Location: PHPKode > projects > Small-Cms > small-cms-1.0/libs/default.class.php
<?php

/////////////////////////////////////////////////////////////////////////////////////
//
//    This file is part of Small-cms.
//
// Small-cms is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Small-cms is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU General Public License for more details.
// 
// You should have received a copy of the GNU General Public License
// along with Foobar.  If not, see <http://www.gnu.org/licenses/>.
//
////////////////////////////////////////////////////////////////////////////////////
 
class StartUp {

	var $query_current_count = false;
	var $prefix_db = '';
 		
	###
	function __construct() {
		header('Content-type:text/html; charset=utf-8');
		$this->initSQL();
		$this->secureGlobals(); // Credit: @author Bendikt Martin Myklebust <hide@address.com>
		ob_start();
 
	}
	###
	function initSQL(){
	include "db.php";
 		mysql_connect($host,$user,$pass);
 		mysql_select_db($db) or die("Database Error: ".mysql_error());
 	}
	###
	function secureSuperGlobalGET(&$value, $key) {
		$_GET[$key] = htmlspecialchars(stripslashes($_GET[$key]));
		$_GET[$key] = str_ireplace("script", "blocked", $_GET[$key]);
		$_GET[$key] = mysql_escape_string($_GET[$key]);
		return $_GET[$key];
	}
	###	
	function secureSuperGlobalPOST(&$value, $key) { 
	$page = (isset($_GET["page"])?$_GET["page"]:"");
		if($page != 'admincp') {
		$_POST[$key] = htmlspecialchars(stripslashes($_POST[$key]));
		$_POST[$key] = str_ireplace("script", "blocked", $_POST[$key]);
		$_POST[$key] = mysql_escape_string($_POST[$key]);
		return $_POST[$key];
		} else {
		return $_POST[$key];
		}
	}
	###		
	function secureGlobals() {
		array_walk($_GET, array($this, 'secureSuperGlobalGET'));
		array_walk($_POST, array($this, 'secureSuperGlobalPOST'));
	}
	###
	function sqlesc($x) {
	  return '\''.mysql_real_escape_string($x).'\'';
	}
	###
	function getConfigs(){
		$sql = "SELECT `key`,`value` FROM ".$this->prefix_db."settings";
    		$items = mysql_query($sql) or die("Database Error: ".mysql_error());
		while ($obj = mysql_fetch_object($items)) { 
			$array[$obj->key]['value'] = $obj->value;
	        }
    	return $array;
 	}
	###
 	function redirect($location) {
  		header("Location:".$location);
   	} 
	###
	function getNews($cat=false){		
		$sql = "SELECT SQL_CALC_FOUND_ROWS
		a.id,a.date,a.title,a.url_title,a.longdesc,a.categorie,a.author, users.user_name as user_name, categories.name as cat_name 
		FROM ".$this->prefix_db."articles AS a ";
		$sql .= "JOIN ".$this->prefix_db."categories as categories on categories.id = a.categorie ";
		$sql .= "JOIN ".$this->prefix_db."users as users on users.id = a.author ";	
		if ($cat) { 
			$sql .= "WHERE categorie='$cat' "; 
		} else {
			$sql .= "ORDER BY a.date DESC LIMIT %d,%d ";
		}
 		$sql_p = sprintf($sql, SmartyPaginate::getCurrentIndex(), SmartyPaginate::getLimit());
		
		$items = mysql_query($sql_p) or die("Database Error: ".mysql_error());
		//Populate the array
		while ($obj = mysql_fetch_object($items)) {
        		$array[$obj->id]['id'] = $obj->id;
            		$array[$obj->id]['date'] = $obj->date;
			$array[$obj->id]['title'] = $obj->title;  
			$array[$obj->id]['url_title'] = $obj->url_title; 
           		$array[$obj->id]['longdesc'] = $obj->longdesc;
           		$array[$obj->id]['categorie'] = $obj->categorie; 
           		$array[$obj->id]['user_name'] = $obj->user_name; 
           		$array[$obj->id]['cat_name'] = $obj->cat_name; 
	        }
                $_query = "SELECT FOUND_ROWS() as total";
                $_result = mysql_query($_query);
                $_row = mysql_fetch_array($_result, MYSQL_ASSOC);        
                SmartyPaginate::setTotal($_row['total']);
 		mysql_free_result($items);

 
		return $array;
	}
	function lastNews(){	
		$conf = $this->getConfigs();	
		
