public function __construct()
{
$session = SessionHandler::getInstance();
$this->expire_time = $session->getTimeout();
session_set_save_handler(array($this, "open"), array($this, "close"), array($this, "read"), array($this, "write"), array($this, "destroy"), array($this, "gc"));
register_shutdown_function('session_write_close');
}
/**
*
* @param $type
* @param $object_id the object who owns the bookmark
*/
public static function remove($type, $object_id, $owner = 0)
{
if (!is_numeric($type) || !is_numeric($object_id) || !is_numeric($owner)) {
throw new \Exception('noo');
}
$session = SessionHandler::getInstance();
$q = 'DELETE FROM ' . self::$tbl_name . ' WHERE owner = ?' . ' AND value = ?' . ' AND type = ?';
return Sql::pDelete($q, 'iii', $owner ? $owner : $session->id, $object_id, $type);
}
/**
* Creates a new poke
* @param $to
*/
public static function send($to)
{
$session = SessionHandler::getInstance();
$o = new Poke();
$o->from = $session->id;
$o->to = $to;
$o->time = sql_datetime(time());
$o->store();
}
/**
* Mark feedback item as handled
* @param $message_id optionally refer to a response message
*/
public static function markHandled($id, $message_id = 0)
{
$session = SessionHandler::getInstance();
$i = self::get($id);
$i->time_answered = sql_datetime(time());
$i->answered_by = $session->id;
$i->message = $message_id;
$i->store();
}
function editHandler($p)
{
$session = SessionHandler::getInstance();
$o = FaqItem::get($p['id']);
$o->question = $p['q'];
$o->answer = $p['a'];
$o->creator = $session->id;
$o->time_created = sql_datetime(time());
$o->store();
js_redirect('a/faq');
}
/**
* @return message id
*/
public static function send($to, $msg, $type = PRIV_MSG)
{
$session = SessionHandler::getInstance();
$m = new Message();
$m->to = $to;
$m->from = $session->id;
$m->body = $msg;
$m->type = $type;
$m->time_sent = sql_datetime(time());
return $m->store();
}
public static function init($room_id, $div_name, $form_id)
{
$header = XhtmlHeader::getInstance();
$header->includeJs('http://yui.yahooapis.com/3.4.1/build/yui/yui-min.js');
$session = SessionHandler::getInstance();
$interval = 1000 * parse_duration('1s');
// milliseconds
$locale = 'sv-SE';
$header->registerJsFunction('function scroll_to_bottom(div)' . '{' . 'var elm = get_el(div);' . 'try {' . 'elm.scrollTop = elm.scrollHeight;' . '} catch(e) {' . 'var f = document.createElement("input");' . 'if (f.setAttribute) f.setAttribute("type","text");' . 'if (elm.appendChild) elm.appendChild(f);' . 'f.style.width = "0px";' . 'f.style.height = "0px";' . 'if (f.focus) f.focus();' . 'if (elm.removeChild) elm.removeChild(f);' . '}' . '}');
$header->embedJs('YUI({lang:"' . $locale . '"}).use("io-form","node","json-parse","datatype-date", function(Y)' . '{' . 'Y.on("load", function() {' . 'Init();' . '});' . 'function Init(ts)' . '{' . 'var latest;' . 'if (typeof ts === "undefined") {' . 'var uri = "/u/chatroom/update/" + ' . $room_id . ';' . '} else {' . 'var uri = "/u/chatroom/update/" + ' . $room_id . ' + "?ts=" + ts;' . '}' . 'function complete(id, o)' . '{' . 'var data = o.responseText;' . 'var node = Y.one("#' . $div_name . '");' . 'try {' . 'var data = Y.JSON.parse(data);' . '} catch (e) {' . 