summaryrefslogtreecommitdiffstats
path: root/app/class (follow)
AgeCommit message (Collapse)AuthorFilesLines
2019-01-12Add rudimentary system for launching a modal on page loadMalf Furious1-0/+24
If the $_SCROTT['AUTO_MODAL'] global is defined, it will refer to a modal's DOM ID to be shown once the page loads. Currently, an error state will supersede this and display the notice modal instead. Signed-off-by: Malf Furious <m@lfurio.us>
2019-01-12Define stricter username policyMalf Furious1-5/+8
Previously, you could log into an account named "MyAccount" by entering either "myaccount" or "MYACCOUNT" (or any other case conbination). This patch requires logins to succeed with case-sensitive usernames. I have also decided, that I wish to disallow duplicate usernames if the only difference between them is case. There can only be _ONE_ "myaccount" (of any case combination), even if he's known canonically as "MyAccount". This particular functionality is not changed by this patch. I'm just noting it as a deliberate decision not to change, by policy. Note that _passwords_ always have been, and still are, case-sensitive. They are salted and hashed before they even hit the database. Signed-off-by: Malf Furious <m@lfurio.us>
2019-01-12Bump version numberMalf Furious1-1/+1
Signed-off-by: Malf Furious <m@lfurio.us>
2018-11-10Bump version numberMalf Furious1-1/+1
Signed-off-by: Malf Furious <m@lfurio.us>
2018-11-10Add function agent::getContainedUsers()Malf Furious3-0/+27
This function helps further abstract agents. We want to get all users belonging to a pad that is owned by a group, or more specifically - an agent. If this agent is a user, that user is our only user to collect. If this agent is a group, we want to capture _it's_ owner along with all of it's members. Signed-off-by: Malf Furious <m@lfurio.us>
2018-11-05Add function pad::getClosedIssues_ordByClosed()Malf Furious1-0/+18
This returns an array of all issues which directly parent the pad object. These are the pad's closed issues. Most recently closed issues are first in the array. Signed-off-by: Malf Furious <m@lfurio.us>
2018-10-31Fix bug in image supportMalf Furious2-10/+13
Adds 'image/x-ms-bmp' as an allowed mimetype for images, and is equivalent to 'image/bmp'. The image module is also updated to expect this new type. I found an image of mine that, when uploaded, PHP thought was 'image/bmp', so it was allowed. However, when cropping, PHP though it was 'image/x-ms-bmp' and failed to lookup a loading/writing function. Signed-off-by: Malf Furious <m@lfurio.us>
2018-10-31Add bmp image supportMalf Furious2-0/+3
Adds 'image/bmp' as an allowed mimetype for images. The image module is also updated to expect this new type. Signed-off-by: Malf Furious <m@lfurio.us>
2018-10-31Add gif image supportMalf Furious2-0/+3
Adds 'image/gif' as an allowed mimetype for images. The image module is also updated to expect this new type. For background images, animated gifs will work properly. For head images, the cropping process truncates the image to only one frame; this is probably for the best. Signed-off-by: Malf Furious <m@lfurio.us>
2018-10-27Bump version numberMalf Furious1-1/+1
Signed-off-by: Malf Furious <m@lfurio.us>
2018-10-24obj: Fix bug in function getMesgs_ordByDatetime()Malf Furious1-2/+2
The SQL query here, as written, was omitting 'log' type messages from the results. Signed-off-by: Malf Furious <m@lfurio.us>
2018-10-21Revert "mesg: Update function makeIssue()"Malf Furious1-4/+3
This reverts commit 62872702dc413b7abab94d8a5a7bd21770b5d241.
2018-10-21agent: Add function isAssignedTo()Malf Furious1-0/+15
2018-10-21issue: Rewrite issue classMalf Furious1-54/+125
Revised implementation of redesigned data model.
2018-10-20mesg: Update function makeIssue()Malf Furious1-3/+4
This function is patched to co-operate with structural changes to the issue class.
