From 5e95090defff64bc8cd7a318a73aa930948fb66d Mon Sep 17 00:00:00 2001 From: Peter Palfrader Date: Mon, 15 Nov 2004 09:20:11 +0000 Subject: Initial import --- web/include/Config.inc | 41 ++++++ web/include/DB.inc | 330 ++++++++++++++++++++++++++++++++++++++++++++++ web/include/Makefile.am | 15 +++ web/include/Messages.inc | 24 ++++ web/include/Namespace.inc | 63 +++++++++ web/include/Session.inc | 180 +++++++++++++++++++++++++ web/include/Template.inc | 238 +++++++++++++++++++++++++++++++++ web/include/Tools.inc | 152 +++++++++++++++++++++ web/include/User.inc | 150 +++++++++++++++++++++ 9 files changed, 1193 insertions(+) create mode 100644 web/include/Config.inc create mode 100644 web/include/DB.inc create mode 100644 web/include/Makefile.am create mode 100644 web/include/Messages.inc create mode 100644 web/include/Namespace.inc create mode 100644 web/include/Session.inc create mode 100644 web/include/Template.inc create mode 100644 web/include/Tools.inc create mode 100644 web/include/User.inc (limited to 'web/include') diff --git a/web/include/Config.inc b/web/include/Config.inc new file mode 100644 index 0000000..fb3ed29 --- /dev/null +++ b/web/include/Config.inc @@ -0,0 +1,41 @@ +'; + var $mail_sender='Peter Palfrader '; + var $mail_replyto='Peter Palfrader '; + var $mail_operator='Peter Palfrader '; + + var $secret = '3c329081876d2b3be2227432b2648319'; + + function Config() { + } +} + +# vim:set ts=4: +# vim:set shiftwidth=4: +?> diff --git a/web/include/DB.inc b/web/include/DB.inc new file mode 100644 index 0000000..4aaadbf --- /dev/null +++ b/web/include/DB.inc @@ -0,0 +1,330 @@ + + * Florian Reitmeir + */ + +/** + * Database Abstraction Class + * + * This is a small database abstraction class based on ADODB + * + * It provides only a very small set of functions but has + * proven to be sufficient for most projects. + * + * @author Peter Palfrader/3node + * @author Florian Reitmeir/3node + * @version $Id$ + */ + +include('/usr/share/adodb/adodb.inc.php'); + +class Database { + var $connection; + var $errorMsg; + var $errorNo; + + /** + * create a new database object + * + * The constructor creates a database connection to the database + * specified with host, user, + * password, and name. + * + * type specifies the kind of database you want to use + * (postgres, mysql, etc.) + * + * @param string type of DBMS + * @param string host where the DBMS runs + * @param string the username to connect as + * @param string the password to authenticate with + * @param string the name of the database to connect to + * @returns boolean true on success, false on error + */ + function Database($type, $host, $user, $password, $name) { + $this->connection = &ADONewConnection($type); + #if (!$this->connection->PConnect($host, $user, $password, $name)) + if (!$this->connection->Connect($host, $user, $password, $name)) + return false; + + assert( $this->connection ); + $this->database['ErrorMsg'] = ''; + $this->database['ErrorNo'] = 0; + + return true; + } + + + /** + * remove/quote evil characters + * + * This function calls the database backend's quote string + * function which is supposed to quote evil charaters + * like semicolons, single and double quotes etc so that they + * can be used in SQL queries. + * + * @param string the string which should be cleaned + * @returns string the cleaned string + */ + function clean_string(&$string) + { + assert( $this->connection ); + $result = preg_replace ('/[^A-Za-z0-9_-]+/', '', $string); + return $result; + } + + + /** + * execute an SQL query with parameters + * + * This function executes the SQL query passed in query. + * The query is first prepared and then executed with the values + * passed in params. + * + * The ADODB backend emulates binding of parameters if the database + * does not support it natively. Only params' values + * are passed to the binding, not its keys. + * + * You probably do not want to call this function from your code. + * Use the query_row, query_all, + * insert, or update function depending + * on what you want to do. + * + * This function returns a recordset which is an ADODB result type. + * Please * refer to the ADODB documentation for details. On error + * false is * returned and errorMsg and errorNo + * are set appropriatly. + * + * @param string the SQL query to execute + * @param array the values to bind to the