function au_parse_pagination($query, $only_offset = false, $position = 1, $items_per_page = 10, $rowCount) { // We need a number for both the $page as the $items_per_page if (!(is_numeric($position) and is_numeric($items_per_page))) { return false; } // Now let's calculate our offset, that is the number of the previous page times the $items_per_page if (!$only_offset) { $offset = ($position - 1) * $items_per_page; } else { $offset = $position; } // Our query cannot end in ";", so if it does, we need to remove that $query = trim($query, ";"); // It's time to re-run the query, with offset this time $paged = au_query($query . " LIMIT " . $offset . ", " . $items_per_page . ";"); // Determine the modifier for the next and previous positions if ($only_offset) { $modifier = $items_per_page; } else { $modifier = 1; } // Return an array with in it the next offset, previous offset and of course the paged database object return array("unpaged_count" => $rowCount, "paged" => $paged, "next_position" => $position + $modifier, "previous_position" => $position - $modifier); }
function au_login() { global $aulis; // Error messages! $errormsg = array(); // Are we currently attempting to login? if (isset($_POST['au_login'])) { // Did we provide our username? if (empty($_POST['au_username'])) { $errormsg[] = LOGIN_NO_USERNAME; } // What about our password? if (empty($_POST['au_password'])) { $errormsg[] = LOGIN_NO_PASSWORD; } // Create variables that are easier to type $login['username'] = $_POST['au_username']; $login['password'] = $_POST['au_password']; // Usernames don't contain HTML if ($login['username'] != htmlspecialchars($login['username'], ENT_NOQUOTES, 'UTF-8', false)) { $errormsg[] = LOGIN_USERNAME_NO_HTML; } // We don't want to mess up the database $login['username'] = mysqli_real_escape_string($aulis['connection'], $login['username']); // Hash the password $login['password'] = au_hash($login['password']); // Okay. Now check if the database has any record of the user $result = au_query("\n\t\t\tSELECT user_id, user_username, user_password\n\t\t\t\tFROM users\n\t\t\t\tWHERE user_username = '******'username'] . "'\n\t\t"); // This is only run if the user exists foreach ($result as $userlogin) { // Get the user id $userid = $userlogin['user_id']; // Does the password match? if ($userlogin['user_password'] == $login['password']) { $correctpass = true; } else { $errormsg[] = LOGIN_PASSWORD_FAIL; } } // Can we login? if (!empty($correctpass)) { // The user agent $login['user_agent'] = mysqli_real_escape_string($aulis['connection'], $_SERVER['HTTP_USER_AGENT']); // The IP address $login['user_ip'] = addslashes($_SERVER['REMOTE_ADDR']); // How long should we keep the session active? $sessionlength = !empty($_POST['au_forever']) ? '0' : '60'; // Set the session $_SESSION[$setting['session_name']] = array('user' => $userid, 'agent' => $login['user_agent'], 'ip' => $login['user_ip'], 'sessionlength' => $sessionlength); // Show a nice information page template_info('login_success', 'login_success_title', 'user_green.png', $basefilenq, 'login_link'); } } // This array is used in the login template $logindata = array('errors' => empty($_POST['au_login']) ? 0 : 1, 'error_message' => $errormsg, 'username' => !empty($login['username']) ? $login['username'] : ''); // Okay, load this app's template au_load_template('login', false); // Show the registration template au_template_login(!empty($login_complete) ? true : false); }
function au_get_user_by_name($user_name) { // Empty username's are NOT allowed if (empty($user_name)) { return false; } // Get the user $user = au_query("SELECT * FROM users WHERE user_username = "******" LIMIT 1;"); // If this potential user exists, it's all right, return it if ($user->rowCount() === 1) { return $user; } else { return false; } }
