/** * Connect to the MySQL database. * @param {array} $dbInfo Database information. * @return {boolean} TRUE on success, FALSE otherwise. */ public static function connect($dbInfo) { $pdoStr = sprintf('mysql:host=%s;dbname=%s;charset=utf8', $dbInfo['host'], $dbInfo['name']); try { self::$pdo = @new PDO($pdoStr, $dbInfo['username'], $dbInfo['password'], array(PDO::ATTR_PERSISTENT => true)); self::$pdo->exec('SET NAMES utf8'); } catch (PDOException $exc) { $codeMsg = '(error ' . $exc->getCode() . ')'; switch ($exc->getCode()) { case 1044: $codeMsg .= ': No database table found'; break; case 1045: $codeMsg .= ': Access denied'; break; case 2002: $codeMsg .= ': Host not found'; break; } $msg = sprintf('[%s] Could not connect to database %s.', get_class(), $codeMsg); ae_Log::error($msg); return FALSE; } return TRUE; }
/** * Load settings from DB. */ public static function load() { $stmt = ' SELECT * FROM `' . self::TABLE . '` '; $result = ae_Database::query($stmt); if ($result === FALSE) { $msg = sprintf('[%s] Failed to load settings.', get_class()); throw new Exception($msg); } foreach ($result as $row) { self::$store[$row['s_key']] = $row['s_value']; } }
<?php require_once '../../core/autoload.php'; require_once '../../core/config.php'; if (!isset($_POST['username'], $_POST['userpwd'])) { header('Location: ../index.php'); } $query = ' SELECT COUNT( u_id ) as hits, u_id, u_pwd, u_status FROM `' . AE_TABLE_USERS . '` WHERE u_name_intern = :name '; $params = array(':name' => $_POST['username']); $result = ae_Database::query($query, $params); $u = $result[0]; // Reject: Account is suspended if ($u['hits'] == '1' && $u['u_status'] != ae_UserModel::STATUS_ACTIVE) { header('Location: ../index.php?error=account_suspended&username='******'username'])); exit; } else { if ($u['hits'] == '1' && $u['u_id'] >= 0 && ae_Security::verify($_POST['userpwd'], $u['u_pwd'])) { ae_Security::login($result[0]['u_id']); header('Location: ../admin.php'); exit; } } if (ae_Log::hasMessages()) { ae_Log::printAll(); } else { header('Location: ../index.php?error=nomatch&username='******'username'])); }
/** * Save the user to DB. If an ID is set, it will update * the user, otherwise it will create a new one. * @param {boolean} $forceInsert If set to TRUE and an ID has been set, the model will be saved * as new entry instead of updating. (Optional, default is FALSE.) * @return {boolean} TRUE, if saving is successful, FALSE otherwise. * @throws {Exception} If $forceInsert is TRUE, but no valid ID is set. */ public function save($forceInsert = FALSE) { if ($this->permalink == '') { $this->setPermalink($this->nameExternal); } $params = array(':nameInternal' => $this->nameInternal, ':nameExternal' => $this->nameExternal, ':permalink' => $this->permalink, ':password' => $this->pwdHash, ':status' => $this->status); // Create new user if ($this->id === FALSE && !$forceInsert) { $stmt = ' INSERT INTO `' . AE_TABLE_USERS . '` ( u_pwd, u_name_intern, u_name_extern, u_permalink, u_status ) VALUES ( :password, :nameInternal, :nameExternal, :permalink, :status ) '; } else { if ($this->id !== FALSE && $forceInsert) { $stmt = ' INSERT INTO `' . AE_TABLE_USERS . '` ( u_id, u_pwd, u_name_intern, u_name_extern, u_permalink, u_status ) VALUES ( :id, :password, :nameInternal, :nameExternal, :permalink, :status ) '; $params[':id'] = $this->id; } else { if ($this->id !== FALSE) { $stmt = ' UPDATE `' . AE_TABLE_USERS . '` SET u_pwd = :password, u_name_intern = :nameInternal, u_name_extern = :nameExternal, u_permalink = :permalink, u_status = :status WHERE u_id = :id '; $params[':id'] = $this->id; } else { $msg = sprintf('[%s] Supposed to insert new user with set ID, but no ID has been set.', get_class()); throw new Exception($msg); } } } if (ae_Database::query($stmt, $params) === FALSE) { return FALSE; } // If a new user was created, get the new ID if ($this->id === FALSE) { $this->setId($this->getLastInsertedId()); } return TRUE; }
