/**
* Connect to the MySQL database.
* @param {array} $dbInfo Database information.
* @return {boolean} TRUE on success, FALSE otherwise.
*/
public static function connect($dbInfo)
{
$pdoStr = sprintf('mysql:host=%s;dbname=%s;charset=utf8', $dbInfo['host'], $dbInfo['name']);
try {
self::$pdo = @new PDO($pdoStr, $dbInfo['username'], $dbInfo['password'], array(PDO::ATTR_PERSISTENT => true));
self::$pdo->exec('SET NAMES utf8');
} catch (PDOException $exc) {
$codeMsg = '(error ' . $exc->getCode() . ')';
switch ($exc->getCode()) {
case 1044:
$codeMsg .= ': No database table found';
break;
case 1045:
$codeMsg .= ': Access denied';
break;
case 2002:
$codeMsg .= ': Host not found';
break;
}
$msg = sprintf('[%s] Could not connect to database %s.', get_class(), $codeMsg);
ae_Log::error($msg);
return FALSE;
}
return TRUE;
}
/**
* Load settings from DB.
*/
public static function load()
{
$stmt = '
SELECT * FROM `' . self::TABLE . '`
';
$result = ae_Database::query($stmt);
if ($result === FALSE) {
$msg = sprintf('[%s] Failed to load settings.', get_class());
throw new Exception($msg);
}
foreach ($result as $row) {
self::$store[$row['s_key']] = $row['s_value'];
}
}
<?php
require_once '../../core/autoload.php';
require_once '../../core/config.php';
if (!isset($_POST['username'], $_POST['userpwd'])) {
header('Location: ../index.php');
}
$query = '
SELECT COUNT( u_id ) as hits, u_id, u_pwd, u_status
FROM `' . AE_TABLE_USERS . '`
WHERE u_name_intern = :name
';
$params = array(':name' => $_POST['username']);
$result = ae_Database::query($query, $params);
$u = $result[0];
// Reject: Account is suspended
if ($u['hits'] == '1' && $u['u_status'] != ae_UserModel::STATUS_ACTIVE) {
header('Location: ../index.php?error=account_suspended&username='******'username']));
exit;
} else {
if ($u['hits'] == '1' && $u['u_id'] >= 0 && ae_Security::verify($_POST['userpwd'], $u['u_pwd'])) {
ae_Security::login($result[0]['u_id']);
header('Location: ../admin.php');
exit;
}
}
if (ae_Log::hasMessages()) {
ae_Log::printAll();
} else {
header('Location: ../index.php?error=nomatch&username='******'username']));
}
/**
* Save the user to DB. If an ID is set, it will update
* the user, otherwise it will create a new one.
* @param {boolean} $forceInsert If set to TRUE and an ID has been set, the model will be saved
* as new entry instead of updating. (Optional, default is FALSE.)
* @return {boolean} TRUE, if saving is successful, FALSE otherwise.
* @throws {Exception} If $forceInsert is TRUE, but no valid ID is set.
