diff options
Diffstat (limited to 'app/class')
| -rw-r--r-- | app/class/controller.class.php | 66 | ||||
| -rw-r--r-- | app/class/database.iface.php | 27 | ||||
| -rw-r--r-- | app/class/externuser.class.php | 40 | ||||
| -rw-r--r-- | app/class/form.class.php | 243 | ||||
| -rw-r--r-- | app/class/framework.class.php | 144 | ||||
| -rw-r--r-- | app/class/group.class.php | 49 | ||||
| -rw-r--r-- | app/class/issue.class.php | 44 | ||||
| -rw-r--r-- | app/class/message.class.php | 40 | ||||
| -rw-r--r-- | app/class/model.class.php | 91 | ||||
| -rw-r--r-- | app/class/mysql.class.php | 77 | ||||
| -rw-r--r-- | app/class/object.class.php | 640 | ||||
| -rw-r--r-- | app/class/pad.class.php | 40 | ||||
| -rw-r--r-- | app/class/setting.class.php | 90 | ||||
| -rw-r--r-- | app/class/stage.class.php | 39 | ||||
| -rw-r--r-- | app/class/user.class.php | 241 |
15 files changed, 0 insertions, 1871 deletions
diff --git a/app/class/controller.class.php b/app/class/controller.class.php deleted file mode 100644 index 0ab1a69..0000000 --- a/app/class/controller.class.php +++ /dev/null @@ -1,66 +0,0 @@ -<?php - -/* - * SCROTT Copyright (C) 2016 Malf Furious - * - * Scrott is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published - * by the Free Software Foundation, either version 3 of the License, - * or (at your option) any later version. - * - * Scrott is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public - * License for more details. - */ - -require_once "class/framework.class.php"; - -/* - * Abstract controller -- Contains app security constraints and provides access to - * framework internals from concrete controllers - */ -abstract class Controller extends Framework -{ - /* - * Abstract function for concrete controller to handle the page request - */ - abstract function handle($argv); - - /* - * Security check - * Assert that the current connection to this server is secure. Redirects if not. - */ - function sec_require_https() - { - if (!isset($_SERVER['HTTPS'])) - $this->redirectTo("https://" . $_SERVER['SERVER_NAME'] . $this->ap()); - } - - /* - * Security check - * Assert that the current connection to this server is NOT secure. Redirects if not. - */ - function sec_forbid_https() - { - if (isset($_SERVER['HTTPS'])) - $this->redirectTo("http://" . $_SERVER['SERVER_NAME'] . $this->ap()); - } - - /* - * Security check - * Assert that the client's IP address does not change during its session. If a change is detected, logout. - */ - function sec_verify_ip() - { - $addr = $_SERVER['REMOTE_ADDR']; - - if ($this->getCurrentUser() && $addr != $this->getOriginIP()) - { - $this->setCurrentUser(); - $this->redirectTo($this->ar() . "/"); - } - } -} - -?> diff --git a/app/class/database.iface.php b/app/class/database.iface.php deleted file mode 100644 index b1427a4..0000000 --- a/app/class/database.iface.php +++ /dev/null @@ -1,27 +0,0 @@ -<?php - -/* - * SCROTT Copyright (C) 2016 Malf Furious - * - * Scrott is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published - * by the Free Software Foundation, either version 3 of the License, - * or (at your option) any later version. - * - * Scrott is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public - * License for more details. - */ - -/* - * Generic interface for the various database drivers Scrott may implement support for - */ -interface Database -{ - function close(); - function query($query); - function esc($string); -} - -?> diff --git a/app/class/externuser.class.php b/app/class/externuser.class.php deleted file mode 100644 index 73c41bd..0000000 --- a/app/class/externuser.class.php +++ /dev/null @@ -1,40 +0,0 @@ -<?php - -/* - * SCROTT Copyright (C) 2016 Malf Furious - * - * Scrott is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published - * by the Free Software Foundation, either version 3 of the License, - * or (at your option) any later version. - * - * Scrott is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public - * License for more details. - */ - -require_once "class/object.class.php"; - -/* - * Non-application users - */ -class ExternUser extends Object -{ - /* - * Constructor - */ - function __construct($guid = null) - { - $cols = array( - "guid", - "email", - "emailConfKey" - ); - - parent::__construct("extern-user", $cols); - $this->loadObj($guid); - } -} - -?> diff --git a/app/class/form.class.php b/app/class/form.class.php deleted file mode 100644 index 8bb6506..0000000 --- a/app/class/form.class.php +++ /dev/null @@ -1,243 +0,0 @@ -<?php - -/* - * SCROTT Copyright (C) 2016 Malf Furious - * - * Scrott is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published - * by the Free Software Foundation, either version 3 of the License, - * or (at your option) any later version. - * - * Scrott is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public - * License for more details. - */ - -/* - * Model web-forms and simplify the process of accepting, validating, and sanitizing input - */ -class Form -{ - /* - * Constructor - */ - function __construct() - { - $this->textFields = array(); - $this->numbFields = array(); - $this->enumFields = array(); - - $this->errorlist = array(); - } - - /* - * Log an error - */ - function logError($str) - { - $this->errorlist[] = $str; - } - - /* - * Add new text field to the form - */ - function field_text($name, $deflt = null, $req = true) - { - if ($req !