public function __construct() { $session = SessionHandler::getInstance(); $this->expire_time = $session->getTimeout(); session_set_save_handler(array($this, "open"), array($this, "close"), array($this, "read"), array($this, "write"), array($this, "destroy"), array($this, "gc")); register_shutdown_function('session_write_close'); }
/** * * @param $type * @param $object_id the object who owns the bookmark */ public static function remove($type, $object_id, $owner = 0) { if (!is_numeric($type) || !is_numeric($object_id) || !is_numeric($owner)) { throw new \Exception('noo'); } $session = SessionHandler::getInstance(); $q = 'DELETE FROM ' . self::$tbl_name . ' WHERE owner = ?' . ' AND value = ?' . ' AND type = ?'; return Sql::pDelete($q, 'iii', $owner ? $owner : $session->id, $object_id, $type); }
/** * Creates a new poke * @param $to */ public static function send($to) { $session = SessionHandler::getInstance(); $o = new Poke(); $o->from = $session->id; $o->to = $to; $o->time = sql_datetime(time()); $o->store(); }
/** * Mark feedback item as handled * @param $message_id optionally refer to a response message */ public static function markHandled($id, $message_id = 0) { $session = SessionHandler::getInstance(); $i = self::get($id); $i->time_answered = sql_datetime(time()); $i->answered_by = $session->id; $i->message = $message_id; $i->store(); }
function editHandler($p) { $session = SessionHandler::getInstance(); $o = FaqItem::get($p['id']); $o->question = $p['q']; $o->answer = $p['a']; $o->creator = $session->id; $o->time_created = sql_datetime(time()); $o->store(); js_redirect('a/faq'); }
/** * @return message id */ public static function send($to, $msg, $type = PRIV_MSG) { $session = SessionHandler::getInstance(); $m = new Message(); $m->to = $to; $m->from = $session->id; $m->body = $msg; $m->type = $type; $m->time_sent = sql_datetime(time()); return $m->store(); }
public static function init($room_id, $div_name, $form_id) { $header = XhtmlHeader::getInstance(); $header->includeJs('http://yui.yahooapis.com/3.4.1/build/yui/yui-min.js'); $session = SessionHandler::getInstance(); $interval = 1000 * parse_duration('1s'); // milliseconds $locale = 'sv-SE'; $header->registerJsFunction('function scroll_to_bottom(div)' . '{' . 'var elm = get_el(div);' . 'try {' . 'elm.scrollTop = elm.scrollHeight;' . '} catch(e) {' . 'var f = document.createElement("input");' . 'if (f.setAttribute) f.setAttribute("type","text");' . 'if (elm.appendChild) elm.appendChild(f);' . 'f.style.width = "0px";' . 'f.style.height = "0px";' . 'if (f.focus) f.focus();' . 'if (elm.removeChild) elm.removeChild(f);' . '}' . '}'); $header->embedJs('YUI({lang:"' . $locale . '"}).use("io-form","node","json-parse","datatype-date", function(Y)' . '{' . 'Y.on("load", function() {' . 'Init();' . '});' . 'function Init(ts)' . '{' . 'var latest;' . 'if (typeof ts === "undefined") {' . 'var uri = "/u/chatroom/update/" + ' . $room_id . ';' . '} else {' . 'var uri = "/u/chatroom/update/" + ' . $room_id . ' + "?ts=" + ts;' . '}' . 'function complete(id, o)' . '{' . 'var data = o.responseText;' . 'var node = Y.one("#' . $div_name . '");' . 'try {' . 'var data = Y.JSON.parse(data);' . '} catch (e) {' . 'console.log("invalid data from " + uri);' . 'return;' . '}' . 'if (typeof ts === "undefined")' . 'node.setContent("");' . 'for (var i = data.length-1; i >= 0; --i) {' . 'var p = data[i];' . 'if ((typeof ts === "undefined") || p.from != ' . $session->id . ')' . 'msg_render(p,node);' . '}' . 'if (data.length)' . 'scroll_to_bottom("' . $div_name . '");' . 'latest = data[0] ? data[0].ts : ts;' . 'setTimeout(Init,' . $interval . ',latest);' . '};' . 'Y.once("io:complete",complete,Y);' . 'var request = Y.io(uri);' . '}' . 'Y.one("#' . $form_id . '").on("submit", function(e)' . '{' . 'e.preventDefault();' . 'e.stopPropagation();' . 'frm = get_el( this.get("id") );' . 'if (!frm.msg.value)' . 'return false;' . 'var uri = "/u/chatroom/send/" + ' . $room_id . ' + "?m=" + frm.msg.value;' . 'var request = Y.io(uri);' . 'var node = Y.one("#' . $div_name . '");' . 'var p = {' . '"name":"' . $session->username . '",' . '"from":' . $session->id . ',' . '"msg":frm.msg.value,' . '"ts":new Date().getTime()/1000' . '};' . 