OpencachingDeutschland/oc-server3
1
0
Fork 0
Code Issues Pull Requests Releases Activity

- session id is now generated from truly random value, previous used mysql UUID() had weak randomness

Browse Source 
- added session id brute force prevention to old template engine (as used in new template engine)
- forced login->verify() in old template engine
- removed unused login/logout related codes from old template engine
- uuid of new database records is now generated in before insert trigger
This commit is contained in:
ocoliver 2012-11-17 18:04:35 +01:00
parent 797fa10e83
commit a4aee625a9
17 changed files with 4048 additions and 4146 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
htdocs/config2/settings-dist.inc.php
View File

@ -179,10 +179,15 @@
$opt['page']['subtitle1'] = 'Geocaching with Opencaching';
$opt['page']['subtitle2'] = '';
$opt['page']['title'] = 'OPENCACHING';
$opt['page']['absolute_url'] = 'http://devel.opencaching.de/'; // may be overwritten by $opt['domain'][...]['uri']
$opt['page']['max_logins_per_hour'] = 25;
$opt['page']['showdonations'] = false; // Show donations button
$opt['page']['absolute_url'] = 'http://devel.opencaching.de/'; // may be overwritten by $opt['domain'][...]['uri']
/* maximum number of failed logins per hour before that IP address is blocked
* (used to prevent brute-force-attacks)
*/
$opt['page']['max_logins_per_hour'] = 25;
/* Sponsoring advertisements
* (plain HTML)
*/

42
htdocs/doc/sql/stored-proc/maintain.php
View File

@ -168,6 +168,19 @@
END;",
$opt['logic']['waypoint_pool']['valid_chars']);
sql_dropFunction('CREATE_UUID');
sql("CREATE FUNCTION `CREATE_UUID` () RETURNS VARCHAR(36) DETERMINISTIC SQL SECURITY INVOKER
BEGIN
SET @LAST_UUID = UUID();
RETURN @LAST_UUID;
END;");
sql_dropFunction('GET_LAST_UUID');
sql("CREATE FUNCTION `GET_LAST_UUID` () RETURNS VARCHAR(36) DETERMINISTIC SQL SECURITY INVOKER
BEGIN
RETURN @LAST_UUID;
END;");
/* Stored procedures containing database logic
*/
@ -504,6 +517,10 @@
SET NEW.`is_publishdate`=1;
END IF;
SET NEW.`need_npa_recalc`=1;
IF ISNULL(NEW.`uuid`) OR NEW.`uuid`='' THEN
SET NEW.`uuid`=CREATE_UUID();
END IF;
END;");
sql_dropTrigger('cachesAfterInsert');
@ -612,6 +629,10 @@
SET NEW.`date_created`=NOW();
SET NEW.`last_modified`=NOW();
END IF;
IF ISNULL(NEW.`uuid`) OR NEW.`uuid`='' THEN
SET NEW.`uuid`=CREATE_UUID();
END IF;
END;");
sql_dropTrigger('cacheDescAfterInsert');
@ -698,6 +719,10 @@
SET NEW.`date_created`=NOW();
SET NEW.`last_modified`=NOW();
END IF;
IF ISNULL(NEW.`uuid`) OR NEW.`uuid`='' THEN
SET NEW.`uuid`=CREATE_UUID();
END IF;
END;");
sql_dropTrigger('cacheLogsAfterInsert');
@ -709,7 +734,7 @@
DECLARE cur1 CURSOR FOR SELECT `cache_watches`.`user_id` FROM `cache_watches` INNER JOIN `caches` ON `cache_watches`.`cache_id`=`caches`.`cache_id` INNER JOIN `cache_status` ON `caches`.`status`=`cache_status`.`id` WHERE `cache_watches`.`cache_id`=NEW.cache_id AND `cache_status`.`allow_user_view`=1;
DECLARE CONTINUE HANDLER FOR NOT FOUND SET done = 1;
CALL sp_update_logstat(NEW.`cache_id`, NEW.`user_id`, NEW.`type`, FALSE);
CALL sp_update_logstat(NEW.`cache_id`, NEW.`user_id`, NEW.`type`, FALSE);
OPEN cur1;
REPEAT
@ -863,6 +888,10 @@
SET NEW.`date_created`=NOW();
SET NEW.`last_modified`=NOW();
END IF;
IF ISNULL(NEW.`uuid`) OR NEW.`uuid`='' THEN
SET NEW.`uuid`=CREATE_UUID();
END IF;
END;");
sql_dropTrigger('picturesAfterInsert');
@ -1002,6 +1031,10 @@
SET NEW.`date_created`=NOW();
SET NEW.`last_modified`=NOW();
END IF;
IF ISNULL(NEW.`uuid`) OR NEW.`uuid`='' THEN
SET NEW.`uuid`=CREATE_UUID();
END IF;
END;");
sql_dropTrigger('userBeforeUpdate');
@ -1085,6 +1118,13 @@
SET NEW.`date_created`=NOW();
END;");
sql_dropTrigger('sysSessionsBeforeInsert');
sql("CREATE TRIGGER `sysSessionsBeforeInsert` BEFORE INSERT ON `sys_sessions`
FOR EACH ROW
BEGIN
SET NEW.`last_login`=NOW();
END;");
sql_dropTrigger('sysSessionsAfterInsert');
sql("CREATE TRIGGER `sysSessionsAfterInsert` AFTER INSERT ON `sys_sessions`
FOR EACH ROW

164
htdocs/lib/auth.inc.php
View File

@ -1,117 +1,49 @@
<?php
/***************************************************************************
./lib/auth.inc.php
--------------------
begin : Fri September 16 2005
For license information see doc/license.txt
***************************************************************************/
/****************************************************************************
Unicode Reminder メモ
all login/logout related functions
Dont include this file by hand - it will be included from common.inc.php
****************************************************************************/
require($opt['rootpath'] . 'lib/login.class.php');
$autherr = 0;
define('AUTHERR_NOERROR', 0);
define('AUTHERR_TOOMUCHLOGINS', 1);
define('AUTHERR_INVALIDEMAIL', 2);
define('AUTHERR_WRONGAUTHINFO', 3);
define('AUTHERR_USERNOTACTIVE', 4);
/* auth_UsernameFromID - get the username from the given id,
* otherwise false
*/
function auth_UsernameFromID($userid)
{
//select the right user
$rs = sql("SELECT `username` FROM `user` WHERE `user_id`='&1'", $userid);
if (mysql_num_rows($rs) > 0)
{
$record = sql_fetch_array($rs);
return $record['username'];
}
else
{
//user not exists
return false;
}
}
/* auth_user - fills usr[]
* no return value
*/
function auth_user()
{
global $usr, $login;
$login->verify();
if ($login->userid != 0)
{
//set up $usr array
$usr['userid'] = $login->userid;
$usr['email'] = sqlValue("SELECT `email` FROM `user` WHERE `user_id`='" . sql_escape($login->userid) . "'", '');
$usr['username'] = $login->username;
}
else
$usr = false;
return;
}
/* auth_login - try to log in a user
* returns the userid on success, otherwise false
*/
function auth_login($user, $password)
{
global $login, $autherr;
$retval = $login->try_login($user, $password, null);
switch ($retval)
{
case LOGIN_TOOMUCHLOGINS:
$autherr = AUTHERR_TOOMUCHLOGINS;
return false;
case LOGIN_USERNOTACTIVE:
$autherr = AUTHERR_USERNOTACTIVE;
return false;
case LOGIN_BADUSERPW:
$autherr = AUTHERR_WRONGAUTHINFO;
return false;
case LOGIN_OK:
$autherr = AUTHERR_NOERROR;
return $login->userid;
default:
$autherr = AUTHERR_WRONGAUTHINFO;
return false;
}
}
/* auth_logout - log out the user
* returns false if the user wasn't logged in, true if success
*/
function auth_logout()
{
global $login, $usr;
if ($login->userid != 0)
{
$login->logout();
return true;
}
else
{
$usr = false;
return false;
}
}
<?php
/***************************************************************************
./lib/auth.inc.php
--------------------
begin : Fri September 16 2005
For license information see doc/license.txt
***************************************************************************/
/****************************************************************************
Unicode Reminder メモ
all login/logout related functions (reduced to auth_user, becuase
all other functions are handled by lib2/login.class.php)
Dont include this file by hand - it will be included from common.inc.php
****************************************************************************/
require($opt['rootpath'] . 'lib/login.class.php');
$autherr = 0;
define('AUTHERR_NOERROR', 0);
define('AUTHERR_TOOMUCHLOGINS', 1);
define('AUTHERR_INVALIDEMAIL', 2);
define('AUTHERR_WRONGAUTHINFO', 3);
define('AUTHERR_USERNOTACTIVE', 4);
/* auth_user - fills usr[]
* no return value
*/
function auth_user()
{
global $usr, $login;
$login->verify();
if ($login->userid != 0)
{
//set up $usr array
$usr['userid'] = $login->userid;
$usr['email'] = sqlValue("SELECT `email` FROM `user` WHERE `user_id`='" . sql_escape($login->userid) . "'", '');
$usr['username'] = $login->username;
}
else
$usr = false;
return;
}
?>

14
htdocs/lib/clicompatbase.inc.php
View File

@ -69,20 +69,6 @@
$module, $eventid, $userid, $objectid1, $objectid2, $logtext, serialize($details));
}
//create a "universal unique" replication "identifier"
function create_uuid()
{
$uuid = mb_strtoupper(md5(uniqid(rand(), true)));
//split into XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX (type VARCHAR 36, case insensitiv)
$uuid = mb_substr($uuid, 0, 8) . '-' . mb_substr($uuid, -24);
$uuid = mb_substr($uuid, 0, 13) . '-' . mb_substr($uuid, -20);
$uuid = mb_substr($uuid, 0, 18) . '-' . mb_substr($uuid, -16);
$uuid = mb_substr($uuid, 0, 23) . '-' . mb_substr($uuid, -12);
return $uuid;
}
// set a unique waypoint to this cache
function setCacheWaypoint($cacheid)
{

397
htdocs/lib/login.class.php
View File

@ -1,232 +1,167 @@
<?php
/***************************************************************************
* For license information see doc/license.txt
*
* Unicode Reminder メモ
*
* This class provides access to the login user data. Informations are
* stored in a cookie. Authentication has 2 levels unverified and verified.
*
* Unverified means: In the cookie is a userid and username provided, but
* the system didn't checked if that information is valid.
* This is good enough, if the login information is only
* used to display e.g. the loginbox. There is no
* security-hole if someone cheats the cookie.
*
* Verified means: In the cookie is a userid and username provided and
* the system checkd the information. A valid login-
* session exists. You have to verify the login-session
* when you read personal informations or write
* logentries, caches etc. to the database.
*
* Methods:
* verify() validate the login-session
* try_login() try to login with the given user/password
* logout() logout the user
*
* Properties:
* userid Integer 0 if no login, userid otherwise
* username String username or ''
*
***************************************************************************/
define('LOGIN_OK', 0); // login succeeded
define('LOGIN_BADUSERPW', 1); // bad username or password
define('LOGIN_TOOMUCHLOGINS', 2); // too many logins in short time
define('LOGIN_USERNOTACTIVE', 3); // the useraccount locked
// login times in seconds
define('LOGIN_TIME', 60*60);
define('LOGIN_TIME_PERMANENT', 90*24*60*60);
$login = new login();
class login
{
var $userid = 0;
var $username = '';
var $lastlogin = 0;
var $permanent = false;
var $sessionid = '';
var $verified = false;
var $admin = false;
function login()
{
global $cookie;
if ($cookie->is_set('userid') && $cookie->is_set('username'))
{
$this->userid = $cookie->get('userid')+0;
$this->username = $cookie->get('username');
$this->permanent = (($cookie->get('permanent')+0) == 1);
$this->lastlogin = $cookie->get('lastlogin');
$this->sessionid = $cookie->get('sessionid');
$this->admin = (($cookie->get('admin')+0) == 1);
$this->verified = false;
// wenn lastlogin zu 50% abgelaufen, verify()
// permanent = 90 Tage, sonst 60 Minuten
if ((($this->permanent == true) && (strtotime($this->lastlogin) + LOGIN_TIME/2 < time())) ||
(($this->permanent == false) && (strtotime($this->lastlogin) + LOGIN_TIME_PERMANENT/2 < time())))
$this->verify();
if ($this->admin != false)
$this->verify();
}
else
$this->pClear();
}
function pClear()
{
// set to no valid login
$this->userid = 0;
$this->username = '';
$this->permanent = false;
$this->lastlogin = '';
$this->sessionid = '';
$this->admin = false;
$this->verified = true;
$this->pStoreCookie();
}
function pStoreCookie()
{
global $cookie;
$cookie->set('userid', $this->userid);
$cookie->set('username', $this->username);
$cookie->set('permanent', ($this->permanent==true ? 1 : 0));
$cookie->set('lastlogin', $this->lastlogin);
$cookie->set('sessionid', $this->sessionid);
$cookie->set('admin', ($this->admin==true ? 1 : 0));
}
function verify()
{
if ($this->verified == true)
return;
if ($this->userid == 0)
{
$this->pClear();
return;
}
$min_lastlogin = date('Y-m-d H:i:s', time() - LOGIN_TIME);
$min_lastlogin_permanent = date('Y-m-d H:i:s', time() - LOGIN_TIME_PERMANENT);
$rs = sql("SELECT `sys_sessions`.`last_login`, `user`.`admin` FROM &db.`sys_sessions`, &db.`user` WHERE `sys_sessions`.`user_id`=`user`.`user_id` AND `user`.`is_active_flag`=1 AND `sys_sessions`.`uuid`='&1' AND `sys_sessions`.`user_id`='&2' AND ((`sys_sessions`.`permanent`=1 AND `sys_sessions`.`last_login`>'&3') OR (`sys_sessions`.`permanent`=0 AND `sys_sessions`.`last_login`>'&4'))", $this->sessionid, $this->userid, $min_lastlogin_permanent, $min_lastlogin);
if ($rUser = sql_fetch_assoc($rs))
{
if ((($this->permanent == true) && (strtotime($rUser['last_login']) + LOGIN_TIME/2 < time())) ||
(($this->permanent == false) && (strtotime($rUser['last_login']) + LOGIN_TIME_PERMANENT/2 < time())))
{
sql("UPDATE `sys_sessions` SET `sys_sessions`.`last_login`=NOW() WHERE `sys_sessions`.`uuid`='&1' AND `sys_sessions`.`user_id`='&2'", $this->sessionid, $this->userid);
$rUser['last_login'] = date('Y-m-d H:i:s');
}
// user.last_login is used for statics, so we keep it up2date
sql("UPDATE `user` SET `user`.`last_login`=NOW() WHERE `user`.`user_id`='&1'", $this->userid);
$this->lastlogin = $rUser['last_login'];
$this->admin = ($rUser['admin'] == 1);
$this->verified = true;
}
else
{
// prevent bruteforce
sql("INSERT INTO `sys_logins` (`remote_addr`, `success`) VALUES ('&1', 0)", $_SERVER['REMOTE_ADDR']);
$this->pClear();
}
sql_free_result($rs);
$this->pStoreCookie();
return;
}
function try_login($user, $password, $permanent)
{
global $opt;
$this->pClear();
// check the number of logins in the last hour ...
sql("DELETE FROM `sys_logins` WHERE `timestamp`<'&1'", date('Y-m-d H:i:s', time() - 3600));
$logins_count = sqlValue("SELECT COUNT(*) `count` FROM `sys_logins` WHERE `remote_addr`='" . sql_escape($_SERVER['REMOTE_ADDR']) . "'", 0);
if ($logins_count > 24)
return LOGIN_TOOMUCHLOGINS;
// delete old sessions
$min_lastlogin_permanent = date('Y-m-d H:i:s', time() - LOGIN_TIME_PERMANENT);
sql("DELETE FROM `sys_sessions` WHERE `last_login`<'&1'", $min_lastlogin_permanent);
$pwmd5 = md5($password);
if ($opt['login']['hash'])
$pwmd5 = hash('sha512', $pwmd5);
// compare $user with email and username, if both matches use email
$rsUser = sql("SELECT `user_id`, `username`, 2 AS `prio`, `is_active_flag`, `permanent_login_flag`, `admin` FROM `user` WHERE `username`='&1' AND `password`='&2' UNION
SELECT `user_id`, `username`, 1 AS `prio`, `is_active_flag`, `permanent_login_flag`, `admin` FROM `user` WHERE `email`='&1' AND `password`='&2' ORDER BY `prio` ASC LIMIT 1", $user, $pwmd5);
$rUser = sql_fetch_assoc($rsUser);
sql_free_result($rsUser);
if ($permanent == null)
$permanent = ($rUser['permanent_login_flag'] == 1);
if ($rUser)
{
// ok, there is a valid login
if ($rUser['is_active_flag'] != 0)
{
// begin session
$uuid = sqlValue('SELECT UUID()', '');
sql("INSERT INTO `sys_sessions` (`uuid`, `user_id`, `permanent`, `last_login`) VALUES ('&1', '&2', '&3', NOW())", $uuid, $rUser['user_id'], ($permanent!=false ? 1 : 0));
$this->userid = $rUser['user_id'];
$this->username = $rUser['username'];
$this->permanent = $permanent;
$this->lastlogin = date('Y-m-d H:i:s');
$this->sessionid = $uuid;
$this->admin = ($rUser['admin'] == 1);
$this->verified = true;
$retval = LOGIN_OK;
}
else
$retval = LOGIN_USERNOTACTIVE;
}
else
{
// sorry, bad login
$retval = LOGIN_BADUSERPW;
}
sql("INSERT INTO `sys_logins` (`remote_addr`, `success`, `timestamp`) VALUES ('&1', '&2', NOW())", $_SERVER['REMOTE_ADDR'], ($rUser===false ? 0 : 1));
// store to cookie
$this->pStoreCookie();
return $retval;
}
function logout()
{
sql("DELETE FROM `sys_sessions` WHERE `uuid`='&1' AND `user_id`='&2'", $this->sessionid, $this->userid);
$this->pClear();
}
public function hasAdminPriv($privilege = false)
{
global $cookie;
$this->verify();
if ($privilege === false)
return $this->admin != 0;
return ($this->admin & $privilege) == $privilege;
}
}
<?php
/***************************************************************************
* For license information see doc/license.txt
*
* Unicode Reminder メモ
*
* This class provides access to the login user data. Informations are
* stored in a cookie.
*
* Methods:
* verify() validate the login-session
*
* Properties:
* userid Integer 0 if no login, userid otherwise
* username String username or ''
*
***************************************************************************/
define('LOGIN_UNKNOWN_ERROR', -1); // unkown error occured
define('LOGIN_OK', 0); // login succeeded
define('LOGIN_BADUSERPW', 1); // bad username or password
define('LOGIN_TOOMUCHLOGINS', 2); // too many logins in short time
define('LOGIN_USERNOTACTIVE', 3); // the useraccount locked
define('LOGIN_EMPTY_USERPASSWORD', 4); // given username/password was empty
define('LOGIN_LOGOUT_OK', 5); // logout was successfull
// login times in seconds
define('LOGIN_TIME', 60*60);
define('LOGIN_TIME_PERMANENT', 90*24*60*60);
$login = new login();
class login
{
var $userid = 0;
var $username = '';
var $lastlogin = 0;
var $permanent = false;
var $sessionid = '';
var $verified = false;
var $admin = false;
function login()
{
global $cookie;
if ($cookie->is_set('userid') && $cookie->is_set('username'))
{
$this->userid = $cookie->get('userid')+0;
$this->username = $cookie->get('username');
$this->permanent = (($cookie->get('permanent')+0) == 1);
$this->lastlogin = $cookie->get('lastlogin');
$this->sessionid = $cookie->get('sessionid');
$this->admin = (($cookie->get('admin')+0) == 1);
$this->verified = false;
$this->verify();
}
else
$this->pClear();
}
function pClear()
{
// set to no valid login
$this->userid = 0;
$this->username = '';
$this->permanent = false;
$this->lastlogin = '';
$this->sessionid = '';
$this->admin = false;
$this->verified = true;
$this->pStoreCookie();
}
function pStoreCookie()
{
global $cookie;
$cookie->set('userid', $this->userid);
$cookie->set('username', $this->username);
$cookie->set('permanent', ($this->permanent==true ? 1 : 0));
$cookie->set('lastlogin', $this->lastlogin);
$cookie->set('sessionid', $this->sessionid);
$cookie->set('admin', ($this->admin==true ? 1 : 0));
}
function verify()
{
if ($this->verified == true)
return;
if ($this->userid == 0)
{
$this->pClear();
return;
}
if ($this->checkLoginsCount() == false)
{
$this->pClear();
return;
}
$min_lastlogin = date('Y-m-d H:i:s', time() - LOGIN_TIME);
$min_lastlogin_permanent = date('Y-m-d H:i:s', time() - LOGIN_TIME_PERMANENT);
$rs = sql("SELECT `sys_sessions`.`last_login`, `user`.`admin` FROM &db.`sys_sessions`, &db.`user` WHERE `sys_sessions`.`user_id`=`user`.`user_id` AND `user`.`is_active_flag`=1 AND `sys_sessions`.`uuid`='&1' AND `sys_sessions`.`user_id`='&2' AND ((`sys_sessions`.`permanent`=1 AND `sys_sessions`.`last_login`>'&3') OR (`sys_sessions`.`permanent`=0 AND `sys_sessions`.`last_login`>'&4'))", $this->sessionid, $this->userid, $min_lastlogin_permanent, $min_lastlogin);
if ($rUser = sql_fetch_assoc($rs))
{
if ((($this->permanent == true) && (strtotime($rUser['last_login']) + LOGIN_TIME/2 < time())) ||
(($this->permanent == false) && (strtotime($rUser['last_login']) + LOGIN_TIME_PERMANENT/2 < time())))
{
sql("UPDATE `sys_sessions` SET `sys_sessions`.`last_login`=NOW() WHERE `sys_sessions`.`uuid`='&1' AND `sys_sessions`.`user_id`='&2'", $this->sessionid, $this->userid);
$rUser['last_login'] = date('Y-m-d H:i:s');
}
// user.last_login is used for statics, so we keep it up2date
sql("UPDATE `user` SET `user`.`last_login`=NOW() WHERE `user`.`user_id`='&1'", $this->userid);
$this->lastlogin = $rUser['last_login'];
$this->admin = ($rUser['admin'] == 1);
$this->verified = true;
}
else
{
// prevent bruteforce
sql("INSERT INTO `sys_logins` (`remote_addr`, `success`) VALUES ('&1', 0)", $_SERVER['REMOTE_ADDR']);
$this->pClear();
}
sql_free_result($rs);
$this->pStoreCookie();
return;
}
public function hasAdminPriv($privilege = false)
{
global $cookie;
$this->verify();
if ($privilege === false)
return $this->admin != 0;
return ($this->admin & $privilege) == $privilege;
}
function checkLoginsCount()
{
global $opt;
// cleanup old entries
// (execute only every 50 search calls)
if (rand(1, 50) == 1)
sql("DELETE FROM `sys_logins` WHERE `date_created`<'&1'", date('Y-m-d H:i:s', time() - 3600));
// check the number of logins in the last hour ...
$logins_count = sqlValue("SELECT COUNT(*) `count` FROM `sys_logins` WHERE `remote_addr`='" . sql_escape($_SERVER['REMOTE_ADDR']) . "' AND `date_created`>'" . sql_escape(date('Y-m-d H:i:s', time() - 3600)) . "'", 0);
if ($logins_count > $opt['page']['max_logins_per_hour'])
return false;
else
return true;
}
}
?>