*/
public function save($forceInsert = FALSE)
{
if ($this->permalink == '') {
$this->setPermalink($this->nameExternal);
}
$params = array(':nameInternal' => $this->nameInternal, ':nameExternal' => $this->nameExternal, ':permalink' => $this->permalink, ':password' => $this->pwdHash, ':status' => $this->status);
// Create new user
if ($this->id === FALSE && !$forceInsert) {
$stmt = '
INSERT INTO `' . AE_TABLE_USERS . '` (
u_pwd,
u_name_intern,
u_name_extern,
u_permalink,
u_status
) VALUES (
:password,
:nameInternal,
:nameExternal,
:permalink,
:status
)
';
} else {
if ($this->id !== FALSE && $forceInsert) {
$stmt = '
INSERT INTO `' . AE_TABLE_USERS . '` (
u_id,
u_pwd,
u_name_intern,
u_name_extern,
u_permalink,
u_status
) VALUES (
:id,
:password,
:nameInternal,
:nameExternal,
:permalink,
:status
)
';
$params[':id'] = $this->id;
} else {
if ($this->id !== FALSE) {
$stmt = '
UPDATE `' . AE_TABLE_USERS . '` SET
u_pwd = :password,
u_name_intern = :nameInternal,
u_name_extern = :nameExternal,
u_permalink = :permalink,
u_status = :status
WHERE
u_id = :id
';
$params[':id'] = $this->id;
} else {
$msg = sprintf('[%s] Supposed to insert new user with set ID, but no ID has been set.', get_class());
throw new Exception($msg);
}
}
}
if (ae_Database::query($stmt, $params) === FALSE) {
return FALSE;
}
// If a new user was created, get the new ID
if ($this->id === FALSE) {
$this->setId($this->getLastInsertedId());
}
return TRUE;
}
echo $scriptTime; ?> </code> </li> <li class="stat memory-peak"> <span>MB (Spitze)</span><code><?php echo $memoryPeak; ?> </code> </li> <li class="stat memory-final"> <span>MB (Ende)</span><code><?php echo $memoryFinal; ?> </code> </li> <li class="stat db-queries"> <span>DB-Anfragen</span><code><?php echo ae_Database::getNumQueries(); ?> </code> </li> </ul> </div> <?php ae_Log::printAll(); ?> </footer>
<?php
$data = array('aestas' => '<td>' . AE_VERSION . '</td>', 'PHP' => '<td>' . phpversion() . '</td>', 'MySQL' => '<td>' . ae_Database::serverVersion() . '</td>', 'Memory limit' => '<td>' . ini_get('memory_limit') . '</td>', 'mod_rewrite' => ae_Settings::isModRewriteEnabled() ? '<td class="cell-okay">enabled</td>' : '<td class="cell-warning">disabled</td>', 'Max filesize for uploads' => '<td>' . ini_get('upload_max_filesize') . '</td>');
$phpVersion = explode('.', phpversion());
// Evil features, that have been removed since PHP 5.4
if ($phpVersion[0] <= 5 && $phpVersion[1] <= 3) {
$data['Magic Quotes'] = get_magic_quotes_runtime() ? '<td class="cell-danger">enabled</td>' : '<td class="cell-okay">disabled</td>';
$data['register_globals'] = ini_get('register_globals') ? '<td class="cell-danger">enabled</td>' : '<td class="cell-okay">disabled</td>';
}
?>
<h1>Dashboard</h1>
<table class="table-system">
<?php
foreach ($data as $key => $value) {
?>
<tr>
<th><?php
echo $key;
?>
</th>
<?php
echo $value;
?>
</tr>
<?php
}
?>
</table>
/**
* Save the page to DB. If an ID is set, it will update
* the page, otherwise it will create a new one.
* @param {boolean} $forceInsert If set to TRUE and an ID has been set, the model will be saved
* as new entry instead of updating. (Optional, default is FALSE.)
* @return {boolean} TRUE, if saving is successful, FALSE otherwise.
* @throws {Exception} If $forceInsert is TRUE, but no valid ID is set.
*/
public function save($forceInsert = FALSE)
{
if ($this->datetime == '0000-00-00 00:00:00') {
$this->setDatetime(date('Y-m-d H:i:s'));
}
if (!ae_Validate::id($this->userId)) {
$this->setUserId(ae_Security::getCurrentUserId());
}
if ($this->permalink == '') {
$this->setPermalink($this->title);
}
$params = array(':title' => $this->title, ':permalink' => $this->permalink, ':content' => $this->content, ':datetime' => $this->datetime, ':user' => $this->userId, ':comments' => $this->commentsStatus, ':status' => $this->status);
// Create new page
if ($this->id === FALSE && !$forceInsert) {
$stmt = '
INSERT INTO `' . AE_TABLE_PAGES . '` (
pa_title,
pa_permalink,
pa_content,
pa_datetime,
pa_user,
pa_comments,
pa_status
) VALUES (
:title,
:permalink,
:content,
:datetime,
:user,
:comments,
:status
)
';
} else {
if ($this->id !== FALSE && $forceInsert) {
$stmt = '
INSERT INTO `' . AE_TABLE_PAGES . '` (
pa_id,
pa_title,
pa_permalink,
pa_content,
pa_datetime,
pa_user,
pa_comments,
pa_status
) VALUES (
:id,
:title,
:permalink,
:content,
:datetime,
:user,
:comments,
:status
)
';
$params[':id'] = $this->id;
} else {
if ($this->id !== FALSE) {
$stmt = '
UPDATE `' . AE_TABLE_PAGES . '` SET
pa_title = :title,
pa_permalink = :permalink,
pa_content = :content,
pa_datetime = :datetime,
pa_edit = :editDatetime,
pa_user = :user,
pa_comments = :comments,
pa_status = :status
WHERE
pa_id = :id
';
$params[':id'] = $this->id;
$params[':editDatetime'] = date('Y-m-d H:i:s');
} else {
$msg = sprintf('[%s] Supposed to insert new page with set ID, but no ID has been set.', get_class());
throw new Exception($msg);
}
}
}
if (ae_Database::query($stmt, $params) === FALSE) {
return FALSE;
}
// If a new page was created, get the new ID
if ($this->id === FALSE) {
$this->setId($this->getLastInsertedId());
}
return TRUE;
}
/**
* Save the comment to DB. If an ID is set, it will update
* the comment, otherwise it will create a new one.