echo $scriptTime; ?> </code> </li> <li class="stat memory-peak"> <span>MB (Spitze)</span><code><?php echo $memoryPeak; ?> </code> </li> <li class="stat memory-final"> <span>MB (Ende)</span><code><?php echo $memoryFinal; ?> </code> </li> <li class="stat db-queries"> <span>DB-Anfragen</span><code><?php echo ae_Database::getNumQueries(); ?> </code> </li> </ul> </div> <?php ae_Log::printAll(); ?> </footer>
<?php $data = array('aestas' => '<td>' . AE_VERSION . '</td>', 'PHP' => '<td>' . phpversion() . '</td>', 'MySQL' => '<td>' . ae_Database::serverVersion() . '</td>', 'Memory limit' => '<td>' . ini_get('memory_limit') . '</td>', 'mod_rewrite' => ae_Settings::isModRewriteEnabled() ? '<td class="cell-okay">enabled</td>' : '<td class="cell-warning">disabled</td>', 'Max filesize for uploads' => '<td>' . ini_get('upload_max_filesize') . '</td>'); $phpVersion = explode('.', phpversion()); // Evil features, that have been removed since PHP 5.4 if ($phpVersion[0] <= 5 && $phpVersion[1] <= 3) { $data['Magic Quotes'] = get_magic_quotes_runtime() ? '<td class="cell-danger">enabled</td>' : '<td class="cell-okay">disabled</td>'; $data['register_globals'] = ini_get('register_globals') ? '<td class="cell-danger">enabled</td>' : '<td class="cell-okay">disabled</td>'; } ?> <h1>Dashboard</h1> <table class="table-system"> <?php foreach ($data as $key => $value) { ?> <tr> <th><?php echo $key; ?> </th> <?php echo $value; ?> </tr> <?php } ?> </table>
/** * Save the page to DB. If an ID is set, it will update * the page, otherwise it will create a new one. * @param {boolean} $forceInsert If set to TRUE and an ID has been set, the model will be saved * as new entry instead of updating. (Optional, default is FALSE.) * @return {boolean} TRUE, if saving is successful, FALSE otherwise. * @throws {Exception} If $forceInsert is TRUE, but no valid ID is set. */ public function save($forceInsert = FALSE) { if ($this->datetime == '0000-00-00 00:00:00') { $this->setDatetime(date('Y-m-d H:i:s')); } if (!ae_Validate::id($this->userId)) { $this->setUserId(ae_Security::getCurrentUserId()); } if ($this->permalink == '') { $this->setPermalink($this->title); } $params = array(':title' => $this->title, ':permalink' => $this->permalink, ':content' => $this->content, ':datetime' => $this->datetime, ':user' => $this->userId, ':comments' => $this->commentsStatus, ':status' => $this->status); // Create new page if ($this->id === FALSE && !$forceInsert) { $stmt = ' INSERT INTO `' . AE_TABLE_PAGES . '` ( pa_title, pa_permalink, pa_content, pa_datetime, pa_user, pa_comments, pa_status ) VALUES ( :title, :permalink, :content, :datetime, :user, :comments, :status ) '; } else { if ($this->id !== FALSE && $forceInsert) { $stmt = ' INSERT INTO `' . AE_TABLE_PAGES . '` ( pa_id, pa_title, pa_permalink, pa_content, pa_datetime, pa_user, pa_comments, pa_status ) VALUES ( :id, :title, :permalink, :content, :datetime, :user, :comments, :status ) '; $params[':id'] = $this->id; } else { if ($this->id !