		$sql = "SELECT a.id,a.date,a.title,a.url_title,a.longdesc,a.categorie,a.author, users.user_name as user_name, categories.name as cat_name 
		FROM ".$this->prefix_db."articles AS a ";
		$sql .= "JOIN ".$this->prefix_db."categories as categories on categories.id = a.categorie ";
		$sql .= "JOIN ".$this->prefix_db."users as users on users.id = a.author ";	
		$sql .= "ORDER BY a.date DESC LIMIT 0,".$conf['artindex']['value']." ";
 
		$items = mysql_query($sql) or die("Database Error: ".mysql_error());
		//Populate the array
		while ($obj = mysql_fetch_object($items)) {
        		$array[$obj->id]['id'] = $obj->id;
            		$array[$obj->id]['date'] = $obj->date;
			$array[$obj->id]['title'] = $obj->title;  
			$array[$obj->id]['url_title'] = $obj->url_title; 
           		$array[$obj->id]['longdesc'] = $obj->longdesc;
           		$array[$obj->id]['categorie'] = $obj->categorie; 
           		$array[$obj->id]['user_name'] = $obj->user_name; 
           		$array[$obj->id]['cat_name'] = $obj->cat_name; 
	        }
 
		return $array;
	}
	###
	function getNewsone($id) {
		$sql = "SELECT a.id,a.date,a.title,a.url_title,a.longdesc,a.categorie,a.author, users.user_name as user_name, categories.name as cat_name 
		 FROM ".$this->prefix_db."articles AS a ";
		$sql .= "JOIN ".$this->prefix_db."categories as categories on categories.id = a.categorie ";
		$sql .= "JOIN ".$this->prefix_db."users as users on users.id = a.author ";	
		$sql .= "WHERE a.id = '$id' ";
		
    		$items = mysql_query($sql) or die("Database Error: ".mysql_error());
		//Populate the array
		while ($obj = mysql_fetch_object($items)) {
        		$array['id'] = $obj->id;
            		$array['date'] = $obj->date;
			$array['title'] = $obj->title;  
			$array['url_title'] = $obj->url_title; 
           		$array['longdesc'] = $obj->longdesc;
           		$array['categorie'] = $obj->categorie; 
           		$array['user_name'] = $obj->user_name; 
           		$array['cat_name'] = $obj->cat_name; 
	        }
	
		$this->query_current_count = count($array);
		return $array;
    	return true;
	}
	###
	function getCats() {
		$sql = "SELECT id, name FROM ".$this->prefix_db."categories ";

		
    		$items = mysql_query($sql) or die("Database Error: ".mysql_error());
		//Populate the array
		while ($obj = mysql_fetch_object($items)) {
        		$array[$obj->id]['id'] = $obj->id;
            		$array[$obj->id]['name'] = $obj->name;
	        }
		return $array;
    	return true;
	}
}
class Login extends startUp {
	
	var $session_name = '';	
	var $hash = '0900124461779baebd4e030b813535ac';	
	var $session_username = "";
	var $session_password = "";
	var $uid = "";

	function Login(){
		$conf = $this->getConfigs();
		$this->session_name = $conf['cookie']['value'];
		// print_r($this->session_name);
	return true;
	} 

	//isLogged()
	function isLogged(){
		if($this->checkUser()){
			return $this->uid;
		} else {
			$this->redirect();
			$this->reset();
		}
	}
	//checkUser()
	function checkUser(){
		if($this->checkCookie()){
			$username = $this->session_username;
			$password = $this->session_password;
			$query = "SELECT id FROM ".$this->prefix_db."users WHERE user_name = '$username' AND user_pass = '$password' AND user_active = '1' LIMIT 1;";
			$result = mysql_query($query) or die(mysql_error());
			$row = mysql_fetch_array($result);
			$this->uid = $row['id'];
			return true;			
		} else {
			return false;
		}
	}
	//checkCredentials($username, $password)
	function checkCredentials($username, $password){	 
		$obscure = $this->obscure($password);				
		$query = "SELECT * FROM ".$this->prefix_db."users WHERE user_name = '$username' AND user_pass = '$obscure' AND user_active = '1' LIMIT 1;";
    		$result = mysql_query($query) or die(mysql_error());
		$row = mysql_fetch_array($result);		
		if ($row) {
			return true;
		} else {
			return false;
		}
	}
	//
	function getUserdata($uid=FALSE){
		if($uid==FALSE){
			$id = $this->uid;
		} else {
			$id = $uid;
		}
		$query = "SELECT id, user_name, user_mail, user_active FROM ".$this->prefix_db."users WHERE user_active = '1' AND id = '$id' LIMIT 1";
    		$result = mysql_query($query) or die(mysql_error());
		$row = mysql_fetch_array($result);
		return $row;
	}
	//
	function checkCookie(){
		if (isset($_COOKIE["$this->session_name"]) || isset($_SESSION["$this->session_name"])) {
			if( isset($_SESSION["$this->session_name"]) ){
				$cookie = explode(",",$_SESSION["$this->session_name"]);	
			} else {
				$cookie = explode(",",$_COOKIE["$this->session_name"]);
			}
			$this->session_username = $cookie['0'];
			$this->session_password = $cookie['1'];
			$this->uid = $cookie['2'];
			return true;
		} else {
			return false;
		}
	}
	// setSession
	function setSession($username,$password,$cookie){
	