execute + * @returns recordset A recordset on success, false otherwhise + */ + function execute_query($query, &$params) + { + assert( $this->connection ); + $this->errormsg = ''; + $this->errorno = 0; + + $ADODB_FETCH_MODE = ADODB_FETCH_ASSOC; + $values = array_values($params); + $stmt = $this->connection->Prepare($query); + $recordset = $this->connection->Execute($stmt, $values); + + if ($recordset === false) + { + $this->errorMsg = $this->connection->ErrorMsg(); + $this->errorNo = $this->connection->ErrorNo(); + } + return $recordset; + } + + /** + * execute an SQL query and return the first row + * + * This function executes the SQL query passed in query. + * It takes an optional array of parameters and returns the fields of + * the first result row as an assoziative array. + * + * execute_query is called to do the real work. + * + * @param string the SQL query to execute + * @param array the values to bind to the execute + * @returns array An assiziative array on success, false otherwhise + */ + function query_row($query, $params=array()) + { + assert( $this->connection ); + $recordset = $this->execute_query($query, $params); + if ($recordset === False) + return False; + else + return $recordset->fields; + } + + /** + * execute an SQL query and return all results + * + * This function executes the SQL query passed in query. + * It takes an optional array of parameters and returns an array of + * assoziative arrays (one per result row). + * + * execute_query is called to do the real work. + * + * @param string the SQL query to execute + * @param array the values to bind to the execute + * @returns array An array of assiziative arrays on success, false otherwhise + */ + function query_all($query, $params=array()) + { + assert( $this->connection ); + $recordset = $this->execute_query($query, $params); + + if ($recordset === False) + return False; + + $output = array(); + while (! $recordset->EOF) + { + $output[] = $recordset->fields; + $recordset->MoveNext(); + } + + return $output; + } + + /** + * Insert values into a table + * + * insert inserts a new row into the table table. + * The values to insert are taken from the assoziative array + * params. + * + * This function handles selection of the primary key automatically if + * no ref value is set in the params. + * + * The SQL query is built using tablename and the params passed as + * arguments. execute_query is called to do the real work. + * + * @param string the table to insert the new data into + * @param array assoziative array of values to insert + * @params string name of the tables primary key (defaults to ref) + * @returns boolean True on success, false otherwhise + */ + function insert($table, $params=array(), $refname = "ref") + { + assert( $this->connection ); + $this->errorMsg = ''; + $this->errorNo = 0; + + $keys = array_map($this->clean_string, array_keys($params)); + $qmarks = array(); + $values = array_values($params); + foreach ($params as $key=>$value) + { + $qmarks[] = "?"; + } + + if ($params[$refname]) + $sqlinsert='insert into "'.$this->clean_string($table).'" ('.implode(',', $keys).') values ('.implode(',',$qmarks).')'; + else + $sqlinsert='insert into "'.$this->clean_string($table). + '" ('.$this->clean_string($refname).', '.implode(',', $keys).') + values ( (select coalesce( max('.$this->clean_string($refname).')+1, 1 ) from "'.$this->clean_string($table).'"), ' . implode(',',$qmarks).')'; + + $stmt = $this->connection->Prepare($sqlinsert); + $recordset = $this->connection->Execute($stmt, $values); + + if ($recordset === False) + { + $this->errorMsg = $this->connection->ErrorMsg(); + $this->errorNo = $this->connection->ErrorNo(); + return False; + } + else + return True; + } + + /** + * Update a row in a table + * + * This function updates the table row given by the primary key + * ref. The new values are to be passed via the assoziative + * array params. An optional list of columns which should + * be set to NULL may be given too. + * + * The SQL query is built using tablename and the params passed as + * arguments. execute_query is called to do the real work. + * + * @param string the table to update the row data in + * @param integer the primary key of the row to update + * @param array assoziative array of values to insert + * @param array array of columns to set to NULL + * @params string name of the tables primary key (defaults to ref) + * @returns boolean True on success, false otherwhise + */ + function update($table, $ref, $params=array(), $nullify = array(), $refname="ref") + { + assert( $this->connection ); + $this->errorMsg = ''; + $this->errorNo = 0; + + $sqlparams = array(); + foreach ( $params as $key=>$value ) + { + $sqlparams[]=$this->clean_string($key).'