Page MenuHomeDevCentral
Files F11723898

No OneTemporary
Actions

View Options

This document is not UTF8. It was detected as ISO-8859-1 (Latin 1) and converted to UTF8 for display.
diff --git a/includes/config.php b/includes/config.php
new file mode 100644
index 0000000..a7cc4c8
--- /dev/null
+++ b/includes/config.php
@@ -0,0 +1,144 @@
+<?php
+
+/*
+ * Keruald, core libraries for Pluton and Xen engines.
+ * (c) 2010, Sébastien Santoro aka Dereckson, some rights reserved
+ * Released under BSD license
+ *
+ * Configuration file
+ *
+ * This file will contain your site/application settings. Ideally, you should
+ * make this file autogenerable by a setup process.
+ *
+ * 0.1 2010-02-27 2:17 DcK
+ */
+
+////////////////////////////////////////////////////////////////////////////////
+/// ///
+/// I. SQL configuration ///
+/// ///
+////////////////////////////////////////////////////////////////////////////////
+
+//SQL configuration
+$Config['sql']['product'] = 'MySQL'; //Only MySQL is currently implemented
+$Config['sql']['host'] = 'localhost';
+$Config['sql']['username'] = 'keruald';
+$Config['sql']['password'] = 'keruald';
+$Config['sql']['database'] = 'keruald';
+
+//SQL tables
+$prefix = '';
+define('TABLE_SESSIONS', $prefix . 'sessions');
+define('TABLE_USERS', $prefix . 'users');
+
+//TODO: you can add here your own tables and views
+
+////////////////////////////////////////////////////////////////////////////////
+/// ///
+/// II. Site configuration ///
+/// ///
+////////////////////////////////////////////////////////////////////////////////
+
+//TODO: you can add here settings like default site theme or the app title.
+
+//Dates
+date_default_timezone_set("UTC");
+
+//Secret key, used for some verification hashes in URLs (e.g. xhr calls)
+//or forms.
+$Config['SecretKey'] = 'Alphaville vit au seul rhytme de la logique.';
+
+//When reading files, buffer size
+define('BUFFER_SIZE', 4096);
+
+////////////////////////////////////////////////////////////////////////////////
+/// ///
+/// III. Script URLs ///
+/// ///
+////////////////////////////////////////////////////////////////////////////////
+
+/*
+ * The following settings give your script/application URL.
+ *
+ * Without mod_rewrite:
+ *
+ * Subdirectory:
+ * - $Config['SiteURL'] = 'http://www.yourdomain.tld/application/index.php';
+ * - $Config['BaseURL'] = '/application/index.php';
+ *
+ * Root directory:
+ * - $Config['SiteURL'] = 'http://www.yourdomain.tld/index.php';
+ * - $Config['BaseURL'] = '/index.php';
+ *
+ * With mod_rewrite:
+ *
+ * Subdirectory:
+ * - $Config['SiteURL'] = 'http://www.yourdomain.tld/application';
+ * - $Config['BaseURL'] = '/application';
+ *
+ * In .htaccess or your vhost definition:
+ * RewriteEngine On
+ * RewriteBase /application/
+ * RewriteCond %{REQUEST_FILENAME} !-f
+ * RewriteCond %{REQUEST_FILENAME} !-d
+ * RewriteRule . /application/index.php [L]
+ *
+ * Root directory:
+ * - $Config['SiteURL'] = 'http://www.yourdomain.tld';
+ * - $Config['BaseURL'] = '';
+ *
+ * In .htaccess or your vhost definition:
+ * RewriteEngine On
+ * RewriteBase /
+ * RewriteCond %{REQUEST_FILENAME} !-f
+ * RewriteCond %{REQUEST_FILENAME} !-d
+ * RewriteRule . /index.php [L]
+ *
+ *
+ * If you don't want to specify the server domain, you can use get_server_url:
+ * $Config['SiteURL'] = get_server_url() . '/application';
+ * $Config['SiteURL'] = get_server_url();
+ *
+ * !!! No trailing slash !!!
+ *
+ */
+
+$Config['SiteURL'] = get_server_url();
+$Config['BaseURL'] = '';
+
+//xmlHttpRequest callbacks URL
+$Config['DoURL'] = $Config['SiteURL'] . "/do.php";
+
+////////////////////////////////////////////////////////////////////////////////
+/// ///
+/// IV. Another section ///
+/// ///
+////////////////////////////////////////////////////////////////////////////////
+
+//TODO: add here miscelleanous settings
+//Tip: you can group settings by array, like the following sample.