5
htdocs/lib/settings-dist.inc.php
View File

@ -117,6 +117,11 @@
$cachemap_dir = $rootpath . $cachemap_url;
$opt['translate']['debug'] = false;
/* maximum number of failed logins per hour before that IP address is blocked
* (used to prevent brute-force-attacks)
*/
$opt['page']['max_logins_per_hour'] = 25;
// copy of config2/settings-dist.inc.php
/* pregenerated waypoint list for new caches

858
htdocs/lib2/logic/cache.class.php
View File

@ -1,430 +1,430 @@
<?php
/***************************************************************************
* For license information see doc/license.txt
*
* Unicode Reminder メモ
*
* get/set has to be commited with save
* add/remove etc. is executed instantly
***************************************************************************/
require_once($opt['rootpath'] . 'lib2/logic/rowEditor.class.php');
class cache
{
var $nCacheId = 0;
var $reCache;
static function cacheIdFromWP($wp)
{
$cacheid = 0;
if (mb_strtoupper(mb_substr($wp, 0, 2)) == 'GC')
{
$rs = sql("SELECT `cache_id` FROM `caches` WHERE `wp_gc`='&1'", $wp);
if (sql_num_rows($rs) != 1)
{
sql_free_result($rs);
return null;
}
$r = sql_fetch_assoc($rs);
sql_free_result($rs);
$cacheid = $r['cache_id'];
}
else if (mb_strtoupper(mb_substr($wp, 0, 1)) == 'N')
{
$rs = sql("SELECT `cache_id` FROM `caches` WHERE `wp_nc`='&1'", $wp);
if (sql_num_rows($rs) != 1)
{
sql_free_result($rs);
return null;
}
$r = sql_fetch_assoc($rs);
sql_free_result($rs);
$cacheid = $r['cache_id'];
}
else
{
$cacheid = sql_value("SELECT `cache_id` FROM `caches` WHERE `wp_oc`='&1'", 0, $wp);
}
return $cacheid;
}
static function fromWP($wp)
{
$cacheid = cache::cacheIdFromWP($wp);
if ($cacheid == 0)
return null;
return new cache($cacheid);
}
static function cacheIdFromUUID($uuid)
{
$cacheid = sql_value("SELECT `cache_id` FROM `caches` WHERE `uuid`='&1'", 0, $uuid);
return $cacheid;
}
static function fromUUID($uuid)
{
$cacheid = cache::cacheIdFromUUID($uuid);
if ($cacheid == 0)
return null;
return new cache($cacheid);
}
function __construct($nNewCacheId=ID_NEW)
{
$this->reCache = new rowEditor('caches');
$this->reCache->addPKInt('cache_id', null, false, RE_INSERT_AUTOINCREMENT);
$this->reCache->addString('uuid', '', false, RE_INSERT_OVERWRITE|RE_INSERT_UUID);
$this->reCache->addInt('node', 0, false);
$this->reCache->addDate('date_created', time(), true, RE_INSERT_IGNORE);
$this->reCache->addDate('last_modified', time(), true, RE_INSERT_IGNORE);
$this->reCache->addInt('user_id', 0, false);
$this->reCache->addString('name', '', false);
$this->reCache->addDouble('longitude', 0, false);
$this->reCache->addDouble('latitude', 0, false);
$this->reCache->addInt('type', 1, false);
$this->reCache->addInt('status', 5, false);
$this->reCache->addString('country', '', false);
$this->reCache->addDate('date_hidden', time(), false);
$this->reCache->addInt('size', 1, false);
$this->reCache->addFloat('difficulty', 1, false);
$this->reCache->addFloat('terrain', 1, false);
$this->reCache->addString('logpw', '', false);
$this->reCache->addFloat('search_time', 0, false);
$this->reCache->addFloat('way_length', 0, false);
$this->reCache->addString('wp_oc', null, true);
$this->reCache->addString('wp_gc', '', false);
$this->reCache->addString('wp_nc', '', false);
$this->reCache->addString('desc_languages', '', false, RE_INSERT_IGNORE);
$this->reCache->addString('default_desclang', '', false);
$this->reCache->addDate('date_activate', null, true);
$this->reCache->addInt('need_npa_recalc', 1, false, RE_INSERT_IGNORE);
$this->nCacheId = $nNewCacheId+0;
if ($nNewCacheId == ID_NEW)
{
$this->reCache->addNew(null);
}
else
{
$this->reCache->load($this->nCacheId);
}
}
function exist()
{
return $this->reCache->exist();
}
function getCacheId()
{
return $this->nCacheId;
}
function getStatus()
{
return $this->reCache->getValue('status');
}
function getType()
{
return $this->reCache->getValue('type');
}
function getName()
{
return $this->reCache->getValue('name');
}
function getLongitude()
{
return $this->reCache->getValue('longitude');
}
function getLatitude()
{
return $this->reCache->getValue('latitude');
}
function getUserId()
{
return $this->reCache->getValue('user_id');
}
function getUsername()
{
return sql_value("SELECT `username` FROM `user` WHERE `user_id`='&1'", '', $this->getUserId());
}
function getWPOC()
{
return $this->reCache->getValue('wp_oc');
}
function getWPGC()
{
return $this->reCache->getValue('wp_gc');
}
function getWPNC()
{
return $this->reCache->getValue('wp_nc');
}
function getUUID()
{
return $this->reCache->getValue('uuid');
}
function getLastModified()
{
return $this->reCache->getValue('last_modified');
}
function getDateCreated()
{
return $this->reCache->getValue('date_created');
}
function getNode()
{
return $this->reCache->getValue('node');
}
function setNode($value)
{
return $this->reCache->setValue('node', $value);
}
function setStatus($value)
{
if (sql_value("SELECT COUNT(*) FROM `cache_status` WHERE `id`='&1'", 0, $value) == 1)
{
return $this->reCache->setValue('status', $value);
}
else
{
return false;
}
}
function getAnyChanged()
{
return $this->reCache->getAnyChanged();
}
// return if successfull (with insert)
function save()
{
if ($this->reCache->save())
{
sql_slave_exclude();
return true;
}
else
return false;
}
function requireLogPW()
{
return $this->reCache->getValue('logpw') != '';
}
// TODO: use prepared one way hash
function validateLogPW($nLogType, $sLogPW)
{
if ($sLogPW == '')
return true;
if (sql_value("SELECT `require_password` FROM `log_types` WHERE `id`='&1'", 0, $nLogType) == 0)
return true;
return ($sLogPW == $this->reCache->getValue('logpw'));
}
static function visitCounter($nVisitUserId, $sRemoteAddr, $nCacheId)
{
// delete cache_visits older 1 day 60*60*24 = 86400
sql("DELETE FROM `cache_visits` WHERE `cache_id`='&1' AND `user_id_ip`!='0' AND NOW()-`last_modified`>86400", $nCacheId);
if ($nVisitUserId==0)
$sIdentifier = $sRemoteAddr;
else
$sIdentifier = $nVisitUserId;
// note the visit of this user
sql("INSERT INTO `cache_visits` (`cache_id`, `user_id_ip`, `count`) VALUES (&1, '&2', 1)
ON DUPLICATE KEY UPDATE `count`=`count`+1", $nCacheId, $sIdentifier);
// if the previous statement does an INSERT, it was the first visit for this user
if (sql_affected_rows() == 1)
{
if ($nVisitUserId != sql_value("SELECT `user_id` FROM `caches` WHERE `cache_id`='&1'", 0, $nCacheId))
{
// increment the counter for this cache
sql("INSERT INTO `cache_visits` (`cache_id`, `user_id_ip`, `count`) VALUES (&1, '0', 1)
ON DUPLICATE KEY UPDATE `count`=`count`+1", $nCacheId);
}
}
}
static function getLogsCount($cacheid)
{
//prepare the logs
$rsLogs = sql("SELECT COUNT(*) FROM `cache_logs` WHERE `cache_id`='&1'", $cacheid);
$rLog = sql_fetch_assoc($rsLogs);
sql_free_result($rsLogs);
return $rLog;
}
static function getLogsArray($cacheid, $start, $count)
{
//prepare the logs
$rsLogs = sql("
SELECT `cache_logs`.`user_id` AS `userid`,
`cache_logs`.`id` AS `id`,
`cache_logs`.`uuid` AS `uuid`,
`cache_logs`.`date` AS `date`,
`cache_logs`.`type` AS `type`,
`cache_logs`.`text` AS `text`,
`cache_logs`.`text_html` AS `texthtml`,
`cache_logs`.`picture`,
`user`.`username` AS `username`,
IF(ISNULL(`cache_rating`.`cache_id`), 0, `cache_logs`.`type` IN (1,7)) AS `recommended`
FROM `cache_logs`
INNER JOIN `user` ON `user`.`user_id` = `cache_logs`.`user_id`
LEFT JOIN `cache_rating` ON `cache_logs`.`cache_id`=`cache_rating`.`cache_id` AND `cache_logs`.`user_id`=`cache_rating`.`user_id`
WHERE `cache_logs`.`cache_id`='&1'
ORDER BY `cache_logs`.`date` DESC, `cache_logs`.`Id` DESC LIMIT &2, &3", $cacheid, $start+0, $count+0);
$logs = array();
while ($rLog = sql_fetch_assoc($rsLogs))
{
$pictures = array();
$rsPictures = sql("SELECT `url`, `title`, `uuid` FROM `pictures` WHERE `object_id`='&1' AND `object_type`=1", $rLog['id']);
while ($rPicture = sql_fetch_assoc($rsPictures))
$pictures[] = $rPicture;
sql_free_result($rsPictures);
$rLog['pictures'] = $pictures;
$logs[] = $rLog;
}
sql_free_result($rsLogs);
return $logs;
}
function report($userid, $reportreason, $reportnote)
{
sql("INSERT INTO cache_reports (`cacheid`, `userid`, `reason`, `note`)
VALUES(&1, &2, &3, '&4')",
$this->nCacheId, $userid, $reportreason, $reportnote);
return true;
}
function addAdoption($userid)
{
if ($this->allowEdit() == false)
return false;
if (sql_value("SELECT COUNT(*) FROM `user` WHERE `user_id`='&1' AND `is_active_flag`=1", 0, $userid) == 0)
return false;
// same user?
if ($this->getUserId() == $userid)
return false;
sql("INSERT IGNORE INTO `cache_adoption` (`cache_id`, `user_id`) VALUES ('&1', '&2')", $this->nCacheId, $userid);
return true;
}
function cancelAdoption($userid)
{
global $login;
if ($this->allowEdit() == false && $login->userid != $userid)
return false;
sql("DELETE FROM `cache_adoption` WHERE `user_id`='&1' AND `cache_id`='&2'", $userid, $this->nCacheId);
return true;
}
function commitAdoption($userid)
{
global $login;
// cache_adoption exists?
if (sql_value("SELECT COUNT(*) FROM `cache_adoption` WHERE `cache_id`='&1' AND `user_id`='&2'", 0, $this->nCacheId, $userid) == 0)
return false;
// new user active?
if (sql_value("SELECT `is_active_flag` FROM `user` WHERE `user_id`='&1'", 0, $userid) != 1)
return false;
sql("INSERT INTO `logentries` (`module`, `eventid`, `userid`, `objectid1`, `objectid2`, `logtext`)
VALUES ('cache', 5, '&1', '&2', '&3', '&4')",
$login->userid, $this->nCacheId, 0,
'Cache ' . sql_escape($this->nCacheId) . ' has changed the owner from userid ' . sql_escape($this->getUserId()) . ' to ' . sql_escape($userid) . ' by ' . sql_escape($login->userid));
sql("UPDATE `caches` SET `user_id`='&1' WHERE `cache_id`='&2'", $userid, $this->nCacheId);
sql("DELETE FROM `cache_adoption` WHERE `cache_id`='&1'", $this->nCacheId);
$this->reCache->setValue('user_id', $userid);
return true;
}
// true if anyone can view the cache
function isPublic()
{
return (sql_value("SELECT `allow_user_view` FROM `cache_status` WHERE `id`='&1'", 0, $this->getStatus()) == 1);
}
function allowView()
{
global $login;
if ($this->isPublic())
return true;
$login->verify();
if (($login->admin & ADMIN_USER) == ADMIN_USER)
return true;
else if ($this->getUserId() == $login->userid)
return true;
return false;
}
function allowEdit()
{
global $login;
$login->verify();
if ($this->getUserId() == $login->userid)
return true;
return false;
}
function allowLog()
{
global $login;
$login->verify();
if ($this->getUserId() == $login->userid)
return true;
return (sql_value("SELECT `allow_user_log` FROM `cache_status` WHERE `id`='&1'", 0, $this->getStatus()) == 1);
}
function isRecommendedByUser($nUserId)
{
return (sql_value("SELECT COUNT(*) FROM `cache_rating` WHERE `cache_id`='&1' AND `user_id`='&2'", 0, $this->nCacheId, $nUserId) > 0);
}
function addRecommendation($nUserId)
{
// rating_date will be set to NOW() by Insert-trigger
sql("INSERT IGNORE INTO `cache_rating` (`cache_id`, `user_id`) VALUES ('&1', '&2')", $this->nCacheId, $nUserId);
}
function removeRecommendation($nUserId)
{
sql("DELETE FROM `cache_rating` WHERE `cache_id`='&1' AND `user_id`='&2'", $this->nCacheId, $nUserId);
}
}
<?php
/***************************************************************************
* For license information see doc/license.txt
*
* Unicode Reminder メモ
*
* get/set has to be commited with save
* add/remove etc. is executed instantly
***************************************************************************/
require_once($opt['rootpath'] . 'lib2/logic/rowEditor.class.php');
class cache
{
var $nCacheId = 0;
var $reCache;
static function cacheIdFromWP($wp)
{
$cacheid = 0;
if (mb_strtoupper(mb_substr($wp, 0, 2)) == 'GC')
{
$rs = sql("SELECT `cache_id` FROM `caches` WHERE `wp_gc`='&1'", $wp);
if (sql_num_rows($rs) != 1)
{
sql_free_result($rs);
return null;
}
$r = sql_fetch_assoc($rs);
sql_free_result($rs);
$cacheid = $r['cache_id'];
}
else if (mb_strtoupper(mb_substr($wp, 0, 1)) == 'N')
{
$rs = sql("SELECT `cache_id` FROM `caches` WHERE `wp_nc`='&1'", $wp);
if (sql_num_rows($rs) != 1)
{
sql_free_result($rs);
return null;
}
$r = sql_fetch_assoc($rs);
sql_free_result($rs);
$cacheid = $r['cache_id'];
}
else
{
$cacheid = sql_value("SELECT `cache_id` FROM `caches` WHERE `wp_oc`='&1'", 0, $wp);
}
return $cacheid;
}
static function fromWP($wp)
{
$cacheid = cache::cacheIdFromWP($wp);
if ($cacheid == 0)
return null;
return new cache($cacheid);
}
static function cacheIdFromUUID($uuid)
{
$cacheid = sql_value("SELECT `cache_id` FROM `caches` WHERE `uuid`='&1'", 0, $uuid);
return $cacheid;
}
static function fromUUID($uuid)
{
$cacheid = cache::cacheIdFromUUID($uuid);
if ($cacheid == 0)
return null;
return new cache($cacheid);
}
function __construct($nNewCacheId=ID_NEW)
{
$this->reCache = new rowEditor('caches');
$this->reCache->addPKInt('cache_id', null, false, RE_INSERT_AUTOINCREMENT);
$this->reCache->addString('uuid', '', false, RE_INSERT_AUTOUUID);
$this->reCache->addInt('node', 0, false);
$this->reCache->addDate('date_created', time(), true, RE_INSERT_IGNORE);
$this->reCache->addDate('last_modified', time(), true, RE_INSERT_IGNORE);
$this->reCache->addInt('user_id', 0, false);
$this->reCache->addString('name', '', false);
$this->reCache->addDouble('longitude', 0, false);
$this->reCache->addDouble('latitude', 0, false);
$this->reCache->addInt('type', 1, false);
$this->reCache->addInt('status', 5, false);
$this->reCache->addString('country', '', false);
$this->reCache->addDate('date_hidden', time(), false);
$this->reCache->addInt('size', 1, false);
$this->reCache->addFloat('difficulty', 1, false);
$this->reCache->addFloat('terrain', 1, false);
$this->reCache->addString('logpw', '', false);
$this->reCache->addFloat('search_time', 0, false);
$this->reCache->addFloat('way_length', 0, false);
$this->reCache->addString('wp_oc', null, true);
$this->reCache->addString('wp_gc', '', false);
$this->reCache->addString('wp_nc', '', false);
$this->reCache->addString('desc_languages', '', false, RE_INSERT_IGNORE);
$this->reCache->addString('default_desclang', '', false);
$this->reCache->addDate('date_activate', null, true);
$this->reCache->addInt('need_npa_recalc', 1, false, RE_INSERT_IGNORE);
$this->nCacheId = $nNewCacheId+0;
if ($nNewCacheId == ID_NEW)
{
$this->reCache->addNew(null);
}
else
{
$this->reCache->load($this->nCacheId);
}
}
function exist()
{
return $this->reCache->exist();
}
function getCacheId()
{
return $this->nCacheId;
}
function getStatus()
{
return $this->reCache->getValue('status');
}
function getType()
{
return $this->reCache->getValue('type');
}
function getName()
{
return $this->reCache->getValue('name');
}
function getLongitude()
{
return $this->reCache->getValue('longitude');
}
function getLatitude()
{
return $this->reCache->getValue('latitude');
}
function getUserId()
{
return $this->reCache->getValue('user_id');
}
function getUsername()
{
return sql_value("SELECT `username` FROM `user` WHERE `user_id`='&1'", '', $this->getUserId());
}
function getWPOC()
{
return $this->reCache->getValue('wp_oc');
}
function getWPGC()
{
return $this->reCache->getValue('wp_gc');
}
function getWPNC()
{
return $this->reCache->getValue('wp_nc');
}
function getUUID()
{
return $this->reCache->getValue('uuid');
}
function getLastModified()
{
return $this->reCache->getValue('last_modified');
}
function getDateCreated()
{
return $this->reCache->getValue('date_created');
}
function getNode()
{
return $this->reCache->getValue('node');
}
function setNode($value)
{
return $this->reCache->setValue('node', $value);
}
function setStatus($value)
{
if (sql_value("SELECT COUNT(*) FROM `cache_status` WHERE `id`='&1'", 0, $value) == 1)
{
return $this->reCache->setValue('status', $value);
}
else
{
return false;
}
}
function getAnyChanged()
{
return $this->reCache->getAnyChanged();
}
// return if successfull (with insert)
function save()
{
if ($this->reCache->save())
{
sql_slave_exclude();
return true;
}
else
return false;
}
function requireLogPW()
{
return $this->reCache->getValue('logpw') != '';
}
// TODO: use prepared one way hash
function validateLogPW($nLogType, $sLogPW)
{
if ($sLogPW == '')
return true;
if (sql_value("SELECT `require_password` FROM `log_types` WHERE `id`='&1'", 0, $nLogType) == 0)
return true;
return ($sLogPW == $this->reCache->getValue('logpw'));
}
static function visitCounter($nVisitUserId, $sRemoteAddr, $nCacheId)
{
// delete cache_visits older 1 day 60*60*24 = 86400
sql("DELETE FROM `cache_visits` WHERE `cache_id`='&1' AND `user_id_ip`!='0' AND NOW()-`last_modified`>86400", $nCacheId);
if ($nVisitUserId==0)
$sIdentifier = $sRemoteAddr;
else
$sIdentifier = $nVisitUserId;
// note the visit of this user
sql("INSERT INTO `cache_visits` (`cache_id`, `user_id_ip`, `count`) VALUES (&1, '&2', 1)
ON DUPLICATE KEY UPDATE `count`=`count`+1", $nCacheId, $sIdentifier);
// if the previous statement does an INSERT, it was the first visit for this user
if (sql_affected_rows() == 1)
{
if ($nVisitUserId != sql_value("SELECT `user_id` FROM `caches` WHERE `cache_id`='&1'", 0, $nCacheId))
{
// increment the counter for this cache
sql("INSERT INTO `cache_visits` (`cache_id`, `user_id_ip`, `count`) VALUES (&1, '0', 1)
ON DUPLICATE KEY UPDATE `count`=`count`+1", $nCacheId);
}
}
}
static function getLogsCount($cacheid)
{
//prepare the logs
$rsLogs = sql("SELECT COUNT(*) FROM `cache_logs` WHERE `cache_id`='&1'", $cacheid);
$rLog = sql_fetch_assoc($rsLogs);
sql_free_result($rsLogs);
return $rLog;
}
static function getLogsArray($cacheid, $start, $count)
{
//prepare the logs
$rsLogs = sql("
SELECT `cache_logs`.`user_id` AS `userid`,
`cache_logs`.`id` AS `id`,
`cache_logs`.`uuid` AS `uuid`,
`cache_logs`.`date` AS `date`,
`cache_logs`.`type` AS `type`,
`cache_logs`.`text` AS `text`,
`cache_logs`.`text_html` AS `texthtml`,
`cache_logs`.`picture`,
`user`.`username` AS `username`,
IF(ISNULL(`cache_rating`.`cache_id`), 0, `cache_logs`.`type` IN (1,7)) AS `recommended`
FROM `cache_logs`
INNER JOIN `user` ON `user`.`user_id` = `cache_logs`.`user_id`
LEFT JOIN `cache_rating` ON `cache_logs`.`cache_id`=`cache_rating`.`cache_id` AND `cache_logs`.`user_id`=`cache_rating`.`user_id`
WHERE `cache_logs`.`cache_id`='&1'
ORDER BY `cache_logs`.`date` DESC, `cache_logs`.`Id` DESC LIMIT &2, &3", $cacheid, $start+0, $count+0);
$logs = array();
while ($rLog = sql_fetch_assoc($rsLogs))
{
$pictures = array();
$rsPictures = sql("SELECT `url`, `title`, `uuid` FROM `pictures` WHERE `object_id`='&1' AND `object_type`=1", $rLog['id']);
while ($rPicture = sql_fetch_assoc($rsPictures))
$pictures[] = $rPicture;
sql_free_result($rsPictures);
$rLog['pictures'] = $pictures;
$logs[] = $rLog;
}
sql_free_result($rsLogs);
return $logs;
}
function report($userid, $reportreason, $reportnote)
{
sql("INSERT INTO cache_reports (`cacheid`, `userid`, `reason`, `note`)
VALUES(&1, &2, &3, '&4')",
$this->nCacheId, $userid, $reportreason, $reportnote);
return true;
}
function addAdoption($userid)
{
if ($this->allowEdit() == false)
return false;
if (sql_value("SELECT COUNT(*) FROM `user` WHERE `user_id`='&1' AND `is_active_flag`=1", 0, $userid) == 0)
return false;
// same user?
if ($this->getUserId() == $userid)
return false;
sql("INSERT IGNORE INTO `cache_adoption` (`cache_id`, `user_id`) VALUES ('&1', '&2')", $this->nCacheId, $userid);
return true;
}
function cancelAdoption($userid)
{
global $login;
if ($this->allowEdit() == false && $login->userid != $userid)
return false;
sql("DELETE FROM `cache_adoption` WHERE `user_id`='&1' AND `cache_id`='&2'", $userid, $this->nCacheId);
return true;
}
function commitAdoption($userid)
{
global $login;
// cache_adoption exists?
if (sql_value("SELECT COUNT(*) FROM `cache_adoption` WHERE `cache_id`='&1' AND `user_id`='&2'", 0, $this->nCacheId, $userid) == 0)
return false;
// new user active?
if (sql_value("SELECT `is_active_flag` FROM `user` WHERE `user_id`='&1'", 0, $userid) != 1)
return false;
sql("INSERT INTO `logentries` (`module`, `eventid`, `userid`, `objectid1`, `objectid2`, `logtext`)
VALUES ('cache', 5, '&1', '&2', '&3', '&4')",
$login->userid, $this->nCacheId, 0,
'Cache ' . sql_escape($this->nCacheId) . ' has changed the owner from userid ' . sql_escape($this->getUserId()) . ' to ' . sql_escape($userid) . ' by ' . sql_escape($login->userid));
sql("UPDATE `caches` SET `user_id`='&1' WHERE `cache_id`='&2'", $userid, $this->nCacheId);
sql("DELETE FROM `cache_adoption` WHERE `cache_id`='&1'", $this->nCacheId);
$this->reCache->setValue('user_id', $userid);
return true;
}
// true if anyone can view the cache
function isPublic()
{
return (sql_value("SELECT `allow_user_view` FROM `cache_status` WHERE `id`='&1'", 0, $this->getStatus()) == 1);
}
function allowView()
{
global $login;
if ($this->isPublic())
return true;
$login->verify();
if (($login->admin & ADMIN_USER) == ADMIN_USER)
return true;
else if ($this->getUserId() == $login->userid)
return true;
return false;
}
function allowEdit()
{
global $login;
$login->verify();
if ($this->getUserId() == $login->userid)
return true;
return false;
}
function allowLog()
{
global $login;
$login->verify();
if ($this->getUserId() == $login->userid)
return true;
return (sql_value("SELECT `allow_user_log` FROM `cache_status` WHERE `id`='&1'", 0, $this->getStatus()) == 1);
}
function isRecommendedByUser($nUserId)
{
return (sql_value("SELECT COUNT(*) FROM `cache_rating` WHERE `cache_id`='&1' AND `user_id`='&2'", 0, $this->nCacheId, $nUserId) > 0);
}
function addRecommendation($nUserId)
{
// rating_date will be set to NOW() by Insert-trigger
sql("INSERT IGNORE INTO `cache_rating` (`cache_id`, `user_id`) VALUES ('&1', '&2')", $this->nCacheId, $nUserId);
}
function removeRecommendation($nUserId)
{
sql("DELETE FROM `cache_rating` WHERE `cache_id`='&1' AND `user_id`='&2'", $this->nCacheId, $nUserId);
}
}
?>