== FALSE) { $stmt = ' UPDATE `' . AE_TABLE_PAGES . '` SET pa_title = :title, pa_permalink = :permalink, pa_content = :content, pa_datetime = :datetime, pa_edit = :editDatetime, pa_user = :user, pa_comments = :comments, pa_status = :status WHERE pa_id = :id '; $params[':id'] = $this->id; $params[':editDatetime'] = date('Y-m-d H:i:s'); } else { $msg = sprintf('[%s] Supposed to insert new page with set ID, but no ID has been set.', get_class()); throw new Exception($msg); } } } if (ae_Database::query($stmt, $params) === FALSE) { return FALSE; } // If a new page was created, get the new ID if ($this->id === FALSE) { $this->setId($this->getLastInsertedId()); } return TRUE; }
/** * Save the comment to DB. If an ID is set, it will update * the comment, otherwise it will create a new one. * @param {boolean} $forceInsert If set to TRUE and an ID has been set, the model will be saved * as new entry instead of updating. (Optional, default is FALSE.) * @return {boolean} TRUE, if saving is successful, FALSE otherwise. * @throws {Exception} If no post ID is given. * @throws {Exception} If $forceInsert is TRUE, but no valid ID is set. */ public function save($forceInsert = FALSE) { if ($this->postId === FALSE) { throw new Exception('[' . get_class() . '] Cannot save comment. No post ID.'); } if ($this->datetime == '0000-00-00 00:00:00') { $this->setDatetime(date('Y-m-d H:i:s')); } $params = array(':postId' => $this->postId, ':authorName' => $this->authorName, ':authorEmail' => $this->authorEmail, ':authorIp' => $this->authorIp, ':authorUrl' => $this->authorUrl, ':datetime' => $this->datetime, ':content' => $this->content, ':status' => $this->status, ':userId' => $this->userId); // Create new comment if ($this->id === FALSE && !$forceInsert) { $stmt = ' INSERT INTO `' . AE_TABLE_COMMENTS . '` ( co_ip, co_post, co_user, co_name, co_email, co_url, co_datetime, co_content, co_status ) VALUES ( :authorIp, :postId, :userId, :authorName, :authorEmail, :authorUrl, :datetime, :content, :status ) '; } else { if ($this->id !== FALSE && $forceInsert) { $stmt = ' INSERT INTO `' . AE_TABLE_COMMENTS . '` ( co_id, co_ip, co_post, co_user, co_name, co_email, co_url, co_datetime, co_content, co_status ) VALUES ( :id, :authorIp, :postId, :userId, :authorName, :authorEmail, :authorUrl, :datetime, :content, :status ) '; $params[':id'] = $this->id; } else { if ($this->id !== FALSE) { $stmt = ' UPDATE `' . AE_TABLE_COMMENTS . '` SET co_ip = :authorIp, co_post = :postId, co_user = :userId, co_name = :authorName, co_email = :authorEmail, co_url = :authorUrl, co_datetime = :datetime, co_content = :content, co_status = :status WHERE co_id = :id '; $params[':id'] = $this->id; } else { $msg = sprintf('[%s] Supposed to insert new comment with set ID, but no ID has been set.', get_class()); throw new Exception($msg); } } } if (ae_Database::query($stmt, $params) === FALSE) { return FALSE; } // If a new comment was created, get the new ID if ($this->id === FALSE) { $this->setId($this->getLastInsertedId()); } return TRUE; }
/** * Delete all relations between the edited post and its categories. * @param {int} $postId Post ID. * @return {boolean} TRUE, if successful deleted relations or no relations to delete, FALSE otherwise. */ function deletePost2CategoryRelations($postId) { if (!isset($_POST['edit-id'])) { return TRUE; } $stmt = ' DELETE FROM `' . AE_TABLE_POSTS2CATEGORIES . '` WHERE pc_post = :id '; $params = array(':id' => $postId); if (ae_Database::query($stmt, $params) === FALSE) { return FALSE; } return TRUE; }