+
+//ImageMagick paths
+//Be careful on Windows platform convert could match the NTFS convert command.
+$Config['ImageMagick']['convert'] = 'convert';
+$Config['ImageMagick']['mogrify'] = 'mogrify';
+$Config['ImageMagick']['composite'] = 'composite';
+$Config['ImageMagick']['identify'] = 'identify';
+
+////////////////////////////////////////////////////////////////////////////////
+/// ///
+/// V. Sessions ///
+/// ///
+////////////////////////////////////////////////////////////////////////////////
+
+//If you want to use a common table of sessions / user handling
+//with several websites, specify a different resource id for each site.
+$Config['ResourceID'] = 1;
+
+//TODO: if you need to customize session handling from php.ini default values,
+//sets PHP variables. Here a sample:
+
+//Sets duration lifetime to 2 hours
+ini_set('session.gc_maxlifetime', 2880);
+
+?>
\ No newline at end of file
diff --git a/includes/core.php b/includes/core.php
new file mode 100644
index 0000000..e001cbb
--- /dev/null
+++ b/includes/core.php
@@ -0,0 +1,299 @@
+<?php
+
+/*
+ * Keruald, core libraries for Pluton and Xen engines.
+ * (c) 2010, Sébastien Santoro aka Dereckson, some rights reserved
+ * Released under BSD license
+ *
+ * Core
+ *
+ * 0.1 2010-02-27 2:04 DcK
+ */
+
+////////////////////////////////////////////////////////////////////////////////
+/// ///
+/// Configures PHP and loads site-wide used libraries ///
+/// ///
+////////////////////////////////////////////////////////////////////////////////
+
+//Disables register globals
+ini_set('register_globals', 'off');
+
+//Reports all errors, help notices (including STRICT in PHP 6)
+error_reporting(E_ALL & ~E_NOTICE);
+
+//Load libraries
+include_once("config.php"); //Site config
+include_once("error.php"); //Error management
+include_once("mysql.php"); //MySQL layer
+include_once("session.php"); //Sessions handler
+
+////////////////////////////////////////////////////////////////////////////////
+/// ///
+/// Information helper functions ///
+/// ///
+////////////////////////////////////////////////////////////////////////////////
+
+/*
+ * Gets the username matching specified user id
+ * @param string $user_id the user ID
+ * @return string the username
+ */
+function get_username ($user_id) {
+ global $db;
+
+ $user_id = $db->sql_escape($user_id);
+ $sql = 'SELECT username FROM '. TABLE_USERS . " WHERE user_id = '$userid'";
+ return $db->sql_query_express($sql, "Can't get username from specified user id");
+}
+
+/*
+ * Gets the user id matching specified username
+ * @param string $username the username
+ * @return string the user ID
+ */
+function get_userid ($username) {
+ global $db;
+
+ $username = $db->sql_escape($username);
+ $sql = 'SELECT user_id FROM '. TABLE_USERS . " WHERE username LIKE '$username'";
+ return $db->sql_query_express($sql, "Can't get user id from specified username");
+}
+
+////////////////////////////////////////////////////////////////////////////////
+/// ///
+/// Misc helper functions ///
+/// ///
+////////////////////////////////////////////////////////////////////////////////
+
+//Plural management
+
+function s ($amount) {
+ if ($amount > 1) return "s";
+}
+
+/*
+ * Prints human-readable information about a variable, wrapped in a <pre> block
+ * @param mixed $mixed the variable to dump
+ */
+function dprint_r ($mixed) {
+ echo '<pre>';
+ print_r($mixed);
+ echo '</pre>';
+}
+
+/*
+ * Generates a new GUID
+ * @return string a guid (without {})
+ */
+function new_guid () {
+ $chars = explode(",","a,b,c,d,e,f,0,1,2,3,4,5,6,7,8,9");
+ $guid = "";
+ for ($i = 0 ; $i < 36 ; $i++) {
+ if ($i == 8 || $i == 13 || $i == 18 || $i == 23) {
+ $guid .= "-";
+ } else {
+ $guid .= $chars[mt_rand() % sizeof($characters)];
+ }
+ }
+ return $guid;
+}
+
+/*
+ * Determines if the expression is a valid guid (in uuid notation, without {})
+ * @param string $expression the guid to check
+ * @return true if the expression is a valid guid ; otherwise, false
+ */
+function is_guid ($expression) {
+ //We avoid regexp to speed up the check
+ //A guid is a 36 characters string
+ if (strlen($expression) != 36) return false;
+
+ $expression = strtolower($expression);
+ for ($i = 0 ; $i < 36 ; $i++) {
+ if ($i == 8 || $i == 13 || $i == 18 || $i == 23) {
+ //with dashes
+ if ($expression[$i] != '-') return false;
+ } else {
+ //and hex numbers
+ if (!is_numeric($expression[$i]) && $expression[$i] != 'a' && $expression[$i] != 'b' && $expression[$i] != 'c' && $expression[$i] != 'd' && $expression[$i] != 'e' && $expression[$i] != 'f' ) return false;
+ }
+ }
+ return true;
+}
+
+/*
+ * Gets file extension
+ * @param string $file the file to get the extension
+ */
+function get_extension ($file) {
+ $dotPosition = strrpos($file, ".");
+ return substr($file, $dotPosition + 1);
+}
+
+/*
+ * Determines if a string starts with specified substring
+ * @param string $haystack the string to check
+ * @param string $needle the substring to determines if it's the start
+ * @param boolean $case_sensitive determines if the search must be case sensitive
+ * @return boolean true if $haystack starts with $needle ; otherwise, false.