240
htdocs/lib2/logic/cachedesc.class.php
View File

@ -1,121 +1,121 @@
<?php
/***************************************************************************
* For license information see doc/license.txt
*
* Unicode Reminder メモ
*
* get/set has to be commited with save
* add/remove etc. is executed instantly
***************************************************************************/
require_once($opt['rootpath'] . 'lib2/logic/rowEditor.class.php');
class user
{
var $nCacheDescId = 0;
var $reCacheDesc;
function __construct($nNewCacheDescId=ID_NEW)
{
$this->reUser = new rowEditor('cache_desc');
$this->reUser->addPKInt('id', null, false, RE_INSERT_AUTOINCREMENT);
$this->reUser->addString('uuid', '', false, RE_INSERT_OVERWRITE|RE_INSERT_UUID);
$this->reUser->addInt('node', 0, false);
$this->reUser->addDate('date_created', time(), true, RE_INSERT_IGNORE);
$this->reUser->addDate('last_modified', time(), true, RE_INSERT_IGNORE);
$this->reUser->addInt('cache_id', 0, false);
$this->reUser->addString('language', '', false);
$this->reUser->addString('desc', '', false);
$this->reUser->addInt('desc_html', 0, false);
$this->reUser->addInt('desc_htmledit', 0, false);
$this->reUser->addString('hint', '', false);
$this->reUser->addString('short_desc', '', false);
$this->nCacheDescId = $nNewCacheDescId+0;
if ($nNewCacheDescId == ID_NEW)
{
$this->reCacheDesc->addNew(null);
}
else
{
$this->reCacheDesc->load($this->nCacheDescId);
}
}
function exist()
{
return $this->reCacheDesc->exist();
}
function getId()
{
return $this->reCacheDesc->getValue('id');
}
function getUUID()
{
return $this->reCacheDesc->getValue('uuid');
}
function getNode()
{
return $this->reCacheDesc->getValue('node');
}
function setNode($value)
{
return $this->reCacheDesc->setValue('node', $value);
}
function getDateCreated()
{
return $this->reCacheDesc->getValue('date_created');
}
function getLastModified()
{
return $this->reCacheDesc->getValue('last_modified');
}
function getCacheId()
{
return $this->reCacheDesc->getValue('cache_id');
}
function getLanguage()
{
return $this->reCacheDesc->getValue('language');
}
function getDescAsHtml()
{
return $this->reCacheDesc->getValue('desc');
}
function getIsDescHtml()
{
return ($this->reCacheDesc->getValue('desc_html')!=0);
}
function getDescHtmlEdit()
{
return ($this->reCacheDesc->getValue('desc_htmledit')!=0);
}
function getHint()
{
return $this->reCacheDesc->getValue('hint');
}
function getShortDesc()
{
return $this->reCacheDesc->getValue('short_desc');
}
function getAnyChanged()
{
return $this->reCacheDesc->getAnyChanged();
}
// return if successfull (with insert)
function save()
{
sql_slave_exclude();
return $this->reCacheDesc->save();
}
function reload()
{
$this->reCacheDesc->reload();
}
}
<?php
/***************************************************************************
* For license information see doc/license.txt
*
* Unicode Reminder メモ
*
* get/set has to be commited with save
* add/remove etc. is executed instantly
***************************************************************************/
require_once($opt['rootpath'] . 'lib2/logic/rowEditor.class.php');
class user
{
var $nCacheDescId = 0;
var $reCacheDesc;
function __construct($nNewCacheDescId=ID_NEW)
{
$this->reUser = new rowEditor('cache_desc');
$this->reUser->addPKInt('id', null, false, RE_INSERT_AUTOINCREMENT);
$this->reUser->addString('uuid', '', false, RE_INSERT_AUTOUUID);
$this->reUser->addInt('node', 0, false);
$this->reUser->addDate('date_created', time(), true, RE_INSERT_IGNORE);
$this->reUser->addDate('last_modified', time(), true, RE_INSERT_IGNORE);
$this->reUser->addInt('cache_id', 0, false);
$this->reUser->addString('language', '', false);
$this->reUser->addString('desc', '', false);
$this->reUser->addInt('desc_html', 0, false);
$this->reUser->addInt('desc_htmledit', 0, false);
$this->reUser->addString('hint', '', false);
$this->reUser->addString('short_desc', '', false);
$this->nCacheDescId = $nNewCacheDescId+0;
if ($nNewCacheDescId == ID_NEW)
{
$this->reCacheDesc->addNew(null);
}
else
{
$this->reCacheDesc->load($this->nCacheDescId);
}
}
function exist()
{
return $this->reCacheDesc->exist();
}
function getId()
{
return $this->reCacheDesc->getValue('id');
}
function getUUID()
{
return $this->reCacheDesc->getValue('uuid');
}
function getNode()
{
return $this->reCacheDesc->getValue('node');
}
function setNode($value)
{
return $this->reCacheDesc->setValue('node', $value);
}
function getDateCreated()
{
return $this->reCacheDesc->getValue('date_created');
}
function getLastModified()
{
return $this->reCacheDesc->getValue('last_modified');
}
function getCacheId()
{
return $this->reCacheDesc->getValue('cache_id');
}
function getLanguage()
{
return $this->reCacheDesc->getValue('language');
}
function getDescAsHtml()
{
return $this->reCacheDesc->getValue('desc');
}
function getIsDescHtml()
{
return ($this->reCacheDesc->getValue('desc_html')!=0);
}
function getDescHtmlEdit()
{
return ($this->reCacheDesc->getValue('desc_htmledit')!=0);
}
function getHint()
{
return $this->reCacheDesc->getValue('hint');
}
function getShortDesc()
{
return $this->reCacheDesc->getValue('short_desc');
}
function getAnyChanged()
{
return $this->reCacheDesc->getAnyChanged();
}
// return if successfull (with insert)
function save()
{
sql_slave_exclude();
return $this->reCacheDesc->save();
}
function reload()
{
$this->reCacheDesc->reload();
}
}
?>

