No OneTemporary
Actions

Size

59 KB

Referenced Files

None

Subscribers

None

View Options

	diff --git a/composer.json b/composer.json
	index 9850ba9..8161fd1 100644
	--- a/composer.json
	+++ b/composer.json
	@@ -1,45 +1,45 @@
	{
	"name": "waystone/waystone",
	"type": "library",
	"description": "Modular libraries to build applications with Obsidian Workspaces",
	"keywords": [
	"framework",
	"keruald",
	"waystone",
	"obsidian"
	],
	"license": "BSD-2-Clause",
	"homepage": "https://waystone.nasqueron.org",
	"authors": [
	{
	"name": "Sébastien Santoro",
	"email": "dereckson@espace-win.org"
	}
	],
	"require": {
	- "keruald/database": "0.5.0",
	+ "keruald/database": "0.5.2",
	"keruald/omnitools": "0.15.0",
	"smarty/smarty": "^5.6.0",
	"ext-mysqli": "*"
	},
	"require-dev": {
	"nasqueron/codestyle": "^0.1.2",
	"phpunit/phpunit": "^12.4",
	"squizlabs/php_codesniffer": "^4.0"
	},
	"replace": {
	"waystone/workspaces": "1.0.0"
	},
	"autoload": {
	"psr-4": {
	"Waystone\\Workspaces\\": "workspaces/src/",
	"Waystone\\Workspaces\\Tests\\": "workspaces/tests/"
	}
	},
	"scripts": {
	"lint-src": "find /src -type f -name '.php' \| xargs -I {} php -l {} 1> /dev/null",
	"lint-tests": "find /tests -type f -name '.php' \| xargs -n1 php -l",
	"test": "vendor/bin/phpunit"
	},
	"minimum-stability": "dev"
	}
	diff --git a/workspaces/composer.json b/workspaces/composer.json
	index c06d1ba..1daf8e2 100644
	--- a/workspaces/composer.json
	+++ b/workspaces/composer.json
	@@ -1,29 +1,29 @@
	{
	"name": "waystone/workspaces",
	"description": "Core interfaces for Obsidian Workspaces",
	"type": "project",
	"require": {
	- "keruald/database": "0.5.0",
	+ "keruald/database": "0.5.2",
	"keruald/omnitools": "0.15.0",
	"smarty/smarty": "^5.6.0"
	},
	"require-dev": {
	"phpunit/phpunit": "^12.4",
	"nasqueron/codestyle": "^0.1.2",
	"squizlabs/php_codesniffer": "^4.0",
	"ext-mysqli": "*"
	},
	"license": "BSD-2-Clause",
	"autoload": {
	"psr-4": {
	"Waystone\\Workspaces\\": "src/",
	"Waystone\\Workspaces\\Tests\\": "tests/"
	}
	},
	"authors": [
	{
	"name": "Sébastien Santoro",
	"email": "dereckson@espace-win.org"
	}
	]
	}
	diff --git a/workspaces/src/includes/GlobalFunctions.php b/workspaces/src/includes/GlobalFunctions.php
	index 47451e4..84e0250 100644
	--- a/workspaces/src/includes/GlobalFunctions.php
	+++ b/workspaces/src/includes/GlobalFunctions.php
	@@ -1,331 +1,331 @@
	<?php

	////////////////////////////////////////////////////////////////////////////////
	/// ///
	/// Information helper functions ///
	/// ///
	////////////////////////////////////////////////////////////////////////////////

	/**
	* Gets the username matching specified user id
	*
	* @param string $user_id the user ID
	* @return string the username
	*/
	function get_username ($user_id) {
	global $db;

	- $user_id = $db->sql_escape($user_id);
	+ $user_id = $db->escape($user_id);
	$sql = 'SELECT username FROM '. TABLE_USERS . " WHERE user_id = '$userid'";
	- return $db->sql_query_express($sql, "Can't get username from specified user id");
	+ return $db->queryScalar($sql, "Can't get username from specified user id");
	}

	/**
	* Gets the user id matching specified username
	*
	* @param string $username the username
	* @return string the user ID
	*/
	function get_userid ($username) {
	global $db;

	- $username = $db->sql_escape($username);
	+ $username = $db->escape($username);
	$sql = 'SELECT user_id FROM '. TABLE_USERS . " WHERE username LIKE '$username'";
	- return $db->sql_query_express($sql, "Can't get user id from specified username");
	+ return $db->queryScalar($sql, "Can't get user id from specified username");
	}

	/**
	* Gets the resource ID from an identifier
	*
	* @param $resource_type the resource type
	* @param $identifier resource identifier
	* @return mixed the resource ID (as integer), or NULL if unknown
	*/
	function resolve_resource_id ($resource_type, $identifier) {
	//Trivial cases: already an ID, null or void ID
	if (is_numeric($identifier)) {
	return $identifier;
	}
	if (!$identifier) {
	return NULL;
	}

	//Searches identifier
	switch ($resource_type) {
	case 'U':
	return get_user_id($identifier);

	case 'G':
	$group = UserGroup::fromCode($identifier);
	return $group->id;

	case 'W':
	$workspace = Workspace::fromCode($identifier);
	return $workspace->id;

	default:
	throw new Exception("Unknown resource type: $resource_type", E_USER_ERROR);
	}
	}

	////////////////////////////////////////////////////////////////////////////////
	/// ///
	/// Misc helper functions ///
	/// ///
	////////////////////////////////////////////////////////////////////////////////

	//Plural management

	/*
	* Gets a "s" if the specified amount requests the plural
	* @param mixed $amount the quantity (should be numeric)
	* @return string 's' if the amount is greater or equal than 2 ; otherwise, ''
	*/
	function s ($amount) {
	if ($amount >= 2 \|\| $amount <= -2 ) return 's';
	}

	/*
	* Prints human-readable information about a variable, wrapped in a <pre> block
	* @param mixed $mixed the variable to dump
	*/
	function dprint_r ($mixed) {
	echo '<pre>';
	print_r($mixed);
	echo '</pre>';
	}

	/*
	* Generates a new GUID
	* @return string a guid (without {})
	*/
	function new_guid () {
	//The guid chars
	$chars = explode(',', 'a,b,c,d,e,f,0,1,2,3,4,5,6,7,8,9');

	//Let's build our 36 characters string
	//e.g. 68ed40c6-f5bb-4a4a-8659-3adf23536b75
	$guid = "";
	for ($i = 0 ; $i < 36 ; $i++) {
	if ($i == 8 \|\| $i == 13 \|\| $i == 18 \|\| $i == 23) {
	//Dashes at position 9, 14, 19 and 24
	$guid .= "-";
	} else {
	//0-f hex digit elsewhere
	$guid .= $chars[mt_rand() % sizeof($characters)];
	}
	}
	return $guid;
	}

	/*
	* Determines if the expression is a valid guid (in uuid notation, without {})
	* @param string $expression the guid to check
	* @return true if the expression is a valid guid ; otherwise, false
	*/
	function is_guid ($expression) {
	//We avoid regexp to speed up the check
	//A guid is a 36 characters string
	if (strlen($expression) != 36) return false;

	$expression = strtolower($expression);
	for ($i = 0 ; $i < 36 ; $i++) {
	if ($i == 8 \|\| $i == 13 \|\| $i == 18 \|\| $i == 23) {
	//with dashes
	if ($expression[$i] != '-') return false;
	} else {
	//and hex numbers
	if (!is_numeric($expression[$i]) && $expression[$i] != 'a' && $expression[$i] != 'b' && $expression[$i] != 'c' && $expression[$i] != 'd' && $expression[$i] != 'e' && $expression[$i] != 'f' ) return false;
	}
	}
	return true;
	}