'console.log("invalid data from " + uri);' . 'return;' . '}' . 'if (typeof ts === "undefined")' . 'node.setContent("");' . 'for (var i = data.length-1; i >= 0; --i) {' . 'var p = data[i];' . 'if ((typeof ts === "undefined") || p.from != ' . $session->id . ')' . 'msg_render(p,node);' . '}' . 'if (data.length)' . 'scroll_to_bottom("' . $div_name . '");' . 'latest = data[0] ? data[0].ts : ts;' . 'setTimeout(Init,' . $interval . ',latest);' . '};' . 'Y.once("io:complete",complete,Y);' . 'var request = Y.io(uri);' . '}' . 'Y.one("#' . $form_id . '").on("submit", function(e)' . '{' . 'e.preventDefault();' . 'e.stopPropagation();' . 'frm = get_el( this.get("id") );' . 'if (!frm.msg.value)' . 'return false;' . 'var uri = "/u/chatroom/send/" + ' . $room_id . ' + "?m=" + frm.msg.value;' . 'var request = Y.io(uri);' . 'var node = Y.one("#' . $div_name . '");' . 'var p = {' . '"name":"' . $session->username . '",' . '"from":' . $session->id . ',' . '"msg":frm.msg.value,' . '"ts":new Date().getTime()/1000' . '};' . 'msg_render(p,node);' . 'scroll_to_bottom("' . $div_name . '");' . 'frm.msg.value = "";' . 'return false;' . '});' . 'function msg_render(p,node)' . '{' . 'var d = new Date(p.ts*1000);' . 'var today = new Date( new Date().getFullYear(), new Date().getMonth(), new Date().getDate(),0,0,0);' . 'node.append("[");' . 'if (d >= today) {' . 'node.append( Y.DataType.Date.format(d, {format:"%H:%M"}) );' . '} else {' . 'node.append( Y.DataType.Date.format(d, {format:"%a %d %b %H:%M"}) );' . '}' . 'node.append("] ");' . 'var who = Y.Node.create("<span class=\\"yui3-hastooltip\\" id=\\"tt_usr_"+p.from+"\\">"+p.name+"</span>");' . 'who.addClass("yui3-hastooltip");' . 'node.append(who);' . 'node.append(": "+p.msg+"<br/>");' . '}' . '});');
}
function loginHandler($p)
{
$session = SessionHandler::getInstance();
if ($session->id) {
dp('HACK user ' . $session->name . ' (' . $session->id . ') tried to login user ' . $p['usr']);
return false;
}
if ($session->login($p['usr'], $p['pwd'])) {
$session->showStartPage();
}
return true;
}
function createHandler($p)
{
$session = SessionHandler::getInstance();
$o = new BlogEntry();
$o->owner = $session->id;
$o->subject = trim($p['subject']);
$o->body = trim($p['body']);
$o->time_created = sql_datetime(time());
$o->time_published = sql_datetime(time());
$o->id = $o->store();
js_redirect('a/blogs/overview');
}
/**
* Creates a new token for specified $name
* @return newly created token
*/
public static function generate($owner, $name)
{
$session = SessionHandler::getInstance();
do {
$val = sha1('pOwplopw' . $session->id . mt_rand() . $session->name . 'LAZER!!');
if (!Setting::getOwner(TOKEN, $name, $val)) {
break;
}
} while (1);
Setting::set(TOKEN, $owner, $name, $val);
return $val;
}
/**
* @return array of User objects for all users online
*/
public static function getUsersOnline($filter = '')
{
$session = SessionHandler::getInstance();
$db = SqlHandler::getInstance();
$q = 'SELECT * FROM ' . self::$tbl_name . ' WHERE time_deleted IS NULL';
if ($filter) {
$q .= ' AND userName LIKE "%' . $db->escape($filter) . '%"';
}
$q .= ' AND time_last_active >= DATE_SUB(NOW(),INTERVAL ' . $session->online_timeout . ' SECOND)' . ' ORDER BY time_last_active DESC';
$list = $db->getArray($q);