== true) - $req = false; - - $this->textFields[] = array( - 'name' => $name, - 'deflt' => $deflt, - 'req' => $req - ); - } - - /* - * Add new numeric field to the form - */ - function field_numeric($name, $min = null, $max = null, $deflt = null, $integer = true, $req = true) - { - if ($req !== true) - $req = false; - - if ($integer !== true) - $integer = false; - - $this->numbFields[] = array( - 'name' => $name, - 'min' => $min, - 'max' => $max, - 'deflt' => $deflt, - 'int' => $integer, - 'req' => $req - ); - } - - /* - * Add new enumeration field to the form - */ - function field_enum($name, $values, $deflt = null, $req = true) - { - if ($req !== true) - $req = false; - - $this->enumFields[] = array( - 'name' => $name, - 'vals' => $values, - 'deflt' => $deflt, - 'req' => $req - ); - } - - /* - * Add new boolean field to the form - */ - function field_bool($name) - { - $this->field_enum($name, array("1", "0"), "0"); - } - - /* - * Populate the form with input data from web page - */ - function populate($input) - { - /* detect duplicate names */ - $names = array(); - foreach ($this->textFields as $fld) - $names[] = $fld['name']; - foreach ($this->numbFields as $fld) - $names[] = $fld['name']; - foreach ($this->enumFields as $fld) - $names[] = $fld['name']; - - if (count(array_unique($names)) != count($names)) - { - $this->logError("Internal error: Duplicate field names defined in form"); - return false; - } - - /* init text fields */ - foreach ($this->textFields as $fld) - { - if (isset($input[$fld['name']]) && $input[$fld['name']] != "") - $this->{$fld['name']} = htmlEntities($input[$fld['name']], ENT_QUOTES); - - else if (!is_null($fld['deflt'])) - $this->{$fld['name']} = $fld['deflt']; - - else if ($fld['req']) - $this->logError($fld['name'] . " is required"); - } - - /* init numeric fields */ - foreach ($this->numbFields as $fld) - { - if (isset($input[$fld['name']]) && $input[$fld['name']] != "") - { - if (!is_numeric($input[$fld['name']])) - { - $this->logError($fld['name'] . " must be numeric"); - continue; - } - - if ($fld['int'] && (floor($input[$fld['name']]) != $input[$fld['name']])) - { - $this->logError($fld['name'] . " must be an integer"); - continue; - } - - if (!is_null($fld['min']) && ($input[$fld['name']] < $fld['min'])) - { - $this->logError($fld['name'] . " must be no less than " . $fld['min']); - continue; - } - - if (!is_null($fld['max']) && ($input[$fld['name']] > $fld['max'])) - { - $this->logError($fld['name'] . " must be no more than " . $fld['max']); - continue; - } - - $this->{$fld['name']} = $input[$fld['name']]; - } - - else if (!is_null($fld['deflt'])) - $this->{$fld['name']} = $fld['deflt']; - - else if ($fld['req']) - $this->logError($fld['name'] . " is required"); - } - - /* init enum fields */ - foreach ($this->enumFields as $fld) - { - if (isset($input[$fld['name']]) && $input[$fld['name']] != "") - { - if (array_search($input[$fld['name']], $fld['vals']) === false) - { - $this->logError($fld['name'] . " is not an appropriate value"); - continue; - } - - $this->{$fld['name']} = $input[$fld['name']]; - } - - else if (!is_null($fld['deflt'])) - $this->{$fld['name']} = $fld['deflt']; - - else if ($fld['req']) - $this->logError($fld['name'] . " is required"); - } - - /* return */ - return count($this->errorlist) == 0; - } - - /* - * Handle an uploaded file - */ - function saveFile($file, $maxsize, $allowed_mime, $path, $req = false) - { - if (isset($file) && !is_null($file)) - { - if ($file['error'] > 0) - { - if ($file['error'] != UPLOAD_ERR_NO_FILE) - $this->logError("An unknown error occurred"); - - return false; - } - - if ($file['size'] > $maxsize) - { - $this->logError("File must be no larger than " . $maxsize . " bytes"); - return false; - } - - if (is_array($allowed_mime) && array_search($file['type'], $allowed_mime) === false) - { - $this->logError("File type is not supported"); - return false; - } - - if (!move_uploaded_file($file['tmp_name'], $path)) - { - $this->logError("Error saving uploaded file"); - return false; - } - } - - else if ($req) - { - $this->logError("File upload is required"); - return false; - } - - return true; - } -} - -?