'msg_render(p,node);' . 'scroll_to_bottom("' . $div_name . '");' . 'frm.msg.value = "";' . 'return false;' . '});' . 'function msg_render(p,node)' . '{' . 'var d = new Date(p.ts*1000);' . 'var today = new Date( new Date().getFullYear(), new Date().getMonth(), new Date().getDate(),0,0,0);' . 'node.append("[");' . 'if (d >= today) {' . 'node.append( Y.DataType.Date.format(d, {format:"%H:%M"}) );' . '} else {' . 'node.append( Y.DataType.Date.format(d, {format:"%a %d %b %H:%M"}) );' . '}' . 'node.append("] ");' . 'var who = Y.Node.create("<span class=\\"yui3-hastooltip\\" id=\\"tt_usr_"+p.from+"\\">"+p.name+"</span>");' . 'who.addClass("yui3-hastooltip");' . 'node.append(who);' . 'node.append(": "+p.msg+"<br/>");' . '}' . '});'); }
function loginHandler($p) { $session = SessionHandler::getInstance(); if ($session->id) { dp('HACK user ' . $session->name . ' (' . $session->id . ') tried to login user ' . $p['usr']); return false; } if ($session->login($p['usr'], $p['pwd'])) { $session->showStartPage(); } return true; }
function createHandler($p) { $session = SessionHandler::getInstance(); $o = new BlogEntry(); $o->owner = $session->id; $o->subject = trim($p['subject']); $o->body = trim($p['body']); $o->time_created = sql_datetime(time()); $o->time_published = sql_datetime(time()); $o->id = $o->store(); js_redirect('a/blogs/overview'); }
/** * Creates a new token for specified $name * @return newly created token */ public static function generate($owner, $name) { $session = SessionHandler::getInstance(); do { $val = sha1('pOwplopw' . $session->id . mt_rand() . $session->name . 'LAZER!!'); if (!Setting::getOwner(TOKEN, $name, $val)) { break; } } while (1); Setting::set(TOKEN, $owner, $name, $val); return $val; }
/** * @return array of User objects for all users online */ public static function getUsersOnline($filter = '') { $session = SessionHandler::getInstance(); $db = SqlHandler::getInstance(); $q = 'SELECT * FROM ' . self::$tbl_name . ' WHERE time_deleted IS NULL'; if ($filter) { $q .= ' AND userName LIKE "%' . $db->escape($filter) . '%"'; } $q .= ' AND time_last_active >= DATE_SUB(NOW(),INTERVAL ' . $session->online_timeout . ' SECOND)' . ' ORDER BY time_last_active DESC'; $list = $db->getArray($q); return SqlObject::loadObjects($list, 'User'); }
public static function add($type, $reference = 0, $data = '') { $session = SessionHandler::getInstance(); $c = new ModerationObject(); $c->type = $type; $c->owner = $session->id; $c->time_created = sql_datetime(time()); $c->data = $data; $c->reference = $reference; $c->id = $c->store(); return $c->id; }
public static function render($name) { $wiki = self::getByName($name); $session = SessionHandler::getInstance(); if (empty($wiki->text)) { $res = t('The wiki') . ' "' . $name . '" ' . t('does not yet exist') . '!<br/>'; if ($session->isWebmaster) { $res .= ahref('u/wiki/edit/' . $name, 'Create') . '<br/>'; } return $res; } return self::renderText($wiki->text); }
function editHandler($p) { $o = new ChatRoom(); $o->id = $p['roomid']; $o->name = trim($p['name']); if ($p['locked']) { $session = SessionHandler::getInstance(); $o->locked_by = $session->id; $o->time_locked = sql_datetime(time()); } $o->store(); js_redirect('a/chatroom/list'); }
/** Votes for a poll */ static function addVote($type, $id, $value) { $session = SessionHandler::getInstance(); if (!$session->id) { return false; } if (self::hasAnswered($type, $id)) { return false; } $q = 'INSERT INTO ' . self::$tbl_name . ' SET type = ?, owner = ?, userId = ?, value = ?, timestamp = NOW()'; Sql::pInsert($q, 'iiii', $type, $id, $session->id, $value); return true; }
function fbHandler($p) { $session = SessionHandler::getInstance(); $o = new Feedback(); $o->type = USER; $o->subject = $p['subj']; $o->body = $p['body']; $o->from = $session->id; $o->time_created = sql_datetime(time()); $o->store(); js_redirect(''); // jump to start page }
function gbHandler($p) { $session = SessionHandler::getInstance(); if ($session->id == $p['to']) { return false; } $gb = new Guestbook(); $gb->owner = $p['to']; $gb->creator = $session->id; $gb->time_created = sql_datetime(time()); $gb->body = $p['body']; $gb->store(); return true; }