+ */
+function string_starts_with ($haystack, $needle, $case_sensitive = true) {
+ if (!$case_sensitive) {
+ $haystack = strtoupper($haystack);
+ $needle = strtoupper($needle);
+ }
+ if ($haystack == $needle) return true;
+ return strpos($haystack, $needle) === 0;
+}
+
+////////////////////////////////////////////////////////////////////////////////
+/// ///
+/// URL helpers functions ///
+/// ///
+////////////////////////////////////////////////////////////////////////////////
+
+/*
+ * Gets URL
+ * @return string URL
+ */
+function get_url () {
+ global $Config;
+ if (func_num_args() > 0) {
+ $pieces = func_get_args();
+ return $Config['BaseURL'] . '/' . implode('/', $pieces);
+ } elseif ($Config['BaseURL'] == "" || $Config['BaseURL'] == "/index.php") {
+ return "/";
+ } else {
+ return $Config['BaseURL'];
+ }
+}
+
+/*
+ * Gets page URL
+ * @return string URL
+ */
+function get_page_url () {
+ $url = $_SERVER['SCRIPT_NAME'] . $_SERVER['PATH_INFO'];
+ if (substr($url, -10) == "/index.php") {
+ return substr($url, 0, -9);
+ }
+ return $url;
+}
+
+/*
+ * Gets server URL
+ * @todo find a way to detect https:// on non standard port
+ * @return string the server URL
+ */
+function get_server_url () {
+ switch ($port = $_SERVER['SERVER_PORT']) {
+ case '80':
+ return "http://$_SERVER[SERVER_NAME]";
+
+ case '443':
+ return "https://$_SERVER[SERVER_NAME]";
+
+ default:
+ return "http://$_SERVER[SERVER_NAME]:$_SERVER[SERVER_PORT]";
+ }
+}
+
+/*
+ * Gets $_SERVER['PATH_INFO'] or computes the equivalent if not defined.
+ * @return string the relevant URL part
+ */
+function get_current_url () {
+ global $Config;
+
+ //Gets relevant URL part from relevant $_SERVER variables
+ if (array_key_exists('PATH_INFO', $_SERVER)) {
+ //Without mod_rewrite, and url like /index.php/controller
+ //we use PATH_INFO. It's the easiest case.
