column.className = 'col-auto';
+			this.position.appendChild(column);
 
-	this.source_y = document.createElement("input");
-	this.source_y.addEventListener("keyup", this.positionBoundary.bind(this));
-	this.position.appendChild(this.source_y);
+			const group = document.createElement('div');
+			group.className = 'input-group';
+			column.appendChild(group);
 
-	var crop_width_label = document.createTextNode("Crop width:");
-	this.position.appendChild(crop_width_label);
+			const labelEl = document.createElement("span");
+			labelEl.className = 'input-group-text';
+			labelEl.textContent = label;
+			group.appendChild(labelEl);
 
-	this.crop_width = document.createElement("input");
-	this.crop_width.addEventListener("keyup", this.positionBoundary.bind(this));
-	this.position.appendChild(this.crop_width);
+			const control = document.createElement("input");
+			control.className = 'form-control';
+			control.type = 'number';
+			control.addEventListener("change", changeEvent);
+			control.addEventListener("keyup", changeEvent);
+			group.appendChild(control);
 
-	var crop_height_label = document.createTextNode("Crop height:");
-	this.position.appendChild(crop_height_label);
+			return control;
+		};
 
-	this.crop_height = document.createElement("input");
-	this.crop_height.addEventListener("keyup", this.positionBoundary.bind(this));
-	this.position.appendChild(this.crop_height);
+		this.source_x = addNumericControl("Source X:", this.positionBoundary);
+		this.source_y = addNumericControl("Source Y:", this.positionBoundary);
+		this.crop_width = addNumericControl("Crop width:", this.positionBoundary);
+		this.crop_height = addNumericControl("Crop height:", this.positionBoundary);
 
-	this.save_button = document.createElement("span");
-	this.save_button.className = "btn";
-	this.save_button.innerHTML = "Save";
-	this.save_button.addEventListener('click', this.save.bind(this));
-	this.position.appendChild(this.save_button);
+		const otherColumn = document.createElement('div');
+		otherColumn.className = 'col-auto text-nowrap';
+		this.position.appendChild(otherColumn);
 
-	this.abort_button = document.createElement("span");
-	this.abort_button.className = "btn btn-red";
-	this.abort_button.innerHTML = "Abort";
-	this.abort_button.addEventListener('click', this.hide.bind(this));
-	this.position.appendChild(this.abort_button);
+		const constrainContainer = document.createElement("div");
+		constrainContainer.className = 'form-checkbox d-inline';
+		otherColumn.appendChild(constrainContainer);
 
-	this.image_container = document.createElement("div");
-	this.image_container.className = "crop_image_container";
-	this.container.appendChild(this.image_container);
+		this.crop_constrain = document.createElement("input");
+		this.crop_constrain.checked = true;
+		this.crop_constrain.className = 'form-check-input';
+		this.crop_constrain.id = 'check_constrain';
+		this.crop_constrain.type = 'checkbox';
+		constrainContainer.appendChild(this.crop_constrain);
 
-	this.crop_boundary = document.createElement("div");
-	this.crop_boundary.id = "crop_boundary";
-	this.image_container.appendChild(this.crop_boundary);
+		this.crop_constrain_label = document.createElement("label");
+		this.crop_constrain_label.className = 'form-check-label';
+		this.crop_constrain_label.htmlFor = 'check_constrain';
+		this.crop_constrain_label.textContent = 'Constrain proportions';
+		constrainContainer.appendChild(this.crop_constrain_label);
 
-	this.original_image = document.createElement("img");
-	this.original_image.id = "original_image";
-	this.original_image.src = this.opt.original_image_src;
-	this.image_container.appendChild(this.original_image);
+		this.save_button = document.createElement("span");
+		this.save_button.className = "btn btn-light";
+		this.save_button.textContent = "Save";
+		this.save_button.addEventListener('click', this.save.bind(this));
+		otherColumn.appendChild(this.save_button);
 
-	this.parent = document.getElementById(this.opt.editor_container_parent_id);
-	this.parent.appendChild(this.container);
-};
+		this.abort_button = document.createElement("span");
+		this.abort_button.className = "btn btn-danger";
+		this.abort_button.textContent = "Abort";
+		this.abort_button.addEventListener('click', this.hide.bind(this));
+		otherColumn.appendChild(this.abort_button);
+	}
 
-CropEditor.prototype.setInputValues = function() {
-	var current = this.thumbnail_select.options[this.thumbnail_select.selectedIndex].dataset;
+	initImageContainer() {
+		this.image_container = document.createElement("div");
+		this.image_container.className = "crop_image_container";
+		this.container.appendChild(this.image_container);
 
-	if (typeof current.crop_region === "undefined") {
-		var source_ratio = this.original_image.naturalWidth / this.original_image.naturalHeight,
-			crop_ratio = current.crop_width / current.crop_height,
-			min_dim = Math.min(this.original_image.naturalWidth, this.original_image.naturalHeight);
+		this.crop_boundary = document.createElement("div");
+		this.crop_boundary.id = "crop_boundary";
+		this.image_container.appendChild(this.crop_boundary);
+
+		this.original_image = document.createElement("img");
+		this.original_image.draggable = false;
+		this.original_image.id = "original_image";
+		this.original_image.src = this.opt.original_image_src;
+		this.image_container.appendChild(this.original_image);
+	}
+
+	setDefaultCrop(cropAspectRatio, cropMethod) {
+		let source = this.original_image;
+		let sourceAspectRatio = source.naturalWidth / source.naturalHeight;
 
 		// Cropping from the centre?
-		if (current.crop_method === "c") {
+		if (cropMethod === "c" || cropMethod === "s") {
 			// Crop vertically from the centre, using the entire width.
-			if (source_ratio < crop_ratio) {
-				this.crop_width.value = this.original_image.naturalWidth;
-				this.crop_height.value = Math.ceil(this.original_image.naturalWidth / crop_ratio);
+			if (sourceAspectRatio <= cropAspectRatio) {
+				this.crop_width.value = source.naturalWidth;
+				this.crop_height.value = Math.ceil(source.naturalWidth / cropAspectRatio);
 				this.source_x.value = 0;
-				this.source_y.value = Math.ceil((this.original_image.naturalHeight - this.crop_height.value) / 2);
+				this.source_y.value = Math.ceil((source.naturalHeight - this.crop_height.value) / 2);
 			}
 			// Crop horizontally from the centre, using the entire height.
 			else {
-				this.crop_width.value = Math.ceil(current.crop_width * this.original_image.naturalHeight / current.crop_height);
-				this.crop_height.value = this.original_image.naturalHeight;
-				this.source_x.value = Math.ceil((this.original_image.naturalWidth - this.crop_width.value) / 2);
+				this.crop_width.value = Math.ceil(cropAspectRatio * source.naturalHeight);
+				this.crop_height.value = source.naturalHeight;
+				this.source_x.value = Math.ceil((source.naturalWidth - this.crop_width.value) / 2);
 				this.source_y.value = 0;
 			}
 		}
 		// Cropping a top or bottom slice?
 		else {
 			// Can we actually take a top or bottom slice from the original image?
-			if (source_ratio < crop_ratio) {
-				this.crop_width.value = this.original_image.naturalWidth;
-				this.crop_height.value = Math.floor(this.original_image.naturalHeight / crop_ratio);
+			if (sourceAspectRatio <= cropAspectRatio) {
+				this.crop_width.value = source.naturalWidth;
+				this.crop_height.value = Math.floor(source.naturalWidth / cropAspectRatio);
 				this.source_x.value = "0";
-				this.source_y.value = current.crop_method.indexOf("t") !== -1 ? "0" : this.original_image.naturalHeight - this.crop_height.value;
+				this.source_y.value = cropMethod.indexOf("t") !== -1 ? "0" : source.naturalHeight - this.crop_height.value;
 			}
 			// Otherwise, take a vertical slice from the centre.
 			else {
-				this.crop_width.value = Math.floor(this.original_image.naturalHeight * crop_ratio);
-				this.crop_height.value = this.original_image.naturalHeight;
-				this.source_x.value = Math.floor((this.original_image.naturalWidth - this.crop_width.value) / 2);
+				this.crop_width.value = Math.floor(source.naturalHeight * cropAspectRatio);
+				this.crop_height.value = source.naturalHeight;
+				this.source_x.value = Math.floor((source.naturalWidth - this.crop_width.value) / 2);
 				this.source_y.value = "0";
 			}
 		}
-	} else {
-		var region = current.crop_region.split(',');
-		this.crop_width.value = region[0];
-		this.crop_height.value = region[1];
-		this.source_x.value = region[2];
-		this.source_y.value = region[3];
-	}
-};
-
-CropEditor.prototype.showContainer = function() {
-	this.container.style.display = "block";
-	this.setInputValues();
-	this.positionBoundary();
-}
-
-CropEditor.prototype.save = function() {
-	var current = this.thumbnail_select.options[this.thumbnail_select.selectedIndex].dataset;
-	var payload = {
-		thumb_width: current.crop_width,
-		thumb_height: current.crop_height,
-		crop_method: current.crop_method,
-		crop_width: this.crop_width.value,
-		crop_height: this.crop_height.value,
-		source_x: this.source_x.value,
-		source_y: this.source_y.value
-	};
-	var req = HttpRequest("post", this.opt.submitUrl + "?id=" + this.opt.asset_id + "&updatethumb",
-		"data=" + encodeURIComponent(JSON.stringify(payload)), function(response) {
-			this.opt.after_save(response);
-			this.hide();
-		}.bind(this));
-};
-
-CropEditor.prototype.show = function() {
-	if (typeof this.container === "undefined") {
-		this.buildContainer();
 	}
 
-	// Defer showing and positioning until image is loaded.
-	// !!! TODO: add a spinner in the mean time?
-	if (this.original_image.naturalWidth > 0) {
-		this.showContainer();
-	} else {
-		this.original_image.addEventListener("load", function() {
+	setPositionFormValues() {
+		let current = this.thumbnail_select.options[this.thumbnail_select.selectedIndex].dataset;
+
+		if (typeof current.crop_region === "undefined") {
+			let aspectRatio = current.crop_width / current.crop_height;
+			this.setDefaultCrop(aspectRatio, current.crop_method);
+		} else {
+			let region = current.crop_region.split(',');
+			this.crop_width.value = region[0];
+			this.crop_height.value = region[1];
+			this.source_x.value = region[2];
+			this.source_y.value = region[3];
+		}
+
+		this.crop_width.min = 1;
+		this.crop_height.min = 1;
+		this.source_x.min = 0;
+		this.source_y.min = 0;
+
+		let source = this.original_image;
+		this.crop_width.max = source.naturalWidth;
+		this.crop_height.max = source.naturalHeight;
+		this.source_x.max = source.naturalWidth - 1;
+		this.source_y.max = source.naturalHeight - 1;
+
+		this.crop_constrain_label.textContent = `Constrain proportions (${current.crop_width} × ${current.crop_height})`;
+	}
+
+	showContainer() {
+		this.container.style.display = '';
+		this.setPositionFormValues();
+		this.positionBoundary();
+		this.addEvents();
+	}
+
+	save() {
+		let current = this.thumbnail_select.options[this.thumbnail_select.selectedIndex].dataset;
+		let payload = {
+			thumb_width: current.crop_width,
+			thumb_height: current.crop_height,
+			crop_method: current.crop_method,
+			crop_width: this.crop_width.value,
+			crop_height: this.crop_height.value,
+			source_x: this.source_x.value,
+			source_y: this.source_y.value
+		};
+		let req = HttpRequest("post", this.opt.submitUrl + "?id=" + this.opt.asset_id + "&updatethumb",
+			"data=" + encodeURIComponent(JSON.stringify(payload)), function(response) {
+				this.opt.after_save(response);
+				this.hide();
+			}.bind(this));
+	}
+
+	show() {
+		if (typeof this.container === "undefined") {
+			this.initDOM();
+		}
+
+		// Defer showing and positioning until image is loaded.
+		// !!! TODO: add a spinner in the mean time?
+		if (this.original_image.naturalWidth > 0) {
 			this.showContainer();
-		}.bind(this));
+		} else {
+			this.original_image.addEventListener("load", event => this.showContainer());
+		}
 	}
-};
 
-CropEditor.prototype.hide = function() {
-	this.container.style.display = "none";
-};
+	hide() {
+		this.container.style.display = "none";
+	}
 
-CropEditor.prototype.addEvents = function(event) {
-	var drag_target = document.getElementById(opt.drag_target);
-	drag_target.addEventListener('dragstart', this.dragStart);
-	drag_target.addEventListener('drag', this.drag);
-	drag_target.addEventListener('dragend', this.dragEnd);
-};
+	addEvents(event) {
+		let cropTarget = this.image_container;
+		cropTarget.addEventListener('mousedown', this.cropSelectionStart.bind(this));
+		cropTarget.addEventListener('mousemove', this.cropSelection.bind(this));
+		cropTarget.addEventListener('mouseup', this.cropSelectionEnd.bind(this));
+		// cropTarget.addEventListener('mouseout', this.cropSelectionEnd.bind(this));
 
-CropEditor.prototype.dragStart = function(event) {
-	console.log(event);
-	event.preventDefault();
-};
+		this.original_image.addEventListener('mousedown', event => {return false});
+		this.original_image.addEventListener('dragstart', event => {return false});
 
-CropEditor.prototype.dragEnd = function(event) {
-	console.log(event);
-};
+		let moveTarget = this.crop_boundary;
+		moveTarget.addEventListener('mousedown', this.moveSelectionStart.bind(this));
+		moveTarget.addEventListener('mousemove', this.moveSelection.bind(this));
+		moveTarget.addEventListener('mouseup', this.moveSelectionEnd.bind(this));
 
-CropEditor.prototype.drag = function(event) {
-	console.log(event);
-};
+		window.addEventListener('resize', this.positionBoundary.bind(this));
+	}
 
-CropEditor.prototype.toggleCropButton = function() {
-	var current = this.thumbnail_select.options[this.thumbnail_select.selectedIndex].dataset;
-	this.edit_crop_button.style.display = typeof current.crop_method === "undefined" ? "none" : "";
-};
+	cropSelectionStart(event) {
+		if (this.isMoving) {
+			return false;
+		}
 
-CropEditor.prototype.positionBoundary = function(event) {
-	var source_x = parseInt(this.source_x.value),
-		source_y = parseInt(this.source_y.value),
-		crop_width = parseInt(this.crop_width.value),
-		crop_height = parseInt(this.crop_height.value),
-		real_width = this.original_image.naturalWidth,
-		real_height = this.original_image.naturalHeight,
-		scaled_width = this.original_image.clientWidth,
-		scaled_height = this.original_image.clientHeight;
+		let dragStartX = event.x - this.image_container.offsetLeft;
+		let dragStartY = event.y - this.image_container.offsetTop;
 
-	var width_scale = scaled_width / real_width,
-		height_scale = scaled_height / real_height;
+		if (dragStartX > this.original_image.clientWidth ||
+			dragStartY > this.original_image.clientHeight) {
+			return;
+		}
 
