public static function openGraph($title, $image, $url, $desc = "", $type = "article")
{
$tag = "";
if ($title) {
$tag .= '
<meta property="og:title" content="' . Sanitize::variable($title) . '" />';
}
if ($image) {
$tag .= '
<meta property="og:image" content="' . urlencode($image) . '" />';
}
if ($url) {
$tag .= '
<meta property="og:url" content="' . urlencode($url) . '" />';
}
if ($desc) {
$tag .= '
<meta property="og:description" content="' . Sanitize::variable($desc) . '" />';
}
if ($type) {
$tag .= '
<meta property="og:type" content="' . Sanitize::variable($type) . '" />';
}
// Add the tag to the header
array_push(self::$headerData, $tag);
}
public static function getDataByHandle($handle, $columns = "uni_id")
{
if ($uniID = self::getIDByHandle($handle)) {
return Database::selectOne("SELECT " . Sanitize::variable($columns, " ,-*`") . " FROM users WHERE uni_id=? LIMIT 1", array($uniID));
}
return array();
}
public static function copy($sourceTable, $destinationTable, $sqlWhere = "", $sqlArray = array(), $limit = 1000, $move = false)
{
// Protect Tables
if (!IsSanitized::variable($destinationTable) or !IsSanitized::variable($sourceTable)) {
return false;
}
// Make sure the backup table exists
Database::exec("CREATE TABLE IF NOT EXISTS " . $destinationTable . " LIKE " . $sourceTable);
// Begin the Database_Transfer
Database::startTransaction();
// Insert Rows into Database_Transfer Table
Database::query("INSERT INTO " . $destinationTable . " SELECT * FROM " . $sourceTable . ($sqlWhere != "" ? " WHERE " . Sanitize::variable($sqlWhere, " ,`!=<>?()") : "") . ($limit ? ' LIMIT ' . (int) $limit : ''), $sqlArray);
$newCount = Database::$rowsAffected;
if ($move === true) {
// Delete Rows from Original Table (if applicable)
Database::query("DELETE FROM " . $sourceTable . ($sqlWhere != "" ? " WHERE " . Sanitize::variable($sqlWhere, " ,`!=<>?()") : ""), $sqlArray);
// If the number of inserts matches the number of deletions, commit the transaction
return Database::endTransaction($newCount == Database::$rowsAffected);
}
return Database::endTransaction();
}
public static function load($cacheName, $refresh = 0, $output = false)
{
$cacheName = Sanitize::variable($cacheName, ".-");
$filename = "/" . ltrim($cacheName, "/") . '.html';
$path = APP_PATH . self::$cacheDirectory . $filename;
if (file_exists($path)) {
// Check if the cache has gone stale
if ($refresh > 0) {
$timePassed = time() - filemtime($path);
if ($timePassed > $refresh) {
return false;
}
}
// Load the cache and return successful
if ($output) {
echo file_get_contents($path);
return "";
}
return file_get_contents($path);
}
return false;
}
public function allowMimeTypes()
{
$args = func_get_args();
for ($a = 0, $len = count($args); $a < $len; $a++) {
$mimeType = Sanitize::variable($args[$a], "./-");
if (!in_array($mimeType, $this->allowedMimes)) {
$this->allowedMimes[] = $mimeType;
}
}
}
public static function delete($keyGroup, $keyName = "", $table = "")
{
$table = $table == "" ? "site_variables" : Sanitize::variable($table);
if ($keyName == "") {
return Database::query("DELETE FROM " . $table . " WHERE key_group=?", array($keyGroup));
}
return Database::query("DELETE FROM " . $table . " WHERE key_group=? AND key_name=? LIMIT 1", array($keyGroup, $keyName));
}
public static function createHashColumn($table, $columnName)
{
// Sanitize
$table = Sanitize::variable($table);
$columnName = Sanitize::variable($columnName);
$prefix = Sanitize::word(substr($table, 0, 4) . ucfirst(substr($columnName, 0, 6)));
// Make sure table exists
if (Database::tableExists($table)) {
$colExists = false;
// Add the hash column if it doesn't exist
if (!Database::columnExists($table, $columnName)) {
$colExists = Database::addColumn($table, $columnName . '_crc', "int(10) unsigned not null", 0);
}
if ($colExists) {
// Create a Trigger