+ return $_SERVER["PATH_INFO"];
+ }
+
+ //In other cases, we'll need to get the relevant part of the URL
+ $current_url = get_server_url() . $_SERVER['REQUEST_URI'];
+
+ //Relevant URL part starts after the site URL
+ $len = strlen($Config['SiteURL']);
+
+ //We need to assert it's the correct site
+ if (substr($current_url, 0, $len) != $Config['SiteURL']) {
+ dieprint_r(GENERAL_ERROR, "Edit includes/config.php and specify the correct site URL<br /><strong>Current value:</strong> $Config[SiteURL]<br /><strong>Expected value:</strong> a string starting by " . get_server_url(), "Setup");
+ }
+
+ if (array_key_exists('REDIRECT_URL', $_SERVER)) {
+ //With mod_rewrite, we can use REDIRECT_URL
+ //We takes the end of the URL, ie *FROM* $len position
+ return substr(get_server_url() . $_SERVER["REDIRECT_URL"], $len);
+ }
+
+ //Last possibility: use REQUEST_URI, but remove QUERY_STRING
+ //If you need to edit here, use $_SERVER['REQUEST_URI']
+ //but you need to discard $_SERVER['QUERY_STRING']
+
+ //We takes the end of the URL, ie *FROM* $len position
+ $url = substr(get_server_url() . $_SERVER["REQUEST_URI"], $len);
+
+ //But if there are a query string (?action=... we need to discard it)
+ if ($_SERVER['QUERY_STRING']) {
+ return substr($url, 0, strlen($url) - strlen($_SERVER['QUERY_STRING']) - 1);
+ }
+
+ return $url;
+}
+
+/*
+ * Gets an array of url fragments to be processed by controller
+ * @return array an array containing URL fragments
+ */
+function get_current_url_fragments () {
+ $url_source = get_current_url();
+ if ($url_source == '/index.php') return array();
+ return explode('/', substr($url_source, 1));
+}
+
+////////////////////////////////////////////////////////////////////////////////
+/// ///
+/// URL xmlHttpRequest helpers functions ///
+/// ///
+////////////////////////////////////////////////////////////////////////////////
+
+/*
+ * Gets an hash value to check the integrity of URLs in /do.php calls
+ * @param Array $args the args to compute the hash
+ * @return the hash paramater for your xmlHttpRequest url
+ */
+function get_xhr_hash ($args) {
+ global $Config;
+
+ array_shift($args);
+ return md5($_SESSION['ID'] . $Config['SecretKey'] . implode('', $args));
+}
+
+/*
+ * Gets the URL to call do.php, the xmlHttpRequest controller
+ * @return string the xmlHttpRequest url, with an integrity hash
+ */
+function get_xhr_hashed_url () {
+ global $Config;
+
+ $args = func_get_args();
+ $args[] = get_xhr_hash($args);
+ return $Config['DoURL'] . '/' . implode('/', $args);
+}
+
+/*
+ * Gets the URL to call do.php, the xmlHttpRequest controller
+ * @return string the xmlHttpRequest url
+ */
+function get_xhr_url () {
+ global $Config;
+
+ $args = func_get_args();
+ return $Config['DoURL'] . '/' .implode('/', $args);
+}
+
+?>
\ No newline at end of file
diff --git a/includes/error.php b/includes/error.php
new file mode 100644
index 0000000..a730a8c
--- /dev/null
+++ b/includes/error.php
@@ -0,0 +1,110 @@
+<?php
+
+/*
+ * Keruald, core libraries for Pluton and Xen engines.
+ * (c) 2010, Sébastien Santoro aka Dereckson, some rights reserved
+ * Released under BSD license
+ *
+ * Error handling
+ *
+ * 0.1 2010-02-27 16:00 DcK
+ *
+ * @todo add exception handling facilities
+ *
+ * There are 3 standard error types:
+ * - SQL_ERROR error during a sql query
+ * - HACK_ERROR error trying to access a protected resource
+ * - GENERAL_ERROR miscelleanous error
+ *
+ * The message_die/SQL_ERROR idea were found in phpBB 2 code.
+ *
+ * Tip: use HACK_ERROR when an user can't access a page, and edit message_die
+ * to output a login/pass form if the user isn't logged in, so the user
+ * will be invited to log in properly and legetimely access to the page.
+ * (cf. the Pluton's error.php for a sample)
+ *
+ * Tip: if you use a MVC model or at least templates, message_die should calls
+ * an error template but only if the template engine is initialized.
+ * (cf. the Xen's error.php for a sample)
+ *
+ * Tip: evaluate the cost/benefit to output a SQL error to the user and consider
+ * not to output the sql query or the error code to standard users.