return SqlObject::loadObjects($list, 'User');
}
public static function add($type, $reference = 0, $data = '')
{
$session = SessionHandler::getInstance();
$c = new ModerationObject();
$c->type = $type;
$c->owner = $session->id;
$c->time_created = sql_datetime(time());
$c->data = $data;
$c->reference = $reference;
$c->id = $c->store();
return $c->id;
}
public static function render($name)
{
$wiki = self::getByName($name);
$session = SessionHandler::getInstance();
if (empty($wiki->text)) {
$res = t('The wiki') . ' "' . $name . '" ' . t('does not yet exist') . '!<br/>';
if ($session->isWebmaster) {
$res .= ahref('u/wiki/edit/' . $name, 'Create') . '<br/>';
}
return $res;
}
return self::renderText($wiki->text);
}
function editHandler($p)
{
$o = new ChatRoom();
$o->id = $p['roomid'];
$o->name = trim($p['name']);
if ($p['locked']) {
$session = SessionHandler::getInstance();
$o->locked_by = $session->id;
$o->time_locked = sql_datetime(time());
}
$o->store();
js_redirect('a/chatroom/list');
}
/** Votes for a poll */
static function addVote($type, $id, $value)
{
$session = SessionHandler::getInstance();
if (!$session->id) {
return false;
}
if (self::hasAnswered($type, $id)) {
return false;
}
$q = 'INSERT INTO ' . self::$tbl_name . ' SET type = ?, owner = ?, userId = ?, value = ?, timestamp = NOW()';
Sql::pInsert($q, 'iiii', $type, $id, $session->id, $value);
return true;
}
function fbHandler($p)
{
$session = SessionHandler::getInstance();
$o = new Feedback();
$o->type = USER;
$o->subject = $p['subj'];
$o->body = $p['body'];
$o->from = $session->id;
$o->time_created = sql_datetime(time());
$o->store();
js_redirect('');
// jump to start page
}
function gbHandler($p)
{
$session = SessionHandler::getInstance();
if ($session->id == $p['to']) {
return false;
}
$gb = new Guestbook();
$gb->owner = $p['to'];
$gb->creator = $session->id;
$gb->time_created = sql_datetime(time());
$gb->body = $p['body'];
$gb->store();
return true;
}
function __construct($handler = 'php', $params = array())
{
if (\GCore\C::get('GSITE_PLATFORM') == '') {
$this->_initialize();
$this->_setParams($params);
$this->_setCookies();
$handler = !empty($handler) ? $handler : Base::getConfig('session_handler', 'php');
$params = !empty($params) ? $params : array('lifetime' => Base::getConfig('session_lifetime', 15));
//load handler
$this->_handler = SessionHandler::getInstance($handler, $params);
}
$this->_start();
$this->_data =& $_SESSION;
if (\GCore\C::get('GSITE_PLATFORM') == '') {
$this->_sync();
$this->_validate();
}
}
function handleSubmit($p)
{
$session = SessionHandler::getInstance();
$error = ErrorHandler::getInstance();
if (empty($p['comment'])) {
return false;
}
if (!$session->id) {
$error->add('Unauthorized submit');
return false;
}
$c = new Comment();
$c->type = $p['type'];
$c->msg = $p['comment'];
$c->private = 0;
$c->time_created = sql_datetime(time());
$c->owner = $p['owner'];
$c->creator = $session->id;
$c->creator_ip = client_ip();
$c->store();
redir($_SERVER['REQUEST_URI']);
}
public function render()
{
//available variables in the scope of the view
if (class_exists('\\cd\\ErrorHandler')) {
$error = ErrorHandler::getInstance();
}
if (class_exists('\\cd\\SessionHandler')) {