self::exec('CREATE TRIGGER ' . $prefix . '_ins BEFORE INSERT ON ' . $table . ' FOR EACH ROW BEGIN SET NEW.' . $columnName . '_crc=crc32(NEW.' . $columnName . '); END;');
return self::exec('CREATE TRIGGER ' . $prefix . '_upd BEFORE UPDATE ON ' . $table . ' FOR EACH ROW BEGIN SET NEW.' . $columnName . '_crc=crc32(NEW.' . $columnName . '); END; ');
}
}
return false;
}
<?php
// Run Permissions
require SYS_PATH . "/controller/includes/admin_perm.php";
// If you're loading a specific plugin
if (isset($url[3])) {
$class = Sanitize::variable($url[3]);
$classAdmin = Classes_Meta::getConfig($class);
// If this plugin doesn't exist, return to the standard admin plugin page
if ($classAdmin === false) {
header("Location: /admin/Class");
exit;
}
}
// Run Header
require SYS_PATH . "/controller/includes/admin_header.php";
echo '
<style>
.tesla-documentation pre { font-family:Courier; -moz-tab-size:4; -o-tab-size:4; tab-size:4; color:blue; margin-top:22px; margin-bottom:22px; white-space: pre-wrap; }
.tesla-documentation textarea { width:100%; min-height:300px; -moz-tab-size:4; -o-tab-size:4; tab-size:4; font-size:1.0em; color:green; margin-bottom:12px; }
.tesla-documentation ol li { margin-bottom:22px; }
.describe-plugin { margin-bottom:22px; }
.describe-plugin p { margin-bottom:0px; }
</style>';
// Load a plugin page
if (isset($classAdmin)) {
// Display details about the plugins
echo '
<h3>' . $classAdmin->title . ' (v ' . $classAdmin->version . ')</h3>
<div class="describe-plugin">
<p>Author: ' . $classAdmin->author . '</p>
public static function runBehavior($class, $behavior, $params)
{
// The name of the Class to run
$class = Sanitize::variable($class);
// The name of the Class's Behavior to run
$behavior = Sanitize::variable($behavior);
// Make sure the behavior exists
if (method_exists($class, $behavior . "_TeslaBehavior")) {
// Run the class's behavior
return call_user_func_array(array($class, $behavior . "_TeslaBehavior"), $params);
}
}
<?php
/*
This page runs the API system.
The API that gets loaded is equal to $url[1].
http://example.com/api/API_NAME
*/
// The name of the API to run
$api = Sanitize::variable($url[1]);
// Make sure the runAPI method exists.
if (!method_exists($api, "runAPI")) {
exit;
}
// Output the API's response
new $api();
}
}
}
// If there are no defaults
if (!isset($_POST['run_cycle'])) {
$_POST['run_cycle'] = 3600;
}
if (!isset($_POST['date_start'])) {
$_POST['date_start'] = time();
}
if (!isset($_POST['date_end'])) {
$_POST['date_end'] = 10;
}
// Sanitize Values
$_POST['title'] = Sanitize::safeword($_POST['title']);
$_POST['method'] = Sanitize::variable($_POST['method']);
$_POST['run_cycle'] = Sanitize::number($_POST['run_cycle'], 0);
$_POST['date_start'] = Sanitize::number($_POST['date_start'], 0);
$_POST['date_end'] = Sanitize::number($_POST['date_end'], 0);
// Sanitize Parameters
for ($a = 0; $a <= 3; $a++) {
$_POST['args'][$a] = isset($_POST['args'][$a]) ? Sanitize::text($_POST['args'][$a]) : "";
}
}
// Run Header
require SYS_PATH . "/controller/includes/admin_header.php";
// Get Navigation Entry
echo '
<h2 style="margin-top:20px;">' . ($editID ? 'Edit' : 'Create New') . ' Cron Task</h2>
<form class="uniform" action="/admin/cron/custom-task" method="post">' . Form::prepare("cron-custom") . '
<?php
// Prepare Values
$userAccess = true;
$dbName = Sanitize::variable(DATABASE_NAME);
// Installation Header
require dirname(ROUTE_SECOND_PATH) . "/includes/install_header.php";
// Attempt to cheat
if (Database::initRoot('mysql')) {
Database::exec("CREATE DATABASE IF NOT EXISTS `" . $dbName . '`');
}
// Check if the standard user is properly configured after POST values were used
if (Database::initialize($dbName)) {
Alert::success("DB User", "The database user has access to the `" . $dbName . "` database!");
} else {
Alert::error("DB User", "The `" . $dbName . "` database does not exist, or the user does not have access to it.");
$userAccess = false;
}