function au_set_setting($setting, $value) { global $aulis; // Try to get the setting, if it isn't possible, we can't change it, can we? if (!($obtained_setting = au_query("SELECT * FROM settings WHERE setting_name = " . au_db_quote("setting") . ";"))) { return false; } // Let's check if there is a setting to return. if ($obtained_setting->rowCount === 0) { return false; } // Well, now we know that the setting exist, so we can change it now. return au_query("UPDATE settings SET setting_value = " . au_db_quote($value) . " WHERE setting_name = " . au_db_quote($setting) . ";"); // Let's return the value, we have to be fair, if it's empty, an empty string should be returned, no booleans return $value; }
function au_register() { global $aulis, $setting, $language; // We might need this later $errormsg = array(); $register = array(); // Ok, so are we currently attempting to add a new account to the database? if (!empty($_POST['aulis_register'])) { // Let's check if we've filled out the entire form $reg_fields = array('username', 'password', 'password2', 'email', 'month', 'day', 'year'); // Have they? foreach ($reg_fields as $impfield) { // It's empty... if (empty($_POST['aulis_' . $impfield])) { // The error message $errormsg[] = constant('REGISTER_PLEASE_NO_BLANK_' . ($impfield == 'month' || $impfield == 'day' || $impfield == 'year' ? 'BIRTHDATE' : strtoupper($impfield))); // We don't want to continue $fail = true; } else { // But first, make sure we don't screw up the database $_POST['aulis_' . $impfield] = au_db_escape($_POST['aulis_' . $impfield]); // And now let's do what we came here to do $register[$impfield] = $_POST['aulis_' . $impfield]; } } // Continue if we didn't mess up if (empty($fail)) { // The username shouldn't be too long if (strlen($register['username']) > 16) { $errormsg[] = REGISTER_USERNAME_TOO_LONG; } elseif (strlen($register['username']) < 5) { $errormsg[] = REGISTER_USERNAME_TOO_SHORT; } // Does it contain HTML? if ($register['username'] != htmlspecialchars($register['username'], ENT_NOQUOTES, 'UTF-8', false)) { $errormsg[] = REGISTER_USERNAME_NO_HTML; } // Check the password length if (strlen($register['password']) > 16) { $errormsg[] = REGISTER_PASSWORD_TOO_LONG; } elseif (strlen($register['password']) < 5) { $errormsg[] = REGISTER_PASSWORD_TOO_SHORT; } // Does it contain both letters and numbers? Thanks to Mohammad Naji (Stackoverflow) if (!preg_match('/[A-Z]+[a-z]+[0-9]+/', $register['password'])) { $errormsg[] = REGISTER_PASSWORD_WEAK; } // Is the password the same as the username? if ($register['username'] == $register['password']) { $errormsg[] = REGISTER_PASSWORD_NO_USERNAME; } // Do the passwords match? if (!$register['password'] == $register['password2']) { $errormsg[] = REGISTER_PASSWORD_NO_MATCH; } // Let's proceed with the email. if (!filter_var($register['email'], FILTER_VALIDATE_EMAIL)) { $errormsg[] = REGISTER_EMAIL_INVALID; } // Okay, so now let's check the day of birth if (!is_numeric($register['day'])) { $errormsg[] = REGISTER_BIRTHDATE_DAY_NOT_NUMERIC; } // The month should also be numeric if (!is_numeric($register['month'])) { $errormsg[] = REGISTER_BIRTHDATE_MONTH_NOT_NUMERIC; } // And the year? if (!is_numeric($register['year'])) { $errormsg[] = REGISTER_BIRTHDATE_YEAR_NOT_NUMERIC; } // Okay, so can the user actually be born on this date? $months = array(1 => 31, 2 => 29, 3 => 31, 4 => 30, 5 => 31, 6 => 30, 7 => 31, 8 => 31, 9 => 30, 10 => 31, 11 => 30, 12 => 31); // Please tell me we didn't somehow mess up the month if ($register['month'] > 12 || $register['month'] < 1) { $errormsg[] = REGISTER_BIRTHDATE_WRONG; } elseif ($register['day'] > $months[$register['month']]) { $errormsg[] = REGISTER_BIRTHDATE_WRONG; } // It should at least be on the first day of the specified month if ($register['day'] < 1) { $errormsg[] = REGISTER_BIRTHDATE_WRONG; } // Validate the age if (date("Y") - $register['year'] > 100) { $errormsg[] = REGISTER_CONFIRM_AGE; } elseif (date("Y") - $register['year'] < $setting['minimum_age']) { $errormsg[] = REGISTER_TOO_YOUNG; } // Registration questions! if (!