-	crop_boundary.style.left = (this.source_x.value) * width_scale + "px";
-	crop_boundary.style.top = (this.source_y.value) * height_scale + "px";
-	crop_boundary.style.width = (this.crop_width.value) * width_scale + "px";
-	crop_boundary.style.height = (this.crop_height.value) * height_scale + "px";
-};
+		this.isDragging = true;
+		this.dragStartX = dragStartX;
+		this.dragStartY = dragStartY;
+	}
+
+	cropSelectionEnd(event) {
+		this.isDragging = false;
+		this.handleCropSelectionEvent(event);
+	}
+
+	cropSelection(event) {
+		this.handleCropSelectionEvent(event);
+	}
+
+	getScaleFactor() {
+		return this.original_image.naturalWidth / this.original_image.clientWidth;
+	}
+
+	handleCropSelectionEvent(event) {
+		if (!this.isDragging) {
+			return;
+		}
+
+		this.dragEndX = event.x - this.image_container.offsetLeft;
+		this.dragEndY = event.y - this.image_container.offsetTop;
+
+		let scaleFactor = this.getScaleFactor();
+
+		this.source_x.value = Math.ceil(Math.min(this.dragStartX, this.dragEndX) * scaleFactor);
+		this.source_y.value = Math.ceil(Math.min(this.dragStartY, this.dragEndY) * scaleFactor);
+
+		let width = Math.ceil(Math.abs(this.dragEndX - this.dragStartX) * scaleFactor);
+		this.crop_width.value = Math.min(width, this.original_image.naturalWidth - this.source_x.value);
+
+		let height = Math.ceil(Math.abs(this.dragEndY - this.dragStartY) * scaleFactor);
+		this.crop_height.value = Math.min(height, this.original_image.naturalHeight - this.source_y.value);
+
+		if (this.crop_constrain.checked) {
+			let current = this.thumbnail_select.options[this.thumbnail_select.selectedIndex].dataset;
+
+			let currentAspectRatio = parseInt(this.crop_width.value) / parseInt(this.crop_height.value);
+			let targetAspectRatio = current.crop_width / current.crop_height;
+
+			if (Math.abs(currentAspectRatio - targetAspectRatio) > 0.001) {
+				// Landscape?
+				if (targetAspectRatio > 1.0) {
+					let height = Math.ceil(this.crop_width.value / targetAspectRatio);
+					if (parseInt(this.source_y.value) + height > this.original_image.naturalHeight) {
+						height = this.original_image.naturalHeight - this.source_y.value;
+					}
+					this.crop_width.value = height * targetAspectRatio;
+					this.crop_height.value = height;
+				}
+				// Portrait?
+				else {
+					let width = Math.ceil(this.crop_height.value * targetAspectRatio);
+					if (parseInt(this.source_x.value) + width > this.original_image.naturalWidth) {
+						width = this.original_image.naturalWidth - this.source_x.value;
+					}
+					this.crop_width.value = width;
+					this.crop_height.value = width / targetAspectRatio;
+				}
+			}
+		}
+
+		this.positionBoundary();
+	}
+
+	handleCropMoveEvent(event) {
+		if (!this.isMoving) {
+			return;
+		}
+
+		this.dragEndX = event.x - this.crop_boundary.offsetLeft;
+		this.dragEndY = event.y - this.crop_boundary.offsetTop;
+
+		let scaleFactor = this.getScaleFactor();
+
+		let x = parseInt(this.source_x.value) + Math.ceil((this.dragEndX - this.dragStartX) * scaleFactor);
+		if (x + parseInt(this.crop_width.value) > this.original_image.naturalWidth) {
+			x += this.original_image.naturalWidth - (x + parseInt(this.crop_width.value));
+		}
+		this.source_x.value = Math.max(x, 0);
+
+		let y = parseInt(this.source_y.value) + Math.ceil((this.dragEndY - this.dragStartY) * scaleFactor);
+		if (y + parseInt(this.crop_height.value) > this.original_image.naturalHeight) {
+			y += this.original_image.naturalHeight - (y + parseInt(this.crop_height.value));
+		}
+		this.source_y.value = Math.max(y, 0);
+
+		this.positionBoundary();
+	}
+
+	moveSelectionStart(event) {
+		if (this.isDragging) {
+			return false;
+		}
+		this.isMoving = true;
+		this.dragStartX = event.x - this.crop_boundary.offsetLeft;
+		this.dragStartY = event.y - this.crop_boundary.offsetTop;
+	}
+
+	moveSelectionEnd(event) {
+		this.isMoving = false;
+		this.handleCropMoveEvent(event);
+	}
+
+	moveSelection(event) {
+		this.handleCropMoveEvent(event);
+	}
+
+	toggleCropButton() {
+		let current = this.thumbnail_select.options[this.thumbnail_select.selectedIndex].dataset;
+		this.edit_crop_button.style.display = typeof current.crop_method === "undefined" ? "none" : "";
+	}
+
+	positionBoundary(event) {
+		let scaleFactor = this.getScaleFactor();
+		crop_boundary.style.left = parseInt(this.source_x.value) / scaleFactor + "px";
+		crop_boundary.style.top = parseInt(this.source_y.value) / scaleFactor + "px";
+		crop_boundary.style.width = parseInt(this.crop_width.value) / scaleFactor + "px";
+		crop_boundary.style.height = parseInt(this.crop_height.value) / scaleFactor + "px";
+	}
+}

public/js/photonav.js

@@ -4,14 +4,14 @@ function enableKeyDownNavigation() {
 			var target = document.getElementById("previous_photo").href;
 			if (target) {
 				event.preventDefault();
-				document.location.href = target + '#photo_frame';
+				document.location.href = target;
 			}
 		}
 		else if (event.keyCode == 39) {
 			var target = document.getElementById("next_photo").href;
 			if (target) {
 				event.preventDefault();
-				document.location.href = target + '#photo_frame';
+				document.location.href = target;
 			}
 		}
 	}, false);

public/js/upload_queue.js

@@ -1,186 +1,211 @@
-function UploadQueue(options) {
-	this.queue = options.queue_element;
-	this.preview_area = options.preview_area;
-	this.upload_progress = [];
-	this.upload_url = options.upload_url;
-	this.submit = options.submit_button;
-	this.addEvents();
-}
+class UploadQueue {
+	constructor(options) {
+		this.queue = options.queue_element;
+		this.preview_area = options.preview_area;
+		this.upload_progress = [];
+		this.upload_url = options.upload_url;
+		this.submit = options.submit_button;
+		this.addEvents();
+	}
 
-UploadQueue.prototype.addEvents = function() {
-	var that = this;
-	that.queue.addEventListener('change', function() {
-		that.showSpinner(that.queue, "Generating previews (not uploading yet!)");
-		that.clearPreviews();
-		for (var i = 0; i < that.queue.files.length; i++) {
-			var callback = (i !== that.queue.files.length - 1) ? null : function() {
-				that.hideSpinner();
-				that.submit.disabled = false;
+	addEvents() {
+		this.queue.addEventListener('change', event => {
+			this.showSpinner(this.queue, "Generating previews (not uploading yet!)");
+			this.clearPreviews();
+			for (let i = 0; i < this.queue.files.length; i++) {
+				const callback = (i !== this.queue.files.length - 1) ? null : () => {
+					this.hideSpinner();
+					this.submit.disabled = false;
+				};
+
+				if (this.queue.files[0].name.toUpperCase().endsWith(".HEIC")) {
+					alert('Sorry, the HEIC image format is not supported.\nPlease convert your photos to JPEG before uploading.');
+					this.hideSpinner();
+					this.submit.disabled = false;
+					break;
+				}
+
+				this.addPreviewBoxForQueueSlot(i);
+				this.addPreviewForFile(this.queue.files[i], i, callback);
 			};
-			that.addPreviewBoxForQueueSlot(i);
-			that.addPreviewForFile(that.queue.files[i], i, callback);
-		};
-	});
-	that.submit.addEventListener('click', function(e) {
-		e.preventDefault();
-		that.process();
-	});
-	this.submit.disabled = true;
-};
-
-UploadQueue.prototype.clearPreviews = function() {
-	this.preview_area.innerHTML = '';
-	this.submit.disabled = true;
-	this.current_upload_index = -1;
-}
-
-UploadQueue.prototype.addPreviewBoxForQueueSlot = function(index) {
-	var preview_box = document.createElement('div');
-	preview_box.id = 'upload_preview_' + index;
-	this.preview_area.appendChild(preview_box);
-};
-
-UploadQueue.prototype.addPreviewForFile = function(file, index, callback) {
-	if (!file) {
-		return false;
-	}
-
-	var preview = document.createElement('img');
-	preview.title = file.name;
-	preview.style.maxHeight = '150px';
-
-	var preview_box = document.getElementById('upload_preview_' + index);
-	preview_box.appendChild(preview);
-
-	var reader = new FileReader();
-	var that = this;
-	reader.addEventListener('load', function() {
-		preview.src = reader.result;
-		if (callback) {
-			preview.addEventListener('load', function() {
-				callback();
-			});
-		}
-	}, false);
-	reader.readAsDataURL(file);
-};
-
-UploadQueue.prototype.process = function() {
-	this.showSpinner(this.submit, "Preparing to upload files...");
-	if (this.queue.files.length > 0) {
-		this.submit.disabled = true;
-		this.nextFile();
-	}
-};
-
-UploadQueue.prototype.nextFile = function() {
-	var files = this.queue.files;
-	var i = ++this.current_upload_index;
-	if (i === files.length) {
-		this.hideSpinner();
-	} else {
-		this.setSpinnerLabel("Uploading file " + (i + 1) + " out of " + files.length);
-		this.sendFile(files[i], i, function() {
-			this.nextFile();
 		});
+		this.submit.addEventListener('click', event => {
+			event.preventDefault();
+			this.process();
+		});
+		this.submit.disabled = true;
 	}
-};
 
-UploadQueue.prototype.sendFile = function(file, index, callback) {
-	// Prepare the request.
-	var that = this;
-	var request = new XMLHttpRequest();
-	request.addEventListener('error', function(event) {
-		that.updateProgress(index, -1);
-	});
-	request.addEventListener('progress', function(event) {
-		that.updateProgress(index, event.loaded / event.total);
-	});
-	request.addEventListener('load', function(event) {
-		that.updateProgress(index, 1);
-		if (request.responseText !== null && request.status === 200) {
-			var obj = JSON.parse(request.responseText);
-			if (obj.error) {
-				alert(obj.error);
-				return;
-			}
-			else if (callback) {
-				callback.call(that, obj);
-			}
+	clearPreviews() {
+		this.preview_area.innerHTML = '';
+		this.submit.disabled = true;
+		this.current_upload_index = -1;
+	}
+
+	addPreviewBoxForQueueSlot(index) {
+		const preview_box = document.createElement('div');
+		preview_box.id = 'upload_preview_' + index;
+		this.preview_area.appendChild(preview_box);
+	}
+
+	addPreviewForFile(file, index, callback) {
+		if (!file) {
+			return false;
 		}
-	});
 
-	var data = new FormData();
-	data.append('uploads', file, file.name);
+		const preview = document.createElement('canvas');
+		preview.title = file.name;
 
-	request.open('POST', this.upload_url, true);
-	request.send(data);
-};
+		const preview_box = document.getElementById('upload_preview_' + index);
+		preview_box.appendChild(preview);
 
-UploadQueue.prototype.addProgressBar = function(index) {
-	if (index in this.upload_progress) {
-		return;
+		const reader = new FileReader();
+		reader.addEventListener('load', event => {
+			const original = document.createElement('img');
+			original.src = reader.result;
+
+			original.addEventListener('load', function() {
+				// Preparation: make canvas size proportional to the original image.
+				preview.height = 150;
+				preview.width = preview.height * (original.width / original.height);
+
+				// First pass: resize to 50% on temp canvas.
+				const temp = document.createElement('canvas'),
+					tempCtx = temp.getContext('2d');
+
+				temp.width = original.width * 0.5;
+				temp.height = original.height * 0.5;
+				tempCtx.drawImage(original, 0, 0, temp.width, temp.height);
+
+				// Second pass: resize again on temp canvas.
+				tempCtx.drawImage(temp, 0, 0, temp.width * 0.5, temp.height * 0.5);
+
+				// Final pass: resize to desired size on preview canvas.
+				const context = preview.getContext('2d');
+				context.drawImage(temp, 0, 0, temp.width * 0.5, temp.height * 0.5,
+					0, 0, preview.width, preview.height);
+
+				if (callback) {
+					callback();
+				}
+			});
+		}, false);
+		reader.readAsDataURL(file);
 	}
 
-	var progress_container = document.createElement('div');
-	progress_container.className = 'progress';
-
-	var progress = document.createElement('div');
-	progress_container.appendChild(progress);
-
-	var preview_box = document.getElementById('upload_preview_' + index);
-	preview_box.appendChild(progress_container);
-
-	this.upload_progress[index]	= progress;
-};
-
-UploadQueue.prototype.updateProgress = function(index, progress) {
-	if (!(index in this.upload_progress)) {
-		this.addProgressBar(index);
-	}
-
-	var bar = this.upload_progress[index];
-
-	if (progress >= 0) {
-		bar.style.width = Math.ceil(progress * 100) + '%';
-	} else {
-		bar.style.width = "";
-		if (progress === -1) {
-			bar.className = "error";
+	process() {
+		this.showSpinner(this.submit, "Preparing to upload files...");
+		if (this.queue.files.length > 0) {
+			this.submit.disabled = true;
+			this.nextFile();
 		}
 	}
-};
 
-UploadQueue.prototype.showSpinner = function(sibling, label) {
-	if (this.spinner) {
-		return;
+	nextFile() {
+		const files = this.queue.files;
+		const i = ++this.current_upload_index;
+		if (i === files.length) {
+			this.hideSpinner();
+		} else {
+			this.setSpinnerLabel("Uploading file " + (i + 1) + " out of " + files.length);
+			this.sendFile(files[i], i, this.nextFile);
+		}
 	}
 
-	this.spinner = document.createElement('div');
-	this.spinner.className = 'spinner';
-	sibling.parentNode.appendChild(this.spinner);
+	sendFile(file, index, callback) {
+		const request = new XMLHttpRequest();
+		request.addEventListener('error', event => {
+			this.updateProgress(index, -1);
+		});
+		request.addEventListener('progress', event => {
+			this.updateProgress(index, event.loaded / event.total);
+		});
+		request.addEventListener('load', event => {
+			this.updateProgress(index, 1);
+			if (request.responseText !== null && request.status === 200) {
+				const obj = JSON.parse(request.responseText);
+				if (obj.error) {
+					alert(obj.error);
+					return;
+				}
+				else if (callback) {
+					callback.call(this, obj);
+				}
+			}
+		});
 
-	if (label) {
-		this.spinner_label = document.createElement('span');
-		this.spinner_label.className = 'spinner_label';
-		this.spinner_label.innerHTML = label;
-		sibling.parentNode.appendChild(this.spinner_label);
+		const data = new FormData();
+		data.append('uploads', file, file.name);
+
+		request.open('POST', this.upload_url, true);
+		request.send(data);
 	}
-};
 
-UploadQueue.prototype.setSpinnerLabel = function(label) {
-	if (this.spinner_label) {
-		this.spinner_label.innerHTML = label;
+	addProgressBar(index) {
+		if (index in this.upload_progress) {
+			return;
+		}
+
+		const progress_container = document.createElement('div');
+		progress_container.className = 'progress';
+
+		const progress = document.createElement('div');
+		progress_container.appendChild(progress);
+
+		const preview_box = document.getElementById('upload_preview_' + index);
+		preview_box.appendChild(progress_container);
+
+		this.upload_progress[index]	= progress;
+	}
+
+	updateProgress(index, progress) {
+		if (!(index in this.upload_progress)) {
+			this.addProgressBar(index);
+		}
+
+		const bar = this.upload_progress[index];
+
+		if (progress >= 0) {
+			bar.style.width = Math.ceil(progress * 100) + '%';
+		} else {
+			bar.style.width = "";
+			if (progress === -1) {
+				bar.className = "error";
+			}
+		}
+	}
+
+	showSpinner(sibling, label) {
+		if (this.spinner) {
+			return;
+		}
+
+		this.spinner = document.createElement('div');
+		this.spinner.className = 'spinner';
+		sibling.parentNode.appendChild(this.spinner);
+
+		if (label) {
+			this.spinner_label = document.createElement('span');
+			this.spinner_label.className = 'spinner_label';
+			this.spinner_label.innerHTML = label;
+			sibling.parentNode.appendChild(this.spinner_label);
+		}
+	}
+
+	setSpinnerLabel(label) {
+		if (this.spinner_label) {
+			this.spinner_label.innerHTML = label;
+		}
+	}
+
+	hideSpinner() {
+		if (this.spinner) {
+			this.spinner.parentNode.removeChild(this.spinner);
+			this.spinner = null;
+		}
+		if (this.spinner_label) {
+			this.spinner_label.parentNode.removeChild(this.spinner_label);
+			this.spinner_label = null;
+		}
 	}
 }
-
-UploadQueue.prototype.hideSpinner = function() {
-	if (this.spinner) {
-		this.spinner.parentNode.removeChild(this.spinner);
-		this.spinner = null;
-	}
-	if (this.spinner_label) {
-		this.spinner_label.parentNode.removeChild(this.spinner_label);
-		this.spinner_label = null;
-	}
-};

public/vendor

@@ -0,0 +1 @@
+../vendor/

templates/AdminBar.php

@@ -1,37 +0,0 @@
-<?php
-/*****************************************************************************
- * AdminBar.php
- * Defines the AdminBar class.
- *
- * Kabuki CMS (C) 2013-2015, Aaron van Geffen
- *****************************************************************************/
-
-class AdminBar extends SubTemplate
-{
-	private $extra_items = [];
-
-	protected function html_content()
-	{
-		echo '
-			<div id="admin_bar">
-				<ul>
-					<li><a href="', BASEURL, '/managealbums/">Albums</a></li>
-					<li><a href="', BASEURL, '/managetags/">Tags</a></li>
-					<li><a href="', BASEURL, '/manageusers/">Users</a></li>
-					<li><a href="', BASEURL, '/manageerrors/">Errors [', ErrorLog::getCount(), ']</a></li>';
-
-		foreach ($this->extra_items as $item)
-			echo '
-					<li><a href="', $item[0], '">', $item[1], '</a></li>';
-
-		echo '
-					<li><a href="', BASEURL, '/logout/">Log out [', Registry::get('user')->getFullName(), ']</a></li>
-				</ul>
-			</div>';
-	}
-
-	public function appendItem($url, $caption)
-	{
-		$this->extra_items[] = [$url, $caption];
-	}
-}

templates/AlbumButtonBox.php

@@ -6,21 +6,60 @@
  * Kabuki CMS (C) 2013-2016, Aaron van Geffen
  *****************************************************************************/
 