* @param {boolean} $forceInsert If set to TRUE and an ID has been set, the model will be saved
* as new entry instead of updating. (Optional, default is FALSE.)
* @return {boolean} TRUE, if saving is successful, FALSE otherwise.
* @throws {Exception} If no post ID is given.
* @throws {Exception} If $forceInsert is TRUE, but no valid ID is set.
*/
public function save($forceInsert = FALSE)
{
if ($this->postId === FALSE) {
throw new Exception('[' . get_class() . '] Cannot save comment. No post ID.');
}
if ($this->datetime == '0000-00-00 00:00:00') {
$this->setDatetime(date('Y-m-d H:i:s'));
}
$params = array(':postId' => $this->postId, ':authorName' => $this->authorName, ':authorEmail' => $this->authorEmail, ':authorIp' => $this->authorIp, ':authorUrl' => $this->authorUrl, ':datetime' => $this->datetime, ':content' => $this->content, ':status' => $this->status, ':userId' => $this->userId);
// Create new comment
if ($this->id === FALSE && !$forceInsert) {
$stmt = '
INSERT INTO `' . AE_TABLE_COMMENTS . '` (
co_ip,
co_post,
co_user,
co_name,
co_email,
co_url,
co_datetime,
co_content,
co_status
)
VALUES (
:authorIp,
:postId,
:userId,
:authorName,
:authorEmail,
:authorUrl,
:datetime,
:content,
:status
)
';
} else {
if ($this->id !== FALSE && $forceInsert) {
$stmt = '
INSERT INTO `' . AE_TABLE_COMMENTS . '` (
co_id,
co_ip,
co_post,
co_user,
co_name,
co_email,
co_url,
co_datetime,
co_content,
co_status
)
VALUES (
:id,
:authorIp,
:postId,
:userId,
:authorName,
:authorEmail,
:authorUrl,
:datetime,
:content,
:status
)
';
$params[':id'] = $this->id;
} else {
if ($this->id !== FALSE) {
$stmt = '
UPDATE `' . AE_TABLE_COMMENTS . '` SET
co_ip = :authorIp,
co_post = :postId,
co_user = :userId,
co_name = :authorName,
co_email = :authorEmail,
co_url = :authorUrl,
co_datetime = :datetime,
co_content = :content,
co_status = :status
WHERE
co_id = :id
';
$params[':id'] = $this->id;
} else {
$msg = sprintf('[%s] Supposed to insert new comment with set ID, but no ID has been set.', get_class());
throw new Exception($msg);
}
}
}
if (ae_Database::query($stmt, $params) === FALSE) {
return FALSE;
}
// If a new comment was created, get the new ID
if ($this->id === FALSE) {
$this->setId($this->getLastInsertedId());
}
return TRUE;
}
/**
* Delete all relations between the edited post and its categories.
* @param {int} $postId Post ID.
* @return {boolean} TRUE, if successful deleted relations or no relations to delete, FALSE otherwise.