function __construct($handler = 'php', $params = array()) { if (\GCore\C::get('GSITE_PLATFORM') == '') { $this->_initialize(); $this->_setParams($params); $this->_setCookies(); $handler = !empty($handler) ? $handler : Base::getConfig('session_handler', 'php'); $params = !empty($params) ? $params : array('lifetime' => Base::getConfig('session_lifetime', 15)); //load handler $this->_handler = SessionHandler::getInstance($handler, $params); } $this->_start(); $this->_data =& $_SESSION; if (\GCore\C::get('GSITE_PLATFORM') == '') { $this->_sync(); $this->_validate(); } }
function handleSubmit($p) { $session = SessionHandler::getInstance(); $error = ErrorHandler::getInstance(); if (empty($p['comment'])) { return false; } if (!$session->id) { $error->add('Unauthorized submit'); return false; } $c = new Comment(); $c->type = $p['type']; $c->msg = $p['comment']; $c->private = 0; $c->time_created = sql_datetime(time()); $c->owner = $p['owner']; $c->creator = $session->id; $c->creator_ip = client_ip(); $c->store(); redir($_SERVER['REQUEST_URI']); }
public function render() { //available variables in the scope of the view if (class_exists('\\cd\\ErrorHandler')) { $error = ErrorHandler::getInstance(); } if (class_exists('\\cd\\SessionHandler')) { $session = SessionHandler::getInstance(); } if (class_exists('\\cd\\SqlHandler')) { $db = SqlHandler::getInstance(); } if (class_exists('\\cd\\XhtmlHeader')) { $header = XhtmlHeader::getInstance(); } if (class_exists('\\cd\\XmlDocumentHandler')) { $page = XmlDocumentHandler::getInstance(); } if (class_exists('\\cd\\LocaleHandler')) { $locale = LocaleHandler::getInstance(); } if (class_exists('\\cd\\TempStore')) { $temp = TempStore::getInstance(); } // make reference to calling object available in the namespace of the view $caller = $this->caller; $file = $page->getCoreDevPath() . $this->template; if (!file_exists($file)) { // if not built in view, look in app dir $file = $this->template; if (!file_exists($file)) { throw new \Exception('cannot find ' . $this->template); } } ob_start(); require $file; return ob_get_clean(); }
function editWikiSubmit($p) { if (!isset($p['wiki_name'])) { return false; } $session = SessionHandler::getInstance(); $text = trim($p['text']); $name = normalizeString($p['wiki_name'], array("\t")); $wiki = Wiki::getByName($name); // abort if we are trying to save a exact copy as the last one if ($wiki->text == $text) { return false; } if ($wiki->id) { $rev = new Revision(); $rev->type = WIKI; $rev->owner = $wiki->id; $rev->value = $wiki->text; $rev->time_created = $wiki->time_edited; $rev->created_by = $wiki->edited_by; $rev->event = EVENT_TEXT_CHANGED; $rev->id = $rev->store(); $wiki->text = $p['text']; $wiki->edited_by = $session->id; $wiki->time_edited = sql_datetime(time()); $wiki->revision++; $wiki->store(); redir('u/wiki/show/' . $wiki->name); } $wiki->name = $name; $wiki->text = $p['text']; $wiki->edited_by = $session->id; $wiki->time_edited = sql_datetime(time()); $wiki->store(); redir('u/wiki/show/' . $wiki->name); }
/** * Sets a new password for the user * * @param $id user id * @param $pwd password to set * @param $algo hash algorithm to use */ public static function setPassword($id, $pwd, $algo = 'sha512') { $u = User::get($id); if (!$u) { throw new \Exception('wat'); } $session = SessionHandler::getInstance(); $u->password = Password::encrypt($id, $session->getEncryptKey(), $pwd, $algo); $u->store(); }
/** * @param $key array from a $_FILES entry * @param $blind dont verify if is_uploaded_file(), useful when importing files from other means than HTTP uploads * @return file id */ public static function import($type, &$key, $category = 0, $blind = false) { // ignore empty file uploads if (!$key['name']) { return false; } if (!$blind && !is_uploaded_file($key['tmp_name'])) { throw new \Exception('Upload failed for file ' . $key['name']); //$error->add('Upload failed for file '.$key['name'] ); //return; } $session = SessionHandler::getInstance(); $file = new File(); $file->type = $type; $file->uploader = $session->id; $file->uploader_ip = client_ip(); $file->size = $key['size']; $file->name = $key['name']; $file->mimetype = $key['type']; $file->category = $category; $file->time_uploaded = sql_datetime(time()); $file->id = $file->store(); if (!