function au_parse_pagination($query, $only_offset = false, $position = 1, $items_per_page = 10, $rowCount)
{
// We need a number for both the $page as the $items_per_page
if (!(is_numeric($position) and is_numeric($items_per_page))) {
return false;
}
// Now let's calculate our offset, that is the number of the previous page times the $items_per_page
if (!$only_offset) {
$offset = ($position - 1) * $items_per_page;
} else {
$offset = $position;
}
// Our query cannot end in ";", so if it does, we need to remove that
$query = trim($query, ";");
// It's time to re-run the query, with offset this time
$paged = au_query($query . " LIMIT " . $offset . ", " . $items_per_page . ";");
// Determine the modifier for the next and previous positions
if ($only_offset) {
$modifier = $items_per_page;
} else {
$modifier = 1;
}
// Return an array with in it the next offset, previous offset and of course the paged database object
return array("unpaged_count" => $rowCount, "paged" => $paged, "next_position" => $position + $modifier, "previous_position" => $position - $modifier);
}
function au_login()
{
global $aulis;
// Error messages!
$errormsg = array();
// Are we currently attempting to login?
if (isset($_POST['au_login'])) {
// Did we provide our username?
if (empty($_POST['au_username'])) {
$errormsg[] = LOGIN_NO_USERNAME;
}
// What about our password?
if (empty($_POST['au_password'])) {
$errormsg[] = LOGIN_NO_PASSWORD;
}
// Create variables that are easier to type
$login['username'] = $_POST['au_username'];
$login['password'] = $_POST['au_password'];
// Usernames don't contain HTML
if ($login['username'] != htmlspecialchars($login['username'], ENT_NOQUOTES, 'UTF-8', false)) {
$errormsg[] = LOGIN_USERNAME_NO_HTML;
}
// We don't want to mess up the database
$login['username'] = mysqli_real_escape_string($aulis['connection'], $login['username']);
// Hash the password
$login['password'] = au_hash($login['password']);
// Okay. Now check if the database has any record of the user
$result = au_query("\n\t\t\tSELECT user_id, user_username, user_password\n\t\t\t\tFROM users\n\t\t\t\tWHERE user_username = '******'username'] . "'\n\t\t");
// This is only run if the user exists
foreach ($result as $userlogin) {
// Get the user id
$userid = $userlogin['user_id'];
// Does the password match?
if ($userlogin['user_password'] == $login['password']) {
$correctpass = true;
} else {
$errormsg[] = LOGIN_PASSWORD_FAIL;
}
}
// Can we login?
if (!empty($correctpass)) {
// The user agent
$login['user_agent'] = mysqli_real_escape_string($aulis['connection'], $_SERVER['HTTP_USER_AGENT']);
// The IP address
$login['user_ip'] = addslashes($_SERVER['REMOTE_ADDR']);
// How long should we keep the session active?
$sessionlength = !empty($_POST['au_forever']) ? '0' : '60';
// Set the session
$_SESSION[$setting['session_name']] = array('user' => $userid, 'agent' => $login['user_agent'], 'ip' => $login['user_ip'], 'sessionlength' => $sessionlength);
// Show a nice information page
template_info('login_success', 'login_success_title', 'user_green.png', $basefilenq, 'login_link');
}
}
// This array is used in the login template
$logindata = array('errors' => empty($_POST['au_login']) ? 0 : 1, 'error_message' => $errormsg, 'username' => !empty($login['username']) ? $login['username'] : '');
// Okay, load this app's template
au_load_template('login', false);
// Show the registration template
au_template_login(!empty($login_complete) ? true : false);
}
function au_get_user_by_name($user_name)
{
// Empty username's are NOT allowed
if (empty($user_name)) {
return false;
}
// Get the user
$user = au_query("SELECT * FROM users WHERE user_username = "******" LIMIT 1;");
// If this potential user exists, it's all right, return it
if ($user->rowCount() === 1) {
return $user;
} else {
return false;
}
}
function au_set_setting($setting, $value)
{
global $aulis;
// Try to get the setting, if it isn't possible, we can't change it, can we?