$stmt1 = ' DELETE FROM `' . AE_TABLE_POSTS2CATEGORIES . '` WHERE '; $stmt2 = ' UPDATE `' . ae_CategoryModel::TABLE . '` SET ca_parent = 0 WHERE '; $params = array(); foreach ($_POST['entry'] as $id) { if (!ae_Validate::id($id)) { continue; } $stmt1 .= 'pc_category = :entry' . $id . ' OR '; $stmt2 .= 'ca_id = :entry' . $id . ' OR '; $params[':entry' . $id] = $id; } $stmt1 = mb_substr($stmt1, 0, -4); $stmt2 = mb_substr($stmt2, 0, -4); if (ae_Database::query($stmt1, $params) === FALSE || ae_Database::query($stmt2, $params) === FALSE) { header('Location: ../admin.php?area=' . $mainArea . '&' . $_POST['area'] . '&error=query_delete_category_relations_failed'); exit; } } } if (ae_Log::hasMessages()) { ae_Log::printAll(); exit; } header('Location: ../admin.php?area=' . $mainArea . '&' . $_POST['area'] . '&success=status_change');
/** * Save the category to DB. If an ID is set, it will update * the category, otherwise it will create a new one. * Changes on the children attribute will not be saved! * To change parent-child relations, edit the child. * @param {boolean} $forceInsert If set to TRUE and an ID has been set, the model will be saved * as new entry instead of updating. (Optional, default is FALSE.) * @return {boolean} TRUE, if saving is successful, FALSE otherwise. * @throws {Exception} If title is not valid. * @throws {Exception} If $forceInsert is TRUE, but no valid ID is set. */ public function save($forceInsert = FALSE) { if ($this->title == '') { throw new Exception('[' . get_class() . '] Cannot save category. Invalid title.'); } if ($this->permalink == '') { $this->permalink = ae_Permalink::generatePermalink($this->title); } $params = array(':title' => $this->title, ':permalink' => $this->permalink, ':parent' => $this->parent, ':status' => $this->status); // Create new category if ($this->id === FALSE && !$forceInsert) { $stmt = ' INSERT INTO `' . self::TABLE . '` ( ca_title, ca_permalink, ca_parent, ca_status ) VALUES ( :title, :permalink, :parent, :status ) '; } else { if ($this->id !== FALSE && $forceInsert) { $stmt = ' INSERT INTO `' . self::TABLE . '` ( ca_id, ca_title, ca_permalink, ca_parent, ca_status ) VALUES ( :id, :title, :permalink, :parent, :status ) '; $params[':id'] = $this->id; } else { if ($this->id !== FALSE) { $stmt = ' UPDATE `' . self::TABLE . '` SET ca_title = :title, ca_permalink = :permalink, ca_parent = :parent, ca_status = :status WHERE ca_id = :id '; $params[':id'] = $this->id; } else { $msg = sprintf('[%s] Supposed to insert new category with set ID, but no ID has been set.', get_class()); throw new Exception($msg); } } } if (ae_Database::query($stmt, $params) === FALSE) { return FALSE; } // If a new category was created, get the new ID if ($this->id === FALSE) { $this->setId($this->getLastInsertedId()); } return TRUE; }
<?php require_once '../../core/autoload.php'; require_once '../../core/config.php'; if (!ae_Security::isLoggedIn()) { header('Location: ../index.php?error=not_logged_in'); exit; } if (!isset($_POST['blog-title']) || !isset($_POST['blog-description'])) { header('Location: ../admin.php?area=settings&error=missing_data'); exit; } $stmt = ' INSERT INTO `' . AE_TABLE_SETTINGS . '` ( s_key, s_value ) VALUES ( :blogTitleKey, :blogTitleValue ), ( :blogDescriptionKey, :blogDescriptionValue ) ON DUPLICATE KEY UPDATE s_key = VALUES( s_key ), s_value = VALUES( s_value ) '; $params = array(':blogTitleKey' => 'blog_title', ':blogTitleValue' => $_POST['blog-title'], ':blogDescriptionKey' => 'blog_description', ':blogDescriptionValue' => $_POST['blog-description']); if (ae_Database::query($stmt, $params) === FALSE) { header('Location: ../admin.php?area=settings&error=failed_db_update'); exit; } header('Location: ../admin.php?area=settings&success');