> diff --git a/app/class/framework.class.php b/app/class/framework.class.php deleted file mode 100644 index a3c36cb..0000000 --- a/app/class/framework.class.php +++ /dev/null @@ -1,144 +0,0 @@ -<?php - -/* - * SCROTT Copyright (C) 2016 Malf Furious - * - * Scrott is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published - * by the Free Software Foundation, either version 3 of the License, - * or (at your option) any later version. - * - * Scrott is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public - * License for more details. - */ - -/* Define Scrott version number */ -define("__VERSION__", "v0.0"); - -/* Include the Scrott system-level configuration file if it exists */ -is_file("scrott.conf.php") && - require_once "scrott.conf.php"; - -/* Init PHP session */ -session_start(); - -require_once "class/mysql.class.php"; -require_once "class/user.class.php"; - -/* - * Global functions / operations and access to contextual or session-based information - */ -abstract class Framework -{ - static $dbobj = null; - - /* - * Check for the existence of Scrott's system-level config - */ - function scrottConfExists() - { - global $_SCROTT; - return isset($_SCROTT['conf']); - } - - /* - * Get the absolute path on this server for the root of this app - */ - function ar() - { - return substr($_SERVER['PHP_SELF'], 0, -10); // 10 = length of "/index.php" - } - - /* - * Get the absolute path to the current page - */ - function ap() - { - return $this->ar() . $_REQUEST['path']; - } - - /* - * Redirect to the given URL and die - */ - function redirectTo($url) - { - header("Location: " . $url); - exit; - } - - /* - * Get a user object for the currently logged in user. Returns false if session is logged out. - */ - function getCurrentUser() - { - if (isset($_SESSION['userguid'])) - { - $user = new User($_SESSION['userguid']); - - if ($user->type == "user") - return $user; - - $this->setCurrentUser(); - } - - return false; - } - - /* - * Get the IP address the client held when the current session began - */ - function getOriginIP() - { - return $_SESSION['userip']; - } - - /* - * Set the current logged in user - */ - function setCurrentUser($user = null) - { - if ($user != null && isset($user->guid)) - { - $_SESSION['userguid'] = $user->guid; - $_SESSION['userip'] = $_SERVER['REMOTE_ADDR']; - } - - else - { - unset($_SESSION['userguid']); - unset($_SESSION['userip']); - } - } - - /* - * Get or create the app's database connection object (this is a singleton object and dependent on system-level config) - */ - static function getDbConnection() - { - global $_SCROTT; - - if (self::$dbobj != null) - return self::$dbobj; - - switch ($_SCROTT['dbEngine']) - { - case "mysql": - $host = $_SCROTT['dbAddress']; - $username = $_SCROTT['dbUser']; - $password = $_SCROTT['dbPass']; - $dbName = $_SCROTT['dbName']; - self::$dbobj = new Mysql($host, $username, $password, $dbName); - break; - - default: - throw new Exception("Problem with Scrott Configuration. Invalid database engine specified."); - break; - } - - return self::$dbobj; - } -} - -?> diff --git a/app/class/group.class.php b/app/class/group.class.php deleted file mode 100644 index 246276a..0000000 --- a/app/class/group.class.php +++ /dev/null @@ -1,49 +0,0 @@ -<?php - -/* - * SCROTT Copyright (C) 2016 Malf Furious - * - * Scrott is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published - * by the Free Software Foundation, either version 3 of the License, - * or (at your option) any later version. - * - * Scrott is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public - * License for more details. - */ - -require_once "class/object.class.php"; - -/* - * User groups - */ -class Group extends Object -{ - /* - * Constructor - */ - function __construct($guid = null) - { - parent::__construct(); - $this->loadObj($guid); - } - - /* - * Create a new user group object. - * On success, this object should be initialized as the new group (use only on new - * Group() objects) - */ - function createNewGroup($name, $owner) - { - $this->perms = $this->DEFAULT_OBJECT_PERMISSIONS; - $this->owner = $owner->guid; - $this->name = $name; - $this->type = "group"; - - $this->saveObj(); - } -} - -?> diff --git a/app/class/issue.class.php b/app/class/issue.class.php deleted file mode 100644 index 10b1661..0000000 --- a/app/class/issue.class.php +++ /dev/null @@ -1,44 +0,0 @@ -<?php - -/* - * SCROTT Copyright (C) 2016 Malf Furious - * - * Scrott is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published - * by the Free Software Foundation, either version 3 of the License, - * or (at your option) any later version. - * - * Scrott is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public - * License for more details. - */ - -require_once "class/object.class.php"; - -/* - * Pad issues - */ -class Issue extends Object -{ - /* - * Constructor - */ - function __construct($guid = null) - { - $cols = array( - "guid", - "number", - "assignee", - "unread", - "desc", - "due", - "tags" - ); - - parent::__construct("issue", $cols); - $this->loadObj($guid); - } -} - -?> diff --git a/app/class/message.class.php b/app/class/message.class.php deleted file mode 100644 index ac8444c..0000000 --- a/app/class/message.class.php +++ /dev/null @@ -1,40 +0,0 @@ -<?php - -/* - * SCROTT Copyright (C) 2016 Malf Furious - * - * Scrott is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published - * by the Free Software Foundation, either version 3 of the License, - * or (at your option) any later version. - * - * Scrott is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public - * License for more details. - */ - -require_once "class/object.class.php"; - -/* - * User messages and log messages - */ -class Message extends Object -{ - /* - * Constructor - */ - function __construct($guid = null) - { - $cols = array( - "guid", - "author", - "message" - ); - - parent::__construct("message", $cols); - $this->loadObj($guid); - } -} - -?