=?'; + } + foreach ( $nullify as $key ) + { + $sqlparams[]=$this->clean_string($key).'= null'; + } + + $values = array_values($params); + $values[] = $ref; + + $sqlupdate='update "'.$this->clean_string($table).'" set '.implode(',', $sqlparams).' where '.$this->clean_string($refname).'=?'; + $stmt = $this->connection->Prepare($sqlupdate); + $recordset = $this->connection->Execute($stmt, $values); + + if ($recordset === False) + { + $this->errorMsg = $this->connection->ErrorMsg(); + $this->errorNo = $this->connection->ErrorNo(); + return False; + } + else + return True; + } + + /** + * Delete a row in a table + * + * This function delete the table row given by the primary key + * ref. + * + * @param string the table to update the row data in + * @param integer the primary key of the row to update + * @params string name of the tables primary key (defaults to ref) + * @returns boolean True on success, false otherwhise + */ + function delete_row($table, $ref, $refname="ref") + { + assert( $this->connection ); + $this->errorMsg = ''; + $this->errorNo = 0; + + $values = array( $ref ); + $sqldelete='delete from "'.$this->clean_string($table).'" where '.$this->clean_string($refname).'=?'; + $stmt = $this->connection->Prepare($sqldelete); + $recordset = $this->connection->Execute($stmt, $values); + + if ($recordset === False) + { + $this->errorMsg = $this->connection->ErrorMsg(); + $this->errorNo = $this->connection->ErrorNo(); + return False; + } + else + return True; + } + + /** + * error function + * + * This function returns a string specifying the Error Code and Message + * from the last statement, or the empty string if no error was raised. + + * @returns string ErrorCode and Message if there was an error, an empty string otherwhise + */ + function error() + { + if ($this->errorNo) + return "ErrorNo: ".$this->errorNo."; ErrorMsg: ".$this->errorMsg.";"; + else + return ""; + } +}; + +# vim:set ts=4: +# vim:set shiftwidth=4: +?> diff --git a/web/include/Makefile.am b/web/include/Makefile.am new file mode 100644 index 0000000..1c8e13d --- /dev/null +++ b/web/include/Makefile.am @@ -0,0 +1,15 @@ +SUBDIRS = + +based_in = . +include $(top_srcdir)/Makefile.common + +doc_DATA = \ + Config.inc \ + DB.inc \ + Messages.inc \ + Namespace.inc \ + Session.inc \ + Template.inc \ + Tools.inc \ + User.inc + diff --git a/web/include/Messages.inc b/web/include/Messages.inc new file mode 100644 index 0000000..5de5497 --- /dev/null +++ b/web/include/Messages.inc @@ -0,0 +1,24 @@ + + */ + +/** + * Messages for RemSaint + * + * @author Peter Palfrader/3node + * @version $Id$ + */ + +class Messages { + var $creating_session_failed = 'Creating Session Failed!'; + + function Messages() { + } + +} + +# vim:set ts=4: +# vim:set shiftwidth=4: +?> diff --git a/web/include/Namespace.inc b/web/include/Namespace.inc new file mode 100644 index 0000000..4cfeccc --- /dev/null +++ b/web/include/Namespace.inc @@ -0,0 +1,63 @@ + + */ + +require_once("../include/Config.inc"); +require_once("../include/DB.inc"); +require_once("../include/Messages.inc"); +require_once("../include/Session.inc"); +require_once("../include/User.inc"); + +class Namespace { + var $have_database = false; + var $have_session = false; + var $have_user = false; + + var $config = false; + var $database = false; + var $messages = false; + var $session = false; + var $user = false; + + function Namespace($options = array()) { + if ($options['have_database']) + $this->have_database = $options['have_database']; + if ($options['have_session']) + $this->have_session = $options['have_session']; + if ($options['have_user']) + $this->have_user = $options['have_user']; + + $this->config = new Config() or + die("Count not create config object"); + $this->messages = new Messages or + die("Could not create messages object"); + + if ($this->have_database) + $this->database = new Database ( + $this->config->db_type, + $this->config->db_host, + $this->config->db_user, + $this->config->db_password, + $this->config->db_name) or + die("Could not create database object"); + if ($this->have_session) + $this->session = new Session( $this->database, $this->config->session_cookie_name, $this->messages ) or + die("Could not create session object"); + if ($this->have_user) + $this->user = new User( $this->database, $this->session, $this->config->auth_timeout ) or + die("Could not create user object"); + } + + function stop() { + if ($this->have_session) { + assert($this->session); + $this->session->close(); + } + } +} + +# vim:set ts=4: +# vim:set shiftwidth=4: +?