$file->id) { return false; } $dst_file = self::getUploadPath($file->id); if ($blind) { // UGLY HACK using "@": currently gives a E_WARNING: "Operation not permitted" error, // even though the rename suceeds??? if (!@rename($key['tmp_name'], $dst_file)) { throw new \Exception('rename failed'); } } elseif (!move_uploaded_file($key['tmp_name'], $dst_file)) { throw new \Exception('Failed to move file from ' . $key['tmp_name'] . ' to ' . $dst_file); } chmod($dst_file, 0777); $key['name'] = $dst_file; $key['file_id'] = $file->id; return $file->id; }
/** * Creates a instance of requested controller and invokes requested method on that controller */ public function route() { $page = XmlDocumentHandler::getInstance(); $error = ErrorHandler::getInstance(); // automatically resumes session unless it is blacklisted if (class_exists('\\cd\\SessionHandler') && !in_array($this->_controller, $this->exclude_session)) { $session = SessionHandler::getInstance(); if ($session->getName()) { $session->start(); } } switch ($this->_controller) { case 'a': $file = $page->getCoreDevPath() . 'views/admin/' . $this->_view . '.php'; break; case 'u': $file = $page->getCoreDevPath() . 'views/user/' . $this->_view . '.php'; break; case 'c': $file = $page->getCoreDevPath() . 'views/core/' . $this->_view . '.php'; break; case 't': $file = $page->getCoreDevPath() . 'views/tools/' . $this->_view . '.php'; break; default: $file = 'views/' . $this->_controller . '.php'; } if (!file_exists($file)) { $file = 'views/error/404.php'; } // expose request params for the view $view = new ViewModel($file); // XXX BUG: naming should be set correctly according to the hierarchy of the url, in reverse, // like: views/user/upload.php takes album/id parameters // so then in upload.php, "album" should be in the view param, and id in the owner param // -- now "album" is in owner, and "id" in child $view->view = $this->_view; $view->owner = $this->_owner; $view->child = $this->_child; $view->child2 = $this->_child2; $view->child3 = $this->_child3; $page->attach($view); // this must be done last, so that errors that was created during the view render can be displayed if ($error->getErrorCount()) { $page->attach($error); } }
function handleEditStatus($p) { $session = SessionHandler::getInstance(); if (!$session->id) { return; } PersonalStatus::setStatus($session->id, $p['status']); js_redirect('u/profile'); }
function handleNew($p) { $session = SessionHandler::getInstance(); $o = new PhotoAlbum(); $o->owner = $session->id; $o->name = $p['name']; $o->time_created = sql_datetime(time()); if ($session->isSuperAdmin && $p['system']) { $o->owner = 0; } // create a system wide album $o->id = $o->store(); js_redirect('u/album/show/' . $session->id . '/' . $o->id); }
static function create($name, $level) { $session = SessionHandler::getInstance(); $creator_id = $session->id ? $session->id : 0; $q = 'INSERT INTO tblUserGroups SET createdBy = ?, timeCreated = NOW(), name = ?, level = ?'; return Sql::pInsert($q, 'isi', $creator_id, $name, $level); }
/** * Adds a task to the Task Queue * * @param $_type type of task * @param $param * @param $param2 * @return process event id */ static function addTask($type, $param, $param2 = '') { if (!is_numeric($type)) { return false; } $db = SqlHandler::getInstance(); $session = SessionHandler::getInstance(); switch ($type) { case TASK_FETCH: // downloads media files; enqueue url for download and processing // $param = url $q = 'INSERT INTO tblTaskQueue SET timeCreated = NOW(), creatorId = ?, orderType = ?, referId = ?, orderStatus = ?, orderParams = ?'; return $db->pInsert($q, 'iiiis', $session->id, $type, 0, ORDER_NEW, $param); case TASK_UPLOAD: // handle HTTP post file upload. is not enqueued // $param is the $_FILES[idx] array $exec_time = 0; // XXXX FIXME measure // THE UPLOAD IS ALREADY PROCESSED BY XhtmlForm upload handler $fileId = $param['file_id']; $q = 'INSERT INTO tblTaskQueue SET timeCreated = NOW(), creatorId = ?, orderType = ?, referId = ?, orderStatus = ?, orderParams = ?, timeExec = ?, timeCompleted = NOW()'; return $db->pInsert($q, 'iiiiss', $session->id, $type, $fileId, ORDER_COMPLETED, serialize($param), $exec_time); /* case PROCESSQUEUE_AUDIO_RECODE: case PROCESSQUEUE_IMAGE_RECODE: case PROCESSQUEUE_VIDEO_RECODE: //enque file for recoding. // $param = fileId // $param2 = destination format (by extension) if (!is_numeric($param)) die; $q = 'INSERT INTO tblTaskQueue SET timeCreated=NOW(),creatorId='.