$session = SessionHandler::getInstance();
}
if (class_exists('\\cd\\SqlHandler')) {
$db = SqlHandler::getInstance();
}
if (class_exists('\\cd\\XhtmlHeader')) {
$header = XhtmlHeader::getInstance();
}
if (class_exists('\\cd\\XmlDocumentHandler')) {
$page = XmlDocumentHandler::getInstance();
}
if (class_exists('\\cd\\LocaleHandler')) {
$locale = LocaleHandler::getInstance();
}
if (class_exists('\\cd\\TempStore')) {
$temp = TempStore::getInstance();
}
// make reference to calling object available in the namespace of the view
$caller = $this->caller;
$file = $page->getCoreDevPath() . $this->template;
if (!file_exists($file)) {
// if not built in view, look in app dir
$file = $this->template;
if (!file_exists($file)) {
throw new \Exception('cannot find ' . $this->template);
}
}
ob_start();
require $file;
return ob_get_clean();
}
function editWikiSubmit($p)
{
if (!isset($p['wiki_name'])) {
return false;
}
$session = SessionHandler::getInstance();
$text = trim($p['text']);
$name = normalizeString($p['wiki_name'], array("\t"));
$wiki = Wiki::getByName($name);
// abort if we are trying to save a exact copy as the last one
if ($wiki->text == $text) {
return false;
}
if ($wiki->id) {
$rev = new Revision();
$rev->type = WIKI;
$rev->owner = $wiki->id;
$rev->value = $wiki->text;
$rev->time_created = $wiki->time_edited;
$rev->created_by = $wiki->edited_by;
$rev->event = EVENT_TEXT_CHANGED;
$rev->id = $rev->store();
$wiki->text = $p['text'];
$wiki->edited_by = $session->id;
$wiki->time_edited = sql_datetime(time());
$wiki->revision++;
$wiki->store();
redir('u/wiki/show/' . $wiki->name);
}
$wiki->name = $name;
$wiki->text = $p['text'];
$wiki->edited_by = $session->id;
$wiki->time_edited = sql_datetime(time());
$wiki->store();
redir('u/wiki/show/' . $wiki->name);
}
/**
* Sets a new password for the user
*
* @param $id user id
* @param $pwd password to set
* @param $algo hash algorithm to use
*/
public static function setPassword($id, $pwd, $algo = 'sha512')
{
$u = User::get($id);
if (!$u) {
throw new \Exception('wat');
}
$session = SessionHandler::getInstance();
$u->password = Password::encrypt($id, $session->getEncryptKey(), $pwd, $algo);
$u->store();
}
/**
* @param $key array from a $_FILES entry
* @param $blind dont verify if is_uploaded_file(), useful when importing files from other means than HTTP uploads
* @return file id
*/
public static function import($type, &$key, $category = 0, $blind = false)
{
// ignore empty file uploads
if (!$key['name']) {
return false;
}
if (!$blind && !is_uploaded_file($key['tmp_name'])) {
throw new \Exception('Upload failed for file ' . $key['name']);
//$error->add('Upload failed for file '.$key['name'] );
//return;
}
$session = SessionHandler::getInstance();
$file = new File();
$file->type = $type;
$file->uploader = $session->id;
$file->uploader_ip = client_ip();
$file->size = $key['size'];
$file->name = $key['name'];
$file->mimetype = $key['type'];
$file->category = $category;
$file->time_uploaded = sql_datetime(time());
$file->id = $file->store();
if (!$file->id) {
return false;
}
$dst_file = self::getUploadPath($file->id);
if ($blind) {
// UGLY HACK using "@": currently gives a E_WARNING: "Operation not permitted" error,
// even though the rename suceeds???