448
htdocs/lib2/logic/cachelog.class.php
View File

@ -1,225 +1,225 @@
<?php
/***************************************************************************
* For license information see doc/license.txt
*
* Unicode Reminder メモ
*
* get/set has to be commited with save
* add/remove etc. is executed instantly
***************************************************************************/
require_once($opt['rootpath'] . 'lib2/logic/rowEditor.class.php');
require_once($opt['rootpath'] . 'lib2/logic/cache.class.php');
class cachelog
{
var $nLogId = 0;
var $reCacheLog;
static function logIdFromUUID($uuid)
{
$cacheid = sql_value("SELECT `id` FROM `cache_logs` WHERE `uuid`='&1'", 0, $uuid);
return $cacheid;
}
static function fromUUID($uuid)
{
$logid = cachelog::logIdFromUUID($uuid);
if ($logid == 0)
return null;
return new cachelog($logid);
}
static function createNew($nCacheId, $nUserId)
{
// check if user is allowed to log this cache!
$cache = new cache($nCacheId);
if ($cache->exist() == false)
return false;
if ($cache->allowLog() == false)
return false;
$oCacheLog = new cachelog(ID_NEW);
$oCacheLog->setUserId($nUserId);
$oCacheLog->setCacheId($nCacheId);
return $oCacheLog;
}
function __construct($nNewLogId=ID_NEW)
{
$this->reCacheLog = new rowEditor('cache_logs');
$this->reCacheLog->addPKInt('id', null, false, RE_INSERT_AUTOINCREMENT);
$this->reCacheLog->addString('uuid', '', false, RE_INSERT_OVERWRITE|RE_INSERT_UUID);
$this->reCacheLog->addInt('node', 0, false);
$this->reCacheLog->addDate('date_created', time(), true, RE_INSERT_IGNORE);
$this->reCacheLog->addDate('last_modified', time(), true, RE_INSERT_IGNORE);
$this->reCacheLog->addInt('cache_id', 0, false);
$this->reCacheLog->addInt('user_id', 0, false);
$this->reCacheLog->addInt('type', 0, false);
$this->reCacheLog->addDate('date', time(), false);
$this->reCacheLog->addString('text', '', false);
$this->reCacheLog->addInt('text_html', 0, false);
$this->reCacheLog->addInt('text_htmledit', 0, false);
$this->reCacheLog->addInt('owner_notified', 0, false);
$this->reCacheLog->addInt('picture', 0, false);
$this->nLogId = $nNewLogId+0;
if ($nNewLogId == ID_NEW)
{
$this->reCacheLog->addNew(null);
}
else
{
$this->reCacheLog->load($this->nLogId);
}
}
function exist()
{
return $this->reCacheLog->exist();
}
function getLogId()
{
return $this->nLogId;
}
function getUserId()
{
return $this->reCacheLog->getValue('user_id');
}
function setUserId($value)
{
return $this->reCacheLog->setValue('user_id', $value);
}
function getCacheId()
{
return $this->reCacheLog->getValue('cache_id');
}
function setCacheId($value)
{
return $this->reCacheLog->setValue('cache_id', $value);
}
function getType()
{
return $this->reCacheLog->getValue('type');
}
function setType($value)
{
$nValidLogTypes = $this->getValidLogTypes();
if (array_search($value, $nValidLogTypes) === false)
return false;
return $this->reCacheLog->setValue('type', $value);
}
function getDate()
{
return $this->reCacheLog->getValue('date');
}
function setDate($value)
{
return $this->reCacheLog->setValue('date', $value);
}
function getText()
{
return $this->reCacheLog->getValue('text');
}
function setText($value)
{
return $this->reCacheLog->setValue('text', $value);
}
function getTextHtml()
{
return $this->reCacheLog->getValue('text_html');
}
function setTextHtml($value)
{
return $this->reCacheLog->setValue('text_html', $value);
}
function getTextHtmlEdit()
{
return $this->reCacheLog->getValue('text_html');
}
function setTextHtmlEdit($value)
{
return $this->reCacheLog->setValue('text_htmledit', $value);
}
function getUUID()
{
return $this->reCacheLog->getValue('uuid');
}
function getLastModified()
{
return $this->reCacheLog->getValue('last_modified');
}
function getDateCreated()
{
return $this->reCacheLog->getValue('date_created');
}
function getNode()
{
return $this->reCacheLog->getValue('node');
}
function setNode($value)
{
return $this->reCacheLog->setValue('node', $value);
}
function getAnyChanged()
{
return $this->reCacheLog->getAnyChanged();
}
// return if successfull (with insert)
function save()
{
sql_slave_exclude();
return $this->reCacheLog->save();
}
function allowView()
{
global $login;
$login->verify();
if (sql_value("SELECT `cache_status`.`allow_user_view` FROM `caches` INNER JOIN `cache_status` ON `caches`.`status`=`cache_status`.`id` WHERE `caches`.`cache_id`='&1'", 0, $this->getCacheId()) == 1)
return true;
else if ($login->userid == sql_value("SELECT `user_id` FROM `caches` WHERE `cache_id`='&1'", 0, $this->getCacheId()))
return true;
return false;
}
function allowEdit()
{
global $login;
$login->verify();
if ($this->getUserId() == $login->userid)
return true;
return false;
}
/* will depend on userid in future e.g. maintainance-logs etc. */
function getValidLogTypes()
{
$cache = new cache($this->getCacheId());
if ($cache->exist() == false)
return array();
if ($cache->allowLog() == false)
return array();
$nTypes = array();
$rs = sql("SELECT `log_type_id` FROM `cache_logtype` WHERE `cache_type_id`='&1'", $cache->getType());
while ($r = sql_fetch_assoc($rs))
$nTypes[] = $r['log_type_id'];
sql_free_result($rs);
return $nTypes;
}
}
<?php
/***************************************************************************
* For license information see doc/license.txt
*
* Unicode Reminder メモ
*
* get/set has to be commited with save
* add/remove etc. is executed instantly
***************************************************************************/
require_once($opt['rootpath'] . 'lib2/logic/rowEditor.class.php');
require_once($opt['rootpath'] . 'lib2/logic/cache.class.php');
class cachelog
{
var $nLogId = 0;
var $reCacheLog;
static function logIdFromUUID($uuid)
{
$cacheid = sql_value("SELECT `id` FROM `cache_logs` WHERE `uuid`='&1'", 0, $uuid);
return $cacheid;
}
static function fromUUID($uuid)
{
$logid = cachelog::logIdFromUUID($uuid);
if ($logid == 0)
return null;
return new cachelog($logid);
}
static function createNew($nCacheId, $nUserId)
{
// check if user is allowed to log this cache!
$cache = new cache($nCacheId);
if ($cache->exist() == false)
return false;
if ($cache->allowLog() == false)
return false;
$oCacheLog = new cachelog(ID_NEW);
$oCacheLog->setUserId($nUserId);
$oCacheLog->setCacheId($nCacheId);
return $oCacheLog;
}
function __construct($nNewLogId=ID_NEW)
{
$this->reCacheLog = new rowEditor('cache_logs');
$this->reCacheLog->addPKInt('id', null, false, RE_INSERT_AUTOINCREMENT);
$this->reCacheLog->addString('uuid', '', false, RE_INSERT_AUTOUUID);
$this->reCacheLog->addInt('node', 0, false);
$this->reCacheLog->addDate('date_created', time(), true, RE_INSERT_IGNORE);
$this->reCacheLog->addDate('last_modified', time(), true, RE_INSERT_IGNORE);
$this->reCacheLog->addInt('cache_id', 0, false);
$this->reCacheLog->addInt('user_id', 0, false);
$this->reCacheLog->addInt('type', 0, false);
$this->reCacheLog->addDate('date', time(), false);
$this->reCacheLog->addString('text', '', false);
$this->reCacheLog->addInt('text_html', 0, false);
$this->reCacheLog->addInt('text_htmledit', 0, false);
$this->reCacheLog->addInt('owner_notified', 0, false);
$this->reCacheLog->addInt('picture', 0, false);
$this->nLogId = $nNewLogId+0;
if ($nNewLogId == ID_NEW)
{
$this->reCacheLog->addNew(null);
}
else
{
$this->reCacheLog->load($this->nLogId);
}
}
function exist()
{
return $this->reCacheLog->exist();
}
function getLogId()
{
return $this->nLogId;
}
function getUserId()
{
return $this->reCacheLog->getValue('user_id');
}
function setUserId($value)
{
return $this->reCacheLog->setValue('user_id', $value);
}
function getCacheId()
{
return $this->reCacheLog->getValue('cache_id');
}
function setCacheId($value)
{
return $this->reCacheLog->setValue('cache_id', $value);
}
function getType()
{
return $this->reCacheLog->getValue('type');
}
function setType($value)
{
$nValidLogTypes = $this->getValidLogTypes();
if (array_search($value, $nValidLogTypes) === false)
return false;
return $this->reCacheLog->setValue('type', $value);
}
function getDate()
{
return $this->reCacheLog->getValue('date');
}
function setDate($value)
{
return $this->reCacheLog->setValue('date', $value);
}
function getText()
{
return $this->reCacheLog->getValue('text');
}
function setText($value)
{
return $this->reCacheLog->setValue('text', $value);
}
function getTextHtml()
{
return $this->reCacheLog->getValue('text_html');
}
function setTextHtml($value)
{
return $this->reCacheLog->setValue('text_html', $value);
}
function getTextHtmlEdit()
{
return $this->reCacheLog->getValue('text_html');
}
function setTextHtmlEdit($value)
{
return $this->reCacheLog->setValue('text_htmledit', $value);
}
function getUUID()
{
return $this->reCacheLog->getValue('uuid');
}
function getLastModified()
{
return $this->reCacheLog->getValue('last_modified');
}
function getDateCreated()
{
return $this->reCacheLog->getValue('date_created');
}
function getNode()
{
return $this->reCacheLog->getValue('node');
}
function setNode($value)
{
return $this->reCacheLog->setValue('node', $value);
}
function getAnyChanged()
{
return $this->reCacheLog->getAnyChanged();
}
// return if successfull (with insert)
function save()
{
sql_slave_exclude();
return $this->reCacheLog->save();
}
function allowView()
{
global $login;
$login->verify();
if (sql_value("SELECT `cache_status`.`allow_user_view` FROM `caches` INNER JOIN `cache_status` ON `caches`.`status`=`cache_status`.`id` WHERE `caches`.`cache_id`='&1'", 0, $this->getCacheId()) == 1)
return true;
else if ($login->userid == sql_value("SELECT `user_id` FROM `caches` WHERE `cache_id`='&1'", 0, $this->getCacheId()))
return true;
return false;
}
function allowEdit()
{
global $login;
$login->verify();
if ($this->getUserId() == $login->userid)
return true;
return false;
}
/* will depend on userid in future e.g. maintainance-logs etc. */
function getValidLogTypes()
{
$cache = new cache($this->getCacheId());
if ($cache->exist() == false)
return array();
if ($cache->allowLog() == false)
return array();
$nTypes = array();
$rs = sql("SELECT `log_type_id` FROM `cache_logtype` WHERE `cache_type_id`='&1'", $cache->getType());
while ($r = sql_fetch_assoc($rs))
$nTypes[] = $r['log_type_id'];
sql_free_result($rs);
return $nTypes;
}
}
?>

96
htdocs/lib2/logic/const.inc.php
View File

@ -1,49 +1,49 @@
<?php
/***************************************************************************
* For license information see doc/license.txt
*
* Unicode Reminder メモ
*
* Business layer constant definitions
***************************************************************************/
define('ID_NEW', -1);
define('RE_TYPE_INT', 1);
define('RE_TYPE_STRING', 2);
define('RE_TYPE_BOOLEAN', 3);
define('RE_TYPE_DATE', 4);
define('RE_TYPE_FLOAT', 5);
define('RE_TYPE_DOUBLE', 6);
define('RE_INSERT_NOTHING', 0); //
define('RE_INSERT_OVERWRITE', 1); // ignore given values and use function
define('RE_INSERT_IGNORE', 2); // dont use this column on insert
define('RE_INSERT_AUTOINCREMENT', 4); // column is an auto increment column
define('RE_INSERT_UUID', 8); // UUID()
define('RE_INSERT_NOW', 16); // NOW()
define('REGEX_USERNAME', '^[a-zA-Z0-9\.\-_@äüöÄÜÖ=)(\/\\\&*+~#][a-zA-Z0-9\.\-_ @äüöÄÜÖ=)(\/\\\&*+~#]{1,58}[a-zA-Z0-9\.\-_@äüöÄÜÖ=)(\/\\\&*+~#]$'); // min. 4 -> 3 chars -- following 2012-8-6
define('REGEX_PASSWORD', '^[a-zA-Z0-9\.\-_ @äüöÄÜÖ=)(\/\\\&*+~#]{3,60}$');
define('REGEX_LAST_NAME', '^[a-zA-Z][a-zA-Z0-9\.\- äüöÄÜÖ]{1,59}$');
define('REGEX_FIRST_NAME', '^[a-zA-Z][a-zA-Z0-9\.\- äüöÄÜÖ]{1,59}$');
define('REGEX_STATPIC_TEXT', '^[a-zA-Z0-9\.\-_ @äüöÄÜÖß=)(\/\\\&*\$+~#!§%;,-?:\[\]{}¹²³\'\"`\|µ°\%]{0,30}$');
define('ADMIN_TRANSLATE', 1); // edit translation
define('ADMIN_MAINTAINANCE', 2); // check table etc.
define('ADMIN_USER', 4); // drop users, caches etc.
define('ADMIN_NEWS', 8); // approve news entries
define('ADMIN_ROOT', 128 | 127); // root + all previous rights
define('ATTRIB_SELECTED', 1);
define('ATTRIB_UNSELECTED', 2);
define('ATTRIB_UNDEF', 3);
define('OBJECT_CACHELOG', 1);
define('OBJECT_CACHE', 2);
define('OBJECT_CACHEDESC', 3);
define('OBJECT_USER', 4);
define('OBJECT_TRAVELER', 5);
define('OBJECT_PICTURE', 6);
define('OBJECT_REMOVEDOBJECT', 7);
<?php
/***************************************************************************
* For license information see doc/license.txt
*
* Unicode Reminder メモ
*
* Business layer constant definitions
***************************************************************************/
define('ID_NEW', -1);
define('RE_TYPE_INT', 1);
define('RE_TYPE_STRING', 2);
define('RE_TYPE_BOOLEAN', 3);
define('RE_TYPE_DATE', 4);
define('RE_TYPE_FLOAT', 5);
define('RE_TYPE_DOUBLE', 6);
define('RE_INSERT_NOTHING', 0); //
define('RE_INSERT_OVERWRITE', 1); // ignore given values and use function
define('RE_INSERT_IGNORE', 2); // dont use this column on insert
define('RE_INSERT_AUTOINCREMENT', 4); // column is an auto increment column
define('RE_INSERT_AUTOUUID', 8); // if empty, UUID is generated by before insert trigger (not supported for primary key fields)
define('RE_INSERT_NOW', 16); // NOW()
define('REGEX_USERNAME', '^[a-zA-Z0-9\.\-_@äüöÄÜÖ=)(\/\\\&*+~#][a-zA-Z0-9\.\-_ @äüöÄÜÖ=)(\/\\\&*+~#]{1,58}[a-zA-Z0-9\.\-_@äüöÄÜÖ=)(\/\\\&*+~#]$'); // min. 4 -> 3 chars -- following 2012-8-6
define('REGEX_PASSWORD', '^[a-zA-Z0-9\.\-_ @äüöÄÜÖ=)(\/\\\&*+~#]{3,60}$');
define('REGEX_LAST_NAME', '^[a-zA-Z][a-zA-Z0-9\.\- äüöÄÜÖ]{1,59}$');
define('REGEX_FIRST_NAME', '^[a-zA-Z][a-zA-Z0-9\.\- äüöÄÜÖ]{1,59}$');
define('REGEX_STATPIC_TEXT', '^[a-zA-Z0-9\.\-_ @äüöÄÜÖß=)(\/\\\&*\$+~#!§%;,-?:\[\]{}¹²³\'\"`\|µ°\%]{0,30}$');
define('ADMIN_TRANSLATE', 1); // edit translation
define('ADMIN_MAINTAINANCE', 2); // check table etc.
define('ADMIN_USER', 4); // drop users, caches etc.
define('ADMIN_NEWS', 8); // approve news entries
define('ADMIN_ROOT', 128 | 127); // root + all previous rights
define('ATTRIB_SELECTED', 1);
define('ATTRIB_UNSELECTED', 2);
define('ATTRIB_UNDEF', 3);
define('OBJECT_CACHELOG', 1);
define('OBJECT_CACHE', 2);
define('OBJECT_CACHEDESC', 3);
define('OBJECT_USER', 4);
define('OBJECT_TRAVELER', 5);
define('OBJECT_PICTURE', 6);
define('OBJECT_REMOVEDOBJECT', 7);
?>