*/
function deletePost2CategoryRelations($postId)
{
if (!isset($_POST['edit-id'])) {
return TRUE;
}
$stmt = '
DELETE FROM `' . AE_TABLE_POSTS2CATEGORIES . '`
WHERE pc_post = :id
';
$params = array(':id' => $postId);
if (ae_Database::query($stmt, $params) === FALSE) {
return FALSE;
}
return TRUE;
}
$stmt1 = '
DELETE FROM `' . AE_TABLE_POSTS2CATEGORIES . '`
WHERE
';
$stmt2 = '
UPDATE `' . ae_CategoryModel::TABLE . '`
SET ca_parent = 0
WHERE
';
$params = array();
foreach ($_POST['entry'] as $id) {
if (!ae_Validate::id($id)) {
continue;
}
$stmt1 .= 'pc_category = :entry' . $id . ' OR ';
$stmt2 .= 'ca_id = :entry' . $id . ' OR ';
$params[':entry' . $id] = $id;
}
$stmt1 = mb_substr($stmt1, 0, -4);
$stmt2 = mb_substr($stmt2, 0, -4);
if (ae_Database::query($stmt1, $params) === FALSE || ae_Database::query($stmt2, $params) === FALSE) {
header('Location: ../admin.php?area=' . $mainArea . '&' . $_POST['area'] . '&error=query_delete_category_relations_failed');
exit;
}
}
}
if (ae_Log::hasMessages()) {
ae_Log::printAll();
exit;
}
header('Location: ../admin.php?area=' . $mainArea . '&' . $_POST['area'] . '&success=status_change');
/**
* Save the category to DB. If an ID is set, it will update
* the category, otherwise it will create a new one.
* Changes on the children attribute will not be saved!
* To change parent-child relations, edit the child.
* @param {boolean} $forceInsert If set to TRUE and an ID has been set, the model will be saved
* as new entry instead of updating. (Optional, default is FALSE.)
* @return {boolean} TRUE, if saving is successful, FALSE otherwise.
* @throws {Exception} If title is not valid.
* @throws {Exception} If $forceInsert is TRUE, but no valid ID is set.
*/
public function save($forceInsert = FALSE)
{
if ($this->title == '') {
throw new Exception('[' . get_class() . '] Cannot save category. Invalid title.');
}
if ($this->permalink == '') {
$this->permalink = ae_Permalink::generatePermalink($this->title);
}
$params = array(':title' => $this->title, ':permalink' => $this->permalink, ':parent' => $this->parent, ':status' => $this->status);
// Create new category
if ($this->id === FALSE && !$forceInsert) {
$stmt = '
INSERT INTO `' . self::TABLE . '` (
ca_title,
ca_permalink,
ca_parent,
ca_status
)
VALUES (
:title,
:permalink,
:parent,
:status
)
';
} else {
if ($this->id !== FALSE && $forceInsert) {
$stmt = '
INSERT INTO `' . self::TABLE . '` (
ca_id,
ca_title,
ca_permalink,
ca_parent,
ca_status
)
VALUES (
:id,
:title,
:permalink,
:parent,
:status
)
';
$params[':id'] = $this->id;
} else {
if ($this->id !== FALSE) {
$stmt = '
UPDATE `' . self::TABLE . '` SET
ca_title = :title,
ca_permalink = :permalink,
ca_parent = :parent,
ca_status = :status
WHERE
ca_id = :id
';
$params[':id'] = $this->id;
} else {
$msg = sprintf('[%s] Supposed to insert new category with set ID, but no ID has been set.', get_class());
throw new Exception($msg);
}
}
}
if (ae_Database::query($stmt, $params) === FALSE) {
return FALSE;
}
// If a new category was created, get the new ID
if ($this->id === FALSE) {
$this->setId($this->getLastInsertedId());
}
return TRUE;
}
<?php
require_once '../../core/autoload.php';
require_once '../../core/config.php';
if (!ae_Security::isLoggedIn()) {
header('Location: ../index.php?error=not_logged_in');
exit;
}
if (!isset($_POST['blog-title']) || !isset($_POST['blog-description'])) {
header('Location: ../admin.php?area=settings&error=missing_data');
exit;
}
$stmt = '
INSERT INTO `' . AE_TABLE_SETTINGS . '` ( s_key, s_value )
VALUES
( :blogTitleKey, :blogTitleValue ),
( :blogDescriptionKey, :blogDescriptionValue )