	/**
	* Gets file extension
	* @param string $file the file to get the extension
	* @return string the file extension
	*/
	function get_extension ($file) {
	$dotPosition = strrpos($file, ".");
	return substr($file, $dotPosition + 1);
	}

	/**
	* Gets file name
	* @param string $file the file to get the extension
	* @return string the file name
	*/
	function get_filename ($file) {
	//TODO: clear directory
	$dotPosition = strrpos($file, ".");
	return substr($file, 0, $dotPosition);
	}

	/*
	* Determines if a string starts with specified substring
	* @param string $haystack the string to check
	* @param string $needle the substring to determines if it's the start
	* @param boolean $case_sensitive determines if the search must be case sensitive
	* @return boolean true if $haystack starts with $needle ; otherwise, false.
	*/
	function string_starts_with ($haystack, $needle, $case_sensitive = true) {
	if (!$case_sensitive) {
	$haystack = strtoupper($haystack);
	$needle = strtoupper($needle);
	}
	if ($haystack == $needle) return true;
	return strpos($haystack, $needle) === 0;
	}

	////////////////////////////////////////////////////////////////////////////////
	/// ///
	/// URL helpers functions ///
	/// ///
	////////////////////////////////////////////////////////////////////////////////

	/*
	* Gets URL
	* @return string URL
	*/
	function get_url () {
	global $Config;
	if (func_num_args() > 0) {
	$pieces = func_get_args();
	return $Config['BaseURL'] . '/' . implode('/', $pieces);
	} elseif ($Config['BaseURL'] == "" \|\| $Config['BaseURL'] == "/index.php") {
	return "/";
	} else {
	return $Config['BaseURL'];
	}
	}

	/*
	* Gets page URL
	* @return string URL
	*/
	function get_page_url () {
	$url = $_SERVER['SCRIPT_NAME'] . $_SERVER['PATH_INFO'];
	if (substr($url, -10) == "/index.php") {
	return substr($url, 0, -9);
	}
	return $url;
	}

	/*
	* Gets server URL
	* @todo find a way to detect https:// on non standard port
	* @return string the server URL
	*/
	function get_server_url () {
	if (php_sapi_name() == 'cli') {
	return '';
	}
	switch ($port = $_SERVER['SERVER_PORT']) {
	case '80':
	return "http://$_SERVER[SERVER_NAME]";

	case '443':
	return "https://$_SERVER[SERVER_NAME]";

	default:
	return "http://$_SERVER[SERVER_NAME]:$_SERVER[SERVER_PORT]";
	}
	}

	/*
	* Gets $_SERVER['PATH_INFO'] or computes the equivalent if not defined.
	* @return string the relevant URL part
	*/
	function get_current_url () {
	global $Config;

	//Gets relevant URL part from relevant $_SERVER variables
	if (array_key_exists('PATH_INFO', $_SERVER)) {
	//Without mod_rewrite, and url like /index.php/controller
	//we use PATH_INFO. It's the easiest case.
	return $_SERVER["PATH_INFO"];
	}

	//In other cases, we'll need to get the relevant part of the URL
	$current_url = get_server_url() . $_SERVER['REQUEST_URI'];

	//Relevant URL part starts after the site URL
	$len = strlen($Config['SiteURL']);

	//We need to assert it's the correct site
	if (substr($current_url, 0, $len) != $Config['SiteURL']) {
	dieprint_r(GENERAL_ERROR, "Edit includes/config.php and specify the correct site URL<br /><strong>Current value:</strong> $Config[SiteURL]<br /><strong>Expected value:</strong> a string starting by " . get_server_url(), "Setup");
	}

	if (array_key_exists('REDIRECT_URL', $_SERVER)) {
	//With mod_rewrite, we can use REDIRECT_URL
	//We take the end of the URL, ie FROM $len position
	return substr(get_server_url() . $_SERVER["REDIRECT_URL"], $len);
	}

	//Last possibility: use REQUEST_URI, but remove QUERY_STRING
	//If you need to edit here, use $_SERVER['REQUEST_URI']
	//but you need to discard $_SERVER['QUERY_STRING']

	//We take the end of the URL, ie FROM $len position
	$url = substr(get_server_url() . $_SERVER["REQUEST_URI"], $len);

	//But if there are a query string (?action=... we need to discard it)
	if ($_SERVER['QUERY_STRING']) {
	return substr($url, 0, strlen($url) - strlen($_SERVER['QUERY_STRING']) - 1);
	}

	return $url;
	}

	/*
	* Gets an array of url fragments to be processed by controller
	* @return array an array containing URL fragments
	*/
	function get_current_url_fragments () {
	$url_source = get_current_url();
	if ($url_source == '/index.php') return array();
	return explode('/', substr($url_source, 1));
	}

	////////////////////////////////////////////////////////////////////////////////
	/// ///
	/// URL xmlHttpRequest helpers functions ///
	/// ///
	////////////////////////////////////////////////////////////////////////////////

	/*
	* Gets a hash value to check the integrity of URLs in /do.php calls
	* @param Array $args the args to compute the hash
	* @return the hash paramater for your xmlHttpRequest url
	*/
	function get_xhr_hash ($args) {
	global $Config;

	array_shift($args);
	return md5($_SESSION['ID'] . $Config['SecretKey'] . implode('', $args));
	}

	/*
	* Gets the URL to call do.php, the xmlHttpRequest controller
	* @return string the xmlHttpRequest url, with an integrity hash
	*/
	function get_xhr_hashed_url () {
	global $Config;

	$args = func_get_args();
	$args[] = get_xhr_hash($args);
	return $Config['DoURL'] . '/' . implode('/', $args);
	}

	/*
	* Gets the URL to call do.php, the xmlHttpRequest controller
	* @return string the xmlHttpRequest url
	*/
	function get_xhr_url () {
	global $Config;

	$args = func_get_args();
	return $Config['DoURL'] . '/' .implode('/', $args);
	}
	diff --git a/workspaces/src/includes/error.php b/workspaces/src/includes/error.php
	index 1439330..d7e5c9e 100755
	--- a/workspaces/src/includes/error.php
	+++ b/workspaces/src/includes/error.php
	@@ -1,120 +1,120 @@
	<?php

	/**
	* _, __, _, _ __, _ _, _, _
	* / \ \|_) (_ \| \| \ \| /_\ \|\ \|
	* \ / \|_) , ) \| \|_/ \| \| \| \| \\|
	* ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
	*
	* Error handling
	*
	* There are 3 standard error types:
	* - SQL_ERROR error during a sql query
	* - HACK_ERROR error trying to access a protected resource
	* - GENERAL_ERROR miscelleanous error
	*
	* The message_die/SQL_ERROR idea were found in phpBB 2 code.
	*
	* @package ObsidianWorkspaces
	* @subpackage Keruald
	* @author Sébastien Santoro aka Dereckson <dereckson@espace-win.org>
	* @license http://www.opensource.org/licenses/bsd-license.php BSD
	* @filesource
	*
	*/

	//Error code constants
	define ("SQL_ERROR", 65);
	define ("HACK_ERROR", 99);
	define ("GENERAL_ERROR", 117);

	/**
	* Prints human-readable information about a variable
	* wrapped in a general error and dies
	*
	* @param mixed $mixed the variable to dump
	*/
	function dieprint_r ($var, $title = '') {
	if (!$title) $title = 'Debug';

