/** * Check if a row is owned by a user * * Abstracts the //owned by// operation. It works properly also on * missing info and fully supports the "ownership_expiration" property. * * @param array &$row The subject row * @param int|null $user A user id or null to use the logged user * @return bool true if $row is owned by $user, false if it is * not owned, null on errors * @internal */ private function _isOwner(&$row, $user = null) { if (!array_key_exists($this->owner_field, $row)) { // No owner field found: error return null; } isset($user) || ($user = TIP::getUserId()); if ($row[$this->owner_field] != $user) { // Owner and user do not match: return "not owned row" condition return false; } if ($this->privilege == TIP_PRIVILEGE_MANAGER || $this->privilege == TIP_PRIVILEGE_ADMIN || is_null($this->ownership_expiration)) { // Ownership does not expire: return "owned row" condition return true; } if (!array_key_exists($this->creation_field, $row)) { // Ownership expiration set but creation field not found: error return null; } // Check if the ownership expired $creation = TIP::getTimestamp($row[$this->creation_field], 'sql'); if (is_null($creation)) { // TIP::getTimestamp() failed: error return null; } $expiration = strtotime($this->ownership_expiration, $creation); if ($expiration === false) { // strtotime() failed (wrong expiration format?): error return null; } // The row is owned only if now is before the expiration time return time() < $expiration; }
/** * The "main" function * * The starting point of the TIP system. This must be called somewhere from * your index.php. */ public function go() { // Configure the locale $locale_module = $this->shared_modules['locale']; if (TIP::setLocaleId(TIP::getOption($locale_module, 'locale'))) { date_default_timezone_set(TIP::getOption($locale_module, 'timezone')); } // Executes the action if ($this->_request['module'] && $this->_request['action']) { if (is_null($module =& TIP_Type::getInstance($this->_request['module'], false))) { TIP::notifyError('module'); } else { if (isset($this->_request['id'])) { // Now the module is loaded: force id type casting $id_type = $module->getProperty('id_type'); isset($id_type) || ($id_type = 'integer'); settype($this->_request['id'], $id_type); $this->keys['ID'] = $this->_request['id']; } if (is_null($module->callAction($this->_request['action']))) { TIP::notifyError(is_null(TIP::getUserId()) ? 'reserved' : 'denied'); } } } elseif ($this->_request['module']) { TIP::notifyError('noaction'); } elseif ($this->_request['action']) { TIP::notifyError('nomodule'); } elseif (TIP_AHAH) { // AHAH request without module/action specified: perform a test $this->content = "<pre>\n" . TIP::toHtml(print_r($_SERVER, true)) . "\n</pre>\n"; } if (TIP_AHAH) { // AHAH request: output the page and return header('Content-Type: application/xml'); echo $this->content; return; } // Generates the page: body must be called before the head because // some head tags can be modified by body templates $body = $this->tagRun($this->body_template); echo str_replace('{locale}', TIP::getLocaleId('-'), $this->incipit); $this->run($this->head_template); echo $body . $this->explicit; $this->_session_started && HTTP_Session2::pause(); }
/** * Check if $params is the current user id * * Expands to true if the current logged-in user id equals to $params or * false otherwise. */ protected function tagIs($params) { return (int) $params === TIP::getUserId() ? 'true' : 'false'; }
/** * Add automatic defaults to $this->_defaults */ private function _addAutomaticDefaults() { if (array_key_exists('_user', $this->fields)) { $this->_defaults['_user'] = TIP::getUserId(); } }