628
htdocs/lib2/logic/picture.class.php
View File

@ -1,315 +1,315 @@
<?php
/***************************************************************************
* For license information see doc/license.txt
*
* Unicode Reminder メモ
*
* get/set has to be commited with save
* add/remove etc. is executed instantly
***************************************************************************/
require_once($opt['rootpath'] . 'lib2/logic/rowEditor.class.php');
require_once($opt['rootpath'] . 'lib2/logic/const.inc.php');
class picture
{
var $nPictureId = 0;
var $rePicture;
var $sFileExtension = '';
var $bFilenamesSet = false;
static function pictureIdFromUUID($uuid)
{
$pictureid = sql_value("SELECT `id` FROM `pictures` WHERE `uuid`='&1'", 0, $uuid);
return $pictureid;
}
static function fromUUID($uuid)
{
$pictureid = picture::pictureIdFromUUID($uuid);
if ($pictureid == 0)
return null;
return new picture($pictureid);
}
function __construct($nNewPictureId=ID_NEW)
{
global $opt;
$this->rePicture = new rowEditor('pictures');
$this->rePicture->addPKInt('id', null, false, RE_INSERT_AUTOINCREMENT);
$this->rePicture->addString('uuid', '', false);
$this->rePicture->addInt('node', 0, false);
$this->rePicture->addDate('date_created', time(), true, RE_INSERT_IGNORE);
$this->rePicture->addDate('last_modified', time(), true, RE_INSERT_IGNORE);
$this->rePicture->addString('url', '', false);
$this->rePicture->addString('title', '', false);
$this->rePicture->addDate('last_url_check', 0, true);
$this->rePicture->addInt('object_id', null, false);
$this->rePicture->addInt('object_type', null, false);
$this->rePicture->addString('thumb_url', '', false);
$this->rePicture->addDate('thumb_last_generated', 0, false);
$this->rePicture->addInt('spoiler', 0, false);
$this->rePicture->addInt('local', 0, false);
$this->rePicture->addInt('unknown_format', 0, false);
$this->rePicture->addInt('display', 1, false);
$this->nPictureId = $nNewPictureId+0;
if ($nNewPictureId == ID_NEW)
{
$this->rePicture->addNew(null);
$sUUID = mb_strtoupper(sql_value("SELECT UUID()", ''));
$this->rePicture->setValue('uuid', $sUUID);
$this->rePicture->setValue('node', $opt['logic']['node']['id']);
}
else
{
$this->rePicture->load($this->nPictureId);
$sFilename = $this->getFilename();
$fna = mb_split('\\.', $sFilename);
$this->sFileExtension = mb_strtolower($fna[count($fna) - 1]);
$this->bFilenamesSet = true;
}
}
function exist()
{
return $this->rePicture->exist();
}
static function allowedExtension($sFilename)
{
global $opt;
if (strpos($sFilename, ';') !== false)
return false;
if (strpos($sFilename, '.') === false)
return false;
$sExtension = mb_strtolower(substr($sFilename, strrpos($sFilename, '.') + 1));
if (strpos(';' . $opt['logic']['pictures']['extensions'] . ';', ';' . $sExtension . ';') !== false)
return true;
else
return false;
}
function setFilenames($sFilename)
{
global $opt;
if ($this->bFilenamesSet == true)
return;
if (strpos($sFilename, '.') === false)
return;
$sExtension = mb_strtolower(substr($sFilename, strrpos($sFilename, '.') + 1));
$sUUID = $this->getUUID();
$this->sFileExtension = $sExtension;
$this->setUrl($opt['logic']['pictures']['url'] . $sUUID . '.' . $sExtension);
//$this->setThumbUrl($opt['logic']['pictures']['thumb_url'] . substr($sUUID, 0, 1) . '/' . substr($sUUID, 1, 1) . '/' . $sUUID . '.' . $sExtension);
$this->bFilenamesSet = true;
}
function getPictureId()
{
return $this->nPictureId;
}
function delete()
{
global $opt;
// delete record, image and thumb
@unlink($this->getFilename());
@unlink($this->getThumbFilename());
sql("DELETE FROM `pictures` WHERE `id`='&1'", $this->nPictureId);
return true;
}
function getUrl()
{
return $this->rePicture->getValue('url');
}
function setUrl($value)
{
return $this->rePicture->setValue('url', $value);
}
function getThumbUrl()
{
return $this->rePicture->getValue('thumb_url');
}
function setThumbUrl($value)
{
return $this->rePicture->setValue('thumb_url', $value);
}
function getTitle()
{
return $this->rePicture->getValue('title');
}
function setTitle($value)
{
if ($value != '')
return $this->rePicture->setValue('title', $value);
else
return false;
}
function getSpoiler()
{
return $this->rePicture->getValue('spoiler')!=0;
}
function setSpoiler($value)
{
return $this->rePicture->setValue('spoiler', $value ? 1 : 0);
}
function getLocal()
{
return $this->rePicture->getValue('local')!=0;
}
function setLocal($value)
{
return $this->rePicture->setValue('local', $value ? 1 : 0);
}
function getDisplay()
{
return $this->rePicture->getValue('display')!=0;
}
function setDisplay($value)
{
return $this->rePicture->setValue('display', $value ? 1 : 0);
}
function getFilename()
{
global $opt;
if (mb_substr($opt['logic']['pictures']['dir'], -1, 1) != '/')
$opt['logic']['pictures']['dir'] .= '/';
$uuid = $this->getUUID();
$url = $this->getUrl();
$fna = mb_split('\\.', $url);
$extension = mb_strtolower($fna[count($fna) - 1]);
return $opt['logic']['pictures']['dir'] . $uuid . '.' . $extension;
}
function getThumbFilename()
{
global $opt;
if (mb_substr($opt['logic']['pictures']['thumb_dir'], -1, 1) != '/')
$opt['logic']['pictures']['thumb_dir'] .= '/';
$uuid = $this->getUUID();
$url = $this->getUrl();
$fna = mb_split('\\.', $url);
$extension = mb_strtolower($fna[count($fna) - 1]);
$dir1 = mb_strtoupper(mb_substr($uuid, 0, 1));
$dir2 = mb_strtoupper(mb_substr($uuid, 1, 1));
return $opt['logic']['pictures']['thumb_dir'] . $dir1 . '/' . $dir2 . '/' . $uuid . '.' . $extension;
}
function getLogId()
{
if ($this->getObjectType() == OBJECT_CACHELOG)
return $this->getObjectId();
else
return false;
}
function getCacheId()
{
if ($this->getObjectType() == OBJECT_CACHELOG)
return sql_value("SELECT `cache_id` FROM `cache_logs` WHERE `id`='&1'", false, $this->getObjectId());
else if ($this->getObjectType() == OBJECT_CACHE)
return $this->getObjectId();
else
return false;
}
function getObjectId()
{
return $this->rePicture->getValue('object_id');
}
function setObjectId($value)
{
return $this->rePicture->setValue('object_id', $value+0);
}
function getObjectType()
{
return $this->rePicture->getValue('object_type');
}
function setObjectType($value)
{
return $this->rePicture->setValue('object_type', $value+0);
}
function getUserId()
{
if ($this->getObjectType() == OBJECT_CACHE)
return sql_value("SELECT `caches`.`user_id` FROM `caches` WHERE `caches`.`cache_id`='&1'", false, $this->getObjectId());
else if ($this->getObjectType() == OBJECT_CACHELOG)
return sql_value("SELECT `cache_logs`.`user_id` FROM `cache_logs` WHERE `cache_logs`.`id`='&1'", false, $this->getObjectId());
else
return false;
}
function getNode()
{
return $this->rePicture->getValue('node');
}
function setNode($value)
{
return $this->rePicture->setValue('node', $value);
}
function getUUID()
{
return $this->rePicture->getValue('uuid');
}
function getLastModified()
{
return $this->rePicture->getValue('last_modified');
}
function getDateCreated()
{
return $this->rePicture->getValue('date_created');
}
function getAnyChanged()
{
return $this->rePicture->getAnyChanged();
}
// return if successfull (with insert)
function save()
{
if ($this->bFilenamesSet == false)
return false;
$bRetVal = $this->rePicture->save();
if ($bRetVal)
sql_slave_exclude();
return $bRetVal;
}
function allowEdit()
{
global $login;
$login->verify();
if (sql_value("SELECT COUNT(*) FROM `caches` INNER JOIN `cache_status` ON `caches`.`status`=`cache_status`.`id` WHERE (`cache_status`.`allow_user_view`=1 OR `caches`.`user_id`='&1') AND `caches`.`cache_id`='&2'", 0, $login->userid, $this->getCacheId()) == 0)
return false;
else if ($this->getUserId() == $login->userid)
return true;
return false;
}
}
<?php
/***************************************************************************
* For license information see doc/license.txt
*
* Unicode Reminder メモ
*
* get/set has to be commited with save
* add/remove etc. is executed instantly
***************************************************************************/
require_once($opt['rootpath'] . 'lib2/logic/rowEditor.class.php');
require_once($opt['rootpath'] . 'lib2/logic/const.inc.php');
class picture
{
var $nPictureId = 0;
var $rePicture;
var $sFileExtension = '';
var $bFilenamesSet = false;
static function pictureIdFromUUID($uuid)
{
$pictureid = sql_value("SELECT `id` FROM `pictures` WHERE `uuid`='&1'", 0, $uuid);
return $pictureid;
}
static function fromUUID($uuid)
{
$pictureid = picture::pictureIdFromUUID($uuid);
if ($pictureid == 0)
return null;
return new picture($pictureid);
}
function __construct($nNewPictureId=ID_NEW)
{
global $opt;
$this->rePicture = new rowEditor('pictures');
$this->rePicture->addPKInt('id', null, false, RE_INSERT_AUTOINCREMENT);
$this->rePicture->addString('uuid', '', false, RE_INSERT_AUTOUUID);
$this->rePicture->addInt('node', 0, false);
$this->rePicture->addDate('date_created', time(), true, RE_INSERT_IGNORE);
$this->rePicture->addDate('last_modified', time(), true, RE_INSERT_IGNORE);
$this->rePicture->addString('url', '', false);
$this->rePicture->addString('title', '', false);
$this->rePicture->addDate('last_url_check', 0, true);
$this->rePicture->addInt('object_id', null, false);
$this->rePicture->addInt('object_type', null, false);
$this->rePicture->addString('thumb_url', '', false);
$this->rePicture->addDate('thumb_last_generated', 0, false);
$this->rePicture->addInt('spoiler', 0, false);
$this->rePicture->addInt('local', 0, false);
$this->rePicture->addInt('unknown_format', 0, false);
$this->rePicture->addInt('display', 1, false);
$this->nPictureId = $nNewPictureId+0;
if ($nNewPictureId == ID_NEW)
{
$this->rePicture->addNew(null);
$sUUID = mb_strtoupper(sql_value("SELECT UUID()", ''));
$this->rePicture->setValue('uuid', $sUUID);
$this->rePicture->setValue('node', $opt['logic']['node']['id']);
}
else
{
$this->rePicture->load($this->nPictureId);
$sFilename = $this->getFilename();
$fna = mb_split('\\.', $sFilename);
$this->sFileExtension = mb_strtolower($fna[count($fna) - 1]);
$this->bFilenamesSet = true;
}
}
function exist()
{
return $this->rePicture->exist();
}
static function allowedExtension($sFilename)
{
global $opt;
if (strpos($sFilename, ';') !== false)
return false;
if (strpos($sFilename, '.') === false)
return false;
$sExtension = mb_strtolower(substr($sFilename, strrpos($sFilename, '.') + 1));
if (strpos(';' . $opt['logic']['pictures']['extensions'] . ';', ';' . $sExtension . ';') !== false)
return true;
else
return false;
}
function setFilenames($sFilename)
{
global $opt;
if ($this->bFilenamesSet == true)
return;
if (strpos($sFilename, '.') === false)
return;
$sExtension = mb_strtolower(substr($sFilename, strrpos($sFilename, '.') + 1));
$sUUID = $this->getUUID();
$this->sFileExtension = $sExtension;
$this->setUrl($opt['logic']['pictures']['url'] . $sUUID . '.' . $sExtension);
//$this->setThumbUrl($opt['logic']['pictures']['thumb_url'] . substr($sUUID, 0, 1) . '/' . substr($sUUID, 1, 1) . '/' . $sUUID . '.' . $sExtension);
$this->bFilenamesSet = true;
}
function getPictureId()
{
return $this->nPictureId;
}
function delete()
{
global $opt;
// delete record, image and thumb
@unlink($this->getFilename());
@unlink($this->getThumbFilename());
sql("DELETE FROM `pictures` WHERE `id`='&1'", $this->nPictureId);
return true;
}
function getUrl()
{
return $this->rePicture->getValue('url');
}
function setUrl($value)
{
return $this->rePicture->setValue('url', $value);
}
function getThumbUrl()
{
return $this->rePicture->getValue('thumb_url');
}
function setThumbUrl($value)
{
return $this->rePicture->setValue('thumb_url', $value);
}
function getTitle()
{
return $this->rePicture->getValue('title');
}
function setTitle($value)
{
if ($value != '')
return $this->rePicture->setValue('title', $value);
else
return false;
}
function getSpoiler()
{
return $this->rePicture->getValue('spoiler')!=0;
}
function setSpoiler($value)
{
return $this->rePicture->setValue('spoiler', $value ? 1 : 0);
}
function getLocal()
{
return $this->rePicture->getValue('local')!=0;
}
function setLocal($value)
{
return $this->rePicture->setValue('local', $value ? 1 : 0);
}
function getDisplay()
{
return $this->rePicture->getValue('display')!=0;
}
function setDisplay($value)
{
return $this->rePicture->setValue('display', $value ? 1 : 0);
}
function getFilename()
{
global $opt;
if (mb_substr($opt['logic']['pictures']['dir'], -1, 1) != '/')
$opt['logic']['pictures']['dir'] .= '/';
$uuid = $this->getUUID();
$url = $this->getUrl();
$fna = mb_split('\\.', $url);
$extension = mb_strtolower($fna[count($fna) - 1]);
return $opt['logic']['pictures']['dir'] . $uuid . '.' . $extension;
}
function getThumbFilename()
{
global $opt;
if (mb_substr($opt['logic']['pictures']['thumb_dir'], -1, 1) != '/')
$opt['logic']['pictures']['thumb_dir'] .= '/';
$uuid = $this->getUUID();
$url = $this->getUrl();
$fna = mb_split('\\.', $url);
$extension = mb_strtolower($fna[count($fna) - 1]);
$dir1 = mb_strtoupper(mb_substr($uuid, 0, 1));
$dir2 = mb_strtoupper(mb_substr($uuid, 1, 1));
return $opt['logic']['pictures']['thumb_dir'] . $dir1 . '/' . $dir2 . '/' . $uuid . '.' . $extension;
}
function getLogId()
{
if ($this->getObjectType() == OBJECT_CACHELOG)
return $this->getObjectId();
else
return false;
}
function getCacheId()
{
if ($this->getObjectType() == OBJECT_CACHELOG)
return sql_value("SELECT `cache_id` FROM `cache_logs` WHERE `id`='&1'", false, $this->getObjectId());
else if ($this->getObjectType() == OBJECT_CACHE)
return $this->getObjectId();
else
return false;
}
function getObjectId()
{
return $this->rePicture->getValue('object_id');
}
function setObjectId($value)
{
return $this->rePicture->setValue('object_id', $value+0);
}
function getObjectType()
{
return $this->rePicture->getValue('object_type');
}
function setObjectType($value)
{
return $this->rePicture->setValue('object_type', $value+0);
}
function getUserId()
{
if ($this->getObjectType() == OBJECT_CACHE)
return sql_value("SELECT `caches`.`user_id` FROM `caches` WHERE `caches`.`cache_id`='&1'", false, $this->getObjectId());
else if ($this->getObjectType() == OBJECT_CACHELOG)
return sql_value("SELECT `cache_logs`.`user_id` FROM `cache_logs` WHERE `cache_logs`.`id`='&1'", false, $this->getObjectId());
else
return false;
}
function getNode()
{
return $this->rePicture->getValue('node');
}
function setNode($value)
{
return $this->rePicture->setValue('node', $value);
}
function getUUID()
{
return $this->rePicture->getValue('uuid');
}
function getLastModified()
{
return $this->rePicture->getValue('last_modified');
}
function getDateCreated()
{
return $this->rePicture->getValue('date_created');
}
function getAnyChanged()
{
return $this->rePicture->getAnyChanged();
}
// return if successfull (with insert)
function save()
{
if ($this->bFilenamesSet == false)
return false;
$bRetVal = $this->rePicture->save();
if ($bRetVal)
sql_slave_exclude();
return $bRetVal;
}
function allowEdit()
{
global $login;
$login->verify();
if (sql_value("SELECT COUNT(*) FROM `caches` INNER JOIN `cache_status` ON `caches`.`status`=`cache_status`.`id` WHERE (`cache_status`.`allow_user_view`=1 OR `caches`.`user_id`='&1') AND `caches`.`cache_id`='&2'", 0, $login->userid, $this->getCacheId()) == 0)
return false;
else if ($this->getUserId() == $login->userid)
return true;
return false;
}
}
?>

14
htdocs/lib2/logic/rowEditor.class.php
View File

@ -58,6 +58,9 @@ class rowEditor
function addPKString($sField, $sDefault, $bNullable, $nInsertFunction=RE_INSERT_NOTHING)
{
if (($nInsertFunction & RE_INSERT_AUTOUUID) == RE_INSERT_AUTOUUID)
die('rowEditor: RE_INSERT_AUTOUUID not supported for primary key fields');
$this->pk[$sField] = array('type' => RE_TYPE_STRING,
'default' => $sDefault,
'nullable' => $bNullable,
@ -390,6 +393,9 @@ class rowEditor
$this->fields[$this->sAutoIncrementField]['value'] = $nInsertId;
}
/* reload the record to get the actual stored values
* (inserted values maybe truncated by mysql or trigger could modify values)
*/
$pkv = array();
foreach ($this->pk AS $k => $v)
{
@ -454,9 +460,7 @@ class rowEditor
if ((($field['insertfunction'] & RE_INSERT_OVERWRITE) == RE_INSERT_OVERWRITE) || (($field['changed'] == false) && ($field['insertfunction'] != RE_INSERT_NOTHING)))
{
if (($field['insertfunction'] & RE_INSERT_UUID) == RE_INSERT_UUID)
$sValues[] = 'UUID()';
else if (($field['insertfunction'] & RE_INSERT_NOW) == RE_INSERT_NOW)
if (($field['insertfunction'] & RE_INSERT_NOW) == RE_INSERT_NOW)
$sValues[] = 'NOW()';
else
$sValues[] = 'NULL';
@ -479,9 +483,7 @@ class rowEditor
if ((($field['insertfunction'] & RE_INSERT_OVERWRITE) == RE_INSERT_OVERWRITE) || (($field['changed'] == false) && ($field['insertfunction'] != RE_INSERT_NOTHING)))
{
if (($field['insertfunction'] & RE_INSERT_UUID) == RE_INSERT_UUID)
$sValues[] = 'UUID()';
else if (($field['insertfunction'] & RE_INSERT_NOW) == RE_INSERT_NOW)
if (($field['insertfunction'] & RE_INSERT_NOW) == RE_INSERT_NOW)
$sValues[] = 'NOW()';
else
$sValues[] = 'NULL';