> diff --git a/web/include/Session.inc b/web/include/Session.inc new file mode 100644 index 0000000..d6c926a --- /dev/null +++ b/web/include/Session.inc @@ -0,0 +1,180 @@ +get_id() and + * throwing an error on failure. + * + * @params object a Database object + * @params string Name of the cookie holding session id + * @params object a Messages object + */ + function Session(&$database, $cookie_name, &$messages) { + assert($cookie_name); + assert($database); + assert($messages); + + $this->cookie_name = $cookie_name; + $this->db = &$database; + $this->messages = &$messages; + + $this->get_id(); + } + + /** + * stores current session to database + * + * This function stores the current session to the database by + * calling store_data and sets id and + * ref to false. + * + * @returns boolean true on success, false otherwhise + */ + function close() { + if (! $this->id) + return true; + + assert($this->id != ''); + assert($this->db); + + if ($this->store_data() === false) + return false; + $this->id = false; + $this->ref = false; + $this->data = false; + return true; + } + + /** + * Get data from database + * + * Fetches data for the current id from the database + * and sets session_data_ref. + * + * @returns boolean true on success, false otherwhise + */ + function get_data() + { + assert($this->id != ''); + assert($this->db); + $row=$this->db->query_row('select ref, data from session where id=?', array($this->id)); + if ( $row === false ) + return false; + + $this->ref = $row['ref']; + $this->data = ($row['data']) ? unserialize($row['data']) : false; + assert($this->ref); + return true; + } + + /** + * Store data in database + * + * Dumps data for the current id into the database. + * + * @returns boolean true on success, false otherwhise + */ + function store_data() + { + assert($this->ref); + assert($this->id != ''); + assert($this->db); + return $this->db->update('session', $this->ref, array(data => serialize($this->data), last_seen => 'now')); + } + + /** + * Create a session in the database with the current id + * + * Creates a session in the database and fills local variables by + * calling get_data(). + * + * @returns boolean true if success + */ + function create_session() + { + assert($this->id != ''); + assert($this->db); + $result = $this->db->insert('session',array(id => $this->id)); + if ( $result === false ) + return false; + return $this->get_data(); + } + + /** + * Create a unique string useable as session ID + * + * @returns string a unique session ID + */ + function create_id() { + $id = $_SERVER["UNIQUE_ID"]; + $id .= md5(time.rand(0,1000000)); + return $id; + } + + /** + * Set session ID for current session + * + * Should there be no session ID a new session ID is created, inserted into + * the database (creating a new session), sent as a cookie to the luser, + * and returned. + * + * Also makes sure ref is set and persistent session data is loaded. + * + * @returns string session ID, boolean false on error + */ + function set_id() { + if ( ! $this->id ) { + $this->id = $this->create_id(); + if ($this->create_session() === false) { + $this->id = false; + return false; + } + setcookie($this->cookie_name, $this->id); + } else { + if ($this->get_data() === false) { + $this->id = false; + return false; + } + } + + return $this->id; + } + + /** + * Get session ID for current session + * + * This function takes the session ID of a cookie, checks wheter it is + * database and if yes, returns it. + * + * Also makes sure ref is set and persistent session data is loaded. + * + * @returns string session ID, boolean false on error + */ + function get_id() { + $this->id=$_COOKIE[$this->cookie_name]; + if ($this->id) + if ($this->get_data() === false) + $this->id = false; + + return $this->id; + } +} + + +?