ON DUPLICATE KEY UPDATE
s_key = VALUES( s_key ),
s_value = VALUES( s_value )
';
$params = array(':blogTitleKey' => 'blog_title', ':blogTitleValue' => $_POST['blog-title'], ':blogDescriptionKey' => 'blog_description', ':blogDescriptionValue' => $_POST['blog-description']);
if (ae_Database::query($stmt, $params) === FALSE) {
header('Location: ../admin.php?area=settings&error=failed_db_update');
exit;
}
header('Location: ../admin.php?area=settings&success');
if (ini_get('register_globals')) {
ini_set('register_globals', 0);
}
// URL constant
$protocol = 'http://';
if (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off' || $_SERVER['SERVER_PORT'] == 443) {
$protocol = 'https://';
}
$url = $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'];
$url = explode('/', $url);
array_pop($url);
if (defined('IS_RSS')) {
array_pop($url);
}
$url = $protocol . implode('/', $url) . '/';
define('URL', $url);
unset($url);
// Initialize some needed classes
ae_Timer::start('total');
ae_Log::init($logSettings);
if (ae_Database::connect($dbSettings) === FALSE) {
$path = 'themes/error-msg-db.php';
$path = file_exists($path) ? $path : '../' . $path;
include $path;
exit;
}
ae_Security::init($securitySettings);
ae_Settings::load();
// Constants used in themes and the RSS feed
define('THEME', ae_Settings::get('theme'));
define('THEME_PATH', URL . 'themes/' . THEME . '/');
/**
* Save media to DB. If an ID is set, it will update
* it, otherwise it will create a new one.
* @param {boolean} $forceInsert If set to TRUE and an ID has been set, the model will be saved
* as new entry instead of updating. (Optional, default is FALSE.)
* @return {boolean} TRUE, if saving is successful, FALSE otherwise.
* @throws {Exception} If name is not valid.
* @throws {Exception} If $forceInsert is TRUE, but no valid ID is set.
*/
public function save($forceInsert = FALSE)
{
if (mb_strlen($this->name) == 0) {
$msg = sprintf('[%s] Cannot save. Name is empty.', get_class());
throw new Exception($msg);
}
if ($this->datetime == '0000-00-00 00:00:00') {
$this->setDatetime(date('Y-m-d H:i:s'));
}
if ($this->meta != '') {
$meta = json_encode($this->meta);
if ($meta === FALSE) {
$msg = sprintf('[%s] Failed to JSON encode meta data.', get_class());
throw new Exception($msg);
}
}
$params = array(':datetime' => $this->datetime, ':meta' => $meta, ':name' => $this->name, ':status' => $this->status, ':type' => $this->type, ':userId' => $this->userId);
// Create new media
if ($this->id === FALSE && !$forceInsert) {
$stmt = '
INSERT INTO `' . self::TABLE . '` (
m_datetime,
m_meta,
m_name,
m_status,
m_type,
m_user
)
VALUES (
:datetime,
:meta,
:name,
:status,
:type,
:userId
)
';
} else {
if ($this->id !== FALSE && $forceInsert) {
$stmt = '
INSERT INTO `' . self::TABLE . '` (
m_id,
m_datetime,
m_meta,
m_name,
m_status,
m_type,
m_user
)
VALUES (
:id,
:datetime,
:meta,
:name,
:status,
:type,
:userId
)
';
$params[':id'] = $this->id;
} else {
if ($this->id !== FALSE) {
$stmt = '
UPDATE `' . self::TABLE . '` SET
m_datetime = :datetime,
m_meta = :meta,
m_name = :name,
m_status = :status,
m_type = :type,
m_user = :userId
WHERE
m_id = :id
';
$params[':id'] = $this->id;
} else {
$msg = sprintf('[%s] Supposed to insert new media with set ID, but no ID has been set.', get_class());
throw new Exception($msg);
}
}
}
if (ae_Database::query($stmt, $params) === FALSE) {
return FALSE;
}
// If new media was created, get the new ID
if ($this->id === FALSE) {
$this->setId($this->getLastInsertedId());
} else {
if ($this->name != $this->oldName) {
$this->renameFile();
}
}
return TRUE;
}
/**
* Load the model data for the given ID.