$setting['security_questions'] == 0) { // Start with 0 questions $questions = 0; // Get all the questions from the database $result = au_query("\n\t\t\t\t\tSELECT *\n\t\t\t\t\t\tFROM questions\n\t\t\t\t", true); // Now check them foreach ($result as $question) { // Was it in the form? if (!empty($_POST['aulis_squestion_' . $question['question_id']])) { // Convert the answer to lowercase $_POST['aulis_squestion_' . $question['question_id']] = strtolower($_POST['aulis_squestion_' . $question['question_id']]); // Wrong answer. if (!$_POST['aulis_squestion_' . $question['question_id']] == $question['question_answer1'] && !$_POST['aulis_squestion_' . $question['question_id']] == $question['question_answer2']) { $errormsg[] = REGISTER_QUESTION_WRONG . $question['question_title']; } // Increase the number of questions that have been answered, but only if it's the right language if ($question['question_language'] == 'English' || $question['question_language'] == $setting['lang_current']) { $questions + 1; } } else { $errormsg[] = REGISTER_QUESTION_FRAUD; } } // So do we have all of them? if ($questions < $setting['security_questions']) { // Apparently not. How many questions SHOULD it have shown? $number_questions = 0; // Let's find out foreach ($result as $question) { if ($question['question_language'] == $setting['lang_current']) { $number_questions + 1; } } // Is there a reason for us to fall back to English questions? if ($number_questions < $setting['security_questions'] && $setting['lang_current'] != 'English') { // So how many ENGLISH questions are there $result = au_query("\n\t\t\t\t\t\t\tSELECT *\n\t\t\t\t\t\t\t\tFROM questions\n\t\t\t\t\t\t\t\tWHERE question_language = 'English'\n\t\t\t\t\t\t"); // Let's count foreach ($result as $anotherquestion) { $number_questions + 1; } } // Okay, so do we have enough now? if (!$questions == $number_questions) { $errormsg[] = REGISTER_QUESTION_FRAUD; } } } // Do we already have a user registered with the same name? $result = au_query("\n\t\t\t\tSELECT user_id, user_username\n\t\t\t\t\tFROM users\n\t\t\t\t\tWHERE user_username = '******'username'] . "'\n\t\t\t", true); // Let's check. foreach ($result as $foundusername) { $errormsg[] = REGISTER_USERNAME_UNAVAILABLE; } // What about the email? $result2 = au_query("\n\t\t\t\tSELECT user_id, user_email\n\t\t\t\t\tFROM users\n\t\t\t\t\tWHERE user_email = '" . $register['email'] . "'\n\t\t\t", true); // Let's check again foreach ($result2 as $foundemail) { $errormsg[] = REGISTER_EMAIL_IN_USE; } // Generate a random activation code $characters = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'; // Start with an empty code $register['activation_code'] = ''; // Now let's walk through the characters we want to use for ($chars = 0; $chars < 15; $chars++) { $register['activation_code'] .