> diff --git a/app/class/model.class.php b/app/class/model.class.php deleted file mode 100644 index 7d74b36..0000000 --- a/app/class/model.class.php +++ /dev/null @@ -1,91 +0,0 @@ -<?php - -/* - * SCROTT Copyright (C) 2016 Malf Furious - * - * Scrott is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published - * by the Free Software Foundation, either version 3 of the License, - * or (at your option) any later version. - * - * Scrott is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public - * License for more details. - */ - -require_once "class/framework.class.php"; - -/* - * Abstract model class - defines logic common to all app MVC models - */ -abstract class Model extends Framework -{ - /* - * Constructor - */ - function __construct() - { - $this->errorlist = array(); - $this->warninglist = array(); - $this->noticelist = array(); - } - - /* - * Check for error - */ - function isError() - { - return count($this->errorlist) > 0; - } - - /* - * Check for warning - */ - function isWarning() - { - return count($this->warninglist) > 0; - } - - /* - * Check for notice - */ - function isNotice() - { - return count($this->noticelist) > 0; - } - - /* - * Log an error - */ - function logError($str) - { - $this->errorlist[] = $str; - } - - /* - * Log a warning - */ - function logWarning($str) - { - $this->warninglist[] = $str; - } - - /* - * Log a notice - */ - function logNotice($str) - { - $this->noticelist[] = $str; - } - - /* - * Log errors from a Form - */ - function logFormErrors($obj) - { - $this->errorlist = array_merge($this->errorlist, $obj->errorlist); - } -} - -?> diff --git a/app/class/mysql.class.php b/app/class/mysql.class.php deleted file mode 100644 index f8f456a..0000000 --- a/app/class/mysql.class.php +++ /dev/null @@ -1,77 +0,0 @@ -<?php - -/* - * SCROTT Copyright (C) 2016 Malf Furious - * - * Scrott is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published - * by the Free Software Foundation, either version 3 of the License, - * or (at your option) any later version. - * - * Scrott is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public - * License for more details. - */ - -require_once "class/database.iface.php"; - -/* - * MySQL support for Scrott - */ -class Mysql implements Database -{ - /* - * Constructor - */ - function __construct($host, $username, $password, $dbName) - { - $this->db = new mysqli($host, $username, $password, $dbName); - - if ($this->db->connect_error) - throw new Exception("Can not connect to Mysql database. Please check your Scrott configuration."); - } - - /* - * Destructor - */ - function __destruct() - { - $this->close(); - } - - /* - * Close connection to DB - */ - function close() - { - $this->db->close(); - } - - /* - * Make a query of the database. Return data as an array of arrays - */ - function query($query) - { - $arr = array(); - $res = $this->db->query($query); - - if ($res === true || $res === false) - return $arr; - - while ($r = $res->fetch_assoc()) - $arr[] = $r; - - return $arr; - } - - /* - * Escape a string for use in a query - */ - function esc($string) - { - return $this->db->real_escape_string($string); - } -} - -?> diff --git a/app/class/object.class.php b/app/class/object.class.php deleted file mode 100644 index 7c0b7bb..0000000 --- a/app/class/object.class.php +++ /dev/null @@ -1,640 +0,0 @@ -<?php - -/* - * SCROTT Copyright (C) 2016 Malf Furious - * - * Scrott is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published - * by the Free Software Foundation, either version 3 of the License, - * or (at your option) any later version. - * - * Scrott is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public - * License for more details. - */ - -require_once "class/framework.class.php"; -require_once "class/user.class.php"; - -/* - * Base class for Scrott database objects - */ -abstract class Object extends Framework -{ - var $DEFAULT_OBJECT_PERMISSIONS = 120; - - /* - * Constructor - */ - function __construct($childTable = "object", $childCols = null) - { - $this->db = $this->getDbConnection(); - - $this->table = "object"; - $this->cols = array( - "guid", - "perms", - "owner", - "parent", - "name", - "timeCreated", - "timeUpdated", - "type" - ); - - $this->childTable = $this->db->esc($childTable); - $this->childCols = array(); - - if (is_array($childCols)) - { - foreach ($childCols as $col) - $this->childCols[] = $this->db->esc($col); - } - } - - /* - * Populate this object with data from the DB with a given GUID - */ - function loadObj($guid = null) - { - if (is_null($guid)) - return; - - if (!