// Check if the admin user is properly configured after POST values were used
if (Database::initRoot($dbName)) {
Alert::success("DB Admin", "The administrative database user has access to the `" . $dbName . "` database!");
} else {
if ($userAccess) {
Alert::error("DB Admin", "The `" . $dbName . "` database exists, but you do not have administrative privileges.");
} else {
Alert::error("DB Admin", "The `" . $dbName . "` database does not exist, or you do not have administrative privileges.");
}
}
// If everything is successful:
if (Validate::pass()) {
// Check if the form was submitted (to continue to the next page)
// Check if all of the input you sent is valid:
$_POST['handle'] = str_replace("@", "", $_POST['handle']);
Validate::variable("UniFaction Handle", $_POST['handle'], 1, 22);
if (Validate::pass()) {
// Make sure the handle is registered
if ($response = API_Connect::call(URL::unifaction_com() . "/api/UserRegistered", $_POST['handle'])) {
Cookie_Server::set("admin-handle", $_POST['handle'], "", 3);
Alert::saveSuccess("Admin Chosen", "You have designated @" . $_POST['handle'] . " as the admin of your site.");
header("Location: /install/config-app");
exit;
} else {
Alert::error("Handle Invalid", "That user handle does not exist on UniFaction.");
}
}
} else {
$_POST['handle'] = isset($_POST['handle']) ? Sanitize::variable($_POST['handle']) : "";
}
// Run Global Script
require PARENT_APP_PATH . "/includes/install_global.php";
// Display the Header
require HEADER_PATH;
echo '
<form class="uniform" action="/install/connect-handle" method="post">' . Form::prepare("install-connect-handle");
// Display the Page
echo '
<h1>Installation: Site Admin</h1>
<h3>Step #1 - Connect Your UniFaction Handle</h3>
<p>Your desired UniFaction handle (one of your profiles) will be set as the administrator of this site, allowing that handle to access the admin functions. Note: you will need to verify that you own the handle.</p>
<p>If you don\'t have a UniFaction handle, you can set up a UniFaction account <a href="http://unifaction.com/sign-up">here</a>. The sign-up will prompt you to create a handle once you\'ve logged in for the first time.</p>
<h1>Installation: Site Configuration</h1>
<h3>Step #1 - Update Configuration</h3>
<p>This configuration file applies to the application that you\'re currently installing.</p>
<p>You can locate the config.php file here: ' . SITE_PATH . '/config.php</p>
<h4>Option #1a: Automatic Update</h4>
<p>If you want the engine to automatically update the configuration file for your application, just press the "Update Automatically" button. Standard users that don\'t need any server-specific customization should use this option.</p>
<p><input type="submit" name="asd-submit" value="Update Automatically" /></p>
<h4>Option #1b: Manual Update</h4>
<p>Advanced users might want to set the configuration file for the application manually. To do this, open the config.php file for the application. You can base your configurations off of the values provided in the textbox below.</p>
<p>
<textarea style="width:100%; height:250px; tab-size:4; -moz-tab-size:4; -ms-tab-size:4; -webkit-tab-size:4;">' . $buildApp . '</textarea>
</p>
<p>You can find the config.php file in : ' . SITE_PATH . '/config.php</p>
<p><input type="submit" name="manual-submit" value="I have updated the file manually" /></p>
';
// Provide hidden post values
$pList = array('site-salt', 'site-handle', 'site-url', 'site-name', 'site-domain', 'site-database-name');
foreach ($pList as $pName) {
$pName = Sanitize::variable($pName, "-");
echo '
<input type="hidden" name="' . $pName . '" value="' . htmlspecialchars(Sanitize::text($_POST[$pName])) . '" />';
}
}
echo '
</form>';
// Display the Footer
require FOOTER_PATH;
------ About the Admin Panel ------
-----------------------------------
This control panel is for administrators of the site, which include all staff members.