if (ini_get('register_globals')) { ini_set('register_globals', 0); } // URL constant $protocol = 'http://'; if (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off' || $_SERVER['SERVER_PORT'] == 443) { $protocol = 'https://'; } $url = $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']; $url = explode('/', $url); array_pop($url); if (defined('IS_RSS')) { array_pop($url); } $url = $protocol . implode('/', $url) . '/'; define('URL', $url); unset($url); // Initialize some needed classes ae_Timer::start('total'); ae_Log::init($logSettings); if (ae_Database::connect($dbSettings) === FALSE) { $path = 'themes/error-msg-db.php'; $path = file_exists($path) ? $path : '../' . $path; include $path; exit; } ae_Security::init($securitySettings); ae_Settings::load(); // Constants used in themes and the RSS feed define('THEME', ae_Settings::get('theme')); define('THEME_PATH', URL . 'themes/' . THEME . '/');
/** * Save media to DB. If an ID is set, it will update * it, otherwise it will create a new one. * @param {boolean} $forceInsert If set to TRUE and an ID has been set, the model will be saved * as new entry instead of updating. (Optional, default is FALSE.) * @return {boolean} TRUE, if saving is successful, FALSE otherwise. * @throws {Exception} If name is not valid. * @throws {Exception} If $forceInsert is TRUE, but no valid ID is set. */ public function save($forceInsert = FALSE) { if (mb_strlen($this->name) == 0) { $msg = sprintf('[%s] Cannot save. Name is empty.', get_class()); throw new Exception($msg); } if ($this->datetime == '0000-00-00 00:00:00') { $this->setDatetime(date('Y-m-d H:i:s')); } if ($this->meta != '') { $meta = json_encode($this->meta); if ($meta === FALSE) { $msg = sprintf('[%s] Failed to JSON encode meta data.', get_class()); throw new Exception($msg); } } $params = array(':datetime' => $this->datetime, ':meta' => $meta, ':name' => $this->name, ':status' => $this->status, ':type' => $this->type, ':userId' => $this->userId); // Create new media if ($this->id === FALSE && !$forceInsert) { $stmt = ' INSERT INTO `' . self::TABLE . '` ( m_datetime, m_meta, m_name, m_status, m_type, m_user ) VALUES ( :datetime, :meta, :name, :status, :type, :userId ) '; } else { if ($this->id !== FALSE && $forceInsert) { $stmt = ' INSERT INTO `' . self::TABLE . '` ( m_id, m_datetime, m_meta, m_name, m_status, m_type, m_user ) VALUES ( :id, :datetime, :meta, :name, :status, :type, :userId ) '; $params[':id'] = $this->id; } else { if ($this->id !== FALSE) { $stmt = ' UPDATE `' . self::TABLE . '` SET m_datetime = :datetime, m_meta = :meta, m_name = :name, m_status = :status, m_type = :type, m_user = :userId WHERE m_id = :id '; $params[':id'] = $this->id; } else { $msg = sprintf('[%s] Supposed to insert new media with set ID, but no ID has been set.', get_class()); throw new Exception($msg); } } } if (ae_Database::query($stmt, $params) === FALSE) { return FALSE; } // If new media was created, get the new ID if ($this->id === FALSE) { $this->setId($this->getLastInsertedId()); } else { if ($this->name != $this->oldName) { $this->renameFile(); } } return TRUE; }