$session->id.',orderType='.$_type.',referId='.$param.',orderStatus='.ORDER_NEW.',orderParams="'.$db->escape($param2).'"'; return $db->insert($q); case PROCESS_CONVERT_TO_DEFAULT: if (!is_numeric($param)) return false; //convert some media to the default media type, can be used to enqueue a conversion of a PROCESSFETCH before the server //has fetched it & cant know the media type // $param = eventId we refer to. from this we can extract the future fileId to process // $param2 = array of additional parameters: // 'callback' = callback URL on process completion (optional) // 'watermark' = URL for watermark file (optional) $q = 'INSERT INTO tblTaskQueue SET timeCreated=NOW(),creatorId='.$session->id.',orderType='.$_type.',referId='.$param.',orderStatus='.ORDER_NEW.',orderParams="'.$db->escape(serialize($param2)).'"'; return $db->insert($q); case PROCESS_PARSE_AND_FETCH: //parse this resource for further media resources and fetches them // $param = fileId // use to process a uploaded .torrent file & download it's content // or to process a webpage and extract video files from it (including youtube) and download them to the server die('not implemented PROCESS_PARSE_AND_FETCH'); break; */ /* case PROCESSQUEUE_AUDIO_RECODE: case PROCESSQUEUE_IMAGE_RECODE: case PROCESSQUEUE_VIDEO_RECODE: //enque file for recoding. // $param = fileId // $param2 = destination format (by extension) if (!is_numeric($param)) die; $q = 'INSERT INTO tblTaskQueue SET timeCreated=NOW(),creatorId='.$session->id.',orderType='.$_type.',referId='.$param.',orderStatus='.ORDER_NEW.',orderParams="'.$db->escape($param2).'"'; return $db->insert($q); case PROCESS_CONVERT_TO_DEFAULT: if (!is_numeric($param)) return false; //convert some media to the default media type, can be used to enqueue a conversion of a PROCESSFETCH before the server //has fetched it & cant know the media type // $param = eventId we refer to. from this we can extract the future fileId to process // $param2 = array of additional parameters: // 'callback' = callback URL on process completion (optional) // 'watermark' = URL for watermark file (optional) $q = 'INSERT INTO tblTaskQueue SET timeCreated=NOW(),creatorId='.$session->id.',orderType='.$_type.',referId='.$param.',orderStatus='.ORDER_NEW.',orderParams="'.$db->escape(serialize($param2)).'"'; return $db->insert($q); case PROCESS_PARSE_AND_FETCH: //parse this resource for further media resources and fetches them // $param = fileId // use to process a uploaded .torrent file & download it's content // or to process a webpage and extract video files from it (including youtube) and download them to the server die('not implemented PROCESS_PARSE_AND_FETCH'); break; */ default: die('unknown processqueue type'); return false; } }
/** * Used by SessionHandler::login() and others */ public static function getExact($type, $id, $name, $pwd) { $q = 'SELECT * FROM tblUsers' . ' WHERE id = ? AND name = ? AND type = ? AND time_deleted IS NULL'; $obj = Sql::pSelectRowToObject(__CLASS__, array($q, 'isi', $id, $name, $type)); if (!$obj) { return false; } $x = explode(':', $obj->password); if (count($x) == 2) { $algo = $x[0]; $pwd2 = $x[1]; } else { // auto fallback to old default (sha1) $algo = 'sha1'; $pwd2 = $obj->password; } $session = SessionHandler::getInstance(); $expected = $algo . ":" . $pwd2; if (Password::encrypt($id, $session->getEncryptKey(), $pwd, $algo) != $expected) { return false; } return $obj; }
public static function deleteByOwner($type, $owner) { $session = SessionHandler::getInstance(); $q = 'UPDATE ' . self::$tbl_name . ' SET deleted_by = ?, time_deleted = NOW()' . ' WHERE type = ? AND owner = ?'; Sql::pUpdate($q, 'iii', $session->id, $type, $owner); }