	//GENERAL_ERROR with print_r call as message
	message_die(GENERAL_ERROR, '<pre>' . print_r($var, true) .'</pre>', $title);
	}

	/**
	* A callback method for the error handler, which throws exceptions on errors
	*
	* @param int $errno the level of the error raised
	* @param string $errstr the error message
	* @param string $errfile the filename that the error was raised in
	* @param int $errline the line number the error was raised at
	*
	* @return boolean true when the error has been handled ; otherwise, false,
	* to let the normal error handler continues.
	* @throws \ErrorException
	*/
	function throwExceptionErrorHandler (int $errno, string $errstr, string $errfile, int $errline) : bool {
	if (error_reporting() === 0) {
	return false;
	}

	throw new ErrorException($errstr, 0, $errno, $errfile, $errline);
	}

	/**
	* Prints an error message and dies
	*
	* @param int $code A constant identifying the type of error (SQL_ERROR, HACK_ERROR or GENERAL_ERROR)
	* @param string $text the error description
	* @param string $text the error title
	* @param int $line the file line the error have occured (typically __LINE__)
	* @param string $file the file the error have occured (typically __FILE__)
	* @param string $sql the sql query which caused the error
	*/
	function message_die ($code, $text = '', $title = '', $line = '', $file = '', $sql = '') {
	//Ensures we've an error text
	$text = $text ? $text : "An error have occured";

	//Adds file and line information to error text
	if ($file) {
	$text .= " — $file";
	if ($line) {
	$text .= ", line $line";
	}
	}

	//Ensures we've an error title and adds relevant extra information
	switch ($code) {
	case HACK_ERROR:
	$title = $title ? $title : "Access non authorized";
	break;

	case SQL_ERROR:
	global $db;
	$title = $title ? $title : "SQL error";

	//Gets SQL error information
	- $sqlError = $db->sql_error();
	+ $sqlError = $db->error();
	if ($sqlError['message'] != '') {
	$text .= "<br />Error n° $sqlError[code]: $sqlError[message]";
	}
	$text .= '<br /> <br />Query: ';
	$text .= $sql;

	break;

	default:
	//TODO: here can be added code to handle error error ;-)
	//Falls to GENERAL_ERROR

	case GENERAL_ERROR:
	$title = $title ? $title : "General error";
	break;
	}

	//HTML output of $title and $text variables
	echo '<div class="FatalError"><p class="FatalErrorTitle">', $title,
	'</p><p>', $text, '</p></div>';

	exit;
	}
	diff --git a/workspaces/src/includes/login.php b/workspaces/src/includes/login.php
	index 72a82b4..9e81e16 100755
	--- a/workspaces/src/includes/login.php
	+++ b/workspaces/src/includes/login.php
	@@ -1,51 +1,51 @@
	<?php

	/**
	* _, __, _, _ __, _ _, _, _
	* / \ \|_) (_ \| \| \ \| /_\ \|\ \|
	* \ / \|_) , ) \| \|_/ \| \| \| \| \\|
	* ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
	*
	* Login and logout code
	*
	* @package ObsidianWorkspaces
	* @subpackage Keruald
	* @author Sébastien Santoro aka Dereckson <dereckson@espace-win.org>
	* @license http://www.opensource.org/licenses/bsd-license.php BSD
	* @filesource
	*
	*/

	$action = array_key_exists('action', $_GET) ? $_GET['action'] : '';

	if (array_key_exists('LogIn', $_POST)) {
	//User have submitted login form
	- $username = $db->sql_escape($_POST['username']);
	+ $username = $db->escape($_POST['username']);
	$sql = "SELECT user_password, user_id FROM " . TABLE_USERS . " WHERE username = '$username'";
	- if ( !($result = $db->sql_query($sql)) ) message_die(SQL_ERROR, "Can't get user information", '', __LINE__, __FILE__, $sql);
	+ if ( !($result = $db->query($sql)) ) message_die(SQL_ERROR, "Can't get user information", '', __LINE__, __FILE__, $sql);

	- if ($row = $db->sql_fetchrow($result)) {
	+ if ($row = $db->fetchRow($result)) {
	if (!$row['user_password']) {
	//No password set
	$LoginError = "This account exists but hasn't a password defined. Contact the site administrator.";
	} elseif ($row['user_password'] != md5($_POST['password'])) {
	//The password doesn't match
	$LoginError = "Incorrect password.";
	} else {
	//Login successful
	Session::load()->user_login($row['user_id']);
	$LoginSuccessful = true;
	}
	} else {
	$LoginError = "Username not found.";
	}
	} elseif (array_key_exists('LogOut', $_POST) \|\| $action == "user.logout") {
	//User have submitted logout form or clicked a logout link
	Session::load()->user_logout();
	} elseif (array_key_exists('authenticationMethodId', $_GET)) {
	//Call authentication method for more processing
	$auth = AuthenticationMethod::getFromId($_GET['authenticationMethodId'], $context);
	if ($auth) {
	$auth->handleRequest();
	}
	}
	\ No newline at end of file
	diff --git a/workspaces/src/includes/objects/user.php b/workspaces/src/includes/objects/user.php
	index 1ace315..1968c67 100755
	--- a/workspaces/src/includes/objects/user.php
	+++ b/workspaces/src/includes/objects/user.php
	@@ -1,414 +1,414 @@
	<?php

	/**
	* _, __, _, _ __, _ _, _, _
	* / \ \|_) (_ \| \| \ \| /_\ \|\ \|
	* \ / \|_) , ) \| \|_/ \| \| \| \| \\|
	* ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
	*
	* User class
	*
	* @package ObsidianWorkspaces
	* @subpackage Model
	* @author Sébastien Santoro aka Dereckson <dereckson@espace-win.org>
	* @license http://www.opensource.org/licenses/bsd-license.php BSD
	* @filesource
	*
	*/

	/**
	* User class
	*/
	class User {

	public $id;
	public $name;
	public $password;
	public $active = 0;
	public $email;
	public $regdate;

	public array $session = [];

	/**
	* @var Array An array of users already loaded, the username as user id
	*/
	public static $hashtableById = [];

	/**
	* @var array\|null An array of the workspaces the user has access to, each element an instance of the Workspace object. As long as the field hasn't been initialized by get_workspaces, null.
	*/
	private $workspaces = null;

	/*
	* Initializes a new instance
	*
	* @param int $id the primary key
	*/
	function __construct ($id = null) {
	if ($id) {
	$this->id = $id;
	$this->load_from_database();
	}
	}

	/**
	* Initializes a new User instance if needed or get already available one.
	*
	* @param iint $id the user ID
	* @return User the user instance
	*/
	static function get ($id = NULL) {
	if ($id && array_key_exists($id, User::$hashtableById)) {
	return self::$hashtableById[$id];
	}

	$user = new self($id);
	return $user;
	}

	/**
	* Loads the object User (ie fill the properties) from the $_POST array
	*/
	function load_from_form () {
	if (array_key_exists('name', $_POST)) $this->name = $_POST['name'];
	if (array_key_exists('password', $_POST)) $this->password = $_POST['password'];
	if (array_key_exists('active', $_POST)) $this->active = $_POST['active'];
	if (array_key_exists('actkey', $_POST)) $this->actkey = $_POST['actkey'];
	if (array_key_exists('email', $_POST)) $this->email = $_POST['email'];
	if (array_key_exists('regdate', $_POST)) $this->regdate = $_POST['regdate'];
	}