= $characters[rand(0, 61)]; } // Okay, somehow we still haven't messed up. Let's proceed with the registration process if (empty($errormsg)) { // Hash the password $register['password'] = au_hash_password($register['password'], $register['username'], $register['activation_code']); // Create a joint birthdate string $register['birthdate'] = $register['month'] . '/' . $register['day'] . '/' . $register['year']; // What's the date? $register['regdate'] = date("n/j/Y"); // Are we using email verification? if ($setting['email_activation'] == 1) { $register['activated'] = 0; } else { $register['activated'] = 1; } // Exiting times. Let's add the account to the database. $result = au_query("\n\t\t\t\t\tINSERT INTO users (user_username, user_password, user_email, user_birthdate, user_regdate, user_ip, user_language, user_theme, user_activated, user_actcode)\n\t\t\t\t\tVALUES (\n\t\t\t\t\t\t'" . $register['username'] . "',\n\t\t\t\t\t\t'" . $register['password'] . "',\n\t\t\t\t\t\t'" . $register['email'] . "',\n\t\t\t\t\t\t'" . $register['birthdate'] . "',\n\t\t\t\t\t\t'" . $register['regdate'] . "',\n\t\t\t\t\t\t'" . $_SERVER['REMOTE_ADDR'] . "',\n\t\t\t\t\t\t'" . $setting['lang_current'] . "',\n\t\t\t\t\t\t'" . $setting['theme'] . "',\n\t\t\t\t\t\t'" . $register['activated'] . "',\n\t\t\t\t\t\t'" . $register['activation_code'] . "'\n\t\t\t\t\t)\n\t\t\t\t"); // Did it work? if (!$result == true) { $errormsg[] = REGISTRATION_FAILED; } // Send an activation email if ($setting['email_activation'] == 1) { // Get the email app include $setting['dir_apps'] . '/Email.app.php'; // Send it $result = au_activation_mail($register['activation_code'], $register['username'], $register['email']); // Did it actually work? if (!$result) { $errormsg[] = REGISTER_FAIL_MAIL; } } // We've just registered our account. Let's show a 'Thank you!'-message if (empty($errormsg)) { $registration_complete = true; } } } } // This array is used in the template, and determines what should be shown, i.e. if there are any errors, what fields have already been filled in, etc. $reg_data = array('errors' => empty($_POST['aulis_register']) ? 0 : 1, 'error_message' => $errormsg, 'username' => !empty($register['username']) ? $register['username'] : '', 'email' => !empty($register['email']) ? $register['email'] : '', 'birthdate_year' => !empty($register['year']) ? $register['year'] : '', 'birthdate_month' => !empty($register['month']) ? $register['month'] : '', 'birthdate_day' => !empty($register['day']) ? $register['day'] : '', 'questions' => array()); // Do we have any registration questions set? if (!$setting['security_questions'] == 0) { // Okay, so what we're going to do now is pretty simple. We're just going to load the questions from the database, and the template deals with showing them. $result = au_query("\n\t\t\tSELECT *\n\t\t\t\tFROM questions\n\t\t\t\tWHERE question_language = '" . $setting['lang_current'] . "'\n\t\t\t\tORDER BY RAND()\n\t\t\t\tLIMIT " . $setting['security_questions'] . "\n\t\t", true); $questions = 0; // Walk through each of them foreach ($result as $question) { // Add it to the array $reg_data['questions'][] = $question; // Increase the number of questions $questions + 1; } // Do we have enough questions? It's possible this language doesn't have too many, but maybe English does if (!$questions == $setting['security_questions'] && !$setting['lang_current'] == 'English') { // How many are we missing? $missing = $questions['security_questions'] - $questions; // Now get those questions from the ENGLISH list $result = au_query("\n\t\t\t\tSELECT *\n\t\t\t\t\tFROM questions\n\t\t\t\t\tWHERE question_language = 'English'\n\t\t\t\t\tORDER BY RAND()\n\t\t\t\t\tLIMIT " . $missing . "\n\t\t\t", true); // Add these to the template as well. This time we don't need to increase the number of questions. foreach ($result as $question) { $reg_data['questions'][] = $question; } } } // Okay, load this app's template au_load_template('Register', false); // Show the registration template au_template_register($reg_data, !empty($registration_complete) ? true : false); }