$this->isGUID($guid)) - return; - - $escdGuid = $this->db->esc($guid); - - /* Base fields */ - $query = "SELECT * FROM `" . $this->table . "` WHERE `guid` = '" . $escdGuid . "'"; - $result = $this->db->query($query)[0]; - - foreach ($this->cols as $col) - { - if (isset($result[$col])) - $this->$col = $result[$col]; - } - - /* Child Table fields */ - $query = "SELECT * FROM `" . $this->childTable . "` WHERE `guid` = '" . $escdGuid . "'"; - $result = $this->db->query($query)[0]; - - foreach ($this->childCols as $col) - { - if (isset($result[$col])) - $this->$col = $result[$col]; - } - } - - /* - * Write this object to the database - */ - function saveObj() - { - if (isset($this->guid)) - { - $this->timeUpdated = $this->getCurrentTimestamp(); - - /* Update Base */ - $updateStr = ""; - - foreach ($this->cols as $col) - { - if (!isset($this->$col)) - continue; - - $updateStr .= "`" . $col . "` = '" . $this->db->esc($this->$col) . "', "; - } - - if (strlen($updateStr) > 0) - { - $updateStr = substr($updateStr, 0, -2); // remove ", " from the end - $query = "UPDATE `" . $this->table . "` SET " . $updateStr . " WHERE `guid` = '" . $this->db->esc($this->guid) . "'"; - $this->db->query($query); - } - - /* Update Child */ - $updateStr = ""; - - foreach ($this->childCols as $col) - { - if (!isset($this->$col)) - continue; - - $updateStr .= "`" . $col . "` = '" . $this->db->esc($this->$col) . "', "; - } - - if (strlen($updateStr) > 0) - { - $updateStr = substr($updateStr, 0, -2); // remove ", " from the end - $query = "UPDATE `" . $this->childTable . "` SET " . $updateStr . " WHERE `guid` = '" . $this->db->esc($this->guid) . "'"; - $this->db->query($query); - } - } - - else - { - $this->guid = $this->getNewGUID(); - $this->timeCreated = $this->getCurrentTimestamp(); - $this->timeUpdated = $this->timeCreated; - - /* Insert Base */ - $colsStr = ""; - $valsStr = ""; - - foreach ($this->cols as $col) - { - if (!isset($this->$col)) - continue; - - $colsStr .= "`" . $col . "`, "; - $valsStr .= "'" . $this->db->esc($this->$col) . "', "; - } - - if (strlen($colsStr) > 0) - { - $colsStr = substr($colsStr, 0, -2); // remove ", " - $valsStr = substr($valsStr, 0, -2); - $query = "INSERT INTO `" . $this->table . "` (" . $colsStr . ") VALUES (" . $valsStr . ")"; - $this->db->query($query); - } - - /* Insert Child */ - $colsStr = ""; - $valsStr = ""; - - foreach ($this->childCols as $col) - { - if (!isset($this->$col)) - continue; - - $colsStr .= "`" . $col . "`, "; - $valsStr .= "'" . $this->db->esc($this->$col) . "', "; - } - - if (strlen($colsStr) > 0) - { - $colsStr = substr($colsStr, 0, -2); // remove ", " - $valsStr = substr($valsStr, 0, -2); - $query = "INSERT INTO `" . $this->childTable . "` (" . $colsStr . ") VALUES (" . $valsStr . ")"; - $this->db->query($query); - } - } - } - - /* - * Remove this object from the database - */ - function delObj() - { - if (!isset($this->guid)) - return; - - /* Delete Base */ - $query = "DELETE FROM `" . $this->table . "` WHERE `guid` = '" . $this->db->esc($this->guid) . "'"; - $this->db->query($query); - - /* Delete Child */ - $query = "DELETE FROM `" . $this->childTable . "` WHERE `guid` = '" . $this->db->esc($this->guid) . "'"; - $this->db->query($query); - - /* obj_member garbage collection */ - $query = "DELETE FROM `obj_member` WHERE `guid` = '" . $this->db->esc($this->guid) . "' OR `member` = '" . $this->db->esc($this->guid) . "'"; - $this->db->query($query); - - /* msg_read garbage collection */ - $query = "DELETE FROM `msg_read` WHERE `guid` = '" . $this->db->esc($this->guid) . "' OR `user` = '" . $this->db->esc($this->guid) . "'"; - $this->db->query($query); - } - - /* - * Get current timestamp for object database purposes - */ - function getCurrentTimestamp() - { - $query = "SELECT now() AS stamp"; - $result = $this->db->query($query); - return $result[0]['stamp']; - } - - /* - * Check whether given GUID exists - */ - function isGUID($guid) - { - $query = "SELECT `guid` FROM `object` WHERE `guid` = '" . $this->db->esc($guid) . "'"; - $result = $this->db->query($query); - - if (count($result) > 0) - return true; - - return false; - } - - /* - * Get a new, unique GUID for a new system object - */ - function getNewGUID() - { - do - { - $guid = substr($this->getBlob(), 0, 8); - } - while ($this->isGUID($guid)); - - return $guid; - } - - /* - * Get a random sha256 blob - */ - function getBlob() - { - return hash("sha256", openssl_random_pseudo_bytes(64)); - } - - /* - * Get a user object for this object's owner - */ - function getOwner() - { - if (isset($this->owner)) - return new User($this->owner); - - return null; - } - - /* - * Get an array of all members of this object - */ - function getMembers() - { - $query = "SELECT member FROM obj_member WHERE guid = '" . $this->db->esc($this->guid) . "'"; - $result = $this->db->query($query); - - $members = array(); - - foreach ($result as $m) - $members[] = new User($m['member']); - - return $members; - } - - /* - * Check if given user (or group) is the owner of this object - */ - function isOwner($ug) - { - return $this->getOwner()->guid == $ug->guid; - } - - /* - * Check if given user (or