This panel will list all of the available functionality and administrative pages available to the system, but some of them may be locked to staff members that do not have high enough clearance levels.
This page will pull all of the functionality from the plugins available to the site in two ways:
1. Any .php file saved in the /admin directory of a plugin will be loaded as an admin page here.
*/
// Run Permissions
require SYS_PATH . "/controller/includes/admin_perm.php";
// Retrieve the URL segments to determine what to load
$class = isset($url[1]) ? Sanitize::variable($url[1]) : '';
$page = isset($url[2]) ? Sanitize::variable($url[2], " -") : '';
// Attempt to load the Admin Pages
if ($class and $page) {
// Load the Class Config
$classConfig = Classes_Meta::getConfig($class);
// Attempt to load an admin file
$adminFile = $classConfig->data['path'] . "/admin/" . $page . ".php";
if (is_file($adminFile)) {
require $adminFile;
exit;
}
}
// Scan through the plugins directory
$classList = Classes_Meta::getClassList();
// Prepare Values
$linkList = array();
public static function parse($url = "", $simple = false, $sanitize = false)
{
// Set the default URL to the current page if one hasn't been designated
if (!$url) {
$url = ((isset($_SERVER['HTTPS']) and $_SERVER['HTTPS']) ? 'https://' : 'http://') . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
}
$parseURL = parse_url($url);
// Fix malformed hosts
if (!isset($parseURL['host']) and isset($parseURL['path'])) {
$val = explode("/", $parseURL['path']);
if ($val[0] != "") {
$parseURL['host'] = $val[0];
} else {
$parseURL['host'] = $_SERVER['SERVER_NAME'];
}
array_shift($val);
// Sanitize the path values, if requested
if ($sanitize) {
foreach ($val as $key => $v) {
$val[$key] = Sanitize::variable($v, " ./-+");
}
}
// Prepare the Values
$parseURL['urlSegments'] = $val;
$parseURL['path'] = trim(implode("/", $val), "/");
} else {
if (isset($parseURL['host']) and isset($parseURL['path'])) {
$val = explode("/", $parseURL['path']);
array_shift($val);
// Sanitize the path values, if requested
if ($sanitize) {
foreach ($val as $key => $v) {
$val[$key] = Sanitize::variable($v, " ./-+");
}
}
// Prepare the Values
$parseURL['urlSegments'] = $val;
$parseURL['path'] = trim(implode("/", $val), "/");
} else {
if (isset($parseURL['host'])) {
// Do nothing
} else {
return array();
}
}
}
// Fix empty paths
if (isset($parseURL['path']) and $parseURL['path'] == '/') {
$parseURL['path'] = "";
}
// We can end here if we only need simple data
if ($simple) {
return $parseURL;
}
// Get the Query Values
if (isset($parseURL['query'])) {
parse_str($parseURL['query'], $parseURL['queryValues']);
}
// Get the Base Domain
$hostSegments = explode(".", $parseURL['host']);
$len = count($hostSegments);
$parseURL["baseDomain"] = $len > 2 ? $hostSegments[$len - 2] . '.' . $hostSegments[$len - 1] : $parseURL['host'];
// Prepare Scheme
$parseURL['scheme'] = isset($parseURL['scheme']) ? $parseURL['scheme'] : "http";
// Prepare Full URL
$parseURL['full'] = $parseURL['scheme'] . "://" . $parseURL['host'] . (isset($parseURL['path']) and $parseURL['path'] ? "/" . $parseURL['path'] : "") . (isset($parseURL['query']) ? "?" . $parseURL['query'] : "") . (isset($parseURL['fragment']) ? "#" . $parseURL['fragment'] : "");
return $parseURL;
}
public static function searchForm($searchArgs = ['_GET'])
{
// Prepare Values
$class = get_called_class();
$schema = static::$schema;
$columnSorted = isset($_GET['sort']) ? Sanitize::variable($_GET['sort']) : null;
// If no search arguments are provided, default to using $_GET