if (!@rename($key['tmp_name'], $dst_file)) {
throw new \Exception('rename failed');
}
} elseif (!move_uploaded_file($key['tmp_name'], $dst_file)) {
throw new \Exception('Failed to move file from ' . $key['tmp_name'] . ' to ' . $dst_file);
}
chmod($dst_file, 0777);
$key['name'] = $dst_file;
$key['file_id'] = $file->id;
return $file->id;
}
/**
* Creates a instance of requested controller and invokes requested method on that controller
*/
public function route()
{
$page = XmlDocumentHandler::getInstance();
$error = ErrorHandler::getInstance();
// automatically resumes session unless it is blacklisted
if (class_exists('\\cd\\SessionHandler') && !in_array($this->_controller, $this->exclude_session)) {
$session = SessionHandler::getInstance();
if ($session->getName()) {
$session->start();
}
}
switch ($this->_controller) {
case 'a':
$file = $page->getCoreDevPath() . 'views/admin/' . $this->_view . '.php';
break;
case 'u':
$file = $page->getCoreDevPath() . 'views/user/' . $this->_view . '.php';
break;
case 'c':
$file = $page->getCoreDevPath() . 'views/core/' . $this->_view . '.php';
break;
case 't':
$file = $page->getCoreDevPath() . 'views/tools/' . $this->_view . '.php';
break;
default:
$file = 'views/' . $this->_controller . '.php';
}
if (!file_exists($file)) {
$file = 'views/error/404.php';
}
// expose request params for the view
$view = new ViewModel($file);
// XXX BUG: naming should be set correctly according to the hierarchy of the url, in reverse,
// like: views/user/upload.php takes album/id parameters
// so then in upload.php, "album" should be in the view param, and id in the owner param
// -- now "album" is in owner, and "id" in child
$view->view = $this->_view;
$view->owner = $this->_owner;
$view->child = $this->_child;
$view->child2 = $this->_child2;
$view->child3 = $this->_child3;
$page->attach($view);
// this must be done last, so that errors that was created during the view render can be displayed
if ($error->getErrorCount()) {
$page->attach($error);
}
}
function handleEditStatus($p)
{
$session = SessionHandler::getInstance();
if (!$session->id) {
return;
}
PersonalStatus::setStatus($session->id, $p['status']);
js_redirect('u/profile');
}
function handleNew($p)
{
$session = SessionHandler::getInstance();
$o = new PhotoAlbum();
$o->owner = $session->id;
$o->name = $p['name'];
$o->time_created = sql_datetime(time());
if ($session->isSuperAdmin && $p['system']) {
$o->owner = 0;
}
// create a system wide album
$o->id = $o->store();
js_redirect('u/album/show/' . $session->id . '/' . $o->id);
}
static function create($name, $level)
{
$session = SessionHandler::getInstance();
$creator_id = $session->id ? $session->id : 0;
$q = 'INSERT INTO tblUserGroups SET createdBy = ?, timeCreated = NOW(), name = ?, level = ?';
return Sql::pInsert($q, 'isi', $creator_id, $name, $level);
}
/**
* Adds a task to the Task Queue
*
* @param $_type type of task
* @param $param
* @param $param2
* @return process event id
*/
static function addTask($type, $param, $param2 = '')
{
if (!is_numeric($type)) {
return false;
}
$db = SqlHandler::getInstance();
$session = SessionHandler::getInstance();
switch ($type) {
case TASK_FETCH:
// downloads media files; enqueue url for download and processing
// $param = url
$q = 'INSERT INTO tblTaskQueue SET timeCreated = NOW(), creatorId = ?, orderType = ?, referId = ?, orderStatus = ?, orderParams = ?';
return $db->pInsert($q, 'iiiis', $session->id, $type, 0, ORDER_NEW, $param);
case TASK_UPLOAD:
// handle HTTP post file upload. is not enqueued
// $param is the $_FILES[idx] array
$exec_time = 0;
// XXXX FIXME measure
// THE UPLOAD IS ALREADY PROCESSED BY XhtmlForm upload handler
$fileId = $param['file_id'];
$q = 'INSERT INTO tblTaskQueue SET timeCreated = NOW(), creatorId = ?, orderType = ?, referId = ?, orderStatus = ?, orderParams = ?, timeExec = ?, timeCompleted = NOW()';
return $db->pInsert($q, 'iiiiss', $session->id, $type, $fileId, ORDER_COMPLETED, serialize($param), $exec_time);
/*
case PROCESSQUEUE_AUDIO_RECODE:
case PROCESSQUEUE_IMAGE_RECODE:
case PROCESSQUEUE_VIDEO_RECODE:
//enque file for recoding.