group) is a member of this object - */ - function isMember($ug) - { - foreach ($this->getMembers() as $member) - { - if ($member->guid == $ug->guid) - return true; - } - - return false; - } - - /* - * Check if given user has permissions for this object - */ - function canAccess($user) - { - if ($user->admin) - return true; - - if ($this->isOwner($user)) - return true; - - if ($this->isMember($user)) - return true; - - if ($this->perms & 0x004) // accessible by public - return true; - - if ($this->parent != "") - { - $parent = new DBObject($this->parent); - - if ($parent->canAccessSub($user)) - return true; - } - else if ($this->owner != $this->guid) - { - $owner = new DBObject($this->owner); - - if ($owner->canAccessSub($user)) - return true; - } - - return false; - } - - /* - * Check if given user has permissions for this object - */ - function canModify($user) - { - if ($user->admin) - return true; - - if ($this->isOwner($user)) - return true; - - if ($this->isMember($user) && $this->perms & 0x100) - return true; - - if ($this->parent != "") - { - $parent = new DBObject($this->parent); - - if ($parent->canModifySub($user)) - return true; - } - else if ($this->owner != $this->guid) - { - $owner = new DBObject($this->owner); - - if ($owner->canModifySub($user)) - return true; - } - - return false; - } - - /* - * Check if given user has permissions for this object - */ - function canModifyMembers($user) - { - if ($user->admin) - return true; - - if ($this->isOwner($user)) - return true; - - if ($this->isMember($user) && $this->perms & 0x080) - return true; - - if ($this->parent != "") - { - $parent = new DBObject($this->parent); - - if ($parent->canModifySubMembers($user)) - return true; - } - else if ($this->owner != $this->guid) - { - $owner = new DBObject($this->owner); - - if ($owner->canModifySubMembers($user)) - return true; - } - - return false; - } - - /* - * Check if given user has permissions for this object - */ - function canModifyPermissions($user) - { - if ($user->admin) - return true; - - if ($this->isOwner($user)) - return true; - - if ($this->parent != "") - { - $parent = new DBObject($this->parent); - - if ($parent->canModifySubPermissions($user)) - return true; - } - else if ($this->owner != $this->guid) - { - $owner = new DBObject($this->owner); - - if ($owner->canModifySubPermissions($user)) - return true; - } - - return false; - } - - /* - * Check if given user has permissions for this object - */ - function canAccessSub($user) - { - if ($user->admin) - return true; - - if ($this->isOwner($user)) - return true; - - if ($this->isMember($user) && $this->perms & 0x040) - return true; - - if ($this->perms & 0x002) // accessible by public - return true; - - if ($this->parent != "") - { - $parent = new DBObject($this->parent); - - if ($parent->canAccessSub($user)) - return true; - } - else if ($this->owner != $this->guid) - { - $owner = new DBObject($this->owner); - - if ($owner->canAccessSub($user)) - return true; - } - - return false; - } - - /* - * Check if given user has permissions for this object - */ - function canCreateSub($user) - { - if ($user->admin) - return true; - - if ($this->isOwner($user)) - return true; - - if ($this->isMember($user) && $this->perms & 0x020) - return true; - - if ($this->perms & 0x001) // accessible by public - return true; - - if ($this->parent != "") - { - $parent = new DBObject($this->parent); - - if ($parent->canCreateSub($user)) - return true; - } - else if ($this->owner != $this->guid) - { - $owner = new DBObject($this->owner); - - if ($owner->canCreateSub($user)) - return true; - } - - return false; - } - - /* - * Check if given user has permissions for this object - */ - function canModifySub($user) - { - if ($user->admin) - return true; - - if ($this->isOwner($user)) - return true; - - if ($this->isMember($user) && $this->perms & 0x010) - return true; - - if ($this->parent != "") - { - $parent = new DBObject($this->parent); - - if ($parent->canModifySub($user)) - return true; - } - else if ($this->owner != $this->guid) - { - $owner = new DBObject($this->owner); - - if ($owner->canModifySub($user)) - return true; - } - - return false; - } - - /* - * Check if given user has permissions for this object - */ - function canModifySubMembers($user) - { - if ($user->admin) - return true; - - if ($this->isOwner($user)) - return true; - - if ($this->isMember($user) && $this->perms & 0x008) - return true; - - if ($this->parent != "") - { - $parent = new DBObject($this->parent); - - if ($parent->canModifySubMembers($user)) - return true; - } - else if ($this->owner != $this->guid) - { - $owner = new DBObject($this->owner); - - if ($owner->canModifySubMembers($user)) - return true; - } - - return false; - } - - /* - * Check if given user has permissions for this object - */ - function canModifySubPermissions($user) - { - if ($user->admin) - return true; - - if ($this->isOwner($user)) - return true; - - if ($this->parent != "") - { - $parent = new DBObject($this->parent); - - if ($parent->canModifySubPermissions($user)) - return