2018-10-20issue: Add function isOpen()Malf Furious1-0/+8
2018-10-20issue: Add assigned timestampMalf Furious1-0/+2
2018-10-20issue: Add open/close dataMalf Furious1-1/+30
2018-10-20issue: Add author and authored fieldsMalf Furious1-0/+29
2018-09-24agent: Fix bug in function canAccess()Malf Furious1-1/+1
This is probabally more of an oops than a bug, although was causing unexpected behavior. When falling back to checking whether the agent has access to the object's owner, it was wrongly accessing through $this->owner, rather than $obj->owner (which is the function argument). This was probabally left over from how this function _used_ to be implemented (you would call on the object and pass in the user).
2018-09-23form: Fix bug in populate()Malf Furious1-1/+1
There was a problem with processing enum type fields. The way all other field types are asserted to be 'defined' is via: isset($field) && $field != "" Which works perfectly fine, and is exactly what we want. However, with enums the second part of that && can bite us if "" is in the list of acceptable values. This commit removed that half of the check (only for enum values) so that the empty string may be an acceptable enum value. If "" is not in the values array, then the check is implicitly reinstated.
2018-09-22database: Fix bug in function checkConfig()Malf Furious1-7/+4
Because of how this function was implemented, any failure during database instance construction is treated the same way. IE. we cannot tell the difference between 'no db config' (as is the initial default state) and a 'bad db config' (either bogus data, or the server happens to be down). Because of this, if, after the database access is initially set up, access to the db becomes unavailable or someone makes a bad edit to the dbconfig.php file, Scrott behaves as if it is being configured for the first time. This is *dangerous* behavior! (unexpected, at the least) The implication of this is that if Scrott's database access is ever incidentially interrupted, the very next visitor to the site is offered the chance to (silently) reconfigure the server to point to any database of his choosing. This patch updates the checkConfig() function to only 'soft fail' (return false) in the case where the configuration is _actually_ missing. IE. $_SCROTT['conf'] is not defined. This function will otherwise passthrough any and all exceptions which result from instanciating the database instance and will only return true if both of these steps succeed.
2018-09-21settings: Add key 'smtpResult'Malf Furious1-0/+8
This is not meant to be a user (admin) configurable key. Rather, this is a mechanism for success/failure results from interactions with PHPMailer to make their way back to the UI. Down the road, email sending functions should publish their true/false return value to this configuration key. The initial default value of "NULL" means no mail send attempts have taken place.
2018-09-20pad: Fix bug in function getStages()Malf Furious1-0/+3
In cases where the pad had no stages beneath it, `new stage($this->stage)` would construct an invalid object. As it turns out, calling ->getArray() on an uninitialized stage object yeilds bad results. Instead of patching the stage::getArray() function, I add a check to harden pad::getStages(). My reasoning for this is as follows: The bug in getArray() manifests from a domain error, ie. it's only because we are calling it on an uninitialized object. The object is already in a bad state prior to caling getArray(). Rather, I opt to patch getStages() so that we never create a bad object in the first place. Now, for no-stage pads, getStages() will return early an empty array.
2018-09-20table: Fix bug in constructorMalf Furious1-2/+2
This particular flaw was dampening (and could popentially be hiding) the effects of other bugs. For instance, in this case, a GUID of "" was invalidly being used to construct an object. This should obviously be considered an error, but since "" evaluates to false, the construction was treated as default (no GUID) construction and succedded. It wasn't until later when missing properties were accessed that random PHP error messages clued me into what was happening. Now, when any sort of explicit value is used to construct an object (not NULL), an object load will be attempted, giving bad input more chances to fail outright and trigger an exception. In addition, the 'no such guid' exception message is updated to place quotes ('') around the GUID string to make it more obvious when "" is used in the future.
2018-09-19table: Change function visibilities to publicMalf Furious1-2/+2
These two functions, 'getCurrentTimestamp()' and 'isGUID()' are updated to be public. There is actually no good reason for them to be private; I originally just never antisipated their use outside this class. I need isGUID() in index.php to help with page routing. Neither of these two functions have side effects of any kind nor any unexpected behavior, so there is no harm in going public.
2018-09-19globals: Remove single call assertions for setPage...() functionsMalf Furious1-12/+2
Removing these unnecessary checks. They are not protecting us from anything, only inconveniencing me in index.php.