// $param = fileId
// $param2 = destination format (by extension)
if (!is_numeric($param)) die;
$q = 'INSERT INTO tblTaskQueue SET timeCreated=NOW(),creatorId='.$session->id.',orderType='.$_type.',referId='.$param.',orderStatus='.ORDER_NEW.',orderParams="'.$db->escape($param2).'"';
return $db->insert($q);
case PROCESS_CONVERT_TO_DEFAULT:
if (!is_numeric($param)) return false;
//convert some media to the default media type, can be used to enqueue a conversion of a PROCESSFETCH before the server
//has fetched it & cant know the media type
// $param = eventId we refer to. from this we can extract the future fileId to process
// $param2 = array of additional parameters:
// 'callback' = callback URL on process completion (optional)
// 'watermark' = URL for watermark file (optional)
$q = 'INSERT INTO tblTaskQueue SET timeCreated=NOW(),creatorId='.$session->id.',orderType='.$_type.',referId='.$param.',orderStatus='.ORDER_NEW.',orderParams="'.$db->escape(serialize($param2)).'"';
return $db->insert($q);
case PROCESS_PARSE_AND_FETCH:
//parse this resource for further media resources and fetches them
// $param = fileId
// use to process a uploaded .torrent file & download it's content
// or to process a webpage and extract video files from it (including youtube) and download them to the server
die('not implemented PROCESS_PARSE_AND_FETCH');
break;
*/
/*
case PROCESSQUEUE_AUDIO_RECODE:
case PROCESSQUEUE_IMAGE_RECODE:
case PROCESSQUEUE_VIDEO_RECODE:
//enque file for recoding.
// $param = fileId
// $param2 = destination format (by extension)
if (!is_numeric($param)) die;
$q = 'INSERT INTO tblTaskQueue SET timeCreated=NOW(),creatorId='.$session->id.',orderType='.$_type.',referId='.$param.',orderStatus='.ORDER_NEW.',orderParams="'.$db->escape($param2).'"';
return $db->insert($q);
case PROCESS_CONVERT_TO_DEFAULT:
if (!is_numeric($param)) return false;
//convert some media to the default media type, can be used to enqueue a conversion of a PROCESSFETCH before the server
//has fetched it & cant know the media type
// $param = eventId we refer to. from this we can extract the future fileId to process
// $param2 = array of additional parameters:
// 'callback' = callback URL on process completion (optional)
// 'watermark' = URL for watermark file (optional)
$q = 'INSERT INTO tblTaskQueue SET timeCreated=NOW(),creatorId='.$session->id.',orderType='.$_type.',referId='.$param.',orderStatus='.ORDER_NEW.',orderParams="'.$db->escape(serialize($param2)).'"';
return $db->insert($q);
case PROCESS_PARSE_AND_FETCH:
//parse this resource for further media resources and fetches them
// $param = fileId
// use to process a uploaded .torrent file & download it's content
// or to process a webpage and extract video files from it (including youtube) and download them to the server
die('not implemented PROCESS_PARSE_AND_FETCH');
break;
*/
default:
die('unknown processqueue type');
return false;
}
}
/**
* Used by SessionHandler::login() and others
*/
public static function getExact($type, $id, $name, $pwd)
{
$q = 'SELECT * FROM tblUsers' . ' WHERE id = ? AND name = ? AND type = ? AND time_deleted IS NULL';
$obj = Sql::pSelectRowToObject(__CLASS__, array($q, 'isi', $id, $name, $type));
if (!$obj) {
return false;
}
$x = explode(':', $obj->password);
if (count($x) == 2) {
$algo = $x[0];
$pwd2 = $x[1];
} else {
// auto fallback to old default (sha1)
$algo = 'sha1';
$pwd2 = $obj->password;
}
$session = SessionHandler::getInstance();
$expected = $algo . ":" . $pwd2;
if (Password::encrypt($id, $session->getEncryptKey(), $pwd, $algo) != $expected) {
return false;
}
return $obj;
}
public static function deleteByOwner($type, $owner)
{
$session = SessionHandler::getInstance();
$q = 'UPDATE ' . self::$tbl_name . ' SET deleted_by = ?, time_deleted = NOW()' . ' WHERE type = ? AND owner = ?';
Sql::pUpdate($q, 'iii', $session->id, $type, $owner);
}