	/**
	* Loads the object User (ie fill the properties) from the database
	*/
	function load_from_database () {
	global $db;
	$sql = "SELECT * FROM " . TABLE_USERS . " WHERE user_id = '" . $this->id . "'";
	- if ( !($result = $db->sql_query($sql)) ) message_die(SQL_ERROR, "Unable to query users", '', __LINE__, __FILE__, $sql);
	- if (!$row = $db->sql_fetchrow($result)) {
	+ if ( !($result = $db->query($sql)) ) message_die(SQL_ERROR, "Unable to query users", '', __LINE__, __FILE__, $sql);
	+ if (!$row = $db->fetchRow($result)) {
	$this->lastError = "User unknown: " . $this->id;
	return false;
	}

	$this->load_from_row($row);

	return true;
	}

	/**
	* Loads the object User (ie fill the properties) from the database row
	*/
	function load_from_row ($row) {
	$this->id = $row['user_id'];
	$this->name = $row['username'];
	$this->password = $row['user_password'];
	$this->active = $row['user_active'] ? true : false;
	$this->email = $row['user_email'];
	$this->regdate = $row['user_regdate'];

	//Puts object in hashtable, so it's accessible in future call of
	//this run through User::get($id).
	self::$hashtableById[$this->id] = $this;
	}

	/**
	* Saves to database
	*/
	function save_to_database () {
	global $db;

	- $id = $this->id ? "'" . $db->sql_escape($this->id) . "'" : 'NULL';
	- $name = $db->sql_escape($this->name);
	- $password = $db->sql_escape($this->password);
	+ $id = $this->id ? "'" . $db->escape($this->id) . "'" : 'NULL';
	+ $name = $db->escape($this->name);
	+ $password = $db->escape($this->password);
	$active = $this->active ? 1 : 0;
	- $email = $db->sql_escape($this->email);
	- $regdate = $this->regdate ? "'" . $db->sql_escape($this->regdate) . "'" : 'NULL';
	+ $email = $db->escape($this->email);
	+ $regdate = $this->regdate ? "'" . $db->escape($this->regdate) . "'" : 'NULL';

	//Updates or inserts
	$sql = "REPLACE INTO " . TABLE_USERS . " (`user_id`, `username`, `user_password`, `user_active`, `user_email`, `user_regdate`) VALUES ($id, '$name', '$password', $active, '$email', $regdate)";
	- if (!$db->sql_query($sql)) {
	+ if (!$db->query($sql)) {
	message_die(SQL_ERROR, "Unable to save user", '', __LINE__, __FILE__, $sql);
	}

	if (!$this->id) {
	//Gets new record id value
	- $this->id = $db->sql_nextid();
	+ $this->id = $db->nextId();
	}
	}

	/**
	* Updates the specified field in the database record
	*/
	function save_field ($field) {
	global $db;
	if (!$this->id) {
	message_die(GENERAL_ERROR, "You're trying to update a record not yet saved in the database");
	}
	- $id = $db->sql_escape($this->id);
	- $value = $db->sql_escape($this->$field);
	+ $id = $db->escape($this->id);
	+ $value = $db->escape($this->$field);
	$sql = "UPDATE " . TABLE_USERS . " SET `$field` = '$value' WHERE user_id = '$id'";
	- if (!$db->sql_query($sql)) {
	+ if (!$db->query($sql)) {
	message_die(SQL_ERROR, "Unable to save $field field", '', __LINE__, __FILE__, $sql);
	}
	}

	//
	// USER MANAGEMENT FUNCTIONS
	//

	/**
	* Generates a unique user id
	*/
	function generate_id () {
	global $db;

	do {
	$this->id = mt_rand(2001, 9999);
	$sql = "SELECT COUNT(*) FROM " . TABLE_USERS . " WHERE user_id = $this->id";
	- if (!$result = $db->sql_query($sql)) {
	+ if (!$result = $db->query($sql)) {
	message_die(SQL_ERROR, "Can't check if a user id is free", '', __LINE__, __FILE__, $sql);
	}
	- $row = $db->sql_fetchrow($result);
	+ $row = $db->fetchRow($result);
	} while ($row[0]);
	}

	/**
	* Fills password field with encrypted version
	* of the specified clear password
	*/
	public function set_password ($newpassword) {
	$this->password = md5($newpassword);
	}

	/**
	* Checks if a login is available
	*
	* @param string $login the login to check
	* @return boolean true if the login is available; otherwise, false.
	*/
	public static function is_available_login ($login) {
	global $db;
	$sql = "SELECT COUNT(*) FROM " . TABLE_USERS . " WHERE username = '$login'";
	- if (!$result = $db->sql_query($sql)) {
	+ if (!$result = $db->query($sql)) {
	message_die(SQL_ERROR, "Can't check if the specified login is available", '', __LINE__, __FILE__, $sql);
	}
	- $row = $db->sql_fetchrow($result);
	+ $row = $db->fetchRow($result);
	return ($row[0] == 0);
	}

	/**
	* Initializes a new User instance ready to have its property filled
	*
	* @return User the new user instance
	*/
	public static function create () {
	$user = new User();
	$user->generate_id();
	$user->active = true;
	$user->regdate = time();
	return $user;
	}

	/**
	* Gets user from specified e-mail
	*
	* @return User the user matching the specified e-mail; null, if the mail were not found.
	*/
	public static function get_user_from_email ($mail) {
	global $db;
	$sql = "SELECT * FROM " . TABLE_USERS . " WHERE user_email = '$mail'";
	- if (!$result = $db->sql_query($sql)) {
	+ if (!$result = $db->query($sql)) {
	message_die(SQL_ERROR, "Can't get user", '', __LINE__, __FILE__, $sql);
	}

	- if ($row = $db->sql_fetchrow($result)) {
	+ if ($row = $db->fetchRow($result)) {
	//E-mail found.
	$user = new User();
	$user->load_from_row($row);
	return $user;
	}

	//E-mail not found.
	return null;
	}

	//
	// REMOTE IDENTITY PROVIDERS
	//

	/**
	* Gets user from remote identity provider identifiant
	*
	* @param $authType The authentication method type
	* @param $remoteUserId The remote user identifier
	* @return User the user matching the specified identity provider and identifiant; null if no user were found.
	*/
	public static function getUserFromRemoteIdentity ($authType, $remoteUserId) {
	global $db;

	- $authType = $db->sql_escape($authType);
	- $remoteUserId = $db->sql_escape($remoteUserId);
	+ $authType = $db->escape($authType);
	+ $remoteUserId = $db->escape($remoteUserId);
	$sql = "SELECT user_id FROM " . TABLE_USERS_AUTH . " WHERE "
	. "auth_type = '$authType' AND auth_identity = '$remoteUserId'";
	- if (!$result = $db->sql_query($sql)) {
	+ if (!$result = $db->query($sql)) {
	message_die(SQL_ERROR, "Can't get user", '', __LINE__, __FILE__, $sql);
	}