2018-09-19Update all usage of saveFile()Malf Furious2-10/+9
Update all usage of saveFile() to use added saveIfFile() function, forwarding on the convenience to model code. Model code can pass in file field names, rather than $_FILES arrays directly.
2018-09-19globals: Add function saveIfFile()Malf Furious1-0/+15
This is an alternative function to globals' saveFile(), which allows model code to just pass in the name of the expected uploaded file, rather than requiring them to look up the file themselves. This is in line with my preference to encapsulate PHP superglobals access away from most of the codebase. Note that even if the user opts not to upload optional files, the associated file <input> field will still be present in $_FILES, with a special error code set (meaning 'no file uploaded') which setFile() ignores. It is only in the case of a malformed form submission that $_FILES will be missing the requested file field, prompting Scrott to throw an exception.
2018-09-16Add function obj::hasHeadImg()Malf Furious1-0/+10
We can check for the existence of an object's background image by calling getBgImg(), since it returns NULL when there is no such image. But getHeadImg() behaves differently, returning a path to 'static/img/null.jpg' (via df.php) when there is no image, making it more difficult to tell. This function addresses this concern.
2018-09-15Add function oneStr()Malf Furious1-0/+15
The initial intended use case for this is applying the "active" and "in active" classes to the first tab to appear in the settings modal.
2018-09-12Add function agent::getAgentObj()Malf Furious1-0/+17
This is basically a constructor for agent. The actual type returned is a contrete agent.
2018-09-07Fix typoMalf Furious1-1/+1
2018-09-07Fix bug in function table->loadObj()Malf Furious1-1/+7
If a table query yeilds zero rows, we would still attempt to load the first (index zero) into $this, causing an error to be thrown by PHP. We are now checking the size of the results array first.
2018-07-26Update function obj::getMembers()Malf Furious1-2/+7
Added a $limit argument to specify a maximum number of results to return.
2018-07-24Add $_SCROTT['PAGE_NAME'] variable and getter/setterMalf Furious1-0/+30
The intention is for index.php to set this variable. This is the text (HTML) displayed on the button for the pad select dropdown in the nav bar. Basically the canonical name of the page we're on.
2018-07-22Update function location()Malf Furious1-3/+6
Passing no argument (or NULL) now causes this function to redirect to the 'app-path' (current request page). This is a way to reload the current page.
2018-07-22Fix bug in agent 'has permission' functionsMalf Furious1-0/+27
The check that this commit adds to each of these functions enables users with all permissions on themselves.
2018-07-22Fix bug in function agent::isOwner()Malf Furious1-1/+4
If the argument doesn't have an owner, then an access error is thrown when we try to do ->guid. Since there is no owner, just return false. Otherwise, do the comparision as usual.
2018-07-21Change errorlevel constantsMalf Furious1-3/+3
2018-07-21Add PAGE_OBJECT global mechanismMalf Furious1-0/+33
This addresses a problem with most views. They need an object context to display in. IE what pad, group, etc. are we viewing? This variable is intended to be set by index.php and referenced by page models.
2018-02-11Address issue with user functions getCurrent() and setCurrent()Malf Furious1-2/+2
Previously, these functions would always call session_start() before doing most of their work. However, I've found that calling that function two or more times within the lifetime of a program results in NOTICE messages output from the PHP interpreter. Therefore, I am now only calling session_start() if the session is not already active.
2018-02-09Fix bug in function user::getCurrent()Malf Furious1-1/+11
If the session is set to an invalid (eg: deleted) user GUID, an exception is (correctly) thrown. This commit catches that and enables getCurrent() to close the bad session and return NULL.
2018-02-07Update class files to use renamed obj classMalf Furious5-43/+43
2018-02-07Rename object.class.php to reflect name of its classMalf Furious1-0/+0
2018-02-07Rename object classMalf Furious1-5/+5
Since 'object' is now a reserved word (as of PHP 7.2), I have to rename this class. I really preferred the name object, but obj will have to do.
2017-07-06Add function database::setConfig()Malf Furious1-0/+51
2017-06-27Add function input()Malf Furious1-0/+11
2017-06-27Add function isAction()Malf Furious1-0/+11
2017-06-27Add form classMalf Furious1-0/+179