-class AlbumButtonBox extends SubTemplate
+class AlbumButtonBox extends Template
 {
-	public function __construct($buttons)
+	private $active_filter;
+	private $buttons;
+	private $filters;
+
+	public function __construct(array $buttons, array $filters, $active_filter)
 	{
+		$this->active_filter = $active_filter;
 		$this->buttons = $buttons;
+		$this->filters = $filters;
 	}
 
-	protected function html_content()
+	public function html_main()
 	{
 		echo '
-			<div class="album_button_box">';
+			<div class="container album_button_box">';
 
 		foreach ($this->buttons as $button)
 			echo '
-				<a href="', $button['url'], '">', $button['caption'], '</a>';
+				<a class="btn btn-light" href="', $button['url'], '">', $button['caption'], '</a>';
+
+		if (!empty($this->filters))
+		{
+			echo '
+				<div class="dropdown">
+					<button class="btn btn-light dropdown-toggle" type="button" data-bs-toggle="dropdown" aria-expanded="false">
+						<i class="bi bi-filter"></i>';
+
+			if ($this->active_filter)
+			{
+				echo '
+						<span class="badge text-bg-danger">',
+							$this->filters[$this->active_filter]['label'], '</span>';
+			}
+
+			echo '
+					</button>
+					<ul class="dropdown-menu">';
+
+			foreach ($this->filters as $key => $filter)
+			{
+				$is_active = $key === $this->active_filter;
+				echo '
+						<li><a class="dropdown-item', $is_active ? ' active' : '',
+							'" href="', $filter['link'], '">',
+							$filter['caption'],
+							'</a></li>';
+			}
+
+			echo '
+					</ul>
+				</div>';
+		}
 
 		echo '
 			</div>';

templates/AlbumHeaderBox.php

@@ -6,8 +6,13 @@
  * Kabuki CMS (C) 2013-2016, Aaron van Geffen
  *****************************************************************************/
 
-class AlbumHeaderBox extends SubTemplate
+class AlbumHeaderBox extends Template
 {
+	private $back_link_title;
+	private $back_link;
+	private $description;
+	private $title;
+
 	public function __construct($title, $description, $back_link, $back_link_title)
 	{
 		$this->title = $title;
@@ -16,11 +21,13 @@ class AlbumHeaderBox extends SubTemplate
 		$this->back_link_title = $back_link_title;
 	}
 
-	protected function html_content()
+	public function html_main()
 	{
 		echo '
 			<div class="album_title_box">
-				<a class="back_button" href="', $this->back_link, '" title="', $this->back_link_title, '">&larr;</a>
+				<a class="back_button" href="', $this->back_link, '" title="', $this->back_link_title, '">
+					<i class="bi bi-arrow-left"></i>
+				</a>
 				<div>
 					<h2>', $this->title, '</h2>';
 

templates/AlbumIndex.php

@@ -6,7 +6,7 @@
  * Kabuki CMS (C) 2013-2015, Aaron van Geffen
  *****************************************************************************/
 
-class AlbumIndex extends SubTemplate
+class AlbumIndex extends Template
 {
 	protected $albums;
 	protected $show_edit_buttons;
@@ -15,6 +15,7 @@ class AlbumIndex extends SubTemplate
 
 	const TILE_WIDTH = 400;
 	const TILE_HEIGHT = 300;
+	const TILE_RATIO = self::TILE_WIDTH / self::TILE_HEIGHT;
 
 	public function __construct(array $albums, $show_edit_buttons = false, $show_labels = true)
 	{
@@ -23,53 +24,64 @@ class AlbumIndex extends SubTemplate
 		$this->show_labels = $show_labels;
 	}
 
-	protected function html_content()
+	public function html_main()
 	{
 		echo '
-			<div class="tiled_grid">';
+			<div class="container album-index">
+				<div class="row g-5">';
 
-		foreach (array_chunk($this->albums, 3) as $photos)
-		{
-			echo '
-					<div class="tiled_row">';
-
-			foreach ($photos as $album)
-			{
-				$color = isset($album['thumbnail']) ? $album['thumbnail']->bestColor() : 'ccc';
-				if ($color == 'FFFFFF')
-					$color = 'ccc';
-
-				echo '
-						<div class="landscape" style="border-color: #', $color, '">';
-
-				if ($this->show_edit_buttons)
-					echo '
-							<a class="edit" href="#">Edit</a>';
-
-				echo '
-							<a href="', $album['link'], '">';
-
-				if (isset($album['thumbnail']))
-					echo '
-								<img src="', $album['thumbnail']->getThumbnailUrl(static::TILE_WIDTH, static::TILE_HEIGHT, true, true), '" alt="">';
-				else
-					echo '
-								<img src="', BASEURL, '/images/nothumb.png" alt="">';
-
-				if ($this->show_labels)
-					echo '
-								<h4>', $album['caption'], '</h4>';
-
-				echo '
-							</a>
-						</div>';
-			}
-
-			echo '
-					</div>';
-		}
+		foreach ($this->albums as $album)
+			$this->renderAlbum($album);
 
 		echo '
+				</div>
 			</div>';
 	}
+
+	private function renderAlbum(array $album)
+	{
+		echo '
+					<div class="col-md-6 col-xl-4">
+						<div class="polaroid landscape" style="aspect-ratio: 1.12">';
+
+		if ($this->show_edit_buttons)
+			echo '
+							<a class="edit" href="#">Edit</a>';
+
+		echo '
+							<a href="', $album['link'], '">';
+
+		if (isset($album['thumbnail']))
+		{
+			$thumbs = [];
+			foreach ([1, 2] as $factor)
+				$thumbs[$factor] = $album['thumbnail']->getThumbnailUrl(
+					static::TILE_WIDTH * $factor, static::TILE_HEIGHT * $factor, true, true);
+
+			foreach (['normal-photo', 'blur-photo'] as $className)
+			{
+				echo '
+								<img alt="" src="', $thumbs[1], '"' . (isset($thumbs[2]) ?
+									' srcset="' . $thumbs[2] . ' 2x"' : '') .
+									' class="', $className, '"' .
+									' alt="" style="aspect-ratio: ', self::TILE_RATIO, '">';
+			}
+		}
+		else
+		{
+			echo '
+								<img alt="" src="', BASEURL, '/images/nothumb.svg"',
+									' class="placeholder-image"',
+									' style="aspect-ratio: ', self::TILE_RATIO, '; object-fit: unset">';
+		}
+
+		if ($this->show_labels)
+			echo '
+								<h4>', $album['caption'], '</h4>';
+
+		echo '
+							</a>
+						</div>
+					</div>';
+	}
 }

templates/Alert.php

@@ -6,19 +6,30 @@
  * Kabuki CMS (C) 2013-2015, Aaron van Geffen
  *****************************************************************************/
 
-class Alert extends SubTemplate
+class Alert extends Template
 {
+	private $_type;
+	private $_message;
+	private $_title;
+
 	public function __construct($title = '', $message = '', $type = 'alert')
 	{
 		$this->_title = $title;
 		$this->_message = $message;
-		$this->_type = in_array($type, ['alert', 'error', 'success', 'info']) ? $type : 'alert';
+		$this->_type = in_array($type, ['success', 'info', 'warning', 'danger']) ? $type : 'info';
 	}
 
-	protected function html_content()
+	public function html_main()
 	{
 		echo '
-					<div class="alert', $this->_type != 'alert' ? ' alert-' . $this->_type : '', '">', (!empty($this->_title) ? '
-						<strong>' . $this->_title . '</strong><br>' : ''), $this->_message, '</div>';
+					<div class="alert', $this->_type !== 'alert' ? ' alert-' . $this->_type : '', '">'
+						, !empty($this->_title) ? '<strong>' . $this->_title . '</strong><br>' : '', '
+						', $this->_message,
+						$this->additional_alert_content(), '
+					</div>';
+	}
+
+	protected function additional_alert_content()
+	{
 	}
 }

templates/AssetManagementWrapper.php

@@ -0,0 +1,36 @@
+<?php
+/*****************************************************************************
+ * AssetManagementWrapper.php
+ * Defines asset management wrapper template.
+ *
+ * Kabuki CMS (C) 2013-2015, Aaron van Geffen
+ *****************************************************************************/
+
+class AssetManagementWrapper extends Template
+{
+	public function html_main()
+	{
+		echo '
+		<form action="" method="post">';
+
+		foreach ($this->_subtemplates as $template)
+			$template->html_main();
+
+		echo '
+		</form>
+		<script type="text/javascript" defer="defer">
+			const allAreSelected = () => {
+				return document.querySelectorAll(".asset_select").length ===
+					document.querySelectorAll(".asset_select:checked").length;
+			};
+
+			const selectAll = document.getElementById("selectall");
+			selectAll.addEventListener("change", event => {
+				const newSelectedState = !allAreSelected();
+				document.querySelectorAll(".asset_select").forEach(el => {
+					el.checked = newSelectedState;
+				});
+			});
+		</script>';
+	}
+}

templates/DummyBox.php

@@ -8,24 +8,26 @@
 
 class DummyBox extends SubTemplate
 {
-	public function __construct($title = '', $content = '', $class = '')
+	protected $_content;
+
+	public function __construct($title = '', $content = '', $class = null)
 	{
-		$this->_title = $title;
+		parent::__construct($title);
 		$this->_content = $content;
-		$this->_class = $class;
+
+		if (isset($class))
+			$this->_class .= $class;
 	}
 
 	protected function html_content()
 	{
-		echo '
-			<div class="boxed_content', $this->_class ? ' ' . $this->_class : '', '">', $this->_title ? '
-				<h2>' . $this->_title . '</h2>' : '', '
-				', $this->_content;
+		if ($this->_title)
+			echo '
+				<h2>', $this->_title, '</h2>';
+
+		echo $this->_content;
 
 		foreach ($this->_subtemplates as $template)
 			$template->html_main();
-
-		echo '
-			</div>';
 	}
 }

templates/EditAssetForm.php

@@ -6,40 +6,49 @@
  * Kabuki CMS (C) 2013-2015, Aaron van Geffen
  *****************************************************************************/
 
-class EditAssetForm extends SubTemplate
+class EditAssetForm extends Template
 {
+	private $allAlbums;
 	private $asset;
+	private $currentAlbumId;
 	private $thumbs;
 
-	public function __construct(Asset $asset, array $thumbs = [])
+	public function __construct(array $options)
 	{
-		$this->asset = $asset;
-		$this->thumbs = $thumbs;
+		$this->allAlbums = $options['allAlbums'];
+		$this->asset = $options['asset'];
+		$this->currentAlbumId = $options['currentAlbumId'];
+		$this->thumbs = $options['thumbs'];
 	}
 
-	protected function html_content()
+	public function html_main()
 	{
 		echo '
 			<form id="asset_form" action="" method="post" enctype="multipart/form-data">
-				<div class="boxed_content" style="margin-bottom: 2%">
-					<div style="float: right">
-						<a class="btn btn-red" href="', BASEURL, '/editasset/?id=', $this->asset->getId(), '&delete">Delete asset</a>
-						<input type="submit" value="Save asset data">
+				<div class="content-box">
+					<div class="float-end">
+						<a class="btn btn-danger" href="', $this->asset->getDeleteUrl(), '&',
+							Session::getSessionTokenKey(), '=', Session::getSessionToken(),
+						'" onclick="return confirm(\'Are you sure you want to delete this asset?\');">',
+						'Delete asset</a>
+						<a class="btn btn-light" href="', $this->asset->getPageUrl(), '#photo_frame">View asset</a>
+						<button class="btn btn-primary" type="submit">Save asset data</button>
 					</div>
-					<h2>Edit asset \'', $this->asset->getTitle(), '\' (', $this->asset->getFilename(), ')</h2>
+					<h2 class="mb-0">Edit asset \'', $this->asset->getTitle(), '\'</h2>
 				</div>';
 
 		$this->section_replace();
 
 		echo '
-				<div style="float: left; width: 60%; margin-right: 2%">';
+				<div class="row">
+					<div class="col-md-8">';
 
 		$this->section_key_info();
 		$this->section_asset_meta();
 
 		echo '
-				</div>
-				<div style="float: left; width: 38%;">';
+					</div>
+					<div class="col-md-4">';
 
 		if (!empty($this->thumbs))
 			$this->section_thumbnails();
@@ -47,11 +56,12 @@ class EditAssetForm extends SubTemplate
 		$this->section_linked_tags();
 
 		echo '
-				</div>';
+					</div>';
 
 		$this->section_crop_editor();
 
 		echo '
+				</div>
 			</form>';
 	}
 
@@ -59,38 +69,74 @@ class EditAssetForm extends SubTemplate
 	{
 		$date_captured = $this->asset->getDateCaptured();
 		echo '
-				<div class="widget key_info">
+				<div class="content-box key_info">
 					<h3>Key info</h3>
-					<dl>
-						<dt>Title</dt>
-						<dd><input type="text" name="title" maxlength="255" size="70" value="', $this->asset->getTitle(), '">
 
-						<dt>Date captured</dt>
-						<dd><input type="text" name="date_captured" size="30" value="',
-							$date_captured ? $date_captured->format('Y-m-d H:i:s') : '', '" placeholder="Y-m-d H:i:s">
+					<div class="row mb-2">
+						<label class="col-form-label col-sm-3">Album:</label>
+						<div class="col-sm">
+							<select class="form-select" name="id_album">';
 
-						<dt>Display priority</dt>
-						<dd><input type="number" name="priority" min="0" max="100" step="1" value="', $this->asset->getPriority(), '">
-					</dl>
+		foreach ($this->allAlbums as $id_album => $album)
+			echo '
+								<option value="', $id_album, '"',
+								$this->currentAlbumId == $id_album ? ' selected' : '',
+								'>', htmlspecialchars($album), '</option>';
+
+		echo '
+							</select>
+						</div>
+					</div>
+					<div class="row mb-2">
+						<label class="col-form-label col-sm-3">Title (internal):</label>
+						<div class="col-sm">
+							<input class="form-control" type="text" name="title" maxlength="255" size="70" value="', $this->asset->getTitle(), '">
+						</div>
+					</div>
+					<div class="row mb-2">
+						<label class="col-form-label col-sm-3">URL slug:</label>
+						<div class="col-sm">
+							<input class="form-control" type="text" name="slug" maxlength="255" size="70" value="', $this->asset->getSlug(), '">
+						</div>
+					</div>
+					<div class="row mb-2">
+						<label class="col-form-label col-sm-3">Date captured:</label>
+						<div class="col-sm">
+							<input class="form-control" type="datetime-local" step="1"
+								name="date_captured" size="30" placeholder="Y-m-d H:i:s" value="',
+								$date_captured ? $date_captured->format('Y-m-d H:i:s') : '', '">
+						</div>
+					</div>
+					<div class="row mb-2">
+						<label class="col-form-label col-sm-3">Display priority:</label>
+						<div class="col-sm-3">
+							<input class="form-control" type="number" name="priority" min="0" max="100" step="1" value="', $this->asset->getPriority(), '">
+						</div>
+					</div>
 				</div>';
 	}
 
 	protected function section_linked_tags()
 	{
 		echo '
-				<div class="widget linked_tags" style="margin-top: 2%">
+				<div class="content-box linked_tags">
 					<h3>Linked tags</h3>
-					<ul id="tag_list">';
+					<ul class="list-unstyled" id="tag_list">';
 
 		foreach ($this->asset->getTags() as $tag)
-				echo '
+		{
+			if ($tag->kind === 'Album')
+				continue;
+
+			echo '
 						<li>
 							<input class="tag_check" type="checkbox" name="tag[', $tag->id_tag, ']" id="linked_tag_', $tag->id_tag, '" title="Uncheck to delete" checked>
 							', $tag->tag, '
 						</li>';
+		}
 
 		echo '
-						<li id="new_tag_container"><input type="text" id="new_tag" placeholder="Type to link a new tag"></li>
+						<li id="new_tag_container"><input class="form-control" type="text" id="new_tag" placeholder="Type to link a new tag"></li>
 					</ul>
 				</div>
 				<script type="text/javascript" src="', BASEURL, '/js/ajax.js"></script>
@@ -131,14 +177,14 @@ class EditAssetForm extends SubTemplate
 	protected function section_thumbnails()
 	{
 		echo '
-				<div class="widget linked_thumbs">
+				<div class="content-box linked_thumbs">
 					<h3>Thumbnails</h3>
-					View: <select id="thumbnail_src">';
+					View: <select class="form-select w-auto d-inline" id="thumbnail_src">';
 