true; - } - else if ($this->owner != $this->guid) - { - $owner = new DBObject($this->owner); - - if ($owner->canModifySubPermissions($user)) - return true; - } - - return false; - } - - /* - * Get URL to this object - */ - function getURL() - { - return $this->ar() . "/" . $this->guid; - } - - /* - * Get object's head image - */ - function getHeadImage() - { - return $this->ar() . "/file.php?d=img/heads&f=" . $this->guid; - } - - /* - * Remove this object's head image - */ - function rmHeadImage() - { - if (!is_file("assets/img/heads/" . $this->guid)) - return true; - - return unlink("assets/img/heads/" . $this->guid); - } -} - -/* - * Concrete Database Object which can be used in a polymorphic way - */ -class DBObject extends Object -{ - /* - * Constructor - */ - function __construct($guid = null) - { - parent::__construct(); - $this->loadObj($guid); - } -} - -?> diff --git a/app/class/pad.class.php b/app/class/pad.class.php deleted file mode 100644 index 32994e5..0000000 --- a/app/class/pad.class.php +++ /dev/null @@ -1,40 +0,0 @@ -<?php - -/* - * SCROTT Copyright (C) 2016 Malf Furious - * - * Scrott is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published - * by the Free Software Foundation, either version 3 of the License, - * or (at your option) any later version. - * - * Scrott is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public - * License for more details. - */ - -require_once "class/object.class.php"; - -/* - * Scrott pads - */ -class Pad extends Object -{ - /* - * Constructor - */ - function __construct($guid = null) - { - $cols = array( - "guid", - "stage", - "nextIssueNumber" - ); - - parent::__construct("pad", $cols); - $this->loadObj($guid); - } -} - -?> diff --git a/app/class/setting.class.php b/app/class/setting.class.php deleted file mode 100644 index c0965a3..0000000 --- a/app/class/setting.class.php +++ /dev/null @@ -1,90 +0,0 @@ -<?php - -/* - * SCROTT Copyright (C) 2016 Malf Furious - * - * Scrott is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published - * by the Free Software Foundation, either version 3 of the License, - * or (at your option) any later version. - * - * Scrott is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public - * License for more details. - */ - -require_once "class/framework.class.php"; - -/* - * Scrott administrative settings - */ -class Setting extends Framework -{ - /* - * Helper function for getting setting values from the database - */ - static function getValue($key) - { - $db = parent::getDbConnection(); - $escdKey = $db->esc($key); - - $query = "SELECT `value` FROM `setting` WHERE `key` = '" . $escdKey . "'"; - $res = $db->query($query); - - if (count($res) == 0) - return false; - - return $res[0]['value']; - } - - /* - * Helper function for setting setting values on the database - */ - static function setValue($key, $value) - { - $db = parent::getDbConnection(); - $escdKey = $db->esc($key); - $escdValue = $db->esc($value); - - if (self::getValue($key) === false) - $query = "INSERT INTO setting (`key`, value) VALUES('" . $escdKey . "', '" . $escdValue . "')"; - else - $query = "UPDATE setting SET value = '" . $escdValue . "' WHERE `key` = '" . $escdKey . "'"; - - $db->query($query); - } - - /* - * Force or forbid SSL connections? - */ - static function settSSL($value = null) - { - $opt = "settSSL"; - - if ($value != null) - self::setValue($opt, $value); - - $value = self::getValue($opt); - - if ($value === false) - return "neither"; - - return $value; - } - - /* - * Should the app allow the public to signup their own accounts with Scrott? - */ - static function allowPublicSignup($value = null) - { - $opt = "allowPublicSignup"; - - if ($value != null) - self::setValue($opt, $value); - - return self::getValue($opt); - } -} - -?> diff --git a/app/class/stage.class.php b/app/class/stage.class.php deleted file mode 100644 index 1a2aadb..0000000 --- a/app/class/stage.class.php +++ /dev/null @@ -1,39 +0,0 @@ -<?php - -/* - * SCROTT Copyright (C) 2016 Malf Furious - * - * Scrott is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published - * by the Free Software Foundation, either version 3 of the License, - * or (at your option) any later version. - * - * Scrott is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public - * License for more details. - */ - -require_once "class/object.class.php"; - -/* - * Pad stages - */ -class Stage extends Object -{ - /* - * Constructor - */ - function __construct($guid = null) - { - $cols = array( - "guid", - "stage" - ); - - parent::__construct("stage", $cols); - $this->loadObj($guid); - } -} - -?