function au_get_blog_categories() { return au_query("SELECT * FROM blog_categories ORDER BY category_order ASC;"); }
function au_get_max_blog_offset($parameters) { // This will be a very simple query $plain_request = au_query("SELECT COUNT(entry_id) AS count FROM blog_entries AS entries WHERE {$parameters};"); $plain_request_object = $plain_request->fetchObject(); // We are going to do this by returing both the rowCount() and the max_offset, in an array $return = array(); $return['row_count'] = $plain_request_object->count; // If the module of blog_count and entries per page not is 0, we need to substract that instead if ($plain_request->rowCount() % THEME_BLOG_ENTRIES_PER_PAGE != 0) { $return['max_offset'] = $return['row_count'] - $return['row_count'] % THEME_BLOG_ENTRIES_PER_PAGE; } else { if ($return['row_count'] < THEME_BLOG_ENTRIES_PER_PAGE) { $return['max_offset'] = 0; } else { $return['max_offset'] = $return['row_count'] - THEME_BLOG_ENTRIES_PER_PAGE; } } return $return; }
function au_get_cores() { // We hereby fetch all core information from the database return au_query("SELECT * FROM core;"); }
function au_query($original_sql, $force_no_cache = false, $force_no_count = false) { global $aulis, $setting; // We like counting if (!$force_no_count) { $aulis['db_query_count']++; } // Make sure we have the right database prefix. $search = array("FROM ", "INTO ", "UPDATE ", "JOIN "); $replace = array("FROM " . $aulis['db_prefix'], "INTO " . $aulis["db_prefix"], "UPDATE " . $aulis["db_prefix"], "JOIN " . $aulis["db_prefix"]); $sql = str_replace($search, $replace, $original_sql); // Are we in debug mode? ONLY ALPHA :: NOTE: THIS WILL SEND THE HEADERS AWAY if (DEBUG_SHOW_QUERIES) { echo "<div class='notice bg1 cwhite'>" . $sql . "</div>"; } // If query caching is disabled, we just need to execute the query if ($force_no_cache or @$setting['enable_query_caching'] == 0) { return $aulis["db"]->query($sql); } // If this is not a select query, it will change something, therefore the cache needs to be cleaned if (!au_string_starts_with($sql, "SELECT")) { au_force_clean_cache(); } // Only select queries can be cached if (!au_string_starts_with($sql, "SELECT")) { return $aulis["db"]->query($sql); } // We need the queries hash $hash = md5($sql); $cache_file = au_get_path_from_root('cache/queries/' . $hash . '.cache'); $cache_folder = au_get_path_from_root('cache/queries'); $cache_time = $setting['query_caching_time']; // If we are not writable, we have to run the query without cache if (!is_writable($cache_folder)) { return $aulis["db"]->query($sql); } // We need to see if there are any queries like these done within the query_cache_time if (file_exists($cache_file)) { // Our file exists... let's get its creation time $cache_file_time = filemtime($cache_file); // Is the file still valid? if (time() - $cache_file_time < $cache_time and $aulis['db_query_count']--) { return unserialize(file_get_contents($cache_file)); } else { if (unlink($cache_file)) { return au_query($original_sql, false, true); } } } else { // We need to execute the query, cache it and return the cached object $execute = $aulis['db']->query($sql); // If the rowCount is 0, we can just create an empty cached query if ($execute->rowCount() == 0) { $cache_query = new au_class_cached_query(); } else { // Fetching the objects in order to cache them $objects = array(); while ($object = $execute->fetchObject()) { $objects[] = $object; } // Create the cached query $cache_query = new au_class_cached_query($objects, $execute->rowCount()); } // Cache the whole thing, if we cannot do that, we need to fallback if (!file_put_contents($cache_file, serialize($cache_query))) { return au_query($original_sql, true); } return $cache_query; } }