> diff --git a/web/include/Template.inc b/web/include/Template.inc new file mode 100644 index 0000000..144bcdb --- /dev/null +++ b/web/include/Template.inc @@ -0,0 +1,238 @@ +path=$path; + $content_array = file($this->path.'/'.$filename); + $this->raw_content = implode("", $content_array); + $this->global_data=array(); + } + + function parse(&$data) + { + if ( ! $this->begin_parse_time ) + $this->begin_parse_time = microtime(); + if ( $GLOBALS['global_template_params'] ) + $data = array_merge($data, $GLOBALS['global_template_params']); + $this->parsed_content=$this->parse_rek($data, $this->raw_content); + $this->end_parse_time = microtime(); + } + + function evaluate(&$data, &$name, &$values, $and) + { + if ($and === true) + $return_value = true; + else + $return_value = false; + + foreach ($values as $value) + { + if ($and === true) + $return_value &= ($data[$name]==$value); + else + $return_value |= ($data[$name]==$value); + } + return $return_value; + } + + function parse_rek(&$data, &$raw) + { + $position = 0; + $out = ''; + # JA, dieses komische !== brauchts wirklich so. + # GENAU SO + # GLAUBS MIR EINFACH + # $a !== $b Not identical TRUE if $a is not equal to $b, or they are not of the same type. (PHP 4 only) + while ( ($command_position=strpos($raw, '/", substr($raw,$command_position), $matches); + $command = array(); + $command['command']=$matches[1]; + $command['name']=$matches[2]; + if (isset($matches[3])) { + $command['value']=$matches[3]; + preg_match("/(VALUE=.*)\s*>/", substr($raw,$command_position), $matches); + if ( isset($matches) ) + { + $command['values'] = explode('VALUE=', $matches[1]); + unset($command['values'][0]); + foreach ( $command['values'] as $key=>$value) + { + $command['values'][$key] = substr(trim($value),1,-1); + } + } + } + + # get new position + $position=strpos($raw, '>', $command_position)+1; + + switch($command['command']) + { + case 'INCLUDE': + $template = new Template($command['name'],$this->path); + $template->parse($data); + $out.=$template->output(); + break; + case 'VAR_NOESC': + $out.=$data[$command['name']]; + break; + case 'VAR': + $out.=htmlspecialchars($data[$command['name']]); + break; + case 'UNLESS': + $endif_command_position=strpos($raw, '', $position); + $if_text=substr($raw, $position,$endif_command_position-$position); + $position=strpos($raw, '>', $endif_command_position)+1; + + if (isset($command['value'])) + { + if ( ! $this->evaluate($data, $command['name'], $command['values'], false) ) + #if ( $data[$command['name']]!=$command['value'] ) + $out.=$this->parse_rek($data, $if_text); + } + else + { + if ( ! $data[$command['name']] ) + $out.=$this->parse_rek($data, $if_text); + } + break; + case 'IF': + $endif_command_position=strpos($raw, '', $position); + $if_text=substr($raw, $position,$endif_command_position-$position); + $position=strpos($raw, '>', $endif_command_position)+1; + + if (isset($command['value'])) + { + if ( $this->evaluate($data, $command['name'], $command['values'], false) ) + # if ( $data[$command['name']]==$command['value'] ) + $out.=$this->parse_rek($data, $if_text); + } + else + { + if ( $data[$command['name']] ) + $out.=$this->parse_rek($data, $if_text); + } + break; + case 'CMP': + $endif_command_position=strpos($raw, '', $position); + $if_text=substr($raw, $position,$endif_command_position-$position); + $position=strpos($raw, '>', $endif_command_position)+1; + + if ( $data[$command['name']]==$data[$command['value']] ) + $out.=$this->parse_rek($data, $if_text); + break; + case 'LOOP': + $endloop_command_position=strpos($raw, '', $position); + $loop_text=substr($raw, $position,$endloop_command_position-$position); + $position=strpos($raw, '>', $endloop_command_position)+1; + + if ( isset($data[$command['name']]) ) + { + foreach ( $data[$command['name']] as $row ) + { + # test if row is set... + if ( isset( $row ) ) + { + # set global variable scope + $local=array_merge($data, $row); + $out.=$this->parse_rek($local, $loop_text); + } + } + } + break; +# (TMPL_ACCESS - wie TPL_LOOP, nur, dass nicht auf alle array-elemente zugegriffen wird, +# sondern nur auf das in VALUE angegebene. wird VALUE nicht angegeben, wird das 1. element verwendet.) + case 'ACCESS': + $endaccess_command_position=strpos($raw, '', $position); + $access_text=substr($raw, $position,$endaccess_command_position-$position); + $position=strpos($raw, '>', $endaccess_command_position)+1; + if ( isset($data[$command['name']]) ) { + if ( isset( $command['value'] ) ) { + $row = $data[$command['name']][$command['value']]; + } + else { + reset( $data[$command['name']] ); + $row = current( $data[$command['name']] ); + } + if ( isset( $row ) ) + { + # set global variable scope + $local=array_merge($data, $row); + $out.