if (!($obtained_setting = au_query("SELECT * FROM settings WHERE setting_name = " . au_db_quote("setting") . ";"))) {
return false;
}
// Let's check if there is a setting to return.
if ($obtained_setting->rowCount === 0) {
return false;
}
// Well, now we know that the setting exist, so we can change it now.
return au_query("UPDATE settings SET setting_value = " . au_db_quote($value) . " WHERE setting_name = " . au_db_quote($setting) . ";");
// Let's return the value, we have to be fair, if it's empty, an empty string should be returned, no booleans
return $value;
}
function au_register()
{
global $aulis, $setting, $language;
// We might need this later
$errormsg = array();
$register = array();
// Ok, so are we currently attempting to add a new account to the database?
if (!empty($_POST['aulis_register'])) {
// Let's check if we've filled out the entire form
$reg_fields = array('username', 'password', 'password2', 'email', 'month', 'day', 'year');
// Have they?
foreach ($reg_fields as $impfield) {
// It's empty...
if (empty($_POST['aulis_' . $impfield])) {
// The error message
$errormsg[] = constant('REGISTER_PLEASE_NO_BLANK_' . ($impfield == 'month' || $impfield == 'day' || $impfield == 'year' ? 'BIRTHDATE' : strtoupper($impfield)));
// We don't want to continue
$fail = true;
} else {
// But first, make sure we don't screw up the database
$_POST['aulis_' . $impfield] = au_db_escape($_POST['aulis_' . $impfield]);
// And now let's do what we came here to do
$register[$impfield] = $_POST['aulis_' . $impfield];
}
}
// Continue if we didn't mess up
if (empty($fail)) {
// The username shouldn't be too long
if (strlen($register['username']) > 16) {
$errormsg[] = REGISTER_USERNAME_TOO_LONG;
} elseif (strlen($register['username']) < 5) {
$errormsg[] = REGISTER_USERNAME_TOO_SHORT;
}
// Does it contain HTML?
if ($register['username'] != htmlspecialchars($register['username'], ENT_NOQUOTES, 'UTF-8', false)) {
$errormsg[] = REGISTER_USERNAME_NO_HTML;
}
// Check the password length
if (strlen($register['password']) > 16) {
$errormsg[] = REGISTER_PASSWORD_TOO_LONG;
} elseif (strlen($register['password']) < 5) {
$errormsg[] = REGISTER_PASSWORD_TOO_SHORT;
}
// Does it contain both letters and numbers? Thanks to Mohammad Naji (Stackoverflow)
if (!preg_match('/[A-Z]+[a-z]+[0-9]+/', $register['password'])) {
$errormsg[] = REGISTER_PASSWORD_WEAK;
}
// Is the password the same as the username?
if ($register['username'] == $register['password']) {
$errormsg[] = REGISTER_PASSWORD_NO_USERNAME;
}
// Do the passwords match?
if (!$register['password'] == $register['password2']) {
$errormsg[] = REGISTER_PASSWORD_NO_MATCH;
}
// Let's proceed with the email.
if (!filter_var($register['email'], FILTER_VALIDATE_EMAIL)) {
$errormsg[] = REGISTER_EMAIL_INVALID;
}
// Okay, so now let's check the day of birth
if (!is_numeric($register['day'])) {
$errormsg[] = REGISTER_BIRTHDATE_DAY_NOT_NUMERIC;
}
// The month should also be numeric
if (!is_numeric($register['month'])) {
$errormsg[] = REGISTER_BIRTHDATE_MONTH_NOT_NUMERIC;
}
// And the year?
if (!is_numeric($register['year'])) {
$errormsg[] = REGISTER_BIRTHDATE_YEAR_NOT_NUMERIC;
}
// Okay, so can the user actually be born on this date?