1562
htdocs/lib2/logic/user.class.php
View File

File diff suppressed because it is too large Load Diff

637
htdocs/lib2/login.class.php
View File

@ -1,313 +1,324 @@
<?php
/***************************************************************************
* For license information see doc/license.txt
*
* Unicode Reminder メモ
*
* This class provides access to the login user data. Informations are
* stored in a cookie.
*
* Methods:
* verify() validate the login-session (automatically invoked)
* try_login() try to login with the given user/password
* logout() logout the user
*
* Properties:
* userid Integer 0 if no login, userid otherwise
* username String username or ''
*
***************************************************************************/
define('LOGIN_UNKNOWN_ERROR', -1); // unkown error occured
define('LOGIN_OK', 0); // login succeeded
define('LOGIN_BADUSERPW', 1); // bad username or password
define('LOGIN_TOOMUCHLOGINS', 2); // too many logins in short time
define('LOGIN_USERNOTACTIVE', 3); // the useraccount locked
define('LOGIN_EMPTY_USERPASSWORD', 4); // given username/password was empty
define('LOGIN_LOGOUT_OK', 5); // logout was successfull
// login times in seconds
define('LOGIN_TIME', 60*60);
define('LOGIN_TIME_PERMANENT', 90*24*60*60);
$login = new login();
class login
{
var $userid = 0;
var $username = '';
var $lastlogin = 0;
var $permanent = false;
var $sessionid = '';
var $verified = false;
var $admin = 0;
function login()
{
global $cookie;
if ($cookie->is_set('userid') && $cookie->is_set('username'))
{
$this->userid = $cookie->get('userid')+0;
$this->username = $cookie->get('username');
$this->permanent = (($cookie->get('permanent')+0) == 1);
$this->lastlogin = $cookie->get('lastlogin');
$this->sessionid = $cookie->get('sessionid');
$this->admin = $cookie->get('admin')+0;
$this->verified = false;
$this->verify();
}
else
$this->pClear();
}
// return true on success
function restoreSession($sid)
{
$min_lastlogin = date('Y-m-d H:i:s', time() - LOGIN_TIME);
if ($this->checkLoginsCount() == false)
{
$this->pClear();
return false;
}
$rs = sqlf("SELECT `sys_sessions`.`uuid` `sid`, `user`.`user_id`, `sys_sessions`.`last_login`, `user`.`admin`, `user`.`username` FROM &db.`sys_sessions`, &db.`user` WHERE `sys_sessions`.`user_id`=`user`.`user_id` AND `user`.`is_active_flag`=1 AND `sys_sessions`.`uuid`='&1' AND `sys_sessions`.`permanent`=0 AND `sys_sessions`.`last_login`>'&2'", $sid, $min_lastlogin);
$r = sql_fetch_assoc($rs);
sql_free_result($rs);
if ($r)
{
sqlf("UPDATE `sys_sessions` SET `sys_sessions`.`last_login`=NOW() WHERE `sys_sessions`.`uuid`='&1' AND `sys_sessions`.`user_id`='&2'", $r['sid'], $r['user_id']);
sqlf("UPDATE `user` SET `user`.`last_login`=NOW() WHERE `user`.`user_id`='&1'", $r['user_id']);
$this->userid = $r['user_id'];
$this->username = $r['username'];
$this->permanent = false;
$this->lastlogin = $r['last_login'];
$this->sessionid = $r['sid'];
$this->admin = $r['admin'];
$this->verified = true;
return true;
}
else
{
// prevent bruteforce
sql("INSERT INTO `sys_logins` (`remote_addr`, `success`) VALUES ('&1', 0)", $_SERVER['REMOTE_ADDR']);
return false;
}
}
function pClear()
{
// set to no valid login
$this->userid = 0;
$this->username = '';
$this->permanent = false;
$this->lastlogin = '';
$this->sessionid = '';
$this->admin = 0;
$this->verified = true;
$this->pStoreCookie();
}
function pStoreCookie()
{
global $cookie;
$cookie->set('userid', $this->userid);
$cookie->set('username', $this->username);
$cookie->set('permanent', ($this->permanent==true ? 1 : 0));
$cookie->set('lastlogin', $this->lastlogin);
$cookie->set('sessionid', $this->sessionid);
$cookie->set('admin', $this->admin);
}
function verify()
{
if ($this->verified == true)
return;
if ($this->userid == 0)
{
$this->pClear();
return;
}
if ($this->checkLoginsCount() == false)
{
$this->pClear();
return;
}
$min_lastlogin = date('Y-m-d H:i:s', time() - LOGIN_TIME);
$min_lastlogin_permanent = date('Y-m-d H:i:s', time() - LOGIN_TIME_PERMANENT);
$rs = sqlf("SELECT `sys_sessions`.`last_login`, `user`.`admin`, `user`.`username` FROM &db.`sys_sessions`, &db.`user` WHERE `sys_sessions`.`user_id`=`user`.`user_id` AND `user`.`is_active_flag`=1 AND `sys_sessions`.`uuid`='&1' AND `sys_sessions`.`user_id`='&2' AND ((`sys_sessions`.`permanent`=1 AND `sys_sessions`.`last_login`>'&3') OR (`sys_sessions`.`permanent`=0 AND `sys_sessions`.`last_login`>'&4'))", $this->sessionid, $this->userid, $min_lastlogin_permanent, $min_lastlogin);
if ($rUser = sql_fetch_assoc($rs))
{
if ((($this->permanent == true) && (strtotime($rUser['last_login']) + LOGIN_TIME/2 < time())) ||
(($this->permanent == false) && (strtotime($rUser['last_login']) + LOGIN_TIME_PERMANENT/2 < time())))
{
sqlf("UPDATE `sys_sessions` SET `sys_sessions`.`last_login`=NOW() WHERE `sys_sessions`.`uuid`='&1' AND `sys_sessions`.`user_id`='&2'", $this->sessionid, $this->userid);
$rUser['last_login'] = date('Y-m-d H:i:s');
}
// user.last_login is used for statics, so we keep it up2date
sqlf("UPDATE `user` SET `user`.`last_login`=NOW() WHERE `user`.`user_id`='&1'", $this->userid);
$this->lastlogin = $rUser['last_login'];
$this->username = $rUser['username'];
$this->admin = $rUser['admin'];
$this->verified = true;
}
else
{
// prevent bruteforce
sql("INSERT INTO `sys_logins` (`remote_addr`, `success`) VALUES ('&1', 0)", $_SERVER['REMOTE_ADDR']);
$this->pClear();
}
sql_free_result($rs);
$this->pStoreCookie();
return;
}
function try_login($user, $password, $permanent)
{
global $opt;
if ($password == '')
return LOGIN_EMPTY_USERPASSWORD;
$pwmd5 = md5($password);
if ($opt['logic']['password_hash'])
$pwmd5 = hash('sha512', $pwmd5);
return $this->try_login_md5($user, $pwmd5, $permanent);
}
function checkLoginsCount()
{
global $opt;
// cleanup old entries
// (execute only every 50 search calls)
if (rand(1, 50) == 1)
sqlf("DELETE FROM `sys_logins` WHERE `date_created`<'&1'", date('Y-m-d H:i:s', time() - 3600));
// check the number of logins in the last hour ...
$logins_count = sqlf_value("SELECT COUNT(*) `count` FROM `sys_logins` WHERE `remote_addr`='&1' AND `date_created`>'&2'", 0, $_SERVER['REMOTE_ADDR'], date('Y-m-d H:i:s', time() - 3600));
if ($logins_count > $opt['page']['max_logins_per_hour'])
return false;
else
return true;
}
function try_login_md5($user, $pwmd5, $permanent)
{
global $opt;
$this->pClear();
if ($user == '' || $pwmd5 == '')
return LOGIN_EMPTY_USERPASSWORD;
if ($this->checkLoginsCount() == false)
return LOGIN_TOOMUCHLOGINS;
// delete old sessions
$min_lastlogin_permanent = date('Y-m-d H:i:s', time() - LOGIN_TIME_PERMANENT);
sqlf("DELETE FROM `sys_sessions` WHERE `last_login`<'&1'", $min_lastlogin_permanent);
// compare $user with email and username, if both matches use email
$rsUser = sqlf("SELECT `user_id`, `username`, 2 AS `prio`, `is_active_flag`, `permanent_login_flag`, `admin` FROM `user` WHERE `username`='&1' AND `password`='&2' UNION
SELECT `user_id`, `username`, 1 AS `prio`, `is_active_flag`, `permanent_login_flag`, `admin` FROM `user` WHERE `email`='&1' AND `password`='&2' ORDER BY `prio` ASC LIMIT 1", $user, $pwmd5);
$rUser = sql_fetch_assoc($rsUser);
sql_free_result($rsUser);
if ($permanent == null)
$permanent = ($rUser['permanent_login_flag'] == 1);
if ($rUser)
{
// ok, there is a valid login
if ($rUser['is_active_flag'] != 0)
{
// begin session
$uuid = sqlf_value('SELECT UUID()', '');
sqlf("INSERT INTO `sys_sessions` (`uuid`, `user_id`, `permanent`, `last_login`) VALUES ('&1', '&2', '&3', NOW())", $uuid, $rUser['user_id'], ($permanent!=false ? 1 : 0));
$this->userid = $rUser['user_id'];
$this->username = $rUser['username'];
$this->permanent = $permanent;
$this->lastlogin = date('Y-m-d H:i:s');
$this->sessionid = $uuid;
$this->admin = $rUser['admin'];
$this->verified = true;
$retval = LOGIN_OK;
}
else
$retval = LOGIN_USERNOTACTIVE;
}
else
{
// sorry, bad login
$retval = LOGIN_BADUSERPW;
}
sqlf("INSERT INTO `sys_logins` (`remote_addr`, `success`) VALUES ('&1', '&2')", $_SERVER['REMOTE_ADDR'], ($rUser===false ? 0 : 1));
// store to cookie
$this->pStoreCookie();
return $retval;
}
function getUserCountry()
{
global $opt, $cookie;
// language specified in cookie?
if ($cookie->is_set('usercountry'))
{
$sCountry = $cookie->get('usercountry', null);
if ($sCountry != null)
return $sCountry;
}
// user specified a language?
if ($this->userid != 0)
{
$sCountry = sql_value("SELECT `country` FROM `user` WHERE `user_id`='&1'", null, $this->userid);
if ($sCountry != null)
return $sCountry;
}
// default country of this language
if (isset($opt['locale'][$opt['template']['locale']]['country']))
return $opt['locale'][$opt['template']['locale']]['country'];
// default country of installation (or domain)
return $opt['template']['default']['country'];
}
function logout()
{
if ($this->userid != 0)
sqlf("DELETE FROM `sys_sessions` WHERE `uuid`='&1' AND `user_id`='&2'", $this->sessionid, $this->userid);
$this->pClear();
}
public function hasAdminPriv($privilege = false)
{
if ($privilege === false)
return $this->admin != 0;
return ($this->admin & $privilege) == $privilege;
}
}
?>
<?php
/***************************************************************************
* For license information see doc/license.txt
*
* Unicode Reminder メモ
*
* This class provides access to the login user data. Informations are
* stored in a cookie.
*
* Methods:
* verify() validate the login-session (automatically invoked)
* try_login() try to login with the given user/password
* logout() logout the user
*
* Properties:
* userid Integer 0 if no login, userid otherwise
* username String username or ''
*
***************************************************************************/
define('LOGIN_UNKNOWN_ERROR', -1); // unkown error occured
define('LOGIN_OK', 0); // login succeeded
define('LOGIN_BADUSERPW', 1); // bad username or password
define('LOGIN_TOOMUCHLOGINS', 2); // too many logins in short time
define('LOGIN_USERNOTACTIVE', 3); // the useraccount locked
define('LOGIN_EMPTY_USERPASSWORD', 4); // given username/password was empty
define('LOGIN_LOGOUT_OK', 5); // logout was successfull
// login times in seconds
define('LOGIN_TIME', 60*60);
define('LOGIN_TIME_PERMANENT', 90*24*60*60);
$login = new login();
class login
{
var $userid = 0;
var $username = '';
var $lastlogin = 0;
var $permanent = false;
var $sessionid = '';
var $verified = false;
var $admin = 0;
function login()
{
global $cookie;
if ($cookie->is_set('userid') && $cookie->is_set('username'))
{
$this->userid = $cookie->get('userid')+0;
$this->username = $cookie->get('username');
$this->permanent = (($cookie->get('permanent')+0) == 1);
$this->lastlogin = $cookie->get('lastlogin');
$this->sessionid = $cookie->get('sessionid');
$this->admin = $cookie->get('admin')+0;
$this->verified = false;
$this->verify();
}
else
$this->pClear();
}
// return true on success
function restoreSession($sid)
{
$min_lastlogin = date('Y-m-d H:i:s', time() - LOGIN_TIME);
if ($this->checkLoginsCount() == false)
{
$this->pClear();
return false;
}
$rs = sqlf("SELECT `sys_sessions`.`uuid` `sid`, `user`.`user_id`, `sys_sessions`.`last_login`, `user`.`admin`, `user`.`username` FROM &db.`sys_sessions`, &db.`user` WHERE `sys_sessions`.`user_id`=`user`.`user_id` AND `user`.`is_active_flag`=1 AND `sys_sessions`.`uuid`='&1' AND `sys_sessions`.`permanent`=0 AND `sys_sessions`.`last_login`>'&2'", $sid, $min_lastlogin);
$r = sql_fetch_assoc($rs);
sql_free_result($rs);
if ($r)
{
sqlf("UPDATE `sys_sessions` SET `sys_sessions`.`last_login`=NOW() WHERE `sys_sessions`.`uuid`='&1' AND `sys_sessions`.`user_id`='&2'", $r['sid'], $r['user_id']);
sqlf("UPDATE `user` SET `user`.`last_login`=NOW() WHERE `user`.`user_id`='&1'", $r['user_id']);
$this->userid = $r['user_id'];
$this->username = $r['username'];
$this->permanent = false;
$this->lastlogin = $r['last_login'];
$this->sessionid = $r['sid'];
$this->admin = $r['admin'];
$this->verified = true;
return true;
}
else
{
// prevent bruteforce
sql("INSERT INTO `sys_logins` (`remote_addr`, `success`) VALUES ('&1', 0)", $_SERVER['REMOTE_ADDR']);
return false;
}
}
function pClear()
{
// set to no valid login
$this->userid = 0;
$this->username = '';
$this->permanent = false;
$this->lastlogin = '';
$this->sessionid = '';
$this->admin = 0;
$this->verified = true;
$this->pStoreCookie();
}
function pStoreCookie()
{
global $cookie;
$cookie->set('userid', $this->userid);
$cookie->set('username', $this->username);
$cookie->set('permanent', ($this->permanent==true ? 1 : 0));
$cookie->set('lastlogin', $this->lastlogin);
$cookie->set('sessionid', $this->sessionid);
$cookie->set('admin', $this->admin);
}
function verify()
{
if ($this->verified == true)
return;
if ($this->userid == 0)
{
$this->pClear();
return;
}
if ($this->checkLoginsCount() == false)
{
$this->pClear();
return;
}
$min_lastlogin = date('Y-m-d H:i:s', time() - LOGIN_TIME);
$min_lastlogin_permanent = date('Y-m-d H:i:s', time() - LOGIN_TIME_PERMANENT);
$rs = sqlf("SELECT `sys_sessions`.`last_login`, `user`.`admin`, `user`.`username` FROM &db.`sys_sessions`, &db.`user` WHERE `sys_sessions`.`user_id`=`user`.`user_id` AND `user`.`is_active_flag`=1 AND `sys_sessions`.`uuid`='&1' AND `sys_sessions`.`user_id`='&2' AND ((`sys_sessions`.`permanent`=1 AND `sys_sessions`.`last_login`>'&3') OR (`sys_sessions`.`permanent`=0 AND `sys_sessions`.`last_login`>'&4'))", $this->sessionid, $this->userid, $min_lastlogin_permanent, $min_lastlogin);
if ($rUser = sql_fetch_assoc($rs))
{
if ((($this->permanent == true) && (strtotime($rUser['last_login']) + LOGIN_TIME/2 < time())) ||
(($this->permanent == false) && (strtotime($rUser['last_login']) + LOGIN_TIME_PERMANENT/2 < time())))
{
sqlf("UPDATE `sys_sessions` SET `sys_sessions`.`last_login`=NOW() WHERE `sys_sessions`.`uuid`='&1' AND `sys_sessions`.`user_id`='&2'", $this->sessionid, $this->userid);
$rUser['last_login'] = date('Y-m-d H:i:s');
}
// user.last_login is used for statics, so we keep it up2date
sqlf("UPDATE `user` SET `user`.`last_login`=NOW() WHERE `user`.`user_id`='&1'", $this->userid);
$this->lastlogin = $rUser['last_login'];
$this->username = $rUser['username'];
$this->admin = $rUser['admin'];
$this->verified = true;
}
else
{
// prevent bruteforce
sql("INSERT INTO `sys_logins` (`remote_addr`, `success`) VALUES ('&1', 0)", $_SERVER['REMOTE_ADDR']);
$this->pClear();
}
sql_free_result($rs);
$this->pStoreCookie();
return;
}
function try_login($user, $password, $permanent)
{
global $opt;
if ($password == '')
return LOGIN_EMPTY_USERPASSWORD;
$pwmd5 = md5($password);
if ($opt['logic']['password_hash'])
$pwmd5 = hash('sha512', $pwmd5);
return $this->try_login_md5($user, $pwmd5, $permanent);
}
function checkLoginsCount()
{
global $opt;
// cleanup old entries
// (execute only every 50 search calls)
if (rand(1, 50) == 1)
sqlf("DELETE FROM `sys_logins` WHERE `date_created`<'&1'", date('Y-m-d H:i:s', time() - 3600));
// check the number of logins in the last hour ...
$logins_count = sqlf_value("SELECT COUNT(*) `count` FROM `sys_logins` WHERE `remote_addr`='&1' AND `date_created`>'&2'", 0, $_SERVER['REMOTE_ADDR'], date('Y-m-d H:i:s', time() - 3600));
if ($logins_count > $opt['page']['max_logins_per_hour'])
return false;
else
return true;
}
function try_login_md5($user, $pwmd5, $permanent)
{
global $opt;
$this->pClear();
if ($user == '' || $pwmd5 == '')
return LOGIN_EMPTY_USERPASSWORD;
if ($this->checkLoginsCount() == false)
return LOGIN_TOOMUCHLOGINS;
// delete old sessions
$min_lastlogin_permanent = date('Y-m-d H:i:s', time() - LOGIN_TIME_PERMANENT);
sqlf("DELETE FROM `sys_sessions` WHERE `last_login`<'&1'", $min_lastlogin_permanent);
// compare $user with email and username, if both matches use email
$rsUser = sqlf("SELECT `user_id`, `username`, 2 AS `prio`, `is_active_flag`, `permanent_login_flag`, `admin` FROM `user` WHERE `username`='&1' AND `password`='&2' UNION
SELECT `user_id`, `username`, 1 AS `prio`, `is_active_flag`, `permanent_login_flag`, `admin` FROM `user` WHERE `email`='&1' AND `password`='&2' ORDER BY `prio` ASC LIMIT 1", $user, $pwmd5);
$rUser = sql_fetch_assoc($rsUser);
sql_free_result($rsUser);
if ($permanent == null)
$permanent = ($rUser['permanent_login_flag'] == 1);
if ($rUser)
{
// ok, there is a valid login
if ($rUser['is_active_flag'] != 0)
{
// begin session
$uuid = self::create_sessionid();
sqlf("INSERT INTO `sys_sessions` (`uuid`, `user_id`, `permanent`) VALUES ('&1', '&2', '&3')", $uuid, $rUser['user_id'], ($permanent!=false ? 1 : 0));
$this->userid = $rUser['user_id'];
$this->username = $rUser['username'];
$this->permanent = $permanent;
$this->lastlogin = date('Y-m-d H:i:s');
$this->sessionid = $uuid;
$this->admin = $rUser['admin'];
$this->verified = true;
$retval = LOGIN_OK;
}
else
$retval = LOGIN_USERNOTACTIVE;
}
else
{
// sorry, bad login
$retval = LOGIN_BADUSERPW;
}
sqlf("INSERT INTO `sys_logins` (`remote_addr`, `success`) VALUES ('&1', '&2')", $_SERVER['REMOTE_ADDR'], ($rUser===false ? 0 : 1));
// store to cookie
$this->pStoreCookie();
return $retval;
}
private static function create_sessionid()
{
return sprintf('%04x%04x-%04x-%04x-%04x-%04x%04x%04x',
mt_rand(0, 0xffff), mt_rand(0, 0xffff),
mt_rand(0, 0xffff),
mt_rand(0, 0xffff),
mt_rand(0, 0xffff),
mt_rand(0, 0xffff), mt_rand(0, 0xffff), mt_rand(0, 0xffff)
);
}
function getUserCountry()
{
global $opt, $cookie;
// language specified in cookie?
if ($cookie->is_set('usercountry'))
{
$sCountry = $cookie->get('usercountry', null);
if ($sCountry != null)
return $sCountry;
}
// user specified a language?
if ($this->userid != 0)
{
$sCountry = sql_value("SELECT `country` FROM `user` WHERE `user_id`='&1'", null, $this->userid);
if ($sCountry != null)
return $sCountry;
}
// default country of this language
if (isset($opt['locale'][$opt['template']['locale']]['country']))
return $opt['locale'][$opt['template']['locale']]['country'];
// default country of installation (or domain)
return $opt['template']['default']['country'];
}
function logout()
{
if ($this->userid != 0)
sqlf("DELETE FROM `sys_sessions` WHERE `uuid`='&1' AND `user_id`='&2'", $this->sessionid, $this->userid);
$this->pClear();
}
public function hasAdminPriv($privilege = false)
{
if ($privilege === false)
return $this->admin != 0;
return ($this->admin & $privilege) == $privilege;
}
}
?>