-		foreach ($this->thumbs as $thumb)
+		$first = INF;
+		foreach ($this->thumbs as $i => $thumb)
 		{
-			if (!$thumb['status'])
-				continue;
+			$first = min($i, $first);
 
 			echo '
 						<option data-url="', $thumb['url'], '" data-crop_width="', $thumb['dimensions'][0], '" data-crop_height="', $thumb['dimensions'][1], '"',
@@ -168,18 +214,16 @@ class EditAssetForm extends SubTemplate
 
 		echo '
 					</select>
-					<a id="thumbnail_link" href="', $this->thumbs[0]['url'], '" target="_blank">
-						<img id="thumbnail" src="', $this->thumbs[0]['url'], '" alt="Thumbnail" style="width: 100%; height: auto;">
+					<a id="thumbnail_link" href="', $this->thumbs[$first]['url'], '" target="_blank">
+						<img id="thumbnail" src="', $this->thumbs[$first]['url'], '" alt="Thumbnail" style="width: 100%; height: auto;">
 					</a>
 				</div>
-				<script type="text/javascript">
-					setTimeout(function() {
-						document.getElementById("thumbnail_src").addEventListener("change", function(event) {
-							var selection = event.target.options[event.target.selectedIndex];
-							document.getElementById("thumbnail_link").href = selection.dataset.url;
-							document.getElementById("thumbnail").src = selection.dataset.url;
-						});
-					}, 100);
+				<script type="text/javascript" defer="defer">
+					document.getElementById("thumbnail_src").addEventListener("change", event => {
+						let selection = event.target.options[event.target.selectedIndex];
+						document.getElementById("thumbnail_link").href = selection.dataset.url;
+						document.getElementById("thumbnail").src = selection.dataset.url;
+					});
 				</script>';
 	}
 
@@ -190,72 +234,70 @@ class EditAssetForm extends SubTemplate
 
 		echo '
 				<script type="text/javascript" src="', BASEURL, '/js/crop_editor.js"></script>
-				<script type="text/javascript">
-					setTimeout(function() {
-						var editor = new CropEditor({
-							submit_url: "', BASEURL, '/editasset/",
-							original_image_src: "', $this->asset->getUrl(), '",
-							editor_container_parent_id: "asset_form",
-							thumbnail_select_id: "thumbnail_src",
-							drag_target: "drag_target",
-							asset_id: ', $this->asset->getId(), ',
-							after_save: function(data) {
-								// Update thumbnail
-								document.getElementById("thumbnail").src = data.url + "?" + (new Date()).getTime();
+				<script type="text/javascript" defer="defer">
+					let editor = new CropEditor({
+						submit_url: "', BASEURL, '/editasset/",
+						original_image_src: "', $this->asset->getUrl(), '",
+						editor_container_parent_id: "asset_form",
+						thumbnail_select_id: "thumbnail_src",
+						drag_target: ".crop_image_container",
+						asset_id: ', $this->asset->getId(), ',
+						after_save: function(data) {
+							// Update thumbnail
+							document.getElementById("thumbnail").src = data.url + "?" + (new Date()).getTime();
 
-								// Update select
-								var src = document.getElementById("thumbnail_src");
-								src.options[src.selectedIndex].dataset.crop_region = data.value;
+							// Update select
+							let src = document.getElementById("thumbnail_src");
+							let option = src.options[src.selectedIndex];
+							option.dataset.crop_region = data.value;
+							option.textContent = option.textContent.replace(/top|bottom|centre|slice/, "exact");
 
-								// TODO: update meta
-							}
-						});
-					}, 100);
+							// TODO: update meta
+						}
+					});
 				</script>';
 	}
 
 	protected function section_asset_meta()
 	{
 		echo '
-				<div class="widget asset_meta" style="margin-top: 2%">
-					<h3>Asset meta data</h3>
-					<ul>';
+				<div class="content-box asset_meta mt-2">
+					<h3>Asset meta data</h3>';
 
-		$i = -1;
+		$i = 0;
 		foreach ($this->asset->getMeta() as $key => $meta)
 		{
-			$i++;
 			echo '
-						<li>
-							<input type="text" name="meta_key[', $i, ']" value="', htmlentities($key), '">
-							<input type="text" name="meta_value[', $i, ']" value="', htmlentities($meta), '">
-						</li>';
+					<div class="input-group">
+						<input type="text" class="form-control" name="meta_key[', $i, ']" value="', htmlspecialchars($key), '" placeholder="key">
+						<input type="text" class="form-control" name="meta_value[', $i, ']" value="', htmlspecialchars($meta), '" placeholder="value">
+					</div>';
+			$i++;
 		}
 
+
 		echo '
-						<li>
-							<input type="text" name="meta_key[', $i + 1, ']" value="">
-							<input type="text" name="meta_value[', $i + 1, ']" value="">
-						</li>
-					</ul>
-					<p><input type="submit" value="Save metadata"></p>
+					<div class="input-group">
+						<input type="text" class="form-control" name="meta_key[', $i + 1, ']" value="" placeholder="key">
+						<input type="text" class="form-control" name="meta_value[', $i + 1, ']" value="" placeholder="value">
+					</div>
+					<div class="text-end mt-3">
+						<button class="btn btn-primary" type="submit">Save metadata</button>
+					</div>
 				</div>';
 	}
 
 	protected function section_replace()
 	{
 		echo '
-				<div class="widget replace_asset" style="margin-bottom: 2%; display: block">
+				<div class="content-box replace_asset mt-2">
 					<h3>Replace asset</h3>
-					File: <input type="file" name="replacement">
-					Target: <select name="replacement_target">
+					File: <input class="form-control d-inline w-auto" type="file" name="replacement">
+					Target: <select class="form-select d-inline w-auto" name="replacement_target">
 						<option value="full">master file</option>';
 
 		foreach ($this->thumbs as $thumb)
 		{
-			if (!$thumb['status'])
-				continue;
-
 			echo '
 						<option value="thumb_', implode('x', $thumb['dimensions']);
 
@@ -279,7 +321,7 @@ class EditAssetForm extends SubTemplate
 				echo ' crop';
 			}
 			elseif ($thumb['custom_image'])
-				echo ' (custom)';
+				echo ', custom';
 
 			echo ')
 						</option>';
@@ -287,7 +329,7 @@ class EditAssetForm extends SubTemplate
 
 		echo '
 					</select>
-					<input type="submit" value="Save asset">
+					<button class="btn btn-primary" type="submit">Save asset</button>
 				</div>';
 	}
 }

templates/ErrorPage.php

@@ -0,0 +1,41 @@
+<?php
+/*****************************************************************************
+ * ErrorPage.php
+ * Defines the template class ErrorPage.
+ *
+ * Kabuki CMS (C) 2013-2025, Aaron van Geffen
+ *****************************************************************************/
+
+class ErrorPage extends Template
+{
+	private $debug_info;
+	private $message;
+	private $title;
+
+	public function __construct($title, $message, $debug_info = null)
+	{
+		$this->title = $title;
+		$this->message = $message;
+		$this->debug_info = $debug_info;
+	}
+
+	public function html_main()
+	{
+		echo '
+				<div class="content-box container">
+					<h2>', $this->title, '</h2>
+					<p>', nl2br(htmlspecialchars($this->message)), '</p>';
+
+		if (isset($this->debug_info))
+		{
+			echo '
+				</div>
+				<div class="content-box container">
+					<h4>Debug Info</h4>
+					<pre>', htmlspecialchars($this->debug_info), '</pre>';
+		}
+
+		echo '
+				</div>';
+	}
+}

templates/FeaturedThumbnailManager.php

@@ -0,0 +1,57 @@
+<?php
+/*****************************************************************************
+ * FeaturedThumbnailManager.php
+ * Contains the featured thumbnail manager template.
+ *
+ * Kabuki CMS (C) 2013-2021, Aaron van Geffen
+ *****************************************************************************/
+
+class FeaturedThumbnailManager extends SubTemplate
+{
+	private $iterator;
+	private $currentThumbnailId;
+
+	public function __construct(AssetIterator $iterator, $currentThumbnailId)
+	{
+		$this->iterator = $iterator;
+		$this->currentThumbnailId = $currentThumbnailId;
+	}
+
+	protected function html_content()
+	{
+		echo '
+		<form action="" method="post">
+			<div class="row">
+				<div class="col-lg">
+					<h2>Select thumbnail</h2>
+				</div>
+				<div class="col-lg">';
+
+		foreach ($this->_subtemplates as $template)
+			$template->html_main();
+
+		echo '
+				</div>
+				<div class="col-lg-auto">
+					<button class="btn btn-primary" type="submit" name="changeThumbnail">Save thumbnail selection</button>
+				</div>
+			</div>
+			<ul id="featuredThumbnail">';
+
+		foreach ($this->iterator as $asset)
+		{
+			$image = $asset->getImage();
+			echo '
+				<li>
+					<input class="form-check-input" type="radio" name="featuredThumbnail" value="', $image->getId(), '"',
+					$this->currentThumbnailId == $image->getId() ? ' checked' : '', '>
+					<img src="', $image->getThumbnailUrl(150, 100, 'top'), '" alt="" title="', $image->getTitle(), '" onclick="this.parentNode.children[0].checked = true">
+				</li>';
+		}
+
+		echo '
+				</ul>
+				<input type="hidden" name="', Session::getSessionTokenKey(), '" value="', Session::getSessionToken(), '">
+			</form>';
+	}
+}

templates/ForgotPasswordForm.php

@@ -11,19 +11,25 @@ class ForgotPasswordForm extends SubTemplate
 	protected function html_content()
 	{
 		echo '
-						<div class="boxed_content">
-							<h2>Password reset procedure</h2>';
+				<h1>Password reset procedure</h1>';
 
 		foreach ($this->_subtemplates as $template)
 			$template->html_main();
 
 		echo '
-							<p>Please fill in the email address you used to sign up in the form below. You will be sent a reset link to your email address.</p>
-							<form class="form-horizontal" action="', BASEURL, '/resetpassword/?step=1" method="post">
-								<label class="control-label" for="field_emailaddress">E-mail address:</label><br>
-								<input type="text" id="field_emailaddress" name="emailaddress">
-								<button type="submit" class="btn btn-primary">Send mail</button>
-							</form>
-						</div>';
+				<p class="mt-3">Please fill in the email address you used to sign up in the form below. We will send a reset link to your email address.</p>
+				<form action="', BASEURL, '/resetpassword/?step=1" method="post">
+					<div class="row">
+						<label class="col-sm-2 col-form-label" for="field_emailaddress">E-mail address:</label>
+						<div class="col-sm-4">
+							<input type="text" class="form-control" id="field_emailaddress" name="emailaddress">
+						</div>
+					</div>
+					<div class="row mt-3">
+						<div class="offset-sm-2 col-sm-2">
+							<button type="submit" class="btn btn-primary">Send mail</button>
+						</div>
+					</div>
+				</form>';
 	}
 }

templates/FormView.php

@@ -3,157 +3,273 @@
  * FormView.php
  * Contains the form template.
  *
- * Kabuki CMS (C) 2013-2015, Aaron van Geffen
+ * Kabuki CMS (C) 2013-2023, Aaron van Geffen
  *****************************************************************************/
 
 class FormView extends SubTemplate
 {
+	private $form;
+	private array $data;
+	private array $missing;
+	private $title;
+
 	public function __construct(Form $form, $title = '')
 	{
+		$this->form = $form;
 		$this->title = $title;
-		$this->request_url = $form->request_url;
-		$this->request_method = $form->request_method;
-		$this->fields = $form->getFields();
-		$this->missing = $form->getMissing();
-		$this->data = $form->getData();
-		$this->content_above = $form->content_above;
-		$this->content_below = $form->content_below;
 	}
 
-	protected function html_content($exclude = [], $include = [])
+	protected function html_content()
 	{
 		if (!empty($this->title))
 			echo '
-			<div class="admin_box">
-				<h2>', $this->title, '</h2>';
+			<h1>', $this->title, '</h1>';
 
 		foreach ($this->_subtemplates as $template)
 			$template->html_main();
 
 		echo '
-			<form action="', $this->request_url, '" method="', $this->request_method, '" enctype="multipart/form-data">';
+			<form action="', $this->form->request_url, '" method="', $this->form->request_method, '" enctype="multipart/form-data">';
 
-		if (isset($this->content_above))
-			echo $this->content_above;
+		if (isset($this->form->before_fields))
+			echo $this->form->before_fields;
 
-		echo '
-				<dl>';
+		$this->missing = $this->form->getMissing();
+		$this->data = $this->form->getData();
 
-		foreach ($this->fields as $field_id => $field)
+		foreach ($this->form->getFields() as $field_id => $field)
 		{
-			// Either we have a blacklist
-			if (!empty($exclude) && in_array($field_id, $exclude))
-				continue;
-			// ... or a whitelist
-			elseif (!empty($include) && !in_array($field_id, $include))
-				continue;
-			// ... or neither (ha)
-
 			$this->renderField($field_id, $field);
 		}
 
+		if (isset($this->form->after_fields))
+			echo $this->form->after_fields;
+
 		echo '
-				</dl>
 				<input type="hidden" name="', Session::getSessionTokenKey(), '" value="', Session::getSessionToken(), '">
-				<div style="clear: both">
-					<button type="submit" class="btn btn-primary">Save information</button>';
+				<div class="form-group">
+					<div class="offset-sm-2 col-sm-10">
+						<button type="submit" name="submit" class="btn btn-primary">', $this->form->getSubmitButtonCaption(), '</button>';
 
-		if (isset($this->content_below))
+		if (isset($this->form->buttons_extra))
 			echo '
-					', $this->content_below;
+						', $this->form->buttons_extra;
 
 		echo '
+					</div>
 				</div>
 			</form>';
-
-		if (!empty($this->title))
-			echo '
-			</div>';
 	}
 
-	protected function renderField($field_id, $field)
+	protected function renderField($field_id, array $field)
 	{
 		if (isset($field['before_html']))
-			echo '</dl>
-					', $field['before_html'], '
-				<dl>';
-
-		if ($field['type'] != 'checkbox' && isset($field['label']))
 			echo '
-					<dt class="cont_', $field_id, isset($field['tab_class']) ? ' target target-' . $field['tab_class'] : '', '"', in_array($field_id, $this->missing) ? ' style="color: red"' : '', '>', $field['label'], '</dt>';
-		elseif ($field['type'] == 'checkbox' && isset($field['header']))
-			echo '
-					<dt class="cont_', $field_id, isset($field['tab_class']) ? ' target target-' . $field['tab_class'] : '', '"', in_array($field_id, $this->missing) ? ' style="color: red"' : '', '>', $field['header'], '</dt>';
+				', $field['before_html'];
 
 		echo '
-					<dd class="cont_', $field_id, isset($field['dd_class']) ? ' ' . $field['dd_class'] : '', isset($field['tab_class']) ? ' target target-' . $field['tab_class'] : '', '">';
+				<div class="row mb-2">';
 