			$query = "SELECT id FROM ".$this->prefix_db."users WHERE user_name = '$username' AND user_pass = '$password' AND user_active = '1' LIMIT 1;";
			$result = mysql_query($query) or die(mysql_error());
			$row = mysql_fetch_array($result);
			
					
		$values = array($username,$this->obscure($password),$row['id']);
		$session = implode(",",$values);
		if($cookie=='on'){
			//cookies
			setcookie("$this->session_name", $session, time()+60*60*24*100,'/');
		} else {
			$_SESSION["$this->session_name"] = $session;
		}
	}
	// utils
	function logout($redirect=true){
		setcookie("$this->session_name", "", time()-60*60*24*100, "/");
		unset($_SESSION["$this->session_name"]);
		session_unset();
		if($redirect===true){
			$this->redirect();
		}
	}
	function redirect($location='index.php'){
		header("location:".$location);
	}
	
	function reset(){
		$this->username = "";
		$this->password = "";
	}
	// Obscure
	function obscure($password, $algorythm = "sha1"){
		$password = strtolower($password);
		$salt = hash($algorythm, $this->hash);
		$hash_length = strlen($salt);
		$password_length = strlen($password);
		$password_max_length = $hash_length / 2;
		if ($password_length >= $password_max_length){
			$salt = substr($salt, 0, $password_max_length);
		} else {
			$salt = substr($salt, 0, $password_length);
		}
		$salt_length = strlen($salt);
		$salted_password = hash($algorythm, $salt . $password);
		$used_chars = ($hash_length - $salt_length) * -1;
		$final_result = $salt . substr($salted_password, $used_chars);
	
		return $final_result;
	}
}
#doc
#	classname:	admin
#	scope:		PUBLIC
#
#/doc

class Admin extends Login
{
	#	internal variables
	
	#	Constructor
	function deleteCat($id){
		# code...
		mysql_query("DELETE FROM ".$this->table_pre."categories WHERE id = '$id'") or die( mysql_error());
		
	return $id;
	}
	###
	function numNews(){
		# code...
		$select = 'SELECT count(*) FROM articles';
		$result = mysql_query($select) or die ('Erreur : '.mysql_error() );
		$row = mysql_fetch_row($result);
	return $row[0];
	}
	###
	function numCat(){
		# code...
		$select = 'SELECT count(*) FROM categories';
		$result = mysql_query($select) or die ('Erreur : '.mysql_error() );
		$row = mysql_fetch_row($result);
	return $row[0];
	}
	###
	function addCat($cname){
		# code...
		$a = array("'", "\"", " ", "(", ")");
		$strip = str_replace($a,"-",$cname);
		$query = "INSERT INTO ".$this->table_pre."categories (id,name) 
	          VALUES (
			  'NULL',
			  '".mysql_real_escape_string($cname)."'
			  )";
    		$result = mysql_query($query) or die(mysql_error());
 
    	return true;		
	}
	###
	function addArticle($title,$url_title,$longdesc,$categorie,$author) {
		$date = date('Y-m-d G:i:s');
		$query = "INSERT INTO ".$this->prefix_db."articles (date,title,url_title,longdesc,categorie,author) 
	          VALUES (
			  '$date',
			  '".mysql_real_escape_string($title)."',
			  '".mysql_real_escape_string($url_title)."',
			  '".mysql_real_escape_string($longdesc)."',
			  '$categorie',
			  '$author'
			  )";
    		$result = mysql_query($query) or die(mysql_error());
     	return true;
	}	
 	###
	function updateNews($id,$title,$url_title,$longdesc,$categorie,$author) {
		$date = date('Y-m-d G:i:s');
		mysql_query("UPDATE ".$this->table_pre."articles SET title = '".$title."', url_title = '".$url_title."', longdesc = '".$longdesc."', categorie = '".$categorie."', author = '".$author."' WHERE id = '".$id."'") or die( mysql_error());
     	return true;
	}
	###
}
###
 
Return current item: Small-Cms