/** * Load the model data for the given ID. * @param {int} $id ID of the model to load. * @return {boolean|array} FALSE, if loading failed, an array with the DB data otherwise. */ protected function loadModelData($id) { $this->setId($id); $class = get_class($this); $stmt = ' SELECT * FROM `' . constant($class . '::TABLE') . '` WHERE ' . constant($class . '::TABLE_ID_FIELD') . ' = :id '; $params = array(':id' => $id); $result = ae_Database::query($stmt, $params); if ($result === FALSE || empty($result)) { return FALSE; } return $result[0]; }
/** * Save the filter to DB. If an ID is set, it will update * the filter, otherwise it will create a new one. * @param {boolean} $forceInsert If set to TRUE and an ID has been set, the model will be saved * as new entry instead of updating. (Optional, default is FALSE.) * @return {boolean} TRUE, if saving is successful, FALSE otherwise. * @throws {Exception} If $forceInsert is TRUE, but no valid ID is set. */ public function save($forceInsert = FALSE) { if ($this->name == '') { $this->name = 'filter ' . date('Y-m-d H:i:s'); } $params = array(':name' => $this->name, ':target' => $this->target, ':match' => $this->match, ':action' => $this->action, ':status' => $this->status); // Create new category if ($this->id === FALSE && !$forceInsert) { $stmt = ' INSERT INTO `' . self::TABLE . '` ( cf_name, cf_target, cf_match, cf_action, cf_status ) VALUES ( :name, :target, :match, :action, :status ) '; } else { if ($this->id !== FALSE && $forceInsert) { $stmt = ' INSERT INTO `' . self::TABLE . '` ( cf_id, cf_name, cf_target, cf_match, cf_action, cf_status ) VALUES ( :id, :name, :target, :match, :action, :status ) '; $params[':id'] = $this->id; } else { if ($this->id !== FALSE) { $stmt = ' UPDATE `' . self::TABLE . '` SET cf_name = :name, cf_target = :target, cf_match = :match, cf_action = :action, cf_status = :status WHERE cf_id = :id '; $params[':id'] = $this->id; } else { $msg = sprintf('[%s] Supposed to insert new filter with set ID, but no ID has been set.', get_class()); throw new Exception($msg); } } } if (ae_Database::query($stmt, $params) === FALSE) { return FALSE; } // If a new filter was created, get the new ID if ($this->id === FALSE) { $this->setId($this->getLastInsertedId()); } return TRUE; }
/** * Load number of comments for loaded post models. * @param {string} $status Status of comments to select. */ public function loadNumComments($status = ae_CommentModel::STATUS_APPROVED) { $postIds = $this->getPostIdsString(); if (!$postIds) { return FALSE; } $stmt = ' SELECT co_post, COUNT( co_id ) AS numComments FROM `' . AE_TABLE_COMMENTS . '` WHERE co_post IN ( ' . $postIds . ' ) AND co_status = :status GROUP BY co_post '; $params = array(':status' => $status); $result = ae_Database::query($stmt, $params); if ($result === FALSE) { return FALSE; } $this->assignNumCommentsToPosts($result); $this->reset(); return TRUE; }
/** * Query the number of items for the given filter from the DB. * @param {string} $table DB table name. * @param {array} $filter Filter. * @param {array} $params Parameters of the filter. * @return {boolean} TRUE on success, FALSE otherwise. */ protected function queryNumItems($table, $filter, $params) { $numFilter = $filter; unset($numFilter['LIMIT']); $numStmt = ' SELECT COUNT( * ) AS num_entries FROM `' . $table . '` '; $numStmt = self::buildStatement($numStmt, $numFilter); $result = ae_Database::query($numStmt, $params); if ($result === FALSE) { return FALSE; } $this->totalItems = $result[0]['num_entries']; return TRUE; }