=$this->parse_rek($local, $access_text); + } + } + break; + case 'NAMESPACE': + $endloop_command_position=strpos($raw, '', $position); + $loop_text=substr($raw, $position,$endloop_command_position-$position); + $position=strpos($raw, '>', $endloop_command_position)+1; + + if ( isset($data[$command['name']]) ) + { + $row = $data[$command['name']]; + # set global variable scope + $local=array_merge($data, $row); + $out.=$this->parse_rek($local, $loop_text); + } + break; + case 'RANDOM': + $endloop_command_position = strpos($raw, '', $next_pos); + $loop_text=substr($raw, $position,$endloop_command_position-$position); + + $hits = split( '', $loop_text ); + $chosen = rand(0, sizeof($hits) - 1); + $position=strpos($raw, '>', $endloop_command_position)+1; + + $out.=$this->parse_rek($data, $hits[$chosen]); + break; + } + } + $out.=substr($raw, $position); + return $out; + } + + function output() + { + header('Cache-Control: no-cache, must-revalidate'); + header('Pragma: no-cache'); + $time = $this->end_parse_time-$this->begin_parse_time; + return $this->parsed_content."\n\n"; + } +} +?> diff --git a/web/include/Tools.inc b/web/include/Tools.inc new file mode 100644 index 0000000..430fe54 --- /dev/null +++ b/web/include/Tools.inc @@ -0,0 +1,152 @@ +0) { + foreach ($vars as $key=>$value) { + $param[] = $key.'='.urlencode($value); + } + $pars = '?' . implode('&', $param); + } else { + $pars = ''; + } + + if ($name != '') { + Header('Location: '.$ns->config->baseurl.'/'.$name . $pars); + } elseif (isset ($GLOBALS['followup_to'])) { + Header('Location: '.$GLOBALS['followup_to'] . $pars); + } elseif (isset ($GLOBALS['HTTP_REFERER'])) { + Header('Location: '.$GLOBALS['HTTP_REFERER'] . $pars); + } else { + error('Fehler: Weiss nicht mehr wohin jetzt.'); + }; +} + +function param_check(&$parameters, &$new_check_fields, $optionals=array()) +{ + $check_parameters = array(); + + $params_required = isset($optionals['params_required']) ? $optionals['params_required']: true; + $form_id = isset($optionals['form_id']) ? $optionals['form_id'] : $parameters['form_id']; + + if ( ! isset($form_id) ) + if ( $params_required ) + error('Formular ID: not set'); + else { + $form_id='default'; + } + + if ( $form_id == 'default' && ! isset($new_check_fields[$form_id]) ) + return $check_parameters; + + if ( ! isset($new_check_fields[$form_id]) ) + error("Formular ID: is set ('$form_id') but no ruleset defined"); + + assert($form_id !== false ); + assert($new_check_fields[$form_id] !== false); + + $check_fields = $new_check_fields[$form_id]; + foreach( $check_fields as $field_name => $field ) { + + if ( !isset($parameters[$field_name]) && $field['type'] != 'boolean' ) { + if (!$field['optional'] ) + error('Parameter '.$field_name.' not found'); + } else { + if ( isset($field['length']) && strlen($parameters[$field_name])>$field['length'] ) + error('Parameter '.$field_name.' to long'); + + unset($result); + switch ($field['type']) { + case 'integer': + if (!(is_numeric($parameters[$field_name]) && is_int($parameters[$field_name] + 0))) + error($field_name . ' is not an Integer'); + $result=$parameters[$field_name] + 0; + break; + case 'decimal': + if (! isset($field['scale']) ) + $field['scale'] = 0; + assert(isset($field['precision'])); + assert(isset($field['scale'])); + $vorkomma = '[0-9]{0,'.($field['precision'] - $field['scale']).'}'; + $nachkomma = '[0-9]{0,'.($field['scale']).'}'; + $regex = $vorkomma . '(\.'.$nachkomma.')?'; + $matches = preg_match('/^'.$regex.'$/', $parameters[$field_name]); + if (! $matches) + error($field_name . " is not Decimal (matching $regex)"); + $result=$parameters[$field_name]; + if ($result === '') + $result = 0; + break; + case 'string': + if (!is_string($parameters[$field_name])) + error($field_name . ' is not a String'); + $result=trim($parameters[$field_name]); + break; + case 'boolean': + if ($parameters[$field_name]) + $result=true; + else + $result=false; + break; + case 'anything': + $result=$parameters[$field_name]; + break; + default: + error('unkown Type '.$field['type'].' in Ruleset '.$form_id.' for field '.$field_name); + } + + assert(isset($result)); + if ( isset( $field['modifier'] ) ) + if ( is_array($field['modifier']) ) + foreach ($field['modifier'] as $modifier) { + assert(is_callable($modifier)); + $result = $modifier($result); + } + else { + assert(is_callable($field['modifier'])); + $result = $field['modifier']($result); + } + + if (! $field['discard']) + $check_parameters[$field_name] = $result; + } + } + $check_parameters['form_id']=$form_id; + return $check_parameters; +} + +function print_array(&$fields, $die = 0) +{ + echo "