	- if ($row = $db->sql_fetchrow($result)) {
	+ if ($row = $db->fetchRow($result)) {
	return User::get($row['user_id']);
	}

	return null;
	}

	/**
	* Sets user's remote identity provider identifiant
	*
	* @param $authType The authentication method type
	* @param $remoteUserId The remote user identifier
	* */
	public function setRemoteIdentity ($authType, $remoteUserId, $properties = null) {
	global $db;
	- $authType = $db->sql_escape($authType);
	- $remoteUserId = $db->sql_escape($remoteUserId);
	- $properties = ($properties === NULL) ? 'NULL' : "'" . $db->sql_escape($properties) . "'";
	+ $authType = $db->escape($authType);
	+ $remoteUserId = $db->escape($remoteUserId);
	+ $properties = ($properties === NULL) ? 'NULL' : "'" . $db->escape($properties) . "'";
	$sql = "INSERT INTO " . TABLE_USERS_AUTH . " (auth_type, auth_identity, auth_properties, user_id) "
	. "VALUES ('$authType', '$remoteUserId', $properties, $this->id)";
	- if (!$db->sql_query($sql)) {
	+ if (!$db->query($sql)) {
	message_die(SQL_ERROR, "Can't set user remote identity provider information", '', __LINE__, __FILE__, $sql);
	}
	}

	//
	// INTERACTION WITH OTHER OBJECTS
	//

	/**
	* Gets the groups where the current user has access to.
	*
	* @return array an array containing group_id, matching groups the current user has access to.
	*/
	public function get_groups () {
	return self::get_groups_from_user_id($this->id);
	}

	/**
	* Determines if the user is a member of the specified group
	*
	* @param UserGroup $group The group to check
	*/
	public function isMemberOfGroup (UserGroup $group) {
	global $db;
	$sql = "SELECT count(*) FROM users_groups_members WHERE group_id = $group->id AND user_id = $this->id";
	- if (!$result = $db->sql_query($sql)) {
	+ if (!$result = $db->query($sql)) {
	message_die(SQL_ERROR, "Can't determine if the user belongs to the group", '', __LINE__, __FILE__, $sql);
	}
	- $row = $db->sql_fetchrow($result);
	+ $row = $db->fetchRow($result);

	return $row[0] == 1;
	}

	/**
	* Adds user to the specified group
	*
	* @param UserGroup $group The group where to add the user
	* @parap boolean $isAdmin if true, set the user admin; otherwise, set it regular user.
	*/
	public function addToGroup (UserGroup $group, $isAdmin = false) {
	global $db;
	$isAdmin = $isAdmin ? 1 : 0;
	$sql = "REPLACE INTO users_groups_members VALUES ($group->id, $this->id, $isAdmin)";
	- if (!$db->sql_query($sql)) {
	+ if (!$db->query($sql)) {
	message_die(SQL_ERROR, "Can't add user to group", '', __LINE__, __FILE__, $sql);
	}
	}

	/**
	* Gets the SQL permission clause to select resources where the user is the subject.
	*
	* @return string The SQL WHERE clause
	*/
	public function get_permissions_clause () {
	return self::get_permissions_clause_from_user_id($this->id);
	}

	/**
	* Gets workspaces this user has access to.
	*
	* @return Array A list of workspaces
	*/
	public function get_workspaces () {
	if ($this->workspaces === null) {
	$this->workspaces = Workspace::get_user_workspaces($this->id);
	}
	return $this->workspaces;
	}

	/**
	* Sets user permission
	*
	* @param string $resourceType The target resource type
	* @param int $resourceId The target resource ID
	* @param string $permissionName The permission name
	* @param int $permissionFlag The permission flag (facultative; by default, 1)
	*/
	public function setPermission ($resourceType, $resourceId, $permissionName, $permissionFlag = 1) {
	global $db;
	- $resourceType = $db->sql_escape($resourceType);
	+ $resourceType = $db->escape($resourceType);
	if (!is_numeric($resourceId)) {
	throw new Exception("Resource ID must be a positive or null integer, and not $resourceId.");
	}
	- $permissionName = $db->sql_escape($permissionName);
	+ $permissionName = $db->escape($permissionName);
	if (!is_numeric($permissionFlag)) {
	throw new Exception("Permission flag must be a positive or null integer, and not $permissionFlag.");
	}

	$sql = "REPLACE INTO permissions
	(subject_resource_type, subject_resource_id,
	target_resource_type, target_resource_id,
	permission_name, permission_flag)
	VALUES
	('U', $this->id,
	'$resourceType', $resourceId,
	'$permissionName', $permissionFlag)";
	- if (!$db->sql_query($sql)) {
	+ if (!$db->query($sql)) {
	message_die(SQL_ERROR, "Can't set user permission", '', __LINE__, __FILE__, $sql);
	}
	}

	/**
	* Gets the groups where a user has access to.
	*
	* @param int $user_id the user to get the groups list
	* @return array an array containing group_id, matching groups the specified user has access to.
	*/
	public static function get_groups_from_user_id ($user_id) {
	global $db;
	$sql = "SELECT group_id FROM " . TABLE_UGROUPS_MEMBERS . " WHERE user_id = " . $user_id;
	- if (!$result = $db->sql_query($sql)) {
	+ if (!$result = $db->query($sql)) {
	message_die(SQL_ERROR, "Can't get user groups", '', __LINE__, __FILE__, $sql);
	}
	$gids = array();
	- while ($row = $db->sql_fetchrow($result)) {
	+ while ($row = $db->fetchRow($result)) {
	$gids[] = $row['group_id'];
	}
	return $gids;
	}

	/**
	* Gets the SQL permission clause to select resources where the specified user is the subject.
	*
	* @param $user_id The user ID
	* @return string The SQL WHERE clause
	*/
	public static function get_permissions_clause_from_user_id ($user_id) {
	$clause = "subject_resource_type = 'U' AND subject_resource_id = $user_id";
	if ($groups = self::get_groups_from_user_id ($user_id)) {
	$clause = "($clause) OR (subject_resource_type = 'G' AND subject_resource_id = ";
	$clause .= join(") OR (subject_resource_type = 'G' AND subject_resource_id = ", $groups);
	$clause .= ')';
	}
	return $clause;
	}
	}
	diff --git a/workspaces/src/includes/objects/usergroup.php b/workspaces/src/includes/objects/usergroup.php
	index 987b8d3..8df232b 100644
	--- a/workspaces/src/includes/objects/usergroup.php
	+++ b/workspaces/src/includes/objects/usergroup.php
	@@ -1,119 +1,119 @@
	<?php

	/**
	* _, __, _, _ __, _ _, _, _
	* / \ \|_) (_ \| \| \ \| /_\ \|\ \|
	* \ / \|_) , ) \| \|_/ \| \| \| \| \\|
	* ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
	*
	* UserGroup class
	*
	* @package ObsidianWorkspaces
	* @subpackage Model
	* @author Sébastien Santoro aka Dereckson <dereckson@espace-win.org>
	* @license http://www.opensource.org/licenses/bsd-license.php BSD
	* @filesource
	*/

	/**
	* UserGroup class
	*
	* This class maps the users_groups table.
	*/
	class UserGroup {

	public $id;
	public $code;
	public $title;
	public $description;

	/**
	* Initializes a new instance
	*
	* @param int $id the primary key
	*/
	function __construct ($id = NULL) {
	if ($id) {
	$this->id = $id;
	$this->load_from_database();
	}
	}

	/**
	* Loads the object UserGroup (ie fill the properties) from the $_POST array
	*/
	function load_from_form () {
	if (array_key_exists('code', $_POST)) $this->code = $_POST['code'];
	if (array_key_exists('title', $_POST)) $this->title = $_POST['title'];
	if (array_key_exists('description', $_POST)) $this->description = $_POST['description'];
	}

	/**
	* Loads the object UserGroup (ie fill the properties) from the SQL row
	*/
	function load_from_row ($row) {
	$this->id = $row['group_id'];
	$this->code = $row['group_code'];
	$this->title = $row['group_title'];
	$this->description = $row['group_description'];
	}