> diff --git a/app/class/user.class.php b/app/class/user.class.php deleted file mode 100644 index b8143a9..0000000 --- a/app/class/user.class.php +++ /dev/null @@ -1,241 +0,0 @@ -<?php - -/* - * SCROTT Copyright (C) 2016 Malf Furious - * - * Scrott is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published - * by the Free Software Foundation, either version 3 of the License, - * or (at your option) any later version. - * - * Scrott is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public - * License for more details. - */ - -require_once "class/object.class.php"; -require_once "class/group.class.php"; - -/* - * Application users - */ -class User extends Object -{ - /* - * Constructor - */ - function __construct($guid = null) - { - $cols = array( - "guid", - "key", - "salt", - "alias", - "admin", - "email", - "emailConf", - "emailConfKey" - ); - - parent::__construct("user", $cols); - $this->loadObj($guid); - } - - /* - * Initialize object by username - */ - function initByUsername($username) - { - $query = "SELECT guid FROM object WHERE type = 'user' AND name = '" . $this->db->esc($username) . "'"; - $result = $this->db->query($query); - - if (count($result) == 0) - return false; - - $this->loadObj($result[0]['guid']); - return true; - } - - /* - * Get all users -- ordered by name, ascending - */ - function getAllUsers_orderByName() - { - $query = "SELECT guid FROM `object` WHERE `type` = 'user' ORDER BY name"; - $result = $this->db->query($query); - - $users = array(); - - foreach ($result as $u) - $users[] = new User($u['guid']); - - return $users; - } - - /* - * Get all users -- ordered by admin DESC (admins first), then by name - */ - function getAllUsers_orderByAdminByName() - { - $query = "SELECT o.guid FROM object o JOIN user u ON o.guid = u.guid WHERE o.type = 'user' ORDER BY u.admin DESC, o.name"; - $result = $this->db->query($query); - - $users = array(); - - foreach ($result as $u) - $users[] = new User($u['guid']); - - return $users; - } - - /* - * Get the number of administrative accounts in the system - */ - function getNumAdmins() - { - $query = "SELECT count(*) as cnt FROM user WHERE admin = 1"; - $results = $this->db->query($query); - return $results[0]['cnt']; - } - - /* - * Check whether a given username is currently in use - */ - function usernameInUse($username) - { - $escd_username = $this->db->esc($username); - - $query = "SELECT name FROM object WHERE type = 'user' AND name = '" . $escd_username . "'"; - $results = $this->db->query($query); - - if (count($results) > 0) - return true; - - return false; - } - - /* - * Generate a key from a user's password and salt - */ - function getKey($password, $salt) - { - return hash("sha256", $salt . $password); - } - - /* - * Create a new User object with the given username and keyed with the given plain-text password - * This function returns false if $username is already being used - * On success, this object should be initialized as the new user (use only on new User() objects) - */ - function createNewUser($username, $password) - { - if ($this->usernameInUse($username)) - return false; - - /* if there exist no users already, make this new one an admin */ - if (count($this->getAllUsers_orderByName()) == 0) - $this->admin = 1; - - $this->perms = 0; - $this->name = $username; - $this->type = "user"; - $this->setPassword($password); - $this->setEmail(""); - - $this->saveObj(); - - $this->owner = $this->guid; - $this->saveObj(); - - return true; - } - - /* - * Validate the password for this user. Returns true if correct, false otherwise - */ - function validatePassword($password) - { - $key = $this->getKey($password, $this->salt); - return $key == $this->key; - } - - /* - * Validate the email confirmation key for a user, returns true if correct, false otherwise. On success, $this->emailConf is also set to 1 - */ - function confirmEmailKey($key) - { - if ($key != $this->emailConfKey) - return false; - - $this->emailConf = 1; - return true; - } - - /* - * Overwrite the salt and key for this user, given a new plaintext password - */ - function setPassword($password) - { - $this->salt = $this->getBlob(); - $this->key = $this->getKey($password, $this->salt); - } - - /* - * Overwrite the emailConfKey and flag, and change user's saved email address - */ - function setEmail($email) - { - $this->email = $email; - $this->emailConf = 0; - $this->emailConfKey = $this->getBlob(); - } - - /* - * If a user has an alias set, display it instead of their username - */ - function getDisplayName() - { - if ($this->alias != "") - return $this->alias; - - return $this->name; - } - - /* - * Get the glyphicon to use for this user - */ - function getGlyphicon() - { - if ($this->admin) - return "glyphicon glyphicon-sunglasses"; - - return "glyphicon glyphicon-user"; - } - - /* - * Get all groups this user owns or is a member of - */ - function getGroups() - { - /* owner */ - $query = "SELECT guid FROM object WHERE type = 'group' AND owner = '" . $this->db->esc($this->guid) . "'"; - $result = $this->db->query($query); - - $groups = array(); - - foreach ($result as $g) - $groups[] = new Group($g['guid']); - - /* member */ - $query = "SELECT o.guid FROM object o JOIN obj_member om ON o.guid = om.guid WHERE o.type = 'group' AND member = '" . $this->db->esc($this->guid) . "'"; - $result = $this->db->query($query); - - foreach ($result as $g) - $groups[] = new Group($g['guid']); - - return $groups; - } -} - -?> |