diff options
Diffstat (limited to '')
| -rw-r--r-- | examples/class/controller.class.php | 31 | ||||
| -rw-r--r-- | examples/class/framework.class.php | 59 | ||||
| -rw-r--r-- | examples/class/object.class.php | 291 | ||||
| -rw-r--r-- | examples/class/setting.class.php | 90 |
4 files changed, 0 insertions, 471 deletions
diff --git a/examples/class/controller.class.php b/examples/class/controller.class.php deleted file mode 100644 index 3e05812..0000000 --- a/examples/class/controller.class.php +++ /dev/null @@ -1,31 +0,0 @@ -<?php - -abstract class Controller extends Framework -{ - /* - * Abstract function for concrete controller to handle the page request - */ - abstract function handle($argv); - - /* - * Security check - * Assert that the current connection to this server is secure. Redirects if not. - */ - function sec_require_https() - { - if (!isset($_SERVER['HTTPS'])) - $this->redirectTo("https://" . $_SERVER['SERVER_NAME'] . $this->ap()); - } - - /* - * Security check - * Assert that the current connection to this server is NOT secure. Redirects if not. - */ - function sec_forbid_https() - { - if (isset($_SERVER['HTTPS'])) - $this->redirectTo("http://" . $_SERVER['SERVER_NAME'] . $this->ap()); - } -} - -?> diff --git a/examples/class/framework.class.php b/examples/class/framework.class.php deleted file mode 100644 index 0461da7..0000000 --- a/examples/class/framework.class.php +++ /dev/null @@ -1,59 +0,0 @@ -<?php - -abstract class Framework -{ - /* - * Get the absolute path on this server for the root of this app - */ - function ar() - { - return substr($_SERVER['PHP_SELF'], 0, -10); // 10 = length of "/index.php" - } - - /* - * Get the absolute path to the current page - */ - function ap() - { - return $this->ar() . $_REQUEST['path']; - } - - /* - * Redirect to the given URL and die - */ - function redirectTo($url) - { - header("Location: " . $url); - exit; - } - - /* - * Get or create the app's database connection object (this is a singleton object and dependent on system-level config) - */ - static function getDbConnection() - { - global $_SCROTT; - - if (self::$dbobj != null) - return self::$dbobj; - - switch ($_SCROTT['dbEngine']) - { - case "mysql": - $host = $_SCROTT['dbAddress']; - $username = $_SCROTT['dbUser']; - $password = $_SCROTT['dbPass']; - $dbName = $_SCROTT['dbName']; - self::$dbobj = new Mysql($host, $username, $password, $dbName); - break; - - default: - throw new Exception("Problem with Scrott Configuration. Invalid database engine specified."); - break; - } - - return self::$dbobj; - } -} - -?> diff --git a/examples/class/object.class.php b/examples/class/object.class.php index 4bafc5c..6c036ed 100644 --- a/examples/class/object.class.php +++ b/examples/class/object.class.php @@ -3,297 +3,6 @@ abstract class Object extends Framework { /* - * Check if given user has permissions for this object - */ - function canAccess($user) - { - if ($user->admin) - return true; - - if ($this->isOwner($user)) - return true; - - if ($this->isMember($user)) - return true; - - if ($this->perms & 0x004) // accessible by public - return true; - - if ($this->parent != "") - { - $parent = new DBObject($this->parent); - - if ($parent->canAccessSub($user)) - return true; - } - else if ($this->owner != $this->guid) - { - $owner = new DBObject($this->owner); - - if ($owner->canAccessSub($user)) - return true; - } - - return false; - } - - /* - * Check if given user has permissions for this object - */ - function canModify($user) - { - if ($user->admin) - return true; - - if ($this->isOwner($user)) - return true; - - if ($this->isMember($user) && $this->perms & 0x100) - return true; - - if ($this->parent != "") - { - $parent = new DBObject($this->parent); - - if ($parent->canModifySub($user)) - return true; - } - else if ($this->owner != $this->guid) - { - $owner = new DBObject($this->owner); - - if ($owner->canModifySub($user)) - return true; - } - - return false; - } - - /* - * Check if given user has permissions for this object - */ - function canModifyMembers($user) - { - if ($user->admin) - return true; - - if ($this->isOwner($user)) - return true; - - if ($this->isMember($user) && $this->perms & 0x080) - return true; - - if ($this->parent != "") - { - $parent = new DBObject($this->parent); - - if ($parent->canModifySubMembers($user)) - return true; - } - else if ($this->owner != $this->guid) - { - $owner = new DBObject($this->owner); - - if ($owner->canModifySubMembers($user)) - return true; - } - - return false; - } - - /* - * Check if given user has permissions for this object - */ - function canModifyPermissions($user) - { - if ($user->admin) - return true; - - if ($this->isOwner($user)) - return true; - - if ($this->parent != "") - { - $parent = new DBObject($this->parent); - - if ($parent->canModifySubPermissions($user)) - return true; - } - else if ($this->owner != $this->guid) - { - $owner = new DBObject($this->owner); - - if ($owner->canModifySubPermissions($user)) - return true; - } - - return