	/**
	* Loads the object UserGroup (ie fill the properties) from the database
	*/
	function load_from_database () {
	global $db;
	- $id = $db->sql_escape($this->id);
	+ $id = $db->escape($this->id);
	$sql = "SELECT * FROM " . TABLE_UGROUPS . " WHERE group_id = '" . $id . "'";
	- if (!$result = $db->sql_query($sql)) message_die(SQL_ERROR, "Unable to query users_groups", '', __LINE__, __FILE__, $sql);
	- if (!$row = $db->sql_fetchrow($result)) {
	+ if (!$result = $db->query($sql)) message_die(SQL_ERROR, "Unable to query users_groups", '', __LINE__, __FILE__, $sql);
	+ if (!$row = $db->fetchRow($result)) {
	$this->lastError = "UserGroup unknown: " . $this->id;
	return false;
	}
	$this->load_from_row($row);
	return true;
	}

	/**
	* Loads the specified user group from code
	*
	* @param string $code The user group code
	* @return UserGroup The specified user group instance
	*/
	public static function fromCode ($code) {
	global $db;
	- $code = $db->sql_escape($code);
	+ $code = $db->escape($code);
	$sql = "SELECT * FROM " . TABLE_UGROUPS . " WHERE group_code = '" . $code . "'";
	- if (!$result = $db->sql_query($sql)) message_die(SQL_ERROR, "Unable to query group", '', __LINE__, __FILE__, $sql);
	- if (!$row = $db->sql_fetchrow($result)) {
	+ if (!$result = $db->query($sql)) message_die(SQL_ERROR, "Unable to query group", '', __LINE__, __FILE__, $sql);
	+ if (!$row = $db->fetchRow($result)) {
	throw new Exception("Group unknown: " . $code);
	}

	$instance = new static();
	$instance->load_from_row($row);
	return $instance;
	}

	/**
	* Saves to database
	*/
	function save_to_database () {
	global $db;

	- $id = $this->id ? "'" . $db->sql_escape($this->id) . "'" : 'NULL';
	- $code = $db->sql_escape($this->code);
	- $title = $db->sql_escape($this->title);
	- $description = $db->sql_escape($this->description);
	+ $id = $this->id ? "'" . $db->escape($this->id) . "'" : 'NULL';
	+ $code = $db->escape($this->code);
	+ $title = $db->escape($this->title);
	+ $description = $db->escape($this->description);

	//Updates or inserts
	$sql = "REPLACE INTO " . TABLE_UGROUPS . " (`group_id`, `group_code`, `group_title`, `group_description`) VALUES ('$id', '$code', '$title', '$description')";
	- if (!$db->sql_query($sql)) {
	+ if (!$db->query($sql)) {
	message_die(SQL_ERROR, "Unable to save", '', __LINE__, __FILE__, $sql);
	}

	if (!$this->id) {
	//Gets new record id value
	- $this->id = $db->sql_nextid();
	+ $this->id = $db->nextId();
	}
	}
	}
	diff --git a/workspaces/src/includes/session.php b/workspaces/src/includes/session.php
	index d2eafff..2b8a6e0 100755
	--- a/workspaces/src/includes/session.php
	+++ b/workspaces/src/includes/session.php
	@@ -1,261 +1,261 @@
	<?php

	/**
	* _, __, _, _ __, _ _, _, _
	* / \ \|_) (_ \| \| \ \| /_\ \|\ \|
	* \ / \|_) , ) \| \|_/ \| \| \| \| \\|
	* ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
	*
	* Session
	*
	* This class uses a singleton pattern, as we only need one single instance.
	* Cf. http://www.php.net/manual/en/language.oop5.patterns.php
	*
	* @package ObsidianWorkspaces
	* @subpackage Keruald
	* @author Sébastien Santoro aka Dereckson <dereckson@espace-win.org>
	* @license http://www.opensource.org/licenses/bsd-license.php BSD
	* @filesource
	*
	*/

	/**
	* Session class
	*/
	class Session {
	/**
	* @var string session ID
	*/
	public $id;

	/**
	* @var string remote client IP
	*/
	public $ip;

	/*
	* @var Session current session instance
	*/
	private static $instance;

	/*
	* Gets or initializes current session instance
	*
	* @return Session current session instance
	*/
	public static function load () {
	if (!isset(self::$instance)) {
	//Creates new session instance
	$c = __CLASS__;
	self::$instance = new $c;
	}

	return self::$instance;
	}

	/**
	* Initializes a new instance of Session object
	*/
	private function __construct () {
	//Starts PHP session, and gets id
	session_start();
	$_SESSION['ID'] = session_id();
	$this->id = $_SESSION['ID'];

	//Gets remote client IP
	$this->ip = self::get_ip();

	//Updates or creates the session in database
	$this->update();
	}

	/**
	* Gets remote client IP address
	* @return string IP
	*/
	public static function get_ip () {
	//mod_proxy + mod_rewrite (old pluton url scheme) will define 127.0.0.1
	//in REMOTE_ADDR, and will store ip in HTTP_X_FORWARDED_FOR variable.
	//Some ISP/orgz proxies also use this setting.
	if (array_key_exists('HTTP_X_FORWARDED_FOR', $_SERVER)) {
	return $_SERVER['HTTP_X_FORWARDED_FOR'];
	}

	//Standard cases
	return $_SERVER['REMOTE_ADDR'];
	}

	/**
	* Cleans up session
	* i. deletes expired session
	* ii. sets offline relevant sessions
	*/
	public static function clean_old_sessions () {
	global $db, $Config;

	//Gets session and online status lifetime (in seconds)
	//If not specified in config, sets default 5 and 120 minutes values
	$onlineDuration = array_key_exists('OnlineDuration', $Config) ? $Config['OnlineDuration'] : 300;
	$sessionDuration = array_key_exists('SessionDuration', $Config) ? $Config['SessionDuration'] : 7200;

	- $resource = array_key_exists('ResourceID', $Config) ? '\'' . $db->sql_escape($Config['ResourceID']) . '\'' : 'default';
	+ $resource = array_key_exists('ResourceID', $Config) ? '\'' . $db->escape($Config['ResourceID']) . '\'' : 'default';

	//Deletes expired sessions
	$sql = "DELETE FROM " . TABLE_SESSIONS . " WHERE session_resource = $resource AND TIMESTAMPDIFF(SECOND, session_updated, NOW()) > $sessionDuration";
	- if (!$db->sql_query($sql)) message_die(SQL_ERROR, "Can't delete expired sessions", '', __LINE__, __FILE__, $sql);
	+ if (!$db->query($sql)) message_die(SQL_ERROR, "Can't delete expired sessions", '', __LINE__, __FILE__, $sql);

	//Online -> offline
	$sql = "UPDATE " . TABLE_SESSIONS . " SET session_resource = $resource AND session_online = 0 WHERE TIMESTAMPDIFF(SECOND, session_updated, NOW()) > $onlineDuration";
	- if (!$db->sql_query($sql)) message_die(SQL_ERROR, 'Can\'t update sessions online statuses', '', __LINE__, __FILE__, $sql);
	+ if (!$db->query($sql)) message_die(SQL_ERROR, 'Can\'t update sessions online statuses', '', __LINE__, __FILE__, $sql);
	}


	/**
	* Updates or creates a session in the database
	*/
	public function update () {
	global $db, $Config;