-		if (isset($field['before']))
-			echo $field['before'];
+		if ($field['type'] !== 'checkbox')
+		{
+			if (isset($field['label']))
+				echo '
+					<label class="col-sm-2 col-form-label" for="', $field_id, '"', in_array($field_id, $this->missing) ? ' style="color: red"' : '', '>', $field['label'], ':</label>
+					<div class="', isset($field['class']) ? $field['class'] : 'col-sm-6', '">';
+			else
+				echo '
+					<div class="offset-sm-2 ', isset($field['class']) ? $field['class'] : 'col-sm-6', '">';
+		}
 
 		switch ($field['type'])
 		{
 			case 'select':
-				echo '
-						<select name="', $field_id, '" id="', $field_id, '"', !empty($field['disabled']) ? ' disabled' : '', '>';
-
-				if (isset($field['placeholder']))
-					echo '
-							<option value="">', $field['placeholder'], '</option>';
-
-				foreach ($field['options'] as $value => $option)
-					echo '
-							<option value="', $value, '"', $this->data[$field_id] == $value ? ' selected' : '', '>', htmlentities($option), '</option>';
-
-				echo '
-						</select>';
+				$this->renderSelect($field_id, $field);
 				break;
 
 			case 'radio':
-				foreach ($field['options'] as $value => $option)
-					echo '
-						<input type="radio" name="', $field_id, '" value="', $value, '"', $this->data[$field_id] == $value ? ' checked' : '', !empty($field['disabled']) ? ' disabled' : '', '> ', htmlentities($option);
+				$this->renderRadio($field_id, $field);
 				break;
 
 			case 'checkbox':
-				echo '
-						<label><input type="checkbox"', $this->data[$field_id] ? ' checked' : '', !empty($field['disabled']) ? ' disabled' : '', ' name="', $field_id, '"> ', htmlentities($field['label']), '</label>';
+				$this->renderCheckbox($field_id, $field);
 				break;
 
 			case 'textarea':
-				echo '
-						<textarea name="', $field_id, '" id="', $field_id, '" cols="', isset($field['columns']) ? $field['columns'] : 40, '" rows="', isset($field['rows']) ? $field['rows'] : 4, '"', !empty($field['disabled']) ? ' disabled' : '', '>', $this->data[$field_id], '</textarea>';
+				$this->renderTextArea($field_id, $field);
 				break;
 
 			case 'color':
-				echo '
-						<input type="color" name="', $field_id, '" id="', $field_id, '" value="', htmlentities($this->data[$field_id]), '"', !empty($field['disabled']) ? ' disabled' : '', '>';
+				$this->renderColor($field_id, $field);
 				break;
 
 			case 'numeric':
-				echo '
-						<input type="number"', isset($field['step']) ? ' step="' . $field['step'] . '"' : '', ' min="', isset($field['min_value']) ? $field['min_value'] : '0', '" max="', isset($field['max_value']) ? $field['max_value'] : '9999', '" name="', $field_id, '" id="', $field_id, '"', isset($field['size']) ? ' size="' . $field['size'] . '"' : '', isset($field['maxlength']) ? ' maxlength="' . $field['maxlength'] . '"' : '', ' value="', htmlentities($this->data[$field_id]), '"', !empty($field['disabled']) ? ' disabled' : '', '>';
+				$this->renderNumeric($field_id, $field);
 				break;
 
 			case 'file':
-				if (!empty($this->data[$field_id]))
-					echo '<img src="', $this->data[$field_id], '" alt=""><br>';
+				$this->renderFile($field_id, $field);
+				break;
 
-				echo '
-						<input type="file" name="', $field_id, '" id="', $field_id, '"', !empty($field['disabled']) ? ' disabled' : '', '>';
+			case 'captcha':
+				$this->renderCaptcha($field_id, $field);
 				break;
 
 			case 'text':
 			case 'password':
 			default:
-				echo '
-						<input type="', $field['type'], '" name="', $field_id, '" id="', $field_id, '"', isset($field['size']) ? ' size="' . $field['size'] . '"' : '', isset($field['maxlength']) ? ' maxlength="' . $field['maxlength'] . '"' : '', ' value="', htmlentities($this->data[$field_id]), '"', !empty($field['disabled']) ? ' disabled' : '', isset($field['trigger']) ? ' class="trigger-' . $field['trigger'] . '"' : '', '>';
+				$this->renderText($field_id, $field);
 		}
 
-		if (isset($field['after']))
-			echo ' ', $field['after'];
+		if ($field['type'] !== 'checkbox')
+			echo '
+					</div>';
 
 		echo '
-					</dd>';
+				</div>';
+
+		if (isset($field['after_html']))
+			echo '
+				', $field['after_html'];
+	}
+
+	private function renderCaptcha($field_id, array $field)
+	{
+		echo '
+						<div class="g-recaptcha" data-sitekey="', RECAPTCHA_API_KEY, '"></div>
+						<script src="https://www.google.com/recaptcha/api.js"></script>';
+	}
+
+	private function renderCheckbox($field_id, array $field)
+	{
+		echo '
+					<div class="offset-sm-2 col-sm-10">
+						<div class="form-check">
+							<input class="form-check-input" type="checkbox"', $this->data[$field_id] ? ' checked' : '', !empty($field['disabled']) ? ' disabled' : '', ' name="', $field_id, '" id="check-', $field_id, '">
+							<label class="form-check-label" for="check-', $field_id, '">
+								', $field['label'], '
+							</label>
+						</div>
+					</div>';
+	}
+
+	private function renderColor($field_id, array $field)
+	{
+		echo '
+						<input class="form-control" type="color" name="', $field_id, '" id="', $field_id, '" value="', htmlspecialchars($this->data[$field_id]), '"', !empty($field['disabled']) ? ' disabled' : '', '>';
+	}
+
+	private function renderFile($field_id, array $field)
+	{
+		if (!empty($this->data[$field_id]))
+			echo 'Currently using asset <tt>', $this->data[$field_id], '</tt>. Upload to overwrite.<br>';
+
+		echo '
+						<input class="form-control" type="file" name="', $field_id, '" id="', $field_id, '"', !empty($field['disabled']) ? ' disabled' : '', '>';
+	}
+
+	private function renderNumeric($field_id, array $field)
+	{
+		echo '
+						<input class="form-control" type="number"',
+							isset($field['step']) ? ' step="' . $field['step'] . '"' : '',
+							' min="', isset($field['min_value']) ? $field['min_value'] : '0', '"',
+							' max="', isset($field['max_value']) ? $field['max_value'] : '9999', '"',
+							' name="', $field_id, '" id="', $field_id, '"',
+							isset($field['size']) ? ' size="' . $field['size'] . '"' : '',
+							isset($field['maxlength']) ? ' maxlength="' . $field['maxlength'] . '"' : '',
+							' value="', htmlspecialchars($this->data[$field_id]), '"',
+							!empty($field['disabled']) ? ' disabled' : '', '>';
+	}
+
+	private function renderRadio($field_id, array $field)
+	{
+		foreach ($field['options'] as $value => $option)
+			echo '
+						<div class="form-check">
+							<input class="form-check-input" type="radio" name="', $field_id, '" id="radio-', $field_id, '-', $value, '" value="', $value, '"', $this->data[$field_id] == $value ? ' checked' : '', !empty($field['disabled']) ? ' disabled' : '', '>
+							<label class="form-check-label" for="radio-', $field_id, '-', $value, '">
+								', htmlspecialchars($option), '
+							</label>
+						</div>';
+	}
+
+	private function renderSelect($field_id, array $field)
+	{
+		echo '
+						<select class="form-select" name="', $field_id, !empty($field['multiple']) ? '[]' : '',
+					'" id="', $field_id, '"',
+					!empty($field['disabled']) ? ' disabled' : '',
+					!empty($field['multiple']) ? ' multiple' : '',
+					!empty($field['size']) ? ' size="' . $field['size'] . '"' : '',
+					'>';
+
+		if (isset($field['placeholder']))
+			echo '
+							<option value="">', $field['placeholder'], '</option>';
+
+		foreach ($field['options'] as $key => $value)
+		{
+			if (is_array($value))
+			{
+				assert(empty($field['multiple']));
+				$this->renderSelectOptionGroup($field_id, $key, $value);
+			}
+			else
+				$this->renderSelectOption($field_id, $value, $key, !empty($field['multiple']));
+		}
+
+		echo '
+						</select>';
+	}
+
+	private function renderSelectOption($field_id, $label, $value, $multiple = false)
+	{
+		echo '
+							<option value="', $value, '"',
+							!$multiple && $this->data[$field_id] == $value ? ' selected' : '',
+							$multiple && in_array($value, $this->data[$field_id]) ? ' selected' : '',
+							'>', htmlspecialchars($label), '</option>';
+	}
+
+	private function renderSelectOptionGroup($field_id, $label, $options)
+	{
+		echo '
+							<optgroup label="', $label, '">';
+
+		foreach ($options as $value => $option)
+			$this->renderSelectOption($field_id, $option, $value);
+
+		echo '
+							</optgroup>';
+	}
+
+	private function renderText($field_id, array $field)
+	{
+		echo '
+						<input class="form-control" ',
+						'type="', $field['type'], '" ',
+						'name="', $field_id, '" ',
+						'id="', $field_id, '"',
+						isset($field['size']) ? ' size="' . $field['size'] . '"' : '',
+						isset($field['maxlength']) ? ' maxlength="' . $field['maxlength'] . '"' : '',
+						isset($this->data[$field_id]) ? ' value="' . htmlspecialchars($this->data[$field_id]) . '"' : '',
+						isset($field['placeholder']) ? ' placeholder="' . $field['placeholder'] . '"' : '',
+						!empty($field['disabled']) ? ' disabled' : '',
+						isset($field['trigger']) ? ' class="trigger-' . $field['trigger'] . '"' : '',
+						'>';
+	}
+
+	private function renderTextArea($field_id, array $field)
+	{
+		echo '
+						<textarea class="form-control' .
+							'" name="', $field_id,
+							'" id="', $field_id,
+							'" cols="', isset($field['columns']) ? $field['columns'] : 40,
+							'" rows="', isset($field['rows']) ? $field['rows'] : 4, '"',
+							isset($field['placeholder']) ? ' placeholder="' . $field['placeholder'] . '"' : '',
+							'"', !empty($field['disabled']) ? ' disabled' : '',
+							'>', $this->data[$field_id], '</textarea>';
 	}
 }

templates/InlineFormView.php

@@ -0,0 +1,105 @@
+<?php
+/*****************************************************************************
+ * InlineFormView.php
+ * Contains the template that renders inline forms.
+ *
+ * Kabuki CMS (C) 2013-2025, Aaron van Geffen
+ *****************************************************************************/
+
+class InlineFormView
+{
+	public static function renderInlineForm($form)
+	{
+		if (!isset($form['is_embed']))
+			echo '
+			<form action="', $form['action'], '" method="', $form['method'], '" class="', $form['class'] ?? '', '">';
+		else
+			echo '
+			<div class="', $form['class'] ?? '', '">';
+
+		if (!empty($form['is_group']))
+			echo '
+				<div class="input-group">';
+
+		foreach ($form['controls'] as $name => $control)
+		{
+			if ($control['type'] === 'select')
+				self::renderSelectBox($control, $name);
+			elseif ($control['type'] === 'submit')
+				self::renderSubmitButton($control, $name);
+			else
+				self::renderInputBox($control, $name);
+		}
+
+		echo '
+					<input type="hidden" name="', Session::getSessionTokenKey(), '" value="', Session::getSessionToken(), '">';
+
+		if (!empty($form['is_group']))
+			echo '
+				</div>';
+
+		if (!isset($form['is_embed']))
+			echo '
+			</form>';
+		else
+			echo '
+			</div>';
+	}
+
+	private static function renderInputBox(array $field, $name)
+	{
+		echo '
+					<input name="', $name, '" id="field_', $name, '" type="', $field['type'], '" ',
+						'class="form-control', isset($field['class']) ? ' ' . $field['class'] : '', '"',
+						isset($field['placeholder']) ? ' placeholder="' . $field['placeholder'] . '"' : '',
+						isset($field['value']) ? ' value="' . htmlspecialchars($field['value']) . '"' : '', '>';
+	}
+
+	private static function renderSelectBox(array $field, $name)
+	{
+		echo '
+					<select class="form-select" name="', $name, '"',
+						(isset($field['onchange']) ? ' onchange="' . $field['onchange'] . '"' : ''), '>';
+
+		foreach ($field['values'] as $value => $caption)
+		{
+			if (!is_array($caption))
+			{
+				echo '
+						<option value="', $value, '"', $value === $field['selected'] ? ' selected' : '', '>', $caption, '</option>';
+			}
+			else
+			{
+				$label = $value;
+				$options = $caption;
+
+				echo '
+						<optgroup label="', $label, '">';
+
+				foreach ($options as $value => $caption)
+				{
+					echo '
+							<option value="', $value, '"', $value === $field['selected'] ? ' selected' : '', '>', $caption, '</option>';
+				}
+
+				echo '
+						</optgroup>';
+			}
+		}
+
+		echo '
+					</select>';
+	}
+
+	private static function renderSubmitButton(array $button, $name)
+	{
+		echo '
+					<button class="btn ', isset($button['class']) ? $button['class'] : 'btn-primary', '" ',
+						'type="', $button['type'], '" name="', $name, '"';
+
+		if (isset($button['onclick']))
+			echo ' onclick="', $button['onclick'], '"';
+
+		echo '>', $button['caption'], '</button>';
+	}
+}

templates/LogInForm.php

@@ -11,45 +11,57 @@ class LogInForm extends SubTemplate
 	private $redirect_url = '';
 	private $emailaddress = '';
 
+	protected $_class = 'content-box container col-lg-6';
+
 	public function setRedirectUrl($url)
 	{
-		$_SESSION['login_url'] = $url;
 		$this->redirect_url = $url;
 	}
 
 	public function setEmail($addr)
 	{
-		$this->emailaddress = htmlentities($addr);
+		$this->emailaddress = htmlspecialchars($addr);
 	}
 
 	protected function html_content()
 	{
-		echo '
-			<form action="', BASEURL, '/login/" method="post" id="login">
-				<h3>Log in</h3>';
+		if (!empty($this->_title))
+			echo '
+						<h1 class="mb-4">Press #RU to continue</h1>';
 
-		foreach ($this->_subtemplates as $template)
-			$template->html_main();
+		if (!empty($this->_subtemplates))
+		{
+			foreach ($this->_subtemplates as $template)
+				$template->html_main();
+		}
 
 		echo '
-				<dl>
-					<dt><label for="field_emailaddress">E-mail address:</label></dt>
-					<dd><input type="text" id="field_emailaddress" name="emailaddress" tabindex="1" value="', $this->emailaddress, '" autofocus></dd>
-
-					<dt><label for="field_password">Password:</label></dt>
-					<dd><input type="password" id="field_password" name="password" tabindex="2"></dd>
-				</dl>';
+						<form class="mt-4" action="', BASEURL, '/login/" method="post">
+							<div class="row">
+								<label class="col-sm-3 col-form-label" for="field_emailaddress">E-mail address:</label>
+								<div class="col-sm">
+									<input type="text" class="form-control" id="field_emailaddress" name="emailaddress" value="', $this->emailaddress, '">
+								</div>
+							</div>
+							<div class="row mt-3">
+								<label class="col-sm-3 col-form-label" for="field_password">Password:</label>
+								<div class="col-sm">
+									<input type="password" class="form-control" id="field_password" name="password">
+								</div>
+							</div>';
 
 		// Throw in a redirect url if asked for.
 		if (!empty($this->redirect_url))
 			echo '
-				<input type="hidden" name="redirect_url" value="', base64_encode($this->redirect_url), '">';
+							<input type="hidden" name="redirect_url" value="', base64_encode($this->redirect_url), '">';
 
 		echo '
-				<a href="', BASEURL, '/resetpassword/">Forgotten your password?</a>
-				<div class="buttonstrip">
-					<button type="submit" class="btn btn-primary" id="field_login" name="login" tabindex="3">Log in</button>
-				</div>
-			</form>';
+							<div class="mt-4">
+								<div class="offset-sm-3 col-sm-9">
+									<button type="submit" class="btn btn-primary">Sign in</button>
+									<a class="btn btn-light" href="', BASEURL, '/resetpassword/" style="margin-left: 1em">Forgotten your password?</a>
+								</div>
+							</div>
+						</form>';
 	}
 }