$months = array(1 => 31, 2 => 29, 3 => 31, 4 => 30, 5 => 31, 6 => 30, 7 => 31, 8 => 31, 9 => 30, 10 => 31, 11 => 30, 12 => 31);
// Please tell me we didn't somehow mess up the month
if ($register['month'] > 12 || $register['month'] < 1) {
$errormsg[] = REGISTER_BIRTHDATE_WRONG;
} elseif ($register['day'] > $months[$register['month']]) {
$errormsg[] = REGISTER_BIRTHDATE_WRONG;
}
// It should at least be on the first day of the specified month
if ($register['day'] < 1) {
$errormsg[] = REGISTER_BIRTHDATE_WRONG;
}
// Validate the age
if (date("Y") - $register['year'] > 100) {
$errormsg[] = REGISTER_CONFIRM_AGE;
} elseif (date("Y") - $register['year'] < $setting['minimum_age']) {
$errormsg[] = REGISTER_TOO_YOUNG;
}
// Registration questions!
if (!$setting['security_questions'] == 0) {
// Start with 0 questions
$questions = 0;
// Get all the questions from the database
$result = au_query("\n\t\t\t\t\tSELECT *\n\t\t\t\t\t\tFROM questions\n\t\t\t\t", true);
// Now check them
foreach ($result as $question) {
// Was it in the form?
if (!empty($_POST['aulis_squestion_' . $question['question_id']])) {
// Convert the answer to lowercase
$_POST['aulis_squestion_' . $question['question_id']] = strtolower($_POST['aulis_squestion_' . $question['question_id']]);
// Wrong answer.
if (!$_POST['aulis_squestion_' . $question['question_id']] == $question['question_answer1'] && !$_POST['aulis_squestion_' . $question['question_id']] == $question['question_answer2']) {
$errormsg[] = REGISTER_QUESTION_WRONG . $question['question_title'];
}
// Increase the number of questions that have been answered, but only if it's the right language
if ($question['question_language'] == 'English' || $question['question_language'] == $setting['lang_current']) {
$questions + 1;
}
} else {
$errormsg[] = REGISTER_QUESTION_FRAUD;
}
}
// So do we have all of them?
if ($questions < $setting['security_questions']) {
// Apparently not. How many questions SHOULD it have shown?
$number_questions = 0;
// Let's find out
foreach ($result as $question) {
if ($question['question_language'] == $setting['lang_current']) {
$number_questions + 1;
}
}
// Is there a reason for us to fall back to English questions?
if ($number_questions < $setting['security_questions'] && $setting['lang_current'] != 'English') {
// So how many ENGLISH questions are there
$result = au_query("\n\t\t\t\t\t\t\tSELECT *\n\t\t\t\t\t\t\t\tFROM questions\n\t\t\t\t\t\t\t\tWHERE question_language = 'English'\n\t\t\t\t\t\t");
// Let's count
foreach ($result as $anotherquestion) {
$number_questions + 1;
}
}
// Okay, so do we have enough now?
if (!$questions == $number_questions) {
$errormsg[] = REGISTER_QUESTION_FRAUD;
}
}
}
// Do we already have a user registered with the same name?
$result = au_query("\n\t\t\t\tSELECT user_id, user_username\n\t\t\t\t\tFROM users\n\t\t\t\t\tWHERE user_username = '******'username'] . "'\n\t\t\t", true);
// Let's check.
foreach ($result as $foundusername) {
$errormsg[] = REGISTER_USERNAME_UNAVAILABLE;
}
// What about the email?
$result2 = au_query("\n\t\t\t\tSELECT user_id, user_email\n\t\t\t\t\tFROM users\n\t\t\t\t\tWHERE user_email = '" . $register['email'] . "'\n\t\t\t", true);
// Let's check again
foreach ($result2 as $foundemail) {
$errormsg[] = REGISTER_EMAIL_IN_USE;
}
// Generate a random activation code
$characters = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
// Start with an empty code
$register['activation_code'] = '';
// Now let's walk through the characters we want to use
for ($chars = 0; $chars < 15; $chars++) {
$register['activation_code'] .= $characters[rand(0, 61)];
}
// Okay, somehow we still haven't messed up. Let's proceed with the registration process
if (empty($errormsg)) {
// Hash the password
$register['password'] = au_hash_password($register['password'], $register['username'], $register['activation_code']);
// Create a joint birthdate string
$register['birthdate'] = $register['month'] . '/' . $register['day'] . '/' . $register['year'];
// What's the date?