	//Cleans up session
	//To boost SQL performances, try a random trigger
	// e.g. if (rand(1, 100) < 3) self::clean_old_sessions();
	//or comment this line and execute a cron script you launch each minute.
	self::clean_old_sessions();

	//Saves session in database.
	//If the session already exists, it updates the field online and updated.
	- $id = $db->sql_escape($this->id);
	- $resource = array_key_exists('ResourceID', $Config) ? '\'' . $db->sql_escape($Config['ResourceID']) . '\'' : 'default';
	- $user_id = $db->sql_escape(ANONYMOUS_USER);
	+ $id = $db->escape($this->id);
	+ $resource = array_key_exists('ResourceID', $Config) ? '\'' . $db->escape($Config['ResourceID']) . '\'' : 'default';
	+ $user_id = $db->escape(ANONYMOUS_USER);
	$sql = "INSERT INTO " . TABLE_SESSIONS . " (session_id, session_ip, session_resource, user_id) VALUES ('$id', '$this->ip', $resource, '$user_id') ON DUPLICATE KEY UPDATE session_online = 1";
	- if (!$db->sql_query($sql)) message_die(SQL_ERROR, 'Can\'t save current session', '', __LINE__, __FILE__, $sql);
	+ if (!$db->query($sql)) message_die(SQL_ERROR, 'Can\'t save current session', '', __LINE__, __FILE__, $sql);
	}

	/**
	* Gets the number of online users
	*
	* @return int the online users count
	*/
	public function count_online () {
	//Keeps result for later method call
	static $count = -1;

	if ($count == -1) {
	//Queries sessions table
	global $db, $Config;

	- $resource = array_key_exists('ResourceID', $Config) ? '\'' . $db->sql_escape($Config['ResourceID']) . '\'' : 'default';
	+ $resource = array_key_exists('ResourceID', $Config) ? '\'' . $db->escape($Config['ResourceID']) . '\'' : 'default';
	$sql = "SELECT count(*) FROM " . TABLE_SESSIONS . " WHERE session_resource = $resource AND session_online = 1";
	- $count = (int)$db->sql_query_express($sql, "Can't count online users");
	+ $count = (int)$db->queryScalar($sql, "Can't count online users");
	}

	//Returns number of users online
	return $count;
	}

	/**
	* Gets the value of a custom session table field
	*
	* @param string $info the field to get
	* @return string the session specified field's value
	*/
	public function get_info ($info) {
	global $db;

	- $id = $db->sql_escape($this->id);
	+ $id = $db->escape($this->id);
	$sql = "SELECT `$info` FROM " . TABLE_SESSIONS . " WHERE session_id = '$id'";
	- return $db->sql_query_express($sql, "Can't get session $info info");
	+ return $db->queryScalar($sql, "Can't get session $info info");
	}

	/**
	* Sets the value of a custom session table field to the specified value
	*
	* @param string $info the field to update
	* @param string $value the value to set
	*/
	public function set_info ($info, $value) {
	global $db;

	- $value = ($value === null) ? 'NULL' : "'" . $db->sql_escape($value) . "'";
	- $id = $db->sql_escape($this->id);
	+ $value = ($value === null) ? 'NULL' : "'" . $db->escape($value) . "'";
	+ $id = $db->escape($this->id);
	$sql = "UPDATE " . TABLE_SESSIONS . " SET `$info` = $value WHERE session_id = '$id'";
	- if (!$db->sql_query($sql))
	+ if (!$db->query($sql))
	message_die(SQL_ERROR, "Can't set session $info info", '', __LINE__, __FILE__, $sql);
	}

	/**
	* Gets logged user information
	*
	* @return User the logged user information
	*/
	public function get_logged_user () {
	global $db;

	//Gets session information
	- $id = $db->sql_escape($this->id);
	+ $id = $db->escape($this->id);
	$sql = "SELECT * FROM " . TABLE_SESSIONS . " WHERE session_id = '$id'";
	- if (!$result = $db->sql_query($sql))
	+ if (!$result = $db->query($sql))
	message_die(SQL_ERROR, "Can't query session information", '', __LINE__, __FILE__, $sql);
	- $row = $db->sql_fetchrow($result);
	+ $row = $db->fetchRow($result);

	//Gets user instance
	require_once('includes/objects/user.php');
	$user = new User($row['user_id']);

	//Adds session property to this user instance
	$user->session = $row;

	//Returns user instance
	return $user;
	}

	/**
	* Cleans session
	*
	* This method is to be called when an event implies a session destroy
	*/
	public function clean () {
	//Destroys $_SESSION array values, help ID
	foreach ($_SESSION as $key => $value) {
	if ($key != 'ID') unset($_SESSION[$key]);
	}
	}

	/**
	* Updates the session in a user login context
	*
	* @param string $user_id the user ID
	*/
	public function user_login ($user_id) {
	global $db;

	//Sets specified user ID in sessions table
	- $user_id = $db->sql_escape($user_id);
	- $id = $db->sql_escape($this->id);
	+ $user_id = $db->escape($user_id);
	+ $id = $db->escape($this->id);
	$sql = "UPDATE " . TABLE_SESSIONS . " SET user_id = '$user_id' WHERE session_id = '$id'";
	- if (!$db->sql_query($sql))
	+ if (!$db->query($sql))
	message_die(SQL_ERROR, "Can't set logged in status", '', __LINE__, __FILE__, $sql);
	}

	/**
	* Updates the session in a user logout context
	*/
	public function user_logout () {
	global $db;

	//Sets anonymous user in sessions table
	- $user_id = $db->sql_escape(ANONYMOUS_USER);
	- $id = $db->sql_escape($this->id);
	+ $user_id = $db->escape(ANONYMOUS_USER);
	+ $id = $db->escape($this->id);
	$sql = "UPDATE " . TABLE_SESSIONS . " SET user_id = '$user_id' WHERE session_id = '$id'";
	- if (!$db->sql_query($sql))
	+ if (!$db->query($sql))
	message_die(SQL_ERROR, "Can't set logged out status", '', __LINE__, __FILE__, $sql);

	//Cleans session
	$this->clean();
	}
	}

	//The user_id matching anonymous user (overridable in config file)
	if (!defined('ANONYMOUS_USER')) {
	define('ANONYMOUS_USER', -1);
	}
	diff --git a/workspaces/src/includes/workspaces/Workspace.php b/workspaces/src/includes/workspaces/Workspace.php
	index 8e9fd69..4f3e5aa 100644
	--- a/workspaces/src/includes/workspaces/Workspace.php
	+++ b/workspaces/src/includes/workspaces/Workspace.php
	@@ -1,222 +1,222 @@
	<?php

	/**
	* _, __, _, _ __, _ _, _, _
	* / \ \|_) (_ \| \| \ \| /_\ \|\ \|
	* \ / \|_) , ) \| \|_/ \| \| \| \| \\|
	* ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
	*
	* Workspace class
	*
	* @package ObsidianWorkspaces
	* @subpackage Workspaces
	* @author Sébastien Santoro aka Dereckson <dereckson@espace-win.org>
	* @license http://www.opensource.org/licenses/bsd-license.php BSD
	* @filesource
	*/

	/**
	* Workspace class
	*
	* This class maps the workspaces table.
	*/
	class Workspace {

	public $id;
	public $code;
	public $name;
	public $created;
	public $description;

	/**
	* @var WorkspaceConfiguration The workspace configuration
	*/
	public $configuration;

	/**
	* Initializes a new instance
	*
	* @param int $id the primary key
	*/
	function __construct ($id = NULL) {
	if ($id) {
	$this->id = $id;
	$this->load_from_database();
	}
	}