704
htdocs/log.php
View File

@ -1,352 +1,352 @@
<?php
/***************************************************************************
./log.php
-------------------
begin : July 4 2004
For license information see doc/license.txt
*****************************************************************************/
/****************************************************************************
Unicode Reminder メモ
log a cache visit
used template(s): log
GET Parameter: cacheid
****************************************************************************/
//prepare the templates and include all neccessary
require_once('./lib/common.inc.php');
require($stylepath.'/smilies.inc.php');
require_once($opt['rootpath'] . '../lib/htmlpurifier-4.2.0/library/HTMLPurifier.auto.php');
$no_tpl_build = false;
//Preprocessing
if ($error == false)
{
//cacheid
$cache_id = 0;
if (isset($_REQUEST['wp']))
{
$cache_id = sqlValue("SELECT `cache_id` FROM `caches` WHERE `wp_oc`='" . sql_escape($_REQUEST['wp']) . "'", 0);
}
else if (isset($_REQUEST['cacheid']))
{
$cache_id = $_REQUEST['cacheid'];
}
if ($usr === false)
{
$tplname = 'login';
tpl_set_var('username', '');
tpl_set_var('target', 'log.php?cacheid=' . urlencode($cache_id));
tpl_set_var('message', $login_required);
tpl_set_var('message_start', '');
tpl_set_var('message_end', '');
}
else
{
//set here the template to process
$tplname = 'log_cache';
require($stylepath . '/log_cache.inc.php');
require($stylepath.'/rating.inc.php');
$cachename = '';
if ($cache_id != 0)
{
//get cachename
$rs = sql("SELECT `caches`.`name`, `caches`.`user_id`, `caches`.`logpw`, `caches`.`wp_gc`, `caches`.`wp_nc`, `caches`.`type`, `caches`.`status` FROM `caches` INNER JOIN `cache_status` ON `caches`.`status`=`cache_status`.`id` WHERE (`cache_status`.`allow_user_log`=1 OR `caches`.`user_id`='&1') AND `caches`.`cache_id`='&2'", $usr['userid'], $cache_id);
if (mysql_num_rows($rs) == 0)
{
$cache_id = 0;
}
else
{
$record = sql_fetch_array($rs);
// only the owner is allowed to make logs to not published caches
if ($record['user_id'] == $usr['userid'] || $record['status'] != 5)
{
$cachename = $record['name'];
$cache_user_id = $record['user_id'];
$use_log_pw = (($record['logpw'] == NULL) || ($record['logpw'] == '')) ? false : true;
if ($use_log_pw) $log_pw = $record['logpw'];
$wp_gc = $record['wp_gc'];
$wp_nc = $record['wp_nc'];
$cache_type = $record['type'];
}
else
{
$cache_id = 0;
}
}
sql_free_result($rs);
}
if ($cache_id != 0)
{
$all_ok = false;
$log_text = isset($_POST['logtext']) ? ($_POST['logtext']) : '';
$log_type = isset($_POST['logtype']) ? ($_POST['logtype']+0) : 1;
$log_date_day = isset($_POST['logday']) ? ($_POST['logday']+0) : date('d');
$log_date_month = isset($_POST['logmonth']) ? ($_POST['logmonth']+0) : date('m');
$log_date_year = isset($_POST['logyear']) ? ($_POST['logyear']+0) : date('Y');
$top_option = isset($_POST['ratingoption']) ? $_POST['ratingoption']+0 : 0;
$top_cache = isset($_POST['rating']) ? $_POST['rating']+0 : 0;
// check if user has exceeded his top5% limit
$user_founds = sqlValue("SELECT IFNULL(`stat_user`.`found`, 0) FROM `user` LEFT JOIN `stat_user` ON `user`.`user_id`=`stat_user`.`user_id` WHERE `user`.`user_id`='" . sql_escape($usr['userid']) . "'", 0);
$user_tops = sqlValue("SELECT COUNT(`user_id`) FROM `cache_rating` WHERE `user_id`='" . sql_escape($usr['userid']) . "'", 0);
if ($user_tops < floor($user_founds * rating_percentage/100))
{
// initialize checkbox with value of past recommandation for this cache (if one exists)
$recommended = sqlValue("SELECT COUNT(`user_id`) FROM `cache_rating` WHERE `user_id`='" . sql_escape($usr['userid']) . "' AND `cache_id`='" . sql_escape($cache_id) . "'", 0);
$rating_msg = mb_ereg_replace('{chk_sel}', $recommended ? 'checked' : '', $rating_allowed.'<br />'.$rating_stat);
$rating_msg = mb_ereg_replace('{max}', floor($user_founds * rating_percentage/100), $rating_msg);
$rating_msg = mb_ereg_replace('{curr}', $user_tops, $rating_msg);
}
else
{
$anzahl = ($user_tops + 1 - ($user_founds * rating_percentage/100)) / (rating_percentage/100);
if ($anzahl > 1)
$rating_msg = mb_ereg_replace('{anzahl}', $anzahl, $rating_too_few_founds);
else
$rating_msg = mb_ereg_replace('{anzahl}', $anzahl, $rating_too_few_founds);
if ($user_tops)
$rating_msg .= '<br />'.$rating_maywithdraw;
}
tpl_set_var('rating_message', mb_ereg_replace('{rating_msg}', $rating_msg, $rating_tpl));
// descMode auslesen, falls nicht gesetzt aus dem Profil laden
if (isset($_POST['descMode']))
$descMode = $_POST['descMode']+0;
else
{
if (sqlValue("SELECT `no_htmledit_flag` FROM `user` WHERE `user_id`='" . sql_escape($usr['userid']) . "'", 1) == 1)
$descMode = 1;
else
$descMode = 3;
}
if (($descMode < 1) || ($descMode > 3)) $descMode = 3;
// fuer alte Versionen von OCProp
if ((isset($_POST['submit']) || isset($_POST['submitform'])) && !isset($_POST['version3']))
{
die('Your client may be outdated!');
}
if ($descMode != 1)
{
// Filter Input
$purifier = new HTMLPurifier();
$log_text = $purifier->purify($log_text);
}
else
{
// escape text
$log_text = nl2br(htmlspecialchars($log_text, ENT_COMPAT, 'UTF-8'));
}
//validate data
if (is_numeric($log_date_month) && is_numeric($log_date_day) && is_numeric($log_date_year))
{
$date_ok = checkdate($log_date_month, $log_date_day, $log_date_year)
&& ($log_date_year >= 2000);
if ($date_ok)
if (isset($_POST['submitform']))
if (mktime(0, 0, 0, $log_date_month, $log_date_day, $log_date_year) >= mktime())
$date_ok = false;
}
else
$date_ok = false;
$logtype_ok = sqlValue("SELECT COUNT(*) FROM cache_logtype WHERE cache_type_id='" . sql_escape($cache_type) . "' AND log_type_id='" . sql_escape($log_type) . "'", 0) > 0;
// not a found log? then ignore the rating
if ($log_type != 1 && $log_type != 7)
$top_option = 0;
$pw_ok = true;
if (isset($_POST['submitform']))
{
$all_ok = $date_ok && $logtype_ok;
if ($all_ok && $use_log_pw && $log_type == 1)
if (!isset($_POST['log_pw']) ||
mb_strtolower($log_pw) != mb_strtolower($_POST['log_pw']))
{
$pw_ok = false;
$all_ok = false;
}
}
if (isset($_POST['submitform']) && ($all_ok == true))
{
$log_date = date('Y-m-d', mktime(0, 0, 0, $log_date_month, $log_date_day, $log_date_year));
//add logentry to db
sql("INSERT INTO `cache_logs` (`id`, `cache_id`, `user_id`, `type`, `date`, `text`, `text_html`, `text_htmledit`, `uuid`, `node`)
VALUES ('', '&1', '&2', '&3', '&4', '&5', '&6', '&7', UUID(), '&8')",
$cache_id, $usr['userid'], $log_type, $log_date, $log_text, (($descMode != 1) ? 1 : 0), (($descMode == 3) ? 1 : 0), $oc_nodeid);
// do not use slave server for the next time ...
db_slave_exclude();
// update cache_status
$rs = sql("SELECT `log_types`.`cache_status` FROM `log_types` WHERE `id`='&1'", $log_type);
if ($record = sql_fetch_array($rs))
{
$cache_status = $record['cache_status'];
if ($cache_status != 0)
{
$rs = sql("UPDATE `caches` SET `status`='&1' WHERE `cache_id`='&2'", $cache_status, $cache_id);
}
}
else
{
die("OPS!");
}
// update top-list
if ($top_option)
if ($top_cache)
sql("INSERT IGNORE INTO `cache_rating` (`user_id`, `cache_id`, `rating_date`) VALUES('&1', '&2', '&3')", $usr['userid'], $cache_id, $log_date);
else
sql("DELETE FROM `cache_rating` WHERE `user_id`='&1' AND `cache_id`='&2'", $usr['userid'], $cache_id);
//call eventhandler
require_once($rootpath . 'lib/eventhandler.inc.php');
event_new_log($cache_id, $usr['userid']+0);
//redirect to viewcache
$no_tpl_build = true;
//include('viewcache.php');
tpl_redirect('viewcache.php?cacheid=' . $cache_id);
}
else
{
//build logtypeoptions
$logtypeoptions = '';
if ($cache_type == 6) // event
$logtypeorder = 'DESC';
else
$logtypeorder = 'ASC';
$rsLogTypes = sql("SELECT `log_types`.`id`, IFNULL(`sys_trans_text`.`text`, `log_types`.`name`) AS `name`
FROM `caches`
INNER JOIN `cache_type` ON `caches`.`type`=`cache_type`.`id`
INNER JOIN `cache_logtype` ON `cache_type`.`id`=`cache_logtype`.`cache_type_id`
INNER JOIN `log_types` ON `cache_logtype`.`log_type_id`=`log_types`.`id`
LEFT JOIN `sys_trans` ON `log_types`.`trans_id`=`sys_trans`.`id`
LEFT JOIN `sys_trans_text` ON `sys_trans`.`id`=`sys_trans_text`.`trans_id` AND `sys_trans_text`.`lang`='" . sql_escape($locale) . "'
WHERE `caches`.`cache_id`='" . ($cache_id+0) . "'
ORDER BY `log_types`.`id` " . $logtypeorder);
while ($rLogTypes = sql_fetch_assoc($rsLogTypes))
{
$sSelected = ($rLogTypes['id'] == $log_type) ? ' selected="selected"' : '';
$logtypeoptions .= '<option value="' . $rLogTypes['id'] . '"' . $sSelected . '>' . htmlspecialchars($rLogTypes['name'], ENT_COMPAT, 'UTF-8') . '</option>' . "\n";
}
sql_free_result($rsLogTypes);
//set tpl vars
tpl_set_var('cachename', htmlspecialchars($cachename, ENT_COMPAT, 'UTF-8'));
tpl_set_var('cacheid', htmlspecialchars($cache_id, ENT_COMPAT, 'UTF-8'));
tpl_set_var('logday', htmlspecialchars($log_date_day, ENT_COMPAT, 'UTF-8'));
tpl_set_var('logmonth', htmlspecialchars($log_date_month, ENT_COMPAT, 'UTF-8'));
tpl_set_var('logyear', htmlspecialchars($log_date_year, ENT_COMPAT, 'UTF-8'));
tpl_set_var('logtypeoptions', $logtypeoptions);
tpl_set_var('reset', $reset);
tpl_set_var('submit', $submit);
tpl_set_var('date_message', '');
// Text / normal HTML / HTML editor
tpl_set_var('use_tinymce', (($descMode == 3) ? 1 : 0));
if ($descMode == 1)
tpl_set_var('descMode', 1);
else if ($descMode == 2)
tpl_set_var('descMode', 2);
else
{
// TinyMCE
$headers = tpl_get_var('htmlheaders') . "\n";
$headers .= '<script language="javascript" type="text/javascript" src="resource2/tinymce/tiny_mce_gzip.js"></script>' . "\n";
$headers .= '<script language="javascript" type="text/javascript" src="resource2/tinymce/config/log.js.php?logid=0"></script>' . "\n";
tpl_set_var('htmlheaders', $headers);
tpl_set_var('descMode', 3);
}
if ($descMode != 1)
tpl_set_var('logtext', htmlspecialchars($log_text, ENT_COMPAT, 'UTF-8'), true);
else
tpl_set_var('logtext', $log_text);
$listed_on = array();
if ($wp_gc > "")
$listed_on[] = '<a href="http://www.geocaching.com/seek/cache_details.aspx?wp='.$wp_gc.'" target="_blank">geocaching.com</a> <a href="http://www.geocaching.com/seek/log.aspx?wp='.$wp_gc.'" target="_blank">(loggen)</a>';
if ($wp_nc > "")
$listed_on[] = 'navicache.com';
if (sizeof($listed_on))
{
tpl_set_var('listed_start', "");
tpl_set_var('listed_end', "");
tpl_set_var('listed_on', sizeof($listed_on) == 0 ? $listed_only_oc : implode(", ", $listed_on));
}
else
{
tpl_set_var('listed_start', "<!--");
tpl_set_var('listed_end', "-->");
}
if ($use_log_pw == true)
if (!$pw_ok == true)
tpl_set_var('log_pw_field', $log_pw_field_pw_not_ok);
else
tpl_set_var('log_pw_field', $log_pw_field);
else
tpl_set_var('log_pw_field', '');
if (!$date_ok)
tpl_set_var('date_message', $date_message);
// build smilies
$smilies = '';
if ($descMode != 3)
{
for ($i=0; $i<count($smileyshow); $i++)
{
if ($smileyshow[$i] == '1')
{
$tmp_smiley = $smiley_link;
$tmp_smiley = mb_ereg_replace('{smiley_image}', $smileyimage[$i], $tmp_smiley);
$smilies = $smilies . mb_ereg_replace('{smiley_text}', ' '.$smileytext[$i].' ', $tmp_smiley) . '&nbsp;';
}
}
}
tpl_set_var('smilies', $smilies);
}
}
else
{
// no cache found
$no_tpl_build = true;
}
}
}
if ($no_tpl_build == false)
{
//make the template and send it out
tpl_BuildTemplate(false);
}
?>
<?php
/***************************************************************************
./log.php
-------------------
begin : July 4 2004
For license information see doc/license.txt
*****************************************************************************/
/****************************************************************************
Unicode Reminder メモ
log a cache visit
used template(s): log
GET Parameter: cacheid
****************************************************************************/
//prepare the templates and include all neccessary
require_once('./lib/common.inc.php');
require($stylepath.'/smilies.inc.php');
require_once($opt['rootpath'] . '../lib/htmlpurifier-4.2.0/library/HTMLPurifier.auto.php');
$no_tpl_build = false;
//Preprocessing
if ($error == false)
{
//cacheid
$cache_id = 0;
if (isset($_REQUEST['wp']))
{
$cache_id = sqlValue("SELECT `cache_id` FROM `caches` WHERE `wp_oc`='" . sql_escape($_REQUEST['wp']) . "'", 0);
}
else if (isset($_REQUEST['cacheid']))
{
$cache_id = $_REQUEST['cacheid'];
}
if ($usr === false)
{
$tplname = 'login';
tpl_set_var('username', '');
tpl_set_var('target', 'log.php?cacheid=' . urlencode($cache_id));
tpl_set_var('message', $login_required);
tpl_set_var('message_start', '');
tpl_set_var('message_end', '');
}
else
{
//set here the template to process
$tplname = 'log_cache';
require($stylepath . '/log_cache.inc.php');
require($stylepath.'/rating.inc.php');
$cachename = '';
if ($cache_id != 0)
{
//get cachename
$rs = sql("SELECT `caches`.`name`, `caches`.`user_id`, `caches`.`logpw`, `caches`.`wp_gc`, `caches`.`wp_nc`, `caches`.`type`, `caches`.`status` FROM `caches` INNER JOIN `cache_status` ON `caches`.`status`=`cache_status`.`id` WHERE (`cache_status`.`allow_user_log`=1 OR `caches`.`user_id`='&1') AND `caches`.`cache_id`='&2'", $usr['userid'], $cache_id);
if (mysql_num_rows($rs) == 0)
{
$cache_id = 0;
}
else
{
$record = sql_fetch_array($rs);
// only the owner is allowed to make logs to not published caches
if ($record['user_id'] == $usr['userid'] || $record['status'] != 5)
{
$cachename = $record['name'];
$cache_user_id = $record['user_id'];
$use_log_pw = (($record['logpw'] == NULL) || ($record['logpw'] == '')) ? false : true;
if ($use_log_pw) $log_pw = $record['logpw'];
$wp_gc = $record['wp_gc'];
$wp_nc = $record['wp_nc'];
$cache_type = $record['type'];
}
else
{
$cache_id = 0;
}
}
sql_free_result($rs);
}
if ($cache_id != 0)
{
$all_ok = false;
$log_text = isset($_POST['logtext']) ? ($_POST['logtext']) : '';
$log_type = isset($_POST['logtype']) ? ($_POST['logtype']+0) : 1;
$log_date_day = isset($_POST['logday']) ? ($_POST['logday']+0) : date('d');
$log_date_month = isset($_POST['logmonth']) ? ($_POST['logmonth']+0) : date('m');
$log_date_year = isset($_POST['logyear']) ? ($_POST['logyear']+0) : date('Y');
$top_option = isset($_POST['ratingoption']) ? $_POST['ratingoption']+0 : 0;
$top_cache = isset($_POST['rating']) ? $_POST['rating']+0 : 0;
// check if user has exceeded his top5% limit
$user_founds = sqlValue("SELECT IFNULL(`stat_user`.`found`, 0) FROM `user` LEFT JOIN `stat_user` ON `user`.`user_id`=`stat_user`.`user_id` WHERE `user`.`user_id`='" . sql_escape($usr['userid']) . "'", 0);
$user_tops = sqlValue("SELECT COUNT(`user_id`) FROM `cache_rating` WHERE `user_id`='" . sql_escape($usr['userid']) . "'", 0);
if ($user_tops < floor($user_founds * rating_percentage/100))
{
// initialize checkbox with value of past recommandation for this cache (if one exists)
$recommended = sqlValue("SELECT COUNT(`user_id`) FROM `cache_rating` WHERE `user_id`='" . sql_escape($usr['userid']) . "' AND `cache_id`='" . sql_escape($cache_id) . "'", 0);
$rating_msg = mb_ereg_replace('{chk_sel}', $recommended ? 'checked' : '', $rating_allowed.'<br />'.$rating_stat);
$rating_msg = mb_ereg_replace('{max}', floor($user_founds * rating_percentage/100), $rating_msg);
$rating_msg = mb_ereg_replace('{curr}', $user_tops, $rating_msg);
}
else
{
$anzahl = ($user_tops + 1 - ($user_founds * rating_percentage/100)) / (rating_percentage/100);
if ($anzahl > 1)
$rating_msg = mb_ereg_replace('{anzahl}', $anzahl, $rating_too_few_founds);
else
$rating_msg = mb_ereg_replace('{anzahl}', $anzahl, $rating_too_few_founds);
if ($user_tops)
$rating_msg .= '<br />'.$rating_maywithdraw;
}
tpl_set_var('rating_message', mb_ereg_replace('{rating_msg}', $rating_msg, $rating_tpl));
// descMode auslesen, falls nicht gesetzt aus dem Profil laden
if (isset($_POST['descMode']))
$descMode = $_POST['descMode']+0;
else
{
if (sqlValue("SELECT `no_htmledit_flag` FROM `user` WHERE `user_id`='" . sql_escape($usr['userid']) . "'", 1) == 1)
$descMode = 1;
else
$descMode = 3;
}
if (($descMode < 1) || ($descMode > 3)) $descMode = 3;
// fuer alte Versionen von OCProp
if ((isset($_POST['submit']) || isset($_POST['submitform'])) && !isset($_POST['version3']))
{
die('Your client may be outdated!');
}
if ($descMode != 1)
{
// Filter Input
$purifier = new HTMLPurifier();
$log_text = $purifier->purify($log_text);
}
else
{
// escape text
$log_text = nl2br(htmlspecialchars($log_text, ENT_COMPAT, 'UTF-8'));
}
//validate data
if (is_numeric($log_date_month) && is_numeric($log_date_day) && is_numeric($log_date_year))
{
$date_ok = checkdate($log_date_month, $log_date_day, $log_date_year)
&& ($log_date_year >= 2000);
if ($date_ok)
if (isset($_POST['submitform']))
if (mktime(0, 0, 0, $log_date_month, $log_date_day, $log_date_year) >= mktime())
$date_ok = false;
}
else
$date_ok = false;
$logtype_ok = sqlValue("SELECT COUNT(*) FROM cache_logtype WHERE cache_type_id='" . sql_escape($cache_type) . "' AND log_type_id='" . sql_escape($log_type) . "'", 0) > 0;
// not a found log? then ignore the rating
if ($log_type != 1 && $log_type != 7)
$top_option = 0;
$pw_ok = true;
if (isset($_POST['submitform']))
{
$all_ok = $date_ok && $logtype_ok;
if ($all_ok && $use_log_pw && $log_type == 1)
if (!isset($_POST['log_pw']) ||
mb_strtolower($log_pw) != mb_strtolower($_POST['log_pw']))
{
$pw_ok = false;
$all_ok = false;
}
}
if (isset($_POST['submitform']) && ($all_ok == true))
{
$log_date = date('Y-m-d', mktime(0, 0, 0, $log_date_month, $log_date_day, $log_date_year));
//add logentry to db
sql("INSERT INTO `cache_logs` (`id`, `cache_id`, `user_id`, `type`, `date`, `text`, `text_html`, `text_htmledit`, `node`)
VALUES ('', '&1', '&2', '&3', '&4', '&5', '&6', '&7', '&8')",
$cache_id, $usr['userid'], $log_type, $log_date, $log_text, (($descMode != 1) ? 1 : 0), (($descMode == 3) ? 1 : 0), $oc_nodeid);
// do not use slave server for the next time ...
db_slave_exclude();
// update cache_status
$rs = sql("SELECT `log_types`.`cache_status` FROM `log_types` WHERE `id`='&1'", $log_type);
if ($record = sql_fetch_array($rs))
{
$cache_status = $record['cache_status'];
if ($cache_status != 0)
{
$rs = sql("UPDATE `caches` SET `status`='&1' WHERE `cache_id`='&2'", $cache_status, $cache_id);
}
}
else
{
die("OPS!");
}
// update top-list
if ($top_option)
if ($top_cache)
sql("INSERT IGNORE INTO `cache_rating` (`user_id`, `cache_id`, `rating_date`) VALUES('&1', '&2', '&3')", $usr['userid'], $cache_id, $log_date);
else
sql("DELETE FROM `cache_rating` WHERE `user_id`='&1' AND `cache_id`='&2'", $usr['userid'], $cache_id);
//call eventhandler
require_once($rootpath . 'lib/eventhandler.inc.php');
event_new_log($cache_id, $usr['userid']+0);
//redirect to viewcache
$no_tpl_build = true;
//include('viewcache.php');
tpl_redirect('viewcache.php?cacheid=' . $cache_id);
}
else
{
//build logtypeoptions
$logtypeoptions = '';
if ($cache_type == 6) // event
$logtypeorder = 'DESC';
else
$logtypeorder = 'ASC';
$rsLogTypes = sql("SELECT `log_types`.`id`, IFNULL(`sys_trans_text`.`text`, `log_types`.`name`) AS `name`
FROM `caches`
INNER JOIN `cache_type` ON `caches`.`type`=`cache_type`.`id`
INNER JOIN `cache_logtype` ON `cache_type`.`id`=`cache_logtype`.`cache_type_id`
INNER JOIN `log_types` ON `cache_logtype`.`log_type_id`=`log_types`.`id`
LEFT JOIN `sys_trans` ON `log_types`.`trans_id`=`sys_trans`.`id`
LEFT JOIN `sys_trans_text` ON `sys_trans`.`id`=`sys_trans_text`.`trans_id` AND `sys_trans_text`.`lang`='" . sql_escape($locale) . "'
WHERE `caches`.`cache_id`='" . ($cache_id+0) . "'
ORDER BY `log_types`.`id` " . $logtypeorder);
while ($rLogTypes = sql_fetch_assoc($rsLogTypes))
{
$sSelected = ($rLogTypes['id'] == $log_type) ? ' selected="selected"' : '';
$logtypeoptions .= '<option value="' . $rLogTypes['id'] . '"' . $sSelected . '>' . htmlspecialchars($rLogTypes['name'], ENT_COMPAT, 'UTF-8') . '</option>' . "\n";
}
sql_free_result($rsLogTypes);
//set tpl vars
tpl_set_var('cachename', htmlspecialchars($cachename, ENT_COMPAT, 'UTF-8'));
tpl_set_var('cacheid', htmlspecialchars($cache_id, ENT_COMPAT, 'UTF-8'));
tpl_set_var('logday', htmlspecialchars($log_date_day, ENT_COMPAT, 'UTF-8'));
tpl_set_var('logmonth', htmlspecialchars($log_date_month, ENT_COMPAT, 'UTF-8'));
tpl_set_var('logyear', htmlspecialchars($log_date_year, ENT_COMPAT, 'UTF-8'));
tpl_set_var('logtypeoptions', $logtypeoptions);
tpl_set_var('reset', $reset);
tpl_set_var('submit', $submit);
tpl_set_var('date_message', '');
// Text / normal HTML / HTML editor
tpl_set_var('use_tinymce', (($descMode == 3) ? 1 : 0));
if ($descMode == 1)
tpl_set_var('descMode', 1);
else if ($descMode == 2)
tpl_set_var('descMode', 2);
else
{
// TinyMCE
$headers = tpl_get_var('htmlheaders') . "\n";
$headers .= '<script language="javascript" type="text/javascript" src="resource2/tinymce/tiny_mce_gzip.js"></script>' . "\n";
$headers .= '<script language="javascript" type="text/javascript" src="resource2/tinymce/config/log.js.php?logid=0"></script>' . "\n";
tpl_set_var('htmlheaders', $headers);
tpl_set_var('descMode', 3);
}
if ($descMode != 1)
tpl_set_var('logtext', htmlspecialchars($log_text, ENT_COMPAT, 'UTF-8'), true);
else
tpl_set_var('logtext', $log_text);
$listed_on = array();
if ($wp_gc > "")
$listed_on[] = '<a href="http://www.geocaching.com/seek/cache_details.aspx?wp='.$wp_gc.'" target="_blank">geocaching.com</a> <a href="http://www.geocaching.com/seek/log.aspx?wp='.$wp_gc.'" target="_blank">(loggen)</a>';
if ($wp_nc > "")
$listed_on[] = 'navicache.com';
if (sizeof($listed_on))
{
tpl_set_var('listed_start', "");
tpl_set_var('listed_end', "");
tpl_set_var('listed_on', sizeof($listed_on) == 0 ? $listed_only_oc : implode(", ", $listed_on));
}
else
{
tpl_set_var('listed_start', "<!--");
tpl_set_var('listed_end', "-->");
}
if ($use_log_pw == true)
if (!$pw_ok == true)
tpl_set_var('log_pw_field', $log_pw_field_pw_not_ok);
else
tpl_set_var('log_pw_field', $log_pw_field);
else
tpl_set_var('log_pw_field', '');
if (!$date_ok)
tpl_set_var('date_message', $date_message);
// build smilies
$smilies = '';
if ($descMode != 3)
{
for ($i=0; $i<count($smileyshow); $i++)
{
if ($smileyshow[$i] == '1')
{
$tmp_smiley = $smiley_link;
$tmp_smiley = mb_ereg_replace('{smiley_image}', $smileyimage[$i], $tmp_smiley);
$smilies = $smilies . mb_ereg_replace('{smiley_text}', ' '.$smileytext[$i].' ', $tmp_smiley) . '&nbsp;';
}
}
}
tpl_set_var('smilies', $smilies);
}
}
else
{
// no cache found
$no_tpl_build = true;
}
}
}
if ($no_tpl_build == false)
{
//make the template and send it out
tpl_BuildTemplate(false);
}
?>