$register['regdate'] = date("n/j/Y");
// Are we using email verification?
if ($setting['email_activation'] == 1) {
$register['activated'] = 0;
} else {
$register['activated'] = 1;
}
// Exiting times. Let's add the account to the database.
$result = au_query("\n\t\t\t\t\tINSERT INTO users (user_username, user_password, user_email, user_birthdate, user_regdate, user_ip, user_language, user_theme, user_activated, user_actcode)\n\t\t\t\t\tVALUES (\n\t\t\t\t\t\t'" . $register['username'] . "',\n\t\t\t\t\t\t'" . $register['password'] . "',\n\t\t\t\t\t\t'" . $register['email'] . "',\n\t\t\t\t\t\t'" . $register['birthdate'] . "',\n\t\t\t\t\t\t'" . $register['regdate'] . "',\n\t\t\t\t\t\t'" . $_SERVER['REMOTE_ADDR'] . "',\n\t\t\t\t\t\t'" . $setting['lang_current'] . "',\n\t\t\t\t\t\t'" . $setting['theme'] . "',\n\t\t\t\t\t\t'" . $register['activated'] . "',\n\t\t\t\t\t\t'" . $register['activation_code'] . "'\n\t\t\t\t\t)\n\t\t\t\t");
// Did it work?
if (!$result == true) {
$errormsg[] = REGISTRATION_FAILED;
}
// Send an activation email
if ($setting['email_activation'] == 1) {
// Get the email app
include $setting['dir_apps'] . '/Email.app.php';
// Send it
$result = au_activation_mail($register['activation_code'], $register['username'], $register['email']);
// Did it actually work?
if (!$result) {
$errormsg[] = REGISTER_FAIL_MAIL;
}
}
// We've just registered our account. Let's show a 'Thank you!'-message
if (empty($errormsg)) {
$registration_complete = true;
}
}
}
}
// This array is used in the template, and determines what should be shown, i.e. if there are any errors, what fields have already been filled in, etc.
$reg_data = array('errors' => empty($_POST['aulis_register']) ? 0 : 1, 'error_message' => $errormsg, 'username' => !empty($register['username']) ? $register['username'] : '', 'email' => !empty($register['email']) ? $register['email'] : '', 'birthdate_year' => !empty($register['year']) ? $register['year'] : '', 'birthdate_month' => !empty($register['month']) ? $register['month'] : '', 'birthdate_day' => !empty($register['day']) ? $register['day'] : '', 'questions' => array());
// Do we have any registration questions set?
if (!$setting['security_questions'] == 0) {
// Okay, so what we're going to do now is pretty simple. We're just going to load the questions from the database, and the template deals with showing them.
$result = au_query("\n\t\t\tSELECT *\n\t\t\t\tFROM questions\n\t\t\t\tWHERE question_language = '" . $setting['lang_current'] . "'\n\t\t\t\tORDER BY RAND()\n\t\t\t\tLIMIT " . $setting['security_questions'] . "\n\t\t", true);
$questions = 0;
// Walk through each of them
foreach ($result as $question) {
// Add it to the array
$reg_data['questions'][] = $question;
// Increase the number of questions
$questions + 1;
}
// Do we have enough questions? It's possible this language doesn't have too many, but maybe English does
if (!$questions == $setting['security_questions'] && !$setting['lang_current'] == 'English') {
// How many are we missing?
$missing = $questions['security_questions'] - $questions;
// Now get those questions from the ENGLISH list
$result = au_query("\n\t\t\t\tSELECT *\n\t\t\t\t\tFROM questions\n\t\t\t\t\tWHERE question_language = 'English'\n\t\t\t\t\tORDER BY RAND()\n\t\t\t\t\tLIMIT " . $missing . "\n\t\t\t", true);
// Add these to the template as well. This time we don't need to increase the number of questions.