false; - } - - /* - * Check if given user has permissions for this object - */ - function canAccessSub($user) - { - if ($user->admin) - return true; - - if ($this->isOwner($user)) - return true; - - if ($this->isMember($user) && $this->perms & 0x040) - return true; - - if ($this->perms & 0x002) // accessible by public - return true; - - if ($this->parent != "") - { - $parent = new DBObject($this->parent); - - if ($parent->canAccessSub($user)) - return true; - } - else if ($this->owner != $this->guid) - { - $owner = new DBObject($this->owner); - - if ($owner->canAccessSub($user)) - return true; - } - - return false; - } - - /* - * Check if given user has permissions for this object - */ - function canCreateSub($user) - { - if ($user->admin) - return true; - - if ($this->isOwner($user)) - return true; - - if ($this->isMember($user) && $this->perms & 0x020) - return true; - - if ($this->perms & 0x001) // accessible by public - return true; - - if ($this->parent != "") - { - $parent = new DBObject($this->parent); - - if ($parent->canCreateSub($user)) - return true; - } - else if ($this->owner != $this->guid) - { - $owner = new DBObject($this->owner); - - if ($owner->canCreateSub($user)) - return true; - } - - return false; - } - - /* - * Check if given user has permissions for this object - */ - function canModifySub($user) - { - if ($user->admin) - return true; - - if ($this->isOwner($user)) - return true; - - if ($this->isMember($user) && $this->perms & 0x010) - return true; - - if ($this->parent != "") - { - $parent = new DBObject($this->parent); - - if ($parent->canModifySub($user)) - return true; - } - else if ($this->owner != $this->guid) - { - $owner = new DBObject($this->owner); - - if ($owner->canModifySub($user)) - return true; - } - - return false; - } - - /* - * Check if given user has permissions for this object - */ - function canModifySubMembers($user) - { - if ($user->admin) - return true; - - if ($this->isOwner($user)) - return true; - - if ($this->isMember($user) && $this->perms & 0x008) - return true; - - if ($this->parent != "") - { - $parent = new DBObject($this->parent); - - if ($parent->canModifySubMembers($user)) - return true; - } - else if ($this->owner != $this->guid) - { - $owner = new DBObject($this->owner); - - if ($owner->canModifySubMembers($user)) - return true; - } - - return false; - } - - /* - * Check if given user has permissions for this object - */ - function canModifySubPermissions($user) - { - if ($user->admin) - return true; - - if ($this->isOwner($user)) - return true; - - if ($this->parent != "") - { - $parent = new DBObject($this->parent); - - if ($parent->canModifySubPermissions($user)) - return true; - } - else if ($this->owner != $this->guid) - { - $owner = new DBObject($this->owner); - - if ($owner->canModifySubPermissions($user)) - return true; - } - - return false; - } - - /* * Get URL to this object */ function getURL() diff --git a/examples/class/setting.class.php b/examples/class/setting.class.php deleted file mode 100644 index c0965a3..0000000 --- a/examples/class/setting.class.php +++ /dev/null @@ -1,90 +0,0 @@ -<?php - -/* - * SCROTT Copyright (C) 2016 Malf Furious - * - * Scrott is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published - * by the Free Software Foundation, either version 3 of the License, - * or (at your option) any later version. - * - * Scrott is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public - * License for more details. - */ - -require_once "class/framework.class.php"; - -/* - * Scrott administrative settings - */ -class Setting extends Framework -{ - /* - * Helper function for getting setting values from the database - */ - static function getValue($key) - { - $db = parent::getDbConnection(); - $escdKey = $db->esc($key); - - $query = "SELECT `value` FROM `setting` WHERE `key` = '" . $escdKey . "'"; - $res = $db->query($query); - - if (count($res) == 0) - return false; - - return $res[0]['value']; - } - - /* - * Helper function for setting setting values on the database - */ - static function setValue($key, $value) - { - $db = parent::getDbConnection(); - $escdKey = $db->esc($key); - $escdValue = $db->esc($value); - - if (self::getValue($key) === false) - $query = "INSERT INTO setting (`key`, value) VALUES('" . $escdKey . "', '" . $escdValue . "')"; - else - $query = "UPDATE setting SET value = '" . $escdValue . "' WHERE `key` = '" . $escdKey . "'"; - - $db->query($query); - } - - /* - * Force or forbid SSL connections? - */ - static function settSSL($value = null) - { - $opt = "settSSL"; - - if ($value != null) - self::setValue($opt, $value); - - $value = self::getValue($opt); - - if ($value === false) - return "neither"; - - return $value; - } - - /* - * Should the app allow the public to signup their own accounts with Scrott? - */ - static function allowPublicSignup($value = null) - { - $opt = "allowPublicSignup"; - - if ($value != null) - self::setValue($opt, $value); - - return self::getValue($opt); - } -} - -?> |