templates/MainNavBar.php

@@ -0,0 +1,97 @@
+<?php
+/*****************************************************************************
+ * MainNavBar.php
+ * Contains the primary navigational menu template.
+ *
+ * Kabuki CMS (C) 2013-2023, Aaron van Geffen
+ *****************************************************************************/
+
+class MainNavBar extends NavBar
+{
+	protected $outerMenuId = 'mainNav';
+	protected $innerMenuId = 'mainNavigation';
+	protected $ariaLabel = 'Main navigation';
+	protected $navBarClasses = 'navbar-dark bg-dark sticky-top';
+	protected $primaryBadgeClasses = 'bg-light text-dark';
+	protected $secondaryBadgeClasses = 'bg-dark text-light';
+
+	public function html_main()
+	{
+		// Select a random space invader, with a bias towards the mascot
+		$rnd = rand(0, 100);
+		$alt = $rnd > 50 ? ' alt-' . ($rnd % 6 + 1) : '';
+		$className = $rnd > 5 ? 'space-invader' . $alt : 'nyan-cat';
+
+		echo '
+		<nav id="', $this->outerMenuId, '" class="navbar navbar-expand-lg ', $this->navBarClasses, '" aria-label="', $this->ariaLabel, '">
+			<div class="container">
+				<a class="navbar-brand flex-grow-1" href="', BASEURL, '/">
+					<i class="', $className, '"></i>
+					HashRU Pics
+				</a>
+				<button class="navbar-toggler" type="button" data-bs-toggle="collapse" data-bs-target="#', $this->innerMenuId, '" aria-controls="', $this->innerMenuId, '" aria-expanded="false" aria-label="Toggle navigation">
+					<span class="navbar-toggler-icon"></span>
+				</button>';
+
+		if (Registry::has('user') && Registry::get('user')->isLoggedIn())
+		{
+			echo '
+				<div class="collapse navbar-collapse justify-content-end" id="', $this->innerMenuId, '">
+					<ul class="navbar-nav mb-2 mb-lg-0">';
+
+			$mainMenu = new MainMenu();
+			$this->renderMenuItems($mainMenu->getItems());
+
+			echo '
+						<li class="nav-divider d-none d-lg-inline"></li>';
+
+			$adminMenu = new AdminMenu();
+			$this->renderMenuItems($adminMenu->getItems());
+
+			$userMenu = new UserMenu();
+			$this->renderMenuItems($userMenu->getItems());
+
+			$this->darkModeToggle();
+
+			echo '
+					</ul>
+				</div>';
+		}
+
+		echo '
+			</div>
+		</nav>';
+	}
+
+	private function darkModeToggle()
+	{
+		echo '
+						<li class="nav-item dropdown">
+							<button class="btn btn-link nav-link py-2 px-0 px-lg-2 dropdown-toggle d-flex align-items-center"
+								id="bd-theme" type="button" data-bs-toggle="dropdown" data-bs-display="static">
+								<i id="theme-icon-active" class="bi bi-light"></i>
+								<span class="d-lg-none ms-2" id="bd-theme-text">Toggle theme</span>
+							</button>
+							<ul class="dropdown-menu dropdown-menu-end">
+								<li>
+									<button type="button" class="dropdown-item d-flex align-items-center" data-bs-theme-value="light">
+										<i class="bi bi-sun-fill"></i>
+										Light
+									</button>
+								</li>
+								<li>
+									<button type="button" class="dropdown-item d-flex align-items-center" data-bs-theme-value="dark">
+										<i class="bi bi-moon-stars-fill"></i>
+										Dark
+									</button>
+								</li>
+								<li>
+									<button type="button" class="dropdown-item d-flex align-items-center active" data-bs-theme-value="auto">
+										<i class="bi bi-circle-half"></i>
+										Auto
+									</button>
+								</li>
+							</ul>
+						</li>';
+	}
+}

templates/MainTemplate.php

@@ -25,25 +25,31 @@ class MainTemplate extends Template
 		echo '<!DOCTYPE html>
 <html lang="en">
 	<head>
-		<title>', $this->title, '</title>', !empty($this->canonical_url) ? '
-		<link rel="canonical" href="' . $this->canonical_url . '">' : '', '
-		<link type="text/css" rel="stylesheet" href="', BASEURL, '/css/default.css">
-		<meta name="viewport" content="width=device-width, initial-scale=1">
-		<meta http-equiv="Content-Type" content="text/html; charset=utf-8">', !empty($this->css) ? '
-		<style type="text/css">' . $this->css . '
-		</style>' : '', $this->header_html, '
+		<title>', $this->title, '</title>';
+
+		if (!empty($this->canonical_url))
+			echo '
+		<link rel="canonical" href="', $this->canonical_url, '">';
+
+		echo '
+		<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
+		<meta http-equiv="Content-Type" content="text/html; charset=utf-8">';
+
+		echo '
+		<link rel="stylesheet" href="', BASEURL, '/vendor/twbs/bootstrap/dist/css/bootstrap.min.css">
+		<link rel="stylesheet" href="', BASEURL, '/vendor/twbs/bootstrap-icons/font/bootstrap-icons.css">
+		<link type="text/css" rel="stylesheet" href="', BASEURL, '/css/default.css?v2">
 		<script type="text/javascript" src="', BASEURL, '/js/main.js"></script>
+		<script type="text/javascript" src="', BASEURL, '/js/color-modes.js"></script>'
+		, $this->header_html, '
 	</head>
 	<body', !empty($this->classes) ? ' class="' . implode(' ', $this->classes) . '"' : '', '>
-		<header>
-			<a href="', BASEURL, '/">
-				<h1 id="logo">#pics</h1>
-			</a>
-			<ul id="nav">
-				<li><a href="', BASEURL, '/">albums</a></li>
-				<li><a href="', BASEURL, '/people/">people</a></li>
-				<li><a href="', BASEURL, '/timeline/">timeline</a></li>
-			</ul>
+		<header>';
+
+		$bar = new MainNavBar();
+		$bar->html_main();
+
+		echo '
 		</header>
 		<div id="wrapper">';
 
@@ -55,12 +61,8 @@ class MainTemplate extends Template
 
 		if (Registry::has('user') && Registry::get('user')->isAdmin())
 		{
-			if (class_exists('Cache'))
-				echo '
-				<span class="cache-info">Cache info: ', Cache::$hits, ' hits, ', Cache::$misses, ' misses, ', Cache::$puts, ' puts, ', Cache::$removals, ' removals</span>';
-
 			if (Registry::has('start'))
-				echo '<br>
+				echo '
 				<span class="creation-time">Page creation time: ', sprintf('%1.4f', microtime(true) - Registry::get('start')), ' seconds</span>';
 
 			if (Registry::has('db'))
@@ -69,7 +71,7 @@ class MainTemplate extends Template
 		}
 		else
 			echo '
-				<span class="vanity">Powered by <a href="https://aaronweb.net/projects/kabuki/">Kabuki CMS</a></span>';
+				<span class="vanity">Powered by <a href="https://aaronweb.net/projects/kabuki/" target="_blank">Kabuki CMS</a></span>';
 
 		echo '
 			</footer>
@@ -80,15 +82,11 @@ class MainTemplate extends Template
 				echo '<pre>', strtr($query, "\t", " "), '</pre>';
 
 		echo '
+		<script type="text/javascript" src="', BASEURL, '/vendor/twbs/bootstrap/dist/js/bootstrap.bundle.min.js"></script>
 	</body>
 </html>';
 	}
 
-	public function appendCss($css)
-	{
-		$this->css .= $css;
-	}
-
 	public function appendHeaderHtml($html)
 	{
 		$this->header_html .= "\n\t\t" . $html;

templates/MediaUploader.php

@@ -8,6 +8,8 @@
 
 class MediaUploader extends SubTemplate
 {
+	private Tag $tag;
+
 	public function __construct(Tag $tag)
 	{
 		$this->tag = $tag;
@@ -16,14 +18,12 @@ class MediaUploader extends SubTemplate
 	protected function html_content()
 	{
 		echo '
-			<form action="', BASEURL, '/uploadmedia/?tag=', $this->tag->id_tag, '" class="boxed_content" method="post" enctype="multipart/form-data">
+			<form action="', BASEURL, '/uploadmedia/?tag=', $this->tag->id_tag, '" method="post" enctype="multipart/form-data">
 				<h2>Upload new photos to &quot;', $this->tag->tag, '&quot;</h2>
-				<div>
-					<h3>Select files</h3>
-					<input type="file" id="upload_queue" name="uploads[]" multiple>
-				</div>
-				<div>
-					<input name="save" id="photo_submit" type="submit" value="Upload the lot">
+				<div class="input-group">
+					<input class="form-control d-inline" type="file" id="upload_queue" name="uploads[]"
+						accept="image/jpeg" multiple>
+					<button class="btn btn-primary" name="save" id="photo_submit" type="submit">Upload the lot</button>
 				</div>
 				<div id="upload_preview_area">
 				</div>

templates/MyTagsView.php

@@ -0,0 +1,32 @@
+<?php
+/*****************************************************************************
+ * MyTagsView.php
+ * Contains the user tag list.
+ *
+ * Kabuki CMS (C) 2013-2015, Aaron van Geffen
+ *****************************************************************************/
+
+class MyTagsView extends SubTemplate
+{
+	private $tags;
+
+	public function __construct(array $tags)
+	{
+		$this->tags = $tags;
+	}
+
+	protected function html_content()
+	{
+		echo '
+			<h2>Tags you can edit</h2>
+			<p>You can currently edit the tags below. Click a tag to edit it.</p>
+			<ul>';
+
+		foreach ($this->tags as $tag)
+			echo '
+				<li><a href="', BASEURL, '/edittag/?id=', $tag->id_tag, '">', $tag->tag, '</a></li>';
+
+		echo '
+			</ul>';
+	}
+}

templates/NavBar.php

@@ -0,0 +1,61 @@
+<?php
+/*****************************************************************************
+ * NavBar.php
+ * Contains the navigational menu template.
+ *
+ * Kabuki CMS (C) 2013-2023, Aaron van Geffen
+ *****************************************************************************/
+
+abstract class NavBar extends Template
+{
+	protected $primaryBadgeClasses = 'bg-dark text-light';
+	protected $secondaryBadgeClasses = 'bg-light text-dark';
+
+	public function renderMenu(array $items, $navBarClasses = '')
+	{
+		echo '
+					<ul class="navbar-nav ', $navBarClasses, '">';
+
+		$this->renderMenuItems($items, $navBarClasses);
+
+		echo '
+					</ul>';
+	}
+
+	public function renderMenuItems(array $items)
+	{
+		foreach ($items as $menuId => $item)
+		{
+			if (isset($item['icon']))
+				$item['label'] = '<i class="bi bi-' . $item['icon'] . '"></i> ' . $item['label'];
+
+			if (isset($item['badge']))
+				$item['label'] .= ' <span class="badge ' . $this->primaryBadgeClasses . '">' . $item['badge'] . '</span>';
+
+			if (empty($item['subs']))
+			{
+				echo '
+						<li class="nav-item"><a class="nav-link" href="', $item['url'], '">', $item['label'], '</a></li>';
+				continue;
+			}
+
+			echo '
+						<li class="nav-item dropdown">
+							<a class="nav-link dropdown-toggle" href="#" id="menu', $menuId, '" data-bs-toggle="dropdown" aria-expanded="false">', $item['label'], '</a>
+							<ul class="dropdown-menu" aria-labelledby="menu', $menuId, '">';
+
+			foreach ($item['subs'] as $subitem)
+			{
+				if (isset($subitem['badge']))
+					$subitem['label'] .= ' <span class="badge ' . $this->secondaryBadgeClasses . '">' . $subitem['badge'] . '</span>';
+
+				echo '
+								<li><a class="dropdown-item" href="', $subitem['url'], '">', $subitem['label'], '</a></li>';
+			}
+
+			echo '
+							</ul>
+						</li>';
+		}
+	}
+}

templates/PageIndexWidget.php

@@ -0,0 +1,82 @@
+<?php
+/*****************************************************************************
+ * PageIndexWidget.php
+ * Contains the template that displays a page index.
+ *
+ * Kabuki CMS (C) 2013-2023, Aaron van Geffen
+ *****************************************************************************/
+
+class PageIndexWidget extends Template
+{
+	private $index;
+	private string $class;
+
+	private static $unique_index_count = 0;
+
+	public function __construct(PageIndex $index)
+	{
+		$this->index = $index;
+		$this->class = $index->getPageIndexClass();
+	}
+
+	public function html_main()
+	{
+		self::paginate($this->index, $this->class);
+	}
+
+	public static function paginate(PageIndex $index, $class = null)
+	{
+		$page_index = $index->getPageIndex();
+		if (empty($page_index) || count($page_index) == 1)
+			return;
+
+		if (!isset($class))
+			$class = $index->getPageIndexClass();
+
+		echo '
+				<ul class="pagination', $class ? ' ' . $class : '', '">
+					<li class="page-item', empty($page_index['previous']) ? ' disabled' : '', '">',
+						'<a class="page-link"', !empty($page_index['previous']) ? ' href="' . $page_index['previous']['href'] . '"' : '', '>',
+						'&laquo; previous</a></li>';
+
+		$num_wildcards = 0;
+		foreach ($page_index as $key => $page)
+		{
+			if (!is_numeric($key))
+				continue;
+
+			if (!is_array($page))
+			{
+				$first_wildcard = $num_wildcards === 0;
+				$num_wildcards++;
+				echo '
+					<li class="page-item page-padding wildcard',
+						$first_wildcard ? ' first-wildcard' : '',
+						'" onclick="javascript:promptGoToPage(',
+						self::$unique_index_count, ')"><a class="page-link">...</a></li>';
+			}
+			else
+				echo '
+					<li class="page-item page-number', $page['is_selected'] ? ' active" aria-current="page' : '', '">',
+						'<a class="page-link" href="', $page['href'], '">', $page['index'], '</a></li>';
+		}
+
+		echo '
+					<li class="page-item', empty($page_index['next']) ? ' disabled' : '', '">',
+						'<a class="page-link"', !empty($page_index['next']) ? ' href="' . $page_index['next']['href'] . '"' : '', '>',
+						'next &raquo;</a></li>
+				</ul>';
+
+		if ($num_wildcards)
+		{
+			echo '
+			<script type="text/javascript">
+				var page_index_', self::$unique_index_count++, ' = {
+					wildcard_url: "', $index->getLink("%d"), '",
+					num_pages: ', $index->getNumberOfPages(), ',
+					per_page: ', $index->getItemsPerPage(), '
+				};
+			</script>';
+		}
+	}
+}

templates/Pagination.php

@@ -1,63 +0,0 @@
-<?php
-/*****************************************************************************
- * Pagination.php
- * Contains the pagination template.
- *
- * Kabuki CMS (C) 2013-2016, Aaron van Geffen
- *****************************************************************************/
-
-class Pagination extends SubTemplate
-{
-	private $index;
-	private static $unique_index_count = 0;
-
-	public function __construct(PageIndex $index)
-	{
-		$this->index = $index;
-		$this->class = $index->getPageIndexClass();
-	}
-
-	protected function html_content()
-	{
-		$index = $this->index->getPageIndex();
-
-		echo '
-				<div class="table_pagination', !empty($this->class) ? ' ' . $this->class : '', '">
-					<ul>
-						<li class="first"><', !empty($index['previous']) ? 'a href="' . $index['previous']['href'] . '"' : 'span', '>&laquo; previous</', !empty($index['previous']) ? 'a' : 'span', '></li>';
-
-		$num_wildcards = 0;
-		foreach ($index as $key => $page)
-		{
-			if (!is_numeric($key))
-				continue;
-
-			if (!is_array($page))
-			{
-				$num_wildcards++;
-				echo '
-						<li class="page-padding" onclick="javascript:promptGoToPage(', self::$unique_index_count, ')"><span>...</span></li>';
-			}
-			else
-				echo '
-						<li class="page-number', $page['is_selected'] ? ' active' : '', '"><a href="', $page['href'], '">', $page['index'], '</a></li>';
-		}
-
-		echo '
-						<li class="last"><', !empty($index['next']) ? 'a href="' . $index['next']['href'] . '"' : 'span', '>next &raquo;</', !empty($index['next']) ? 'a' : 'span', '></li>
-					</ul>
-				</div>';
-
-		if ($num_wildcards)
-		{
-			echo '
-			<script type="text/javascript">
-				var page_index_', self::$unique_index_count++, ' = {
-					wildcard_url: "', $this->index->getLink("%d"), '",
-					num_pages: ', $this->index->getNumberOfPages(), ',
-					per_page: ', $this->index->getItemsPerPage(), '
-				};
-			</script>';
-		}
-	}
-}

templates/PasswordResetForm.php

@@ -20,27 +20,31 @@ class PasswordResetForm extends SubTemplate
 	protected function html_content()
 	{
 		echo '
-						<div class="boxed_content">
-							<h2>Password reset procedure</h2>';
+					<h1 class="mb-4">Password reset procedure</h1>';
 
 		foreach ($this->_subtemplates as $template)
 			$template->html_main();
 
 		echo '
-							<p>You have successfully confirmed your identify. Please use the form below to set a new password.</p>
-							<form class="form-horizontal" action="', BASEURL, '/resetpassword/?step=2&amp;email=', rawurlencode($this->email), '&amp;key=', $this->key, '" method="post">
-								<p>
-									<label class="control-label" for="field_password1">New password:</label>
-									<input type="password" id="field_password1" name="password1">
-								</p>
-
-								<p>
-									<label class="control-label" for="field_password2">Repeat new password:</label>
-									<input type="password" id="field_password2" name="password2">
-								</p>
-
+					<p>You have successfully confirmed your identify. Please use the form below to set a new password.</p>
+					<form action="', BASEURL, '/resetpassword/?step=2&amp;email=', rawurlencode($this->email), '&amp;key=', $this->key, '" method="post">
+						<div class="row mt-3">
+							<label class="col-sm-2 col-form-label" for="field_password1">New password:</label>
+							<div class="col-sm-3">
+								<input type="password" class="form-control" id="field_password1" name="password1">
+							</div>
+						</div>
+						<div class="row mt-3">
+							<label class="col-sm-2 col-form-label" for="field_password2">Repeat new password:</label>
+							<div class="col-sm-3">
+								<input type="password" class="form-control" id="field_password2" name="password2">
+							</div>
+						</div>
+						<div class="row mt-3">
+							<div class="offset-sm-2 col-sm-2">
 								<button type="submit" class="btn btn-primary">Reset password</button>
-							</form>
-						</div>';
+							</div>
+						</div>
+					</form>';
 	}
 }

templates/PhotoPage.php

@@ -6,172 +6,234 @@
  * Kabuki CMS (C) 2013-2016, Aaron van Geffen
  *****************************************************************************/
 