+ *
+ * Tip: if you need more help to understand where exactly the error have occured
+ * consider Advanced PHP debugger: www.php.net/manual/en/book.apd.php
+ */
+
+//Error code constants
+define ("SQL_ERROR", 65);
+define ("HACK_ERROR", 99);
+define ("GENERAL_ERROR", 117);
+
+/*
+ * Prints human-readable information about a variable
+ * wrapped in a general error and dies
+ * @param mixed $mixed the variable to dump
+ */
+function dieprint_r ($var, $title = '') {
+ if (!$title) $title = 'Debug';
+
+ //GENERAL_ERROR with print_r call as message
+ message_die(GENERAL_ERROR, '<pre>' . print_r($var, true) .'</pre>', $title);
+}
+
+/*
+ * Prints an error message and dies
+ * @param int $code A constant identifying the type of error (SQL_ERROR, HACK_ERROR or GENERAL_ERROR)
+ * @param string $text the error description
+ * @param string $text the error title
+ * @param int $line the file line the error have occured (typically __LINE__)
+ * @param string $file the file the error have occured (typically __FILE__)
+ * @param string $sql the sql query which caused the error
+ */
+function message_die ($code, $text = '', $title = '', $line = '', $file = '', $sql = '') {
+ //Ensures we've an error text
+ $text = $text ? $text : "An error have occured";
+
+ //Adds file and line information to error text
+ if ($file) {
+ $text .= " — $file";
+ if ($line) {
+ $text .= ", line $line";
+ }
+ }
+
+ //Ensures we've an error title and adds relevant extra information
+ switch ($code) {
+ case HACK_ERROR:
+ $title = $title ? $title : "Access non authorized";
+ break;
+
+ case SQL_ERROR:
+ global $db;
+ $title = $title ? $title : "SQL error";
+
+ //Gets SQL error information
+ $sqlError = $db->sql_error();
+ if ($sqlError['message'] != '') {
+ $text .= "<br />Error n° $sqlError[code]: $sqlError[message]";
+ }
+ $text .= '<br />&nbsp;<br />Query: ';
+ $text .= $sql;
+
+ break;
+
+ default:
+ //TODO: here can be added code to handle error error ;-)
+ //Falls to GENERAL_ERROR
+
+ case GENERAL_ERROR:
+ $title = $title ? $title : "General error";
+ break;
+ }
+
+ //HTML output of $title and $text variables
+ echo '<div class="FatalError"><p class="FatalErrorTitle">', $title,
+ '</p><p>', $text, '</p></div>';
+
+ exit;
+}
+?>
\ No newline at end of file
diff --git a/includes/login.php b/includes/login.php
new file mode 100644
index 0000000..3d4b486
--- /dev/null
+++ b/includes/login.php
@@ -0,0 +1,40 @@
+<?php
+
+/*
+ * Keruald, core libraries for Pluton and Xen engines.
+ * (c) 2010, Sébastien Santoro aka Dereckson, some rights reserved
+ * Released under BSD license
+ *
+ * Login and logout handler.
+ *
+ * 0.1 2010-02-27 1:52 DcK
+ *
+ */
+
+$_POST['LogIn'] = "OK";
+$_POST['username'] = "demo";
+$_POST['password'] = "demo";
+
+if ($_POST['LogIn']) {
+ //User have submitted login form
+ $username = $db->sql_escape($_POST['username']);
+ $sql = "SELECT user_password, user_id FROM " . TABLE_USERS . " WHERE username = '$username'";
+ if ( !($result = $db->sql_query($sql)) ) message_die(SQL_ERROR, "Can't get user information", '', __LINE__, __FILE__, $sql);
+ if ($row = $db->sql_fetchrow($result)) {
+ if (!$row['user_password']) {
+ //No password set
+ $LoginError = "This account exists but haven't a password defined. Contact the site administrator.";
+ } elseif ($row['user_password'] != md5($_POST['password'])) {
+ //The password doesn't match
+ $LoginError = "Incorrect password.";
+ } else {
+ //Login successful
+ $Session->user_login($row['user_id']);
+ $LoginSuccessful = true;
+ }
+ }
+} elseif ($_POST['LogOut'] || $_GET['action'] == "user.logout") {
+ //User have submitted logout form or clicked a logout link
+ $Session->user_logout();
+}
+?>
\ No newline at end of file
diff --git a/includes/mysql.php b/includes/mysql.php
new file mode 100644
index 0000000..9f0121d
--- /dev/null
+++ b/includes/mysql.php
@@ -0,0 +1,152 @@
+<?php
+
+/*
+ * Keruald, core libraries for Pluton and Xen engines.
+ * (c) 2010, Sébastien Santoro aka Dereckson, some rights reserved
+ * Released under BSD license
+ *
+ * MySQL layer and helper class
+ *
+ * 0.1 2010-02-27 1:52 DcK
+ *
+ */
+
+if (!defined('SQL_LAYER')) {
+ define('SQL_LAYER', 'MySQL');
+
+ /*
+ * SQL layer and helper class: MySQL
+ *
+ * @package Keruald
+ * @subpackage Keruald
+ * @copyright Copyright (c) 2010, Sébastien Santoro aka Dereckson
+ * @license Released under BSD license
+ * @version 0.1
+ */
+ class sql_db {
+ /*
+ * @var int the connection identifier
+ */
+ private $id;
+
+