	/**
	* Loads the object Workspace (ie fill the properties) from the $_POST array
	*/
	function load_from_form () {
	if (array_key_exists('code', $_POST)) $this->code = $_POST['code'];
	if (array_key_exists('name', $_POST)) $this->name = $_POST['name'];
	if (array_key_exists('created', $_POST)) $this->created = $_POST['created'];
	if (array_key_exists('description', $_POST)) $this->description = $_POST['description'];
	}

	/**
	* Loads the object zone (ie fill the properties) from the $row array
	*/
	function load_from_row ($row) {
	$this->id = $row['workspace_id'];
	$this->code = $row['workspace_code'];
	$this->name = $row['workspace_name'];
	$this->created = $row['workspace_created'];
	$this->description = $row['workspace_description'];
	}

	/**
	* Loads the specified workspace from code
	*
	* @param string $code The workspace code
	* @return Workspace The specified workspace instance
	*/
	public static function fromCode ($code) {
	global $db;
	- $code = $db->sql_escape($code);
	+ $code = $db->escape($code);
	$sql = "SELECT * FROM " . TABLE_WORKSPACES . " WHERE workspace_code = '" . $code . "'";
	- if (!$result = $db->sql_query($sql)) message_die(SQL_ERROR, "Unable to query workspaces", '', __LINE__, __FILE__, $sql);
	- if (!$row = $db->sql_fetchrow($result)) {
	+ if (!$result = $db->query($sql)) message_die(SQL_ERROR, "Unable to query workspaces", '', __LINE__, __FILE__, $sql);
	+ if (!$row = $db->fetchRow($result)) {
	throw new Exception("Workspace unknown: " . $code);
	}

	$workspace = new Workspace();
	$workspace->load_from_row($row);
	return $workspace;
	}

	/**
	* Loads the object Workspace (ie fill the properties) from the database
	*/
	function load_from_database () {
	global $db;
	- $id = $db->sql_escape($this->id);
	+ $id = $db->escape($this->id);
	$sql = "SELECT * FROM " . TABLE_WORKSPACES . " WHERE workspace_id = '" . $id . "'";
	- if (!$result = $db->sql_query($sql)) message_die(SQL_ERROR, "Unable to query workspaces", '', __LINE__, __FILE__, $sql);
	- if (!$row = $db->sql_fetchrow($result)) {
	+ if (!$result = $db->query($sql)) message_die(SQL_ERROR, "Unable to query workspaces", '', __LINE__, __FILE__, $sql);
	+ if (!$row = $db->fetchRow($result)) {
	$this->lastError = "Workspace unknown: " . $this->id;
	return false;
	}
	$this->load_from_row($row);
	return true;
	}

	/**
	* Saves to database
	*/
	function save_to_database () {
	global $db;

	- $id = $this->id ? "'" . $db->sql_escape($this->id) . "'" : 'NULL';
	- $code = $db->sql_escape($this->code);
	- $name = $db->sql_escape($this->name);
	- $created = $db->sql_escape($this->created);
	- $description = $db->sql_escape($this->description);
	+ $id = $this->id ? "'" . $db->escape($this->id) . "'" : 'NULL';
	+ $code = $db->escape($this->code);
	+ $name = $db->escape($this->name);
	+ $created = $db->escape($this->created);
	+ $description = $db->escape($this->description);

	//Updates or inserts
	$sql = "REPLACE INTO " . TABLE_WORKSPACES . " (`workspace_id`, `workspace_code`, `workspace_name`, `workspace_created`, `workspace_description`) VALUES ('$id', '$code', '$name', '$created', '$description')";
	- if (!$db->sql_query($sql)) {
	+ if (!$db->query($sql)) {
	message_die(SQL_ERROR, "Unable to save", '', __LINE__, __FILE__, $sql);
	}

	if (!$this->id) {
	//Gets new record id value
	- $this->id = $db->sql_nextid();
	+ $this->id = $db->nextId();
	}
	}

	/**
	* Determines if the specified user has access to the current workspace
	*
	* @param User the user to check
	* @return boolean true if the user has access to the current workspace ; otherwise, false.
	*/
	public function userCanAccess (User $user) {
	if ($this->id === false \|\| $this->id === null \|\| $this->id === '') {
	throw new LogicException("The workspace must has a valid id before to call userCanAccess.");
	}
	foreach ($user->get_workspaces() as $workspace) {
	if ($workspace->id == $this->id) {
	return true;
	}
	}
	return false;
	}

	/**
	* Loads configuration
	*
	* @param $context The site context
	*/
	public function loadConfiguration (Context $context) {
	global $Config;

	$file = $Config['Content']['Workspaces'] . '/' . $this->code . '/workspace.conf';
	if (!file_exists($file)) {
	$exceptionMessage = sprintf(Language::get('NotConfiguredWorkspace'), $file);
	throw new Exception($exceptionMessage);
	}

	$this->configuration = WorkspaceConfiguration::loadFromFile($file, $context);
	}

	/**
	* Gets workspaces specified user has access to.
	*
	* @param int $user_id The user to get his workspaces
	* @return Array A list of workspaces
	*/
	public static function get_user_workspaces ($user_id) {
	global $db;

	//Gets the workspaces list from cache, as this complex request could take 100ms
	//and is called on every page.
	$cache = Cache::load();

	if (!$workspaces = unserialize($cache->get("workspaces-$user_id"))) {
	$clause = User::get_permissions_clause_from_user_id($user_id);
	$sql = "SELECT DISTINCT w.*
	FROM " . TABLE_PERMISSIONS . " p, " . TABLE_WORKSPACES . " w
	WHERE p.target_resource_type = 'W' AND
	p.target_resource_id = w.workspace_id AND
	p.permission_name = 'accessLevel' AND
	p.permission_flag > 0 AND
	($clause)";
	- if (!$result = $db->sql_query($sql)) {
	+ if (!$result = $db->query($sql)) {
	message_die(SQL_ERROR, "Can't get user workspaces", '', __LINE__, __FILE__, $sql);
	}

	$workspaces = array();

	- while ($row = $db->sql_fetchrow($result)) {
	+ while ($row = $db->fetchRow($result)) {
	$workspace = new Workspace();
	$workspace->id = $row['workspace_id'];
	$workspace->load_from_row($row);
	$workspaces[] = $workspace;
	}

	$cache->set("workspaces-$user_id", serialize($workspaces));
	}

	return $workspaces;
	}

	/**
	* Determines if a string matches an existing workspace code.
	*
	* @param string $code The workspace code to check
	* @return boolean If the specified code matches an existing workspace, true; otherwise, false.
	*/
	public static function is_workspace ($code) {
	global $db;

	- $code = $db->sql_escape($code);
	+ $code = $db->escape($code);
	$sql = "SELECT count(*) FROM " . TABLE_WORKSPACES . " WHERE workspace_code = '$code'";
	- if (!$result = $db->sql_query($sql)) {
	+ if (!$result = $db->query($sql)) {
	message_die(SQL_ERROR, "Can't check workspace code", '', __LINE__, __FILE__, $sql);
	}
	- $row = $db->sql_fetchrow($result);
	+ $row = $db->fetchRow($result);
	return ($row[0] == 1);
	}
	}

File Metadata

Mime Type: text/x-diff
Expires: Sun, May 3, 05:49 (1 d, 11 h)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 3677695
Default Alt Text: (59 KB)

No OneTemporaryActions

View Options

File Metadata

Event Timeline

No OneTemporary
Actions