-class PhotoPage extends SubTemplate
+class PhotoPage extends Template
 {
+	private $activeFilter;
 	private $photo;
-	private $exif;
-	private $previous_photo_url = '';
-	private $next_photo_url = '';
+	private $metaData;
+	private $tag;
 
 	public function __construct(Image $photo)
 	{
 		$this->photo = $photo;
 	}
 
-	public function setPreviousPhotoUrl($url)
-	{
-		$this->previous_photo_url = $url;
-	}
-
-	public function setNextPhotoUrl($url)
-	{
-		$this->next_photo_url = $url;
-	}
-
-	protected function html_content()
+	public function html_main()
 	{
 		$this->photoNav();
 		$this->photo();
 
 		echo '
-				<div id="sub_photo">
-					<h2 class="entry-title">', $this->photo->getTitle(), '</h2>';
-
-		$this->taggedPeople();
-		$this->linkNewTags();
-
-		echo '
-				</div>';
+				<div class="row mt-5">
+					<div class="col-lg">';
 
 		$this->photoMeta();
 
 		echo '
+					</div>
+				</div>
+				<div class="row mt-5">
+					<div class="col-lg">
+						<div id="sub_photo" class="content-box">';
+
+		$this->userActions();
+
+		echo '
+							<h2 class="entry-title">', $this->photo->getTitle(), '</h2>';
+
+		$this->printTags('Album', 'Album', false);
+		$this->printTags('Tagged People', 'Person', true);
+
+		echo '
+						</div>
+					</div>
+				</div>
 				<script type="text/javascript" src="', BASEURL, '/js/photonav.js"></script>';
 	}
 
-	private function photo()
+	protected function photo()
 	{
 		echo '
-				<div id="photo_frame">
-					<a href="', $this->photo->getUrl(), '">';
+				<a href="', $this->photo->getUrl(), '">
+					<div id="photo_frame">';
 
 		if ($this->photo->isPortrait())
+		{
 			echo '
-						<img src="', $this->photo->getThumbnailUrl(null, 960), '" alt="">';
+						<figure id="photo-figure" class="portrait-figure">',
+				$this->photo->getInlineImage(null, 960, 'normal-photo'),
+				$this->photo->getInlineImage(null, 960, 'blur-photo'), '
+						</figure>';
+		}
 		else
+		{
+			$className = $this->photo->isPanorama() ? 'panorama-figure' : 'landscape-figure';
 			echo '
-						<img src="', $this->photo->getThumbnailUrl(1280, null), '" alt="">';
+						<figure id="photo-figure" class="', $className, '">',
+				$this->photo->getInlineImage(1280, null, 'normal-photo'),
+				$this->photo->getInlineImage(1280, null, 'blur-photo'), '
+						</figure>';
+		}
 
 		echo '
-					</a>
-				</div>';
+						</figure>
+					</div>
+				</a>';
+	}
+
+	public function setActiveFilter($filter)
+	{
+		$this->activeFilter = $filter;
+	}
+
+	public function setTag(Tag $tag)
+	{
+		$this->tag = $tag;
 	}
 
 	private function photoNav()
 	{
-		if ($this->previous_photo_url)
+		if ($previousUrl = $this->photo->getUrlForPreviousInSet($this->tag, $this->activeFilter))
 			echo '
-				<a href="', $this->previous_photo_url, '" id="previous_photo"><em>Previous photo</em></a>';
+				<a href="', $previousUrl, '#photo_frame" id="previous_photo"><i class="bi bi-arrow-left"></i></a>';
 		else
 			echo '
-				<span id="previous_photo"><em>Previous photo</em></span>';
+				<span id="previous_photo"><i class="bi bi-arrow-left"></i></span>';
 
-		if ($this->next_photo_url)
+		if ($nextUrl = $this->photo->getUrlForNextInSet($this->tag, $this->activeFilter))
 			echo '
-				<a href="', $this->next_photo_url, '" id="next_photo"><em>Next photo</em></a>';
+				<a href="', $nextUrl, '#photo_frame" id="next_photo"><i class="bi bi-arrow-right"></i></a>';
 		else
 			echo '
-				<span id="next_photo"><em>Next photo</em></span>';
+				<span id="next_photo"><i class="bi bi-arrow-right"></i></span>';
 	}
 
 	private function photoMeta()
 	{
 		echo '
-				<div id="photo_exif_box">
-					<h3>EXIF</h3>
-					<dl class="photo_meta">';
+				<ul class="list-group list-group-horizontal photo_meta">';
 
-		if (!empty($this->exif->created_timestamp))
+		foreach ($this->metaData as $header => $body)
+		{
 			echo '
-						<dt>Date Taken</dt>
-						<dd>', date("j M Y, H:i:s", $this->exif->created_timestamp), '</dd>';
+					<li class="list-group-item flex-fill">
+						<h4>', $header, '</h4>
+						', $body, '
+					</li>';
+		}
 
 		echo '
-						<dt>Uploaded by</dt>
-						<dd>', $this->photo->getAuthor()->getfullName(), '</dd>';
-
-		if (!empty($this->exif->camera))
-			echo '
-						<dt>Camera Model</dt>
-						<dd>', $this->exif->camera, '</dd>';
-
-		if (!empty($this->exif->shutter_speed))
-			echo '
-						<dt>Shutter Speed</dt>
-						<dd>', $this->exif->shutterSpeedFraction(), '</dd>';
-
-		if (!empty($this->exif->aperture))
-			echo '
-						<dt>Aperture</dt>
-						<dd>f/', number_format($this->exif->aperture, 1), '</dd>';
-
-		if (!empty($this->exif->focal_length))
-			echo '
-						<dt>Focal Length</dt>
-						<dd>', $this->exif->focal_length, ' mm</dd>';
-
-		if (!empty($this->exif->iso))
-			echo '
-						<dt>ISO Speed</dt>
-						<dd>', $this->exif->iso, '</dd>';
-
-		echo '
-					</dl>
-				</div>';
+				</ul>';
 	}
 
-	private function taggedPeople()
+	private function printTags($header, $tagKind, $allowLinkingNewTags)
 	{
+		static $nextTagListId = 1;
+		$tagListId = 'tagList' . ($nextTagListId++);
+
 		echo '
-					<h3>Tags</h3>
-					<ul id="tag_list">';
+					<h3>', $header, '</h3>
+					<ul id="', $tagListId, '" class="tag-list">';
 
 		foreach ($this->photo->getTags() as $tag)
 		{
+			if ($tag->kind !== $tagKind)
+				continue;
+
 			echo '
-						<li>
-							<a rel="tag" title="View all posts tagged ', $tag->tag, '" href="', $tag->getUrl(), '" class="entry-tag">', $tag->tag, '</a>
+						<li id="tag-', $tag->id_tag, '">
+							<div class="input-group">
+								<a class="input-group-text" href="', $tag->getUrl(), '" title="View all posts tagged ', $tag->tag, '">
+									', $tag->tag, '
+								</a>';
+
+			if ($tag->kind === 'Person')
+			{
+				echo '
+								<a class="delete-tag btn btn-danger px-1" title="Unlink this tag from this photo" href="#" data-id="', $tag->id_tag, '">
+									<i class="bi bi-x"></i>
+								</a>';
+			}
+
+			echo '
+							</div>
+						</li>';
+		}
+
+		static $nextNewTagId = 1;
+		$newTagId = 'newTag' . ($nextNewTagId++);
+
+		if ($allowLinkingNewTags)
+		{
+			echo '
+						<li style="position: relative">
+							<input class="form-control w-auto" type="text" id="', $newTagId, '" placeholder="Type to link a new tag">
 						</li>';
 		}
 
 		echo '
 					</ul>';
+
+		if ($allowLinkingNewTags)
+		{
+			$this->printNewTagScript($tagKind, $tagListId, $newTagId);
+		}
 	}
 
-	private function linkNewTags()
+	private function printNewTagScript($tagKind, $tagListId, $newTagId)
 	{
 		echo '
-				<div>
-					<h3>Link tags</h3>
-					<p style="position: relative"><input type="text" id="new_tag" placeholder="Type to link a new tag"></p>
-				</div>
 				<script type="text/javascript" src="', BASEURL, '/js/ajax.js"></script>
 				<script type="text/javascript" src="', BASEURL, '/js/autosuggest.js"></script>
 				<script type="text/javascript">
 					setTimeout(function() {
-						var tag_autosuggest = new TagAutoSuggest({
-							inputElement: "new_tag",
-							listElement: "tag_list",
-							baseUrl: "', BASEURL, '",
-							appendCallback: function(item) {
-								var request = new HttpRequest("post", "', $this->photo->getPageUrl(), '",
-									"id_tag=" + item.id_tag, function(response) {
-										var newNode = document.createElement("li");
-										var newLabel = document.createTextNode(item.label);
-										newNode.appendChild(newLabel);
+						const removeTag = function(event) {
+							event.preventDefault();
+							const request = new HttpRequest("post", "', $this->photo->getPageUrl(), '",
+								"id_tag=" + this.dataset["id"] + "&delete", (response) => {
+									if (!response.success) {
+										return;
+									}
 
-										var list = document.getElementById("tag_list");
-										list.appendChild(newNode);
+									const tagNode = document.getElementById("tag-" + this.dataset["id"]);
+									tagNode.parentNode.removeChild(tagNode);
+								});
+						};
+
+						let tagRemovalTargets = document.querySelectorAll(".delete-tag");
+						tagRemovalTargets.forEach(el => el.addEventListener("click", removeTag));
+
+						let tag_autosuggest = new TagAutoSuggest({
+							inputElement: "', $newTagId, '",
+							listElement: "', $tagListId, '",
+							baseUrl: "', BASEURL, '",
+							appendCallback: (item) => {
+								const request = new HttpRequest("post", "', $this->photo->getPageUrl(), '",
+									"id_tag=" + item.id_tag, (response) => {
+										const newListItem = document.createElement("li");
+										newListItem.id = "tag-" + item.id_tag;
+
+										const newInputGroup = document.createElement("div");
+										newInputGroup.className = "input-group";
+										newListItem.appendChild(newInputGroup);
+
+										const newLink = document.createElement("a");
+										newLink.className = "input-group-text";
+										newLink.href = item.url;
+										newLink.title = "View all posts tagged " + item.label;
+										newLink.textContent = item.label;
+										newInputGroup.appendChild(newLink);
+
+										const removeLink = document.createElement("a");
+										removeLink.className = "delete-tag btn btn-danger px-1";
+										removeLink.dataset["id"] = item.id_tag;
+										removeLink.href = "#";
+										removeLink.innerHTML = \'<i class="bi bi-x"></i>\';
+										removeLink.addEventListener("click", removeTag);
+										newInputGroup.appendChild(removeLink);
+
+										const list = document.getElementById("', $tagListId, '");
+										list.insertBefore(newListItem, list.querySelector("li:last-child"));
 									}, this);
 							}
 						});
@@ -179,8 +241,24 @@ class PhotoPage extends SubTemplate
 				</script>';
 	}
 
-	public function setExif(EXIF $exif)
+	public function setMetaData(array $metaData)
 	{
-		$this->exif = $exif;
+		$this->metaData = $metaData;
+	}
+
+	public function userActions()
+	{
+		if (!$this->photo->isOwnedBy(Registry::get('user')))
+			return;
+
+		echo '
+				<div class="float-end">
+					<a class="btn btn-primary" href="', $this->photo->getEditUrl(), '">
+						<i class="bi bi-pencil"></i> Edit</a>
+					<a class="btn btn-danger" href="', $this->photo->getDeleteUrl(), '&',
+						Session::getSessionTokenKey(), '=', Session::getSessionToken(),
+						'" onclick="return confirm(\'Are you sure you want to delete this photo?\');"',
+						'"><i class="bi bi-pencil"></i> Delete</a></a>
+				</div>';
 	}
 }

templates/PhotosIndex.php

@@ -6,32 +6,34 @@
  * Kabuki CMS (C) 2013-2015, Aaron van Geffen
  *****************************************************************************/
 
-class PhotosIndex extends SubTemplate
+class PhotosIndex extends Template
 {
 	protected $mosaic;
 	protected $show_edit_buttons;
+	protected $show_headers;
 	protected $show_labels;
-	protected $row_limit = 1000;
 	protected $previous_header = '';
-	protected $url_suffix;
 
-	const PANORAMA_WIDTH = 1280;
+	protected $edit_menu_items = [];
+	protected $photo_url_suffix;
+
+	const PANORAMA_WIDTH = 1256;
 	const PANORAMA_HEIGHT = null;
 
-	const PORTRAIT_WIDTH = 400;
-	const PORTRAIT_HEIGHT = 645;
+	const PORTRAIT_WIDTH = 387;
+	const PORTRAIT_HEIGHT = 628;
 
-	const LANDSCAPE_WIDTH = 850;
-	const LANDSCAPE_HEIGHT = 640;
+	const LANDSCAPE_WIDTH = 822;
+	const LANDSCAPE_HEIGHT = 628;
 
-	const DUO_WIDTH = 618;
-	const DUO_HEIGHT = 412;
+	const DUO_WIDTH = 604;
+	const DUO_HEIGHT = 403;
 
 	const SINGLE_WIDTH = 618;
 	const SINGLE_HEIGHT = 412;
 
-	const TILE_WIDTH = 400;
-	const TILE_HEIGHT = 300;
+	const TILE_WIDTH = 387;
+	const TILE_HEIGHT = 290;
 
 	public function __construct(PhotoMosaic $mosaic, $show_edit_buttons = false, $show_labels = false, $show_headers = true)
 	{
@@ -41,16 +43,17 @@ class PhotosIndex extends SubTemplate
 		$this->show_labels = $show_labels;
 	}
 
-	protected function html_content()
+	public function html_main()
 	{
 		echo '
-			<div class="tiled_grid">';
+			<div class="container photo-index">';
 
-		for ($i = $this->row_limit; $i > 0 && $row = $this->mosaic->getRow(); $i--)
+		$i = 0;
+		while ($row = $this->mosaic->getRow())
 		{
-			list($photos, $what) = $row;
+			[$photos, $what] = $row;
 			$this->header($photos);
-			$this->$what($photos);
+			$this->$what($photos, ($i++) % 2);
 		}
 
 		echo '
@@ -73,129 +76,176 @@ class PhotosIndex extends SubTemplate
 
 		$name = str_replace(' ', '', strtolower($header));
 		echo '
-			<div class="tiled_header" id="', $name, '">
-				<a href="#', $name, '">', $header, '</a>
-			</div>';
+				<h4 class="tiled-header" id="', $name, '">
+					<a href="#', $name, '">', $header, '</a>
+				</h4>';
 
 		$this->previous_header = $header;
 	}
 
-	protected function color(Image $image)
+	protected function editMenu(Image $image)
 	{
-		$color = $image->bestColor();
-		if ($color == 'FFFFFF')
-			$color = 'ccc';
-
-		return $color;
-	}
-
-	protected function photo(Image $image, $width, $height, $crop = true, $fit = true)
-	{
-		if ($this->show_edit_buttons)
-			echo '
-					<a class="edit" href="', BASEURL, '/editasset/?id=', $image->getId(), '">Edit</a>';
+		if (empty($this->edit_menu_items))
+			return;
 
 		echo '
-					<a href="', $image->getPageUrl(), $this->url_suffix, '">
-						<img src="', $image->getThumbnailUrl($width, $height, $crop, $fit), '" alt="" title="', $image->getTitle(), '">';
+				<div class="edit dropdown">
+					<button class="btn btn-primary btn-sm dropdown-toggle" type="button" data-bs-toggle="dropdown" aria-expanded="false">
+					</button>
+					<ul class="dropdown-menu">';
+
+		foreach ($this->edit_menu_items as $item)
+		{
+			echo '
+						<li><a class="dropdown-item" href="', $item['uri']($image), '"',
+							isset($item['onclick']) ? ' onclick="' . $item['onclick'] . '"' : '',
+							'>', $item['label'], '</a></li>';
+		}
+
+		echo '
+					</ul>
+				</div>';
+	}
+
+	protected function photo(Image $image, $className, $width, $height, $crop = true, $fit = true)
+	{
+		// Prefer thumbnail aspect ratio if available, otherwise use image aspect ratio.
+		$aspectRatio = isset($width, $height) ? $width / $height : $image->ratio();
+
+		echo '
+				<div class="polaroid ', $className, '" style="aspect-ratio: ', $aspectRatio, '">';
+
+		if ($this->show_edit_buttons && $image->canBeEditedBy(Registry::get('user')))
+			$this->editMenu($image);
+
+		echo '
+					<a href="', $image->getPageUrl(), $this->photo_url_suffix, '#photo_frame">';
+
+
+		foreach (['normal-photo', 'blur-photo'] as $className)
+		{
+			echo '
+						<img src="', $image->getThumbnailUrl($width, $height, $crop, $fit), '"';
+
+			// Can we offer double-density thumbs?
+			if ($image->width() >= $width * 2 && $image->height() >= $height * 2)
+				echo ' srcset="', $image->getThumbnailUrl($width * 2, $height * 2, $crop, $fit), ' 2x"';
+			else
+				echo ' srcset="', $image->getThumbnailUrl($image->width(), $image->height(), true), ' 2x"';
+
+			echo ' alt="" title="', $image->getTitle(), '" class="', $className, '" style="aspect-ratio: ', $aspectRatio, '">';
+		}
 
 		if ($this->show_labels)
 			echo '
 						<h4>', $image->getTitle(), '</h4>';
 
 		echo '
-					</a>';
+
+					</a>
+				</div>';
 	}
 
-	protected function panorama(array $photos)
+	protected function panorama(array $photos, $altLayout)
 	{
 		foreach ($photos as $image)
 		{
 			echo '
-				<div style="border-color: #', $this->color($image), '" class="panorama">';
+				<div class="row mb-5 tile-panorama">
+					<div class="col">';
 