";
+	print_r($fields);
+	echo "XXXXXXXXXXXX
"; + + if ($die) + exit; +} + +# vim:set ts=4: +# vim:set syntax=php: +# vim:set shiftwidth=4: + +?> diff --git a/web/include/User.inc b/web/include/User.inc new file mode 100644 index 0000000..84d36b3 --- /dev/null +++ b/web/include/User.inc @@ -0,0 +1,150 @@ +session + * + * @param object Database Object + * @param object Session Object + * @param integer Login timout in seconds + */ + function User(&$database, &$session, $auth_timeout) { + assert($session); + assert($database); + assert($auth_timeout); + $this->session = &$session; + $this->auth_timeout = $auth_timeout; + $this->db = &$database; + + $last_seen = $this->session->data['user']['last_seen']; + $ref = $this->session->data['user']['ref']; + $authenticated = false; + + if ( $last_seen && + ( $last_seen + $this->auth_timeout >= time()) && + ( $time_seen <= time() ) && + $this->session->data['user']['authenticated'] && + $this->check_ref_session($ref) ) + $authenticated = true; + else { + $ref = false; + $authenticated = false; + $last_seen = false; + } + + $this->session->data['user']['authenticated'] = $authenticated; + $this->session->data['user']['last_seen'] = $authenticated ? time() : false; + $this->session->data['user']['ref'] = $ref; + } + + /** + * Check if given Ref is a valid user ref + * + * checks if the ref and current session are from the same user. + * + * @param integer user ref + * @returns boolean true if success + */ + function check_ref_session($ref) { + assert($this->session); + assert($this->session->ref); + assert($this->db); + assert($ref); + + $row=$this->db->query_row('SELECT ref FROM account WHERE session_ref=? AND ref=?', array($this->session->ref, $ref)); + + if ( $row === false ) + return false; + else + return true; + } + + /** + * Do the login of a user + * + * Check if username and password are a valid pair, and update session_ref + * in database, set timestamp. + * + * @param string supplied username from user + * @param string supplied password from user + * @returns boolean true if success + */ + function do_login($username, $password) + { + assert($this->session); + assert($this->session->ref); + assert($this->db); +# assert($username); +# assert($password); + if ( ! $username ) + return false; + if ( ! $password ) + return false; + + $row=$this->db->query_row('SELECT ref FROM account WHERE username=? AND password=?', array($username,$password)); + + if ( $row === false ) + return false; + + $update = $this->db->update('account', $row['ref'], array(session_ref=>$this->session->ref)); + if ( ! $update ) + return false; + + $this->session->data['user']['authenticated'] = true; + $this->session->data['user']['last_seen'] = time(); + $this->session->data['user']['ref'] = $row['ref']; + $this->session->data['user']['username'] = $username; + + # FIXME: old session is destroyed + return true; + } + + /** + * Logout the User + * + * logout the user, do not check if has logged in. + * + * @returns boolean true on success, false otherwhise + */ + function do_logout() + { + assert($this->session); + assert($this->session->ref); + $this->session->data['user']['authenticated'] = false; + $this->session->data['user']['last_seen'] = false; + $this->session->data['user']['ref'] = false; + $this->session->data['user']['username'] = false; + return true; + } + + /** + * Check for login status + * + * Checks if user has logged in correctly. + * + * @returns boolean true on authenticated, false otherwhise + */ + function check_login() + { + assert($this->session); + if (! $this->session->get_id()) + return false; + assert($this->session->ref); + return $this->session->data['user']['authenticated']; + } +} + +?> -- cgit v1.2.3