1897
htdocs/newcache.php
View File

File diff suppressed because it is too large Load Diff

479
htdocs/newdesc.php
View File

@ -1,242 +1,237 @@
<?php
/***************************************************************************
./newdesc.php
-------------------
begin : July 7 2004
For license information see doc/license.txt
****************************************************************************/
/****************************************************************************
Unicode Reminder メモ
add a cache description to a cache
used template(s): newdesc
****************************************************************************/
//prepare the templates and include all neccessary
require_once('./lib/common.inc.php');
require_once($opt['rootpath'] . '../lib/htmlpurifier-4.2.0/library/HTMLPurifier.auto.php');
//Preprocessing
if ($error == false)
{
$cache_id = 0;
if (isset($_REQUEST['cacheid']))
{
$cache_id = $_REQUEST['cacheid'];
}
//must be logged in
if ($usr === false)
{
$tplname = 'login';
tpl_set_var('username', '');
tpl_set_var('target', htmlspecialchars('newdesc.php?cacheid=' . urlencode($cache_id), ENT_COMPAT, 'UTF-8'));
tpl_set_var('message', $login_required);
}
else
{
//user must be the owner of the cache
$cache_rs = sql("SELECT `user_id`, `name` FROM `caches` WHERE `cache_id`='&1'", $cache_id);
if (mysql_num_rows($cache_rs) > 0)
{
$cache_record = sql_fetch_array($cache_rs);
mysql_free_result($cache_rs);
if ($cache_record['user_id'] == $usr['userid'])
{
$tplname = 'newdesc';
require($stylepath . '/newdesc.inc.php');
//get the posted data
$show_all_langs = isset($_POST['show_all_langs']) ? $_POST['show_all_langs'] : 0;
$short_desc = isset($_POST['short_desc']) ? $_POST['short_desc'] : '';
$hints = isset($_POST['hints']) ? $_POST['hints'] : '';
$sel_lang = isset($_POST['desc_lang']) ? $_POST['desc_lang'] : $default_lang;
$desc = isset($_POST['desc']) ? $_POST['desc'] : '';
$descMode = isset($_POST['descMode']) ? ($_POST['descMode']+0) : 3;
if (($descMode < 1) || ($descMode > 3)) $descMode = 3;
// fuer alte Versionen von OCProp
if (isset($_POST['submit']) && !isset($_POST['version2']))
{
$descMode = (isset($_POST['desc_html']) && ($_POST['desc_html']==1)) ? 2 : 1;
$_POST['submitform'] = $_POST['submit'];
$desc = iconv("ISO-8859-1", "UTF-8", $desc);
$short_desc = iconv("ISO-8859-1", "UTF-8", $short_desc);
$hints = iconv("ISO-8859-1", "UTF-8", $hints);
}
if ($descMode != 1)
{
// Filter Input
$purifier = new HTMLPurifier();
$desc = $purifier->purify($desc);
}
$desc_lang_exists = false;
//save to db?
if (isset($_POST['submitform']))
{
//check if the entered language already exists
$desc_rs = sql("SELECT `id` FROM `cache_desc` WHERE `cache_id`='&1' AND `language`='&2'", $cache_id, $sel_lang);
$desc_lang_exists = (mysql_num_rows($desc_rs) > 0);
mysql_free_result($desc_rs);
if ($desc_lang_exists == false)
{
$desc_uuid = create_uuid();
//add to DB
if ($descMode != 1)
{
sql("INSERT INTO `cache_desc` (
`id`,
`cache_id`,
`language`,
`desc`,
`desc_html`,
`desc_htmledit`,
`hint`,
`short_desc`,
`last_modified`,
`uuid`,
`node`
) VALUES ('', '&1', '&2', '&3', 1, '&4', '&5', '&6', NOW(), '&7', '&8')",
$cache_id,
$sel_lang,
$desc,
($descMode == 3) ? '1' : '0',
nl2br(htmlspecialchars($hints, ENT_COMPAT, 'UTF-8')),
$short_desc,
$desc_uuid,
$oc_nodeid);
}
else
{
sql("INSERT INTO `cache_desc` (
`id`,
`cache_id`,
`language`,
`desc`,
`desc_html`,
`desc_htmledit`,
`hint`,
`short_desc`,
`last_modified`,
`uuid`,
`node`
) VALUES ('', '&1', '&2', '&3', 0, 0, '&4', '&5', NOW(), '&6', '&7')",
$cache_id,
$sel_lang,
nl2br(htmlspecialchars($desc, ENT_COMPAT, 'UTF-8')),
nl2br(htmlspecialchars($hints, ENT_COMPAT, 'UTF-8')),
$short_desc,
$desc_uuid,
$oc_nodeid);
}
// do not use slave server for the next time ...
db_slave_exclude();
tpl_redirect('editcache.php?cacheid=' . urlencode($cache_id));
exit;
}
}
elseif (isset($_POST['show_all_langs_submit']))
{
$show_all_langs = 1;
}
// check if any default language is available
if ($show_all_langs == 0)
{
if (sqlValue("SELECT COUNT(*)
FROM `languages_list_default`
LEFT JOIN `cache_desc` ON `languages_list_default`.`show`=`cache_desc`.`language` AND `cache_desc`.`cache_id`='" . sql_escape($cache_id) . "'
WHERE `languages_list_default`.`lang`='" . sql_escape($locale) . "' AND ISNULL(`cache_desc`.`cache_id`)", 0) == 0)
{
$show_all_langs = 1;
}
}
//build langslist
$langoptions = '';
$rsLanguages = sql("SELECT `short`, IFNULL(`sys_trans_text`.`text`, `languages`.`name`) AS `name`
FROM `languages`
LEFT JOIN `languages_list_default` ON `languages`.`short`=`languages_list_default`.`show` AND `languages_list_default`.`lang`='&1'
LEFT JOIN `sys_trans` ON `languages`.`trans_id`=`sys_trans`.`id`
LEFT JOIN `sys_trans_text` ON `sys_trans`.`id`=`sys_trans_text`.`trans_id` AND `sys_trans_text`.`lang`='&1'
WHERE `languages`.`short` NOT IN (SELECT `language` FROM `cache_desc` WHERE `cache_id`='&3') AND
('&2'=1 OR `languages_list_default`.`show`=`languages`.`short`)
ORDER BY `name` ASC",
$locale,
(($show_all_langs == 1) ? 1 : 0),
$cache_id);
while ($rLanguage = sql_fetch_assoc($rsLanguages))
{
$sSelected = ($rLanguage['short'] == $sel_lang) ? ' selected="selected"' : '';
$langoptions .= '<option value="' . htmlspecialchars($rLanguage['short'], ENT_COMPAT, 'UTF-8') . '"' . $sSelected . '>' . htmlspecialchars($rLanguage['name'], ENT_COMPAT, 'UTF-8') . '</option>' . "\n";
}
sql_free_result($rsLanguages);
tpl_set_var('langoptions', $langoptions);
//here we set the template vars
tpl_set_var('name', htmlspecialchars($cache_record['name'], ENT_COMPAT, 'UTF-8'));
tpl_set_var('cacheid', htmlspecialchars($cache_id, ENT_COMPAT, 'UTF-8'));
tpl_set_var('lang_message', $desc_lang_exists ? $lang_message : '');
tpl_set_var('show_all_langs', $show_all_langs);
tpl_set_var('show_all_langs_submit', ($show_all_langs == 0) ? $show_all_langs_submit : '');
tpl_set_var('short_desc', htmlspecialchars($short_desc, ENT_COMPAT, 'UTF-8'));
tpl_set_var('desc', htmlspecialchars($desc, ENT_COMPAT, 'UTF-8'));
tpl_set_var('hints', htmlspecialchars($hints, ENT_COMPAT, 'UTF-8'));
// Text / normal HTML / HTML editor
tpl_set_var('use_tinymce', (($descMode == 3) ? 1 : 0));
if ($descMode == 1)
tpl_set_var('descMode', 1);
else if ($descMode == 2)
tpl_set_var('descMode', 2);
else
{
// TinyMCE
$headers = tpl_get_var('htmlheaders') . "\n";
$headers .= '<script language="javascript" type="text/javascript" src="resource2/tinymce/tiny_mce_gzip.js"></script>' . "\n";
$headers .= '<script language="javascript" type="text/javascript" src="resource2/tinymce/config/desc.js.php?cacheid=' . ($cache_id+0) . '&lang=' . strtolower($locale) . '"></script>' . "\n";
tpl_set_var('htmlheaders', $headers);
tpl_set_var('descMode', 3);
}
tpl_set_var('reset', $reset);
tpl_set_var('submit', $submit);
}
else
{
//TODO: not the owner
}
}
else
{
mysql_free_result($cache_rs);
//TODO: cache not exist
}
}
}
//make the template and send it out
tpl_BuildTemplate();
?>
<?php
/***************************************************************************
./newdesc.php
-------------------
begin : July 7 2004
For license information see doc/license.txt
****************************************************************************/
/****************************************************************************
Unicode Reminder メモ
add a cache description to a cache
used template(s): newdesc
****************************************************************************/
//prepare the templates and include all neccessary
require_once('./lib/common.inc.php');
require_once($opt['rootpath'] . '../lib/htmlpurifier-4.2.0/library/HTMLPurifier.auto.php');
//Preprocessing
if ($error == false)
{
$cache_id = 0;
if (isset($_REQUEST['cacheid']))
{
$cache_id = $_REQUEST['cacheid'];
}
//must be logged in
if ($usr === false)
{
$tplname = 'login';
tpl_set_var('username', '');
tpl_set_var('target', htmlspecialchars('newdesc.php?cacheid=' . urlencode($cache_id), ENT_COMPAT, 'UTF-8'));
tpl_set_var('message', $login_required);
}
else
{
//user must be the owner of the cache
$cache_rs = sql("SELECT `user_id`, `name` FROM `caches` WHERE `cache_id`='&1'", $cache_id);
if (mysql_num_rows($cache_rs) > 0)
{
$cache_record = sql_fetch_array($cache_rs);
mysql_free_result($cache_rs);
if ($cache_record['user_id'] == $usr['userid'])
{
$tplname = 'newdesc';
require($stylepath . '/newdesc.inc.php');
//get the posted data
$show_all_langs = isset($_POST['show_all_langs']) ? $_POST['show_all_langs'] : 0;
$short_desc = isset($_POST['short_desc']) ? $_POST['short_desc'] : '';
$hints = isset($_POST['hints']) ? $_POST['hints'] : '';
$sel_lang = isset($_POST['desc_lang']) ? $_POST['desc_lang'] : $default_lang;
$desc = isset($_POST['desc']) ? $_POST['desc'] : '';
$descMode = isset($_POST['descMode']) ? ($_POST['descMode']+0) : 3;
if (($descMode < 1) || ($descMode > 3)) $descMode = 3;
// fuer alte Versionen von OCProp
if (isset($_POST['submit']) && !isset($_POST['version2']))
{
$descMode = (isset($_POST['desc_html']) && ($_POST['desc_html']==1)) ? 2 : 1;
$_POST['submitform'] = $_POST['submit'];
$desc = iconv("ISO-8859-1", "UTF-8", $desc);
$short_desc = iconv("ISO-8859-1", "UTF-8", $short_desc);
$hints = iconv("ISO-8859-1", "UTF-8", $hints);
}
if ($descMode != 1)
{
// Filter Input
$purifier = new HTMLPurifier();
$desc = $purifier->purify($desc);
}
$desc_lang_exists = false;
//save to db?
if (isset($_POST['submitform']))
{
//check if the entered language already exists
$desc_rs = sql("SELECT `id` FROM `cache_desc` WHERE `cache_id`='&1' AND `language`='&2'", $cache_id, $sel_lang);
$desc_lang_exists = (mysql_num_rows($desc_rs) > 0);
mysql_free_result($desc_rs);
if ($desc_lang_exists == false)
{
//add to DB
if ($descMode != 1)
{
sql("INSERT INTO `cache_desc` (
`id`,
`cache_id`,
`language`,
`desc`,
`desc_html`,
`desc_htmledit`,
`hint`,
`short_desc`,
`last_modified`,
`node`
) VALUES ('', '&1', '&2', '&3', 1, '&4', '&5', '&6', NOW(), '&7')",
$cache_id,
$sel_lang,
$desc,
($descMode == 3) ? '1' : '0',
nl2br(htmlspecialchars($hints, ENT_COMPAT, 'UTF-8')),
$short_desc,
$oc_nodeid);
}
else
{
sql("INSERT INTO `cache_desc` (
`id`,
`cache_id`,
`language`,
`desc`,
`desc_html`,
`desc_htmledit`,
`hint`,
`short_desc`,
`last_modified`,
`node`
) VALUES ('', '&1', '&2', '&3', 0, 0, '&4', '&5', NOW(), '&6')",
$cache_id,
$sel_lang,
nl2br(htmlspecialchars($desc, ENT_COMPAT, 'UTF-8')),
nl2br(htmlspecialchars($hints, ENT_COMPAT, 'UTF-8')),
$short_desc,
$oc_nodeid);
}
// do not use slave server for the next time ...
db_slave_exclude();
tpl_redirect('editcache.php?cacheid=' . urlencode($cache_id));
exit;
}
}
elseif (isset($_POST['show_all_langs_submit']))
{
$show_all_langs = 1;
}
// check if any default language is available
if ($show_all_langs == 0)
{
if (sqlValue("SELECT COUNT(*)
FROM `languages_list_default`
LEFT JOIN `cache_desc` ON `languages_list_default`.`show`=`cache_desc`.`language` AND `cache_desc`.`cache_id`='" . sql_escape($cache_id) . "'
WHERE `languages_list_default`.`lang`='" . sql_escape($locale) . "' AND ISNULL(`cache_desc`.`cache_id`)", 0) == 0)
{
$show_all_langs = 1;
}
}
//build langslist
$langoptions = '';
$rsLanguages = sql("SELECT `short`, IFNULL(`sys_trans_text`.`text`, `languages`.`name`) AS `name`
FROM `languages`
LEFT JOIN `languages_list_default` ON `languages`.`short`=`languages_list_default`.`show` AND `languages_list_default`.`lang`='&1'
LEFT JOIN `sys_trans` ON `languages`.`trans_id`=`sys_trans`.`id`
LEFT JOIN `sys_trans_text` ON `sys_trans`.`id`=`sys_trans_text`.`trans_id` AND `sys_trans_text`.`lang`='&1'
WHERE `languages`.`short` NOT IN (SELECT `language` FROM `cache_desc` WHERE `cache_id`='&3') AND
('&2'=1 OR `languages_list_default`.`show`=`languages`.`short`)
ORDER BY `name` ASC",
$locale,
(($show_all_langs == 1) ? 1 : 0),
$cache_id);
while ($rLanguage = sql_fetch_assoc($rsLanguages))
{
$sSelected = ($rLanguage['short'] == $sel_lang) ? ' selected="selected"' : '';
$langoptions .= '<option value="' . htmlspecialchars($rLanguage['short'], ENT_COMPAT, 'UTF-8') . '"' . $sSelected . '>' . htmlspecialchars($rLanguage['name'], ENT_COMPAT, 'UTF-8') . '</option>' . "\n";
}
sql_free_result($rsLanguages);
tpl_set_var('langoptions', $langoptions);
//here we set the template vars
tpl_set_var('name', htmlspecialchars($cache_record['name'], ENT_COMPAT, 'UTF-8'));
tpl_set_var('cacheid', htmlspecialchars($cache_id, ENT_COMPAT, 'UTF-8'));
tpl_set_var('lang_message', $desc_lang_exists ? $lang_message : '');
tpl_set_var('show_all_langs', $show_all_langs);
tpl_set_var('show_all_langs_submit', ($show_all_langs == 0) ? $show_all_langs_submit : '');
tpl_set_var('short_desc', htmlspecialchars($short_desc, ENT_COMPAT, 'UTF-8'));
tpl_set_var('desc', htmlspecialchars($desc, ENT_COMPAT, 'UTF-8'));
tpl_set_var('hints', htmlspecialchars($hints, ENT_COMPAT, 'UTF-8'));
// Text / normal HTML / HTML editor
tpl_set_var('use_tinymce', (($descMode == 3) ? 1 : 0));
if ($descMode == 1)
tpl_set_var('descMode', 1);
else if ($descMode == 2)
tpl_set_var('descMode', 2);
else
{
// TinyMCE
$headers = tpl_get_var('htmlheaders') . "\n";
$headers .= '<script language="javascript" type="text/javascript" src="resource2/tinymce/tiny_mce_gzip.js"></script>' . "\n";
$headers .= '<script language="javascript" type="text/javascript" src="resource2/tinymce/config/desc.js.php?cacheid=' . ($cache_id+0) . '&lang=' . strtolower($locale) . '"></script>' . "\n";
tpl_set_var('htmlheaders', $headers);
tpl_set_var('descMode', 3);
}
tpl_set_var('reset', $reset);
tpl_set_var('submit', $submit);
}
else
{
//TODO: not the owner
}
}
else
{
mysql_free_result($cache_rs);
//TODO: cache not exist
}
}
}
//make the template and send it out
tpl_BuildTemplate();
?>