-			$this->photo($image, static::PANORAMA_WIDTH, static::PANORAMA_HEIGHT, false, false);
+			$this->photo($image, 'panorama', static::PANORAMA_WIDTH, static::PANORAMA_HEIGHT, false, false);
 
 			echo '
+					</div>
 				</div>';
 		}
 	}
 
-	protected function portrait(array $photos)
+	protected function sixLandscapes(array $photos, $altLayout)
+	{
+		$chunks = array_chunk($photos, 3);
+		$this->sideLandscape($chunks[0], $altLayout);
+		$this->threeLandscapes($chunks[1], $altLayout);
+	}
+
+	protected function sidePortrait(array $photos, $altLayout)
 	{
 		$image = array_shift($photos);
 
 		echo '
-				<div class="tiled_row">
-					<div class="column_portrait">
-						<div style="border-color: #', $this->color($image), '" class="portrait">';
+				<div class="row g-5 mb-5 tile-feat-portrait',
+					$altLayout ? ' flex-row-reverse' : '', '">
+					<div class="col-md-4">';
 
-		$this->photo($image, static::PORTRAIT_WIDTH, static::PORTRAIT_HEIGHT, 'top');
+		$this->photo($image, 'portrait', static::PORTRAIT_WIDTH, static::PORTRAIT_HEIGHT, 'centre');
+
+		echo '
+					</div>
+					<div class="col-md-8">
+						<div class="row g-5">';
+
+		foreach ($photos as $image)
+		{
+			echo '
+							<div class="col-md-6">';
+
+			$this->photo($image, 'landscape', static::TILE_WIDTH, static::TILE_HEIGHT, 'top');
+
+			echo '
+							</div>';
+		}
 
 		echo '
 						</div>
 					</div>
-					<div class="column_tiles_four">';
-
-		foreach ($photos as $image)
-		{
-			echo '
-						<div style="border-color: #', $this->color($image), '" class="landscape">';
-
-			$this->photo($image, static::TILE_WIDTH, static::TILE_HEIGHT, 'top');
-
-			echo '
-						</div>';
-		}
-
-		echo '
-					</div>
 				</div>';
 	}
 
-	protected function landscape(array $photos)
+	protected function sideLandscape(array $photos, $altLayout)
 	{
 		$image = array_shift($photos);
 
 		echo '
-				<div class="tiled_row">
-					<div class="column_landscape">
-						<div style="border-color: #', $this->color($image), '" class="landscape">';
+				<div class="row g-5 mb-5 tile-feat-landscape',
+					$altLayout ? ' flex-row-reverse' : '', '">
+					<div class="col-md-8">';
 
-		$this->photo($image, static::LANDSCAPE_WIDTH, static::LANDSCAPE_HEIGHT, 'top');
+		$this->photo($image, 'landscape', static::LANDSCAPE_WIDTH, static::LANDSCAPE_HEIGHT, 'top');
+
+		echo '
+					</div>
+					<div class="col-md-4">
+						<div class="row g-5">';
+
+		foreach ($photos as $image)
+		{
+			echo '
+							<div>';
+
+			$this->photo($image, 'landscape', static::TILE_WIDTH, static::TILE_HEIGHT, 'top');
+
+			echo '
+							</div>';
+		}
 
 		echo '
 						</div>
 					</div>
-					<div class="column_tiles_two">';
-
-		foreach ($photos as $image)
-		{
-			echo '
-						<div style="border-color: #', $this->color($image), '" class="landscape">';
-
-			$this->photo($image, static::TILE_WIDTH, static::TILE_HEIGHT, 'top');
-
-			echo '
-						</div>';
-		}
-
-		echo '
-					</div>
 				</div>';
 	}
 
-	protected function duo(array $photos)
+	protected function threeLandscapes(array $photos, $altLayout)
 	{
 		echo '
-				<div class="tiled_row">';
+				<div class="row g-5 mb-5 tile-row-landscapes">';
 
 		foreach ($photos as $image)
 		{
 			echo '
-					<div style="border-color: #', $this->color($image), '" class="duo">';
+					<div class="col-md-4">';
 
-			$this->photo($image, static::DUO_WIDTH, static::DUO_HEIGHT, true);
+			$this->photo($image, 'landscape', static::TILE_WIDTH, static::TILE_HEIGHT, true);
 
 			echo '
 					</div>';
@@ -205,63 +255,102 @@ class PhotosIndex extends SubTemplate
 				</div>';
 	}
 
-	protected function single(array $photos)
+	protected function threePortraits(array $photos, $altLayout)
 	{
+		echo '
+				<div class="row g-5 mb-5 tile-row-portraits">';
+
+		foreach ($photos as $image)
+		{
+			echo '
+					<div class="col-md-4">';
+
+			$this->photo($image, 'portrait', static::PORTRAIT_WIDTH, static::PORTRAIT_HEIGHT, true);
+
+			echo '
+					</div>';
+		}
+
+		echo '
+				</div>';
+	}
+
+	protected function dualLandscapes(array $photos, $altLayout)
+	{
+		echo '
+				<div class="row g-5 mb-5 tile-duo">';
+
+		foreach ($photos as $image)
+		{
+			echo '
+					<div class="col-md-6">';
+
+			$this->photo($image, 'duo', static::DUO_WIDTH, static::DUO_HEIGHT, true);
+
+			echo '
+					</div>';
+		}
+
+		echo '
+				</div>';
+	}
+
+	protected function dualMixed(array $photos, $altLayout)
+	{
+		echo '
+				<div class="row g-5 mb-5 tile-feat-landscape',
+					$altLayout ? ' flex-row-reverse' : '', '">
+					<div class="col-md-8">';
+
 		$image = array_shift($photos);
+		$this->photo($image, 'landscape', static::LANDSCAPE_WIDTH, static::LANDSCAPE_HEIGHT, 'top');
 
 		echo '
-				<div class="tiled_row">
-					<div style="border-color: #', $this->color($image), '" class="single">';
+					</div>
+					<div class="col-md-4">';
 
-		$this->photo($image, static::SINGLE_WIDTH, static::SINGLE_HEIGHT, 'top');
+		$image = array_shift($photos);
+		$this->photo($image, 'portrait', static::PORTRAIT_WIDTH, static::PORTRAIT_HEIGHT, true);
+
+		echo '
+						</div>
+					</div>
+				</div>';
+	}
+
+	protected function dualPortraits(array $photos, $altLayout)
+	{
+		// Recycle the row layout so portraits don't appear too large
+		$this->threePortraits($photos, $altLayout);
+	}
+
+	protected function singleLandscape(array $photos, $altLayout)
+	{
+		echo '
+				<div class="row g-5 mb-5 tile-single">
+					<div class="col-md-6">';
+
+		$image = array_shift($photos);
+		$this->photo($image, 'single', static::SINGLE_WIDTH, static::SINGLE_HEIGHT, 'top');
 
 		echo '
 					</div>
 				</div>';
 	}
 
-	protected function row(array $photos)
+	protected function singlePortrait(array $photos, $altLayout)
 	{
-		echo '
-				<div class="tiled_row">';
-
-		foreach ($photos as $image)
-		{
-			echo '
-					<div style="border-color: #', $this->color($image), '" class="landscape">';
-
-			$this->photo($image, static::TILE_WIDTH, static::TILE_HEIGHT, true);
-
-			echo '
-					</div>';
-		}
-
-		echo '
-				</div>';
+		// Recycle the row layout so portraits don't appear too large
+		$this->threePortraits($photos, $altLayout);
 	}
 
-	protected function portraits(array $photos)
+	public function setEditMenuItems(array $items)
 	{
-		echo '
-				<div class="tiled_row">';
-
-		foreach ($photos as $image)
-		{
-			echo '
-					<div style="border-color: #', $this->color($image), '" class="portrait">';
-
-			$this->photo($image, static::PORTRAIT_WIDTH, static::PORTRAIT_HEIGHT, true);
-
-			echo '
-					</div>';
-		}
-
-		echo '
-				</div>';
+		$this->edit_menu_items = $items;
 	}
 
 	public function setUrlSuffix($suffix)
 	{
-		$this->url_suffix = $suffix;
+		$this->photo_url_suffix = $suffix;
 	}
 }

templates/SubTemplate.php

@@ -8,10 +8,32 @@
 
 abstract class SubTemplate extends Template
 {
+	protected $_class = 'content-box container';
+	protected $_id;
+	protected $_title;
+
+	public function __construct($title = '')
+	{
+		$this->_title = $title;
+	}
+
 	public function html_main()
 	{
-		echo $this->html_content();
+		echo '
+			<div class="', $this->_class, '"', isset($this->_id) ? ' id="' . $this->_id . '"' : '', '>',
+				$this->html_content(), '
+			</div>';
 	}
 
 	abstract protected function html_content();
+
+	public function setClassName($className)
+	{
+		$this->_class = $className;
+	}
+
+	public function setDOMId($id)
+	{
+		$this->_id = $id;
+	}
 }

templates/TabularData.php

@@ -3,60 +3,132 @@
  * TabularData.php
  * Contains the template that displays tabular data.
  *
- * Kabuki CMS (C) 2013-2015, Aaron van Geffen
+ * Kabuki CMS (C) 2013-2025, Aaron van Geffen
  *****************************************************************************/
 
-class TabularData extends Pagination
+class TabularData extends SubTemplate
 {
+	protected GenericTable $_t;
+
 	public function __construct(GenericTable $table)
 	{
 		$this->_t = $table;
-		parent::__construct($table);
 	}
 
 	protected function html_content()
 	{
+		$this->renderTitle();
+
+		foreach ($this->_subtemplates as $template)
+			$template->html_main();
+
+		// Showing an inline form?
+		$pager = $this->_t->getPageIndex();
+		if (!empty($pager) || isset($this->_t->form_above))
+			$this->renderPaginationForm($pager, $this->_t->form_above);
+
+		$tableClass = $this->_t->getTableClass();
+		if ($tableClass)
+			echo '
+			<div class="', $tableClass, '">';
+
+		// Build the table!
 		echo '
-			<div class="admin_box">';
+				<table class="table table-striped table-condensed">';
+
+		$this->renderTableHead($this->_t->getHeader());
+		$this->renderTableBody($this->_t->getBody());
+
+		echo '
+				</table>';
+
+		if ($tableClass)
+			echo '
+			</div>';
+
+		// Showing an inline form?
+		if (!empty($pager) || isset($this->_t->form_below))
+			$this->renderPaginationForm($pager, $this->_t->form_below);
 
 		$title = $this->_t->getTitle();
 		if (!empty($title))
 			echo '
-				<h2>', $title, '</h2>';
+			</div>';
+	}
 
-		// Showing a page index?
-		parent::html_content();
+	protected function renderTitle()
+	{
+		$title = $this->_t->getTitle();
+		if (!empty($title))
+		{
+			$titleclass = $this->_t->getTitleClass();
+			echo '
+			<div class="generic-table', !empty($titleclass) ? ' ' . $titleclass : '', '">
+				<h1>', htmlspecialchars($title), '</h1>';
+		}
+	}
 
-		// Maybe even a small form?
-		if (isset($this->_t->form_above))
-			$this->showForm($this->_t->form_above);
-
-		// Build the table!
+	protected function renderPaginationForm($pager, $form)
+	{
+		echo '
+			<div class="row clearfix justify-content-end">';
+
+		// Page index?
+		if (!empty($pager))
+		{
+			echo '
+				<div class="col-md">';
+
+			PageIndexWidget::paginate($pager);
+
+			echo '
+				</div>';
+		}
+
+		// Form controls?
+		if (isset($form))
+		{
+			echo '
+				<div class="col-md-auto">';
+
+			InlineFormView::renderInlineForm($form);
+
+			echo '
+				</div>';
+		}
+
+		echo '
+			</div>';
+	}
+
+	protected function renderTableHead(array $headers)
+	{
 		echo '
-				<table class="table table-striped">
 					<thead>
 						<tr>';
 
-		// Show the table's headers.
-		foreach ($this->_t->getHeader() as $th)
+		foreach ($headers as $th)
 		{
 			echo '
 							<th', (!empty($th['width']) ? ' width="' . $th['width'] . '"' : ''), (!empty($th['class']) ? ' class="' . $th['class'] . '"' : ''), ($th['colspan'] > 1 ? ' colspan="' . $th['colspan'] . '"' : ''), ' scope="', $th['scope'], '">',
 							$th['href'] ? '<a href="' . $th['href'] . '">' . $th['label'] . '</a>' : $th['label'];
 
-			if ($th['sort_mode'] )
-				echo ' ', $th['sort_mode'] == 'up' ? '&uarr;' : '&darr;';
+			if ($th['sort_mode'])
+				echo ' <i class="bi bi-caret-' . ($th['sort_mode'] === 'down' ? 'down' : 'up') . '-fill"></i>';
 
 			echo '</th>';
 		}
 
 		echo '
 						</tr>
-					</thead>
+					</thead>';
+	}
+
+	protected function renderTableBody($body)
+	{
+		echo '
 					<tbody>';
 
-		// Show the table's body.
-		$body = $this->_t->getBody();
 		if (is_array($body))
 		{
 			foreach ($body as $tr)
@@ -65,50 +137,29 @@ class TabularData extends Pagination
 						<tr', (!empty($tr['class']) ? ' class="' . $tr['class'] . '"' : ''), '>';
 
 				foreach ($tr['cells'] as $td)
+				{
 					echo '
-							<td', (!empty($td['width']) ? ' width="' . $td['width'] . '"' : ''), '>', $td['value'], '</td>';
+							<td',
+								(!empty($td['class']) ? ' class="' . $td['class'] . '"' : ''),
+								(!empty($td['width']) ? ' width="' . $td['width'] . '"' : ''), '>',
+								$td['value'],
+							'</td>';
+				}
 
 				echo '
 						</tr>';
 			}
 		}
 		else
+		{
+			$header = $this->_t->getHeader();
 			echo '
 						<tr>
-							<td colspan="', count($this->_t->getHeader()), '">', $body, '</td>
+							<td colspan="', count($header), '" class="fullwidth">', $body, '</td>
 						</tr>';
+		}
 
 		echo '
-					</tbody>
-				</table>';
-
-		// Maybe another small form?
-		if (isset($this->_t->form_below))
-			$this->showForm($this->_t->form_below);
-
-		// Showing a page index?
-		parent::html_content();
-
-		echo '
-			</div>';
-	}
-
-	protected function showForm($form)
-	{
-		echo '
-				<form action="', $form['action'], '" method="', $form['method'], '" class="table_form ', $form['class'], '">';
-
-		if (!empty($form['fields']))
-			foreach ($form['fields'] as $name => $field)
-				echo '
-					<input name="', $name, '" type="', $field['type'], '" placeholder="', $field['placeholder'], '"', isset($field['class']) ? ' class="' . $field['class'] . '"' : '', isset($field['value']) ? ' value="' . $field['value'] . '"' : '', '>';
-
-		if (!empty($form['buttons']))
-			foreach ($form['buttons'] as $name => $button)
-				echo '
-					<input name="', $name, '" type="', $button['type'], '" value="', $button['caption'], '" class="btn', isset($button['class']) ? ' ' . $button['class'] . '' : '', '">';
-
-		echo '
-				</form>';
+					</tbody>';
 	}
 }