/** * Append a log * * Appends a log message to the data source of the logger object. * * @param string $severity The text of the log * @param string $message A custom message */ public function log($severity, $message) { static $running = false; // The running flag avoid recursive calls to log() if ($running) { return false; } else { $running = true; } // Generate the backtrace $bt = debug_backtrace(); // Carefully scans the backtrace to find useful informations // and store them in the $code array $code = array('origin' => '', 'tag' => '', 'action' => '', 'template' => '', 'data' => ''); foreach ($bt as $n => $trace) { $function = isset($trace['function']) ? strtolower($trace['function']) : ''; if (!isset($code['origin'])) { // Skip the log wrappers if ($function == 'log' || $function == 'warning' || $function == 'error' || $function == 'fatal') { continue; } $code['origin'] = "{$trace['file']} on line {$trace['line']}"; } if ($function == 'gettag') { if (!array_key_exists('tag', $code)) { $module = $trace['class']; $name = $trace['args'][0]; $params = $trace['args'][1]; if (strlen($params) > 80) { $params = substr($params, 0, 77) . '...'; } $code['tag'] = "{$module}::getTag({$name}, {$params})"; } continue; } elseif ($function == 'callaction') { if (!array_key_exists('action', $code)) { $module = $trace['class']; $action = $trace['args'][0]; $code['action'] = "{$module}::callAction({$action})"; } continue; } $class = isset($trace['class']) ? strtolower($trace['class']) : ''; if ($class == 'tip_template') { if (!array_key_exists('template', $code)) { $last =& $bt[$n - 1]; if (is_object($last['args'][0])) { $template =& $last['args'][0]; $method = $last['function']; $code['template'] = "{$template} on method {$method}"; } } continue; } elseif ($class == 'tip_data') { if (!array_key_exists('data', $code)) { $last =& $bt[$n - 1]; if (is_object($last['args'][0])) { $data =& $last['args'][0]; $method = $last['function']; $code['data'] = "{$data} on method {$method}"; } } continue; } } unset($bt); $context = array('user' => TIP::getUserId(), 'when' => TIP::formatDate('datetime_sql'), 'severity' => $severity, 'message' => $message); $this->_cache[] = array_merge($context, $code); $running = false; return true; }
/** * Refresh the current user * * Refreshes the user id cache of TIP::getUserId() and the privileges * of the yet loaded module. */ private function _refreshUser() { // Refresh the new user id cache TIP::getUserId(true); // Refresh the privileges of the yet loaded modules $this->_refreshModule(TIP_Type::singleton('module')); }
/** * Start the session */ public static function startSession() { require_once 'HTTP/Session2.php'; $user_id = TIP::getUserId(); if ($user_id) { // For a logged in user, use the special TIP container HTTP_Session2::useCookies(false); HTTP_Session2::setContainer('TIP'); HTTP_Session2::start('TIP_Session', $user_id); } else { // For anonymous users, cookie with an automatic session id is used HTTP_Session2::useCookies(true); HTTP_Session2::start('TIP_Session'); } HTTP_Session2::setExpire(time() + 3600 * 4); if (HTTP_Session2::isExpired()) { HTTP_Session2::destroy(); TIP::notifyInfo('session'); } }
private function _getUser() { if (!array_key_exists('UID', $this->keys)) { if (!is_null($user = $this->fromGet('id')) && $this->privilege < TIP_PRIVILEGE_MANAGER && $user == TIP::getUserId()) { TIP::notifyError('denied'); $user = null; } $this->keys['UID'] = $user; } return $this->keys['UID']; }
/** * 'on_process' callback for flag actions * * Flags this row, that is set an enum "yes/no" field to "yes". * The flagging operation can be useful, for instance, for * signaling suspected content. * * @param array &$row The row to flag * @return bool true on success or false on errors */ public function _onFlag(&$old_row) { if (!isset($this->flag_field)) { // No flag field defined: silently returns true return true; } $flagger = TIP::getUserId(); $flagged = @$old_row[$this->owner_field]; $row[$this->flag_field] = 'yes'; if (isset($this->flagger_field)) { $row[$this->flagger_field] = $flagger; } if (isset($this->flagon_field)) { $row[$this->flagon_field] = TIP::formatDate('datetime_sql'); } if (!$this->data->updateRow($row, $old_row)) { return false; } $user = TIP_Application::getSharedModule('user'); if (!$user) { // User module not available: no statistic update required return true; } // Update statistics of the flagging user if (isset($flagger, $this->flaggee_field)) { $user->increment($this->flaggee_field); } // Update statistics of the flagged user if (isset($flagged, $this->flagged_field) && !is_null($view = $user->startDataView($user->getProperty('data')->rowFilter($flagged)))) { $row = $view->current(); $user->endView(); if (!is_null($row)) { $old_row = $row; ++$row[$this->flagged_field]; $user->getProperty('data')->updateRow($row, $old_row); } } return true; }