* @param {int} $id ID of the model to load.
* @return {boolean|array} FALSE, if loading failed, an array with the DB data otherwise.
*/
protected function loadModelData($id)
{
$this->setId($id);
$class = get_class($this);
$stmt = '
SELECT *
FROM `' . constant($class . '::TABLE') . '`
WHERE ' . constant($class . '::TABLE_ID_FIELD') . ' = :id
';
$params = array(':id' => $id);
$result = ae_Database::query($stmt, $params);
if ($result === FALSE || empty($result)) {
return FALSE;
}
return $result[0];
}
/**
* Save the filter to DB. If an ID is set, it will update
* the filter, otherwise it will create a new one.
* @param {boolean} $forceInsert If set to TRUE and an ID has been set, the model will be saved
* as new entry instead of updating. (Optional, default is FALSE.)
* @return {boolean} TRUE, if saving is successful, FALSE otherwise.
* @throws {Exception} If $forceInsert is TRUE, but no valid ID is set.
*/
public function save($forceInsert = FALSE)
{
if ($this->name == '') {
$this->name = 'filter ' . date('Y-m-d H:i:s');
}
$params = array(':name' => $this->name, ':target' => $this->target, ':match' => $this->match, ':action' => $this->action, ':status' => $this->status);
// Create new category
if ($this->id === FALSE && !$forceInsert) {
$stmt = '
INSERT INTO `' . self::TABLE . '` (
cf_name,
cf_target,
cf_match,
cf_action,
cf_status
) VALUES (
:name,
:target,
:match,
:action,
:status
)
';
} else {
if ($this->id !== FALSE && $forceInsert) {
$stmt = '
INSERT INTO `' . self::TABLE . '` (
cf_id,
cf_name,
cf_target,
cf_match,
cf_action,
cf_status
) VALUES (
:id,
:name,
:target,
:match,
:action,
:status
)
';
$params[':id'] = $this->id;
} else {
if ($this->id !== FALSE) {
$stmt = '
UPDATE `' . self::TABLE . '` SET
cf_name = :name,
cf_target = :target,
cf_match = :match,
cf_action = :action,
cf_status = :status
WHERE
cf_id = :id
';
$params[':id'] = $this->id;
} else {
$msg = sprintf('[%s] Supposed to insert new filter with set ID, but no ID has been set.', get_class());
throw new Exception($msg);
}
}
}
if (ae_Database::query($stmt, $params) === FALSE) {
return FALSE;
}
// If a new filter was created, get the new ID
if ($this->id === FALSE) {
$this->setId($this->getLastInsertedId());
}
return TRUE;
}
/**
* Load number of comments for loaded post models.
* @param {string} $status Status of comments to select.
*/
public function loadNumComments($status = ae_CommentModel::STATUS_APPROVED)
{
$postIds = $this->getPostIdsString();
if (!$postIds) {
return FALSE;
}
$stmt = '
SELECT co_post, COUNT( co_id ) AS numComments
FROM `' . AE_TABLE_COMMENTS . '`
WHERE co_post IN ( ' . $postIds . ' )
AND co_status = :status
GROUP BY co_post
';
$params = array(':status' => $status);
$result = ae_Database::query($stmt, $params);
if ($result === FALSE) {
return FALSE;
}
$this->assignNumCommentsToPosts($result);
$this->reset();
return TRUE;
}
/**
* Query the number of items for the given filter from the DB.
* @param {string} $table DB table name.
* @param {array} $filter Filter.
* @param {array} $params Parameters of the filter.
* @return {boolean} TRUE on success, FALSE otherwise.
*/
protected function queryNumItems($table, $filter, $params)
{
$numFilter = $filter;
unset($numFilter['LIMIT']);
$numStmt = '
SELECT COUNT( * ) AS num_entries FROM `' . $table . '`
';
$numStmt = self::buildStatement($numStmt, $numFilter);
$result = ae_Database::query($numStmt, $params);
if ($result === FALSE) {
return FALSE;
}
$this->totalItems = $result[0]['num_entries'];
return TRUE;
}