if ($searchArgs == ['_GET']) {
$searchArgs = $_GET;
}
// Prepare the SQL Statement
$fetchRows = static::search($searchArgs, $rowCount);
// Begin the Table
// Note that we need to set a fake value ~opts~ for the options menu on the left
$tableData = ['head' => ["~opts~" => "Options"], 'data' => []];
// Loop through each column in the schema
foreach ($schema['columns'] as $columnName => $columnRules) {
// If we're currently sorting by this column, provide special behavior to show this
if ($columnSorted == $columnName) {
if ($_GET['sort'][0] == '-') {
$tableData['head'][$columnName] = '<a href="/model/' . $class . '?' . Link::queryHold("columns", "limit", "page") . "&sort=" . $columnName . '">' . ucwords(str_replace("_", " ", $columnName)) . ' ^</a>';
} else {
$tableData['head'][$columnName] = '<a href="/model/' . $class . '?' . Link::queryHold("columns", "limit", "page") . "&sort=-" . $columnName . '">' . ucwords(str_replace("_", " ", $columnName)) . ' v</a>';
}
} else {
$tableData['head'][$columnName] = '<a href="/model/' . $class . '?' . Link::queryHold("columns", "limit", "page") . "&sort=" . $columnName . '">' . ucwords(str_replace("_", " ", $columnName)) . '</a>';
}
// If this column has special visibility rules, update the values here
// Numeric enumerators should be shown with their text values
if ($columnRules[0] == "enum-number") {
foreach ($fetchRows as $key => $row) {
$fetchRows[$key][$columnName] = $row[$columnName] . ": " . static::$schema['columns'][$columnName][1 + $row[$columnName]];
}
}
}
// Loop through each row
$totalRows = count($fetchRows);
for ($i = 0; $i < $totalRows; $i++) {
$row = $fetchRows[$i];
$lookupID = $row[static::$lookupKey];
$tableData['data'][$i][] = '<a href="/model/' . $class . '/view/' . $lookupID . '">V</a> <a href="/model/' . $class . '/update/' . $lookupID . '">U</a>';
// Loop through each schema column, and use that to place values appropriately
foreach ($tableData['head'] as $columnName => $_ignore) {
// Make sure the value exists in the schema
if (!isset($schema['columns'][$columnName])) {
continue;
}
// Add a Standard Row to the table
if (isset($row[$columnName])) {
$tableData['data'][$i][] = $row[$columnName];
}
}
}
// Prepare Pagination
$resultsPerPage = isset($searchArgs['limit']) ? (int) $searchArgs['limit'] : 25;
$currentPage = isset($searchArgs['page']) ? (int) $searchArgs['page'] : 1;
// Construct the pagination object
$paginate = new Pagination($rowCount, $resultsPerPage, $currentPage);
// Display the Pagination
$tableData['footer'] = '
<div>Pages:';
foreach ($paginate->pages as $page) {
if ($paginate->currentPage == $page) {
$tableData['footer'] .= ' [' . $page . ']';
} else {
$tableData['footer'] .= ' <a href="/model/' . $class . '?' . Link::queryHold("columns", "sort", "limit") . "&page=" . $page . '">' . $page . '</a>';
}
}
$tableData['footer'] .= '
</div>';
return $tableData;
}
public function validateFileData($_filesData)
{
// Make sure something was submitted
if (!$_filesData) {
return false;
}
// Determine if there are errors with the file
if (isset($_filesData['error']) and $_filesData['error'] > 0) {
switch ($_filesData['error']) {
case 1:
case 2:
Alert::error("File Upload", "File Error #" . $_filesData['error'] . " - The file size exceeds the allowance.", 1);
break;
case 3:
case 7:
case 8:
Alert::error("File Upload", "File Error #" . $_filesData['error'] . " - Unable to finish uploading the file.");
break;
case 4:
Alert::error("File Upload", "File Error #" . $_filesData['error'] . " - No file was uploaded.");
break;
case 6:
Alert::error("File Upload", "File Error #" . $_filesData['error'] . " - A temporary directory does not exist.", 4);
break;
default:
Alert::error("File Upload", "Unknown File Error - That image cannot be uploaded.", 4);
break;
}
$this->valid = false;
return false;
}
// Prepare Values
$this->tempPath = $_filesData['tmp_name'];
$this->filesize = $_filesData['size'];
// Prepare additiona values
$exp = explode(".", $_filesData['name']);
$this->filename = Sanitize::variable($exp[0], "- ");
$this->extension = Sanitize::variable($exp[count($exp) - 1]);
$this->valid = true;
return true;
}
public function __construct($_filesData, $arrayVal = false)
{
// If we're selecting a single image uploaded from an array that was uploaded:
if ($arrayVal !== false) {
if (!isset($_filesData['tmp_name'][$arrayVal]) or !isset($_filesData['type'][$arrayVal]) or !isset($_filesData['name'][$arrayVal]) or !isset($_filesData['size'][$arrayVal])) {
return;
}
$_filesData['tmp_name'] = $_filesData['tmp_name'][$arrayVal];
$_filesData['type'] = $_filesData['type'][$arrayVal];
$_filesData['name'] = $_filesData['name'][$arrayVal];
$_filesData['error'] = $_filesData['error'][$arrayVal];
$_filesData['size'] = $_filesData['size'][$arrayVal];
}
// Validate the file data
if (!$this->validateFileData($_filesData)) {
return;
}
// Make sure the image is valid
if (!exif_imagetype($this->tempPath)) {
return;
}
// Prepare Values
if (!($imageInfo = getimagesize($this->tempPath))) {
return;
}
switch ($imageInfo['mime']) {
case "image/png":
$this->extension = "png";
break;
case "image/gif":
$this->extension = "gif";
break;
case "image/jpeg":
$this->extension = "jpg";
break;
}
// Set Image Details
$this->filesize = $_filesData['size'];
$this->width = $imageInfo[0];
$this->height = $imageInfo[1];
$this->scale = $this->width / $this->height;
$this->mimeType = $imageInfo['mime'];
// Set Upload Data
$this->tempPath = $_filesData['tmp_name'];
$this->filename = Sanitize::variable(substr($_filesData['name'], 0, strrpos($_filesData['name'], '.')), "- ");
$this->valid = true;
}
public static function initialize($databaseName = "", $asAdmin = false)
{
// If a database name isn't used, attempt to use a default database.
if (!$databaseName) {
$databaseName = self::$databaseName ? self::$databaseName : DATABASE_NAME;
}
try {
self::$database = null;
$databaseName = Sanitize::variable($databaseName);
/*
http://stackoverflow.com/questions/20079320/php-pdo-mysql-returns-integer-columns-as-strings-on-ubuntu-but-as-integers-o
http://stackoverflow.com/questions/1197005/how-to-get-numeric-types-from-mysql-using-pdo
http://stackoverflow.com/questions/10113562/pdo-mysql-use-pdoattr-emulate-prepares-or-not
*/
// Prepare PDO Options
$options = array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_STRINGIFY_FETCHES => false);
if (defined("PDO::MYSQL_ATTR_FOUND_ROWS")) {
$options[PDO::MYSQL_ATTR_FOUND_ROWS] = false;
} else {
$options[1002] = false;
// Note: 1002 is PDO::MYSQL_ATTR_FOUND_ROWS (fixing issue for some instances)
}
// Connect to the database as an admin
if ($asAdmin) {
self::$database = new PDO(DATABASE_ENGINE . ":host=" . DATABASE_HOST . ";dbname=" . $databaseName . ";charset=utf8;", DATABASE_ADMIN_USER, DATABASE_ADMIN_PASS, $options);
} else {
self::$database = new PDO(DATABASE_ENGINE . ":host=" . DATABASE_HOST . ";dbname=" . $databaseName . ";charset=utf8;", DATABASE_USER, DATABASE_PASS, $options);
}
self::$databaseName = $databaseName;
return true;
} catch (PDOException $e) {
// TODO: Use the logging method here to track the exception.
}
return false;
}