foreach ($result as $question) {
$reg_data['questions'][] = $question;
}
}
}
// Okay, load this app's template
au_load_template('Register', false);
// Show the registration template
au_template_register($reg_data, !empty($registration_complete) ? true : false);
}
function au_get_blog_categories()
{
return au_query("SELECT * FROM blog_categories ORDER BY category_order ASC;");
}
function au_get_max_blog_offset($parameters)
{
// This will be a very simple query
$plain_request = au_query("SELECT COUNT(entry_id) AS count FROM blog_entries AS entries WHERE {$parameters};");
$plain_request_object = $plain_request->fetchObject();
// We are going to do this by returing both the rowCount() and the max_offset, in an array
$return = array();
$return['row_count'] = $plain_request_object->count;
// If the module of blog_count and entries per page not is 0, we need to substract that instead
if ($plain_request->rowCount() % THEME_BLOG_ENTRIES_PER_PAGE != 0) {
$return['max_offset'] = $return['row_count'] - $return['row_count'] % THEME_BLOG_ENTRIES_PER_PAGE;
} else {
if ($return['row_count'] < THEME_BLOG_ENTRIES_PER_PAGE) {
$return['max_offset'] = 0;
} else {
$return['max_offset'] = $return['row_count'] - THEME_BLOG_ENTRIES_PER_PAGE;
}
}
return $return;
}
function au_get_cores()
{
// We hereby fetch all core information from the database
return au_query("SELECT * FROM core;");
}
function au_query($original_sql, $force_no_cache = false, $force_no_count = false)
{
global $aulis, $setting;
// We like counting
if (!$force_no_count) {
$aulis['db_query_count']++;
}
// Make sure we have the right database prefix.
$search = array("FROM ", "INTO ", "UPDATE ", "JOIN ");
$replace = array("FROM " . $aulis['db_prefix'], "INTO " . $aulis["db_prefix"], "UPDATE " . $aulis["db_prefix"], "JOIN " . $aulis["db_prefix"]);
$sql = str_replace($search, $replace, $original_sql);
// Are we in debug mode? ONLY ALPHA :: NOTE: THIS WILL SEND THE HEADERS AWAY
if (DEBUG_SHOW_QUERIES) {
echo "<div class='notice bg1 cwhite'>" . $sql . "</div>";
}
// If query caching is disabled, we just need to execute the query
if ($force_no_cache or @$setting['enable_query_caching'] == 0) {
return $aulis["db"]->query($sql);
}
// If this is not a select query, it will change something, therefore the cache needs to be cleaned
if (!au_string_starts_with($sql, "SELECT")) {
au_force_clean_cache();
}
// Only select queries can be cached
if (!au_string_starts_with($sql, "SELECT")) {
return $aulis["db"]->query($sql);
}
// We need the queries hash
$hash = md5($sql);
$cache_file = au_get_path_from_root('cache/queries/' . $hash . '.cache');
$cache_folder = au_get_path_from_root('cache/queries');
$cache_time = $setting['query_caching_time'];
// If we are not writable, we have to run the query without cache
if (!is_writable($cache_folder)) {
return $aulis["db"]->query($sql);
}
// We need to see if there are any queries like these done within the query_cache_time
if (file_exists($cache_file)) {
// Our file exists... let's get its creation time
$cache_file_time = filemtime($cache_file);
// Is the file still valid?
if (time() - $cache_file_time < $cache_time and $aulis['db_query_count']--) {
return unserialize(file_get_contents($cache_file));
} else {
if (unlink($cache_file)) {
return au_query($original_sql, false, true);
}
}
} else {
// We need to execute the query, cache it and return the cached object
$execute = $aulis['db']->query($sql);
// If the rowCount is 0, we can just create an empty cached query
if ($execute->rowCount() == 0) {
$cache_query = new au_class_cached_query();
} else {
// Fetching the objects in order to cache them
$objects = array();
while ($object = $execute->fetchObject()) {
$objects[] = $object;
}
// Create the cached query
$cache_query = new au_class_cached_query($objects, $execute->rowCount());
}
// Cache the whole thing, if we cannot do that, we need to fallback
if (!file_put_contents($cache_file, serialize($cache_query))) {
return au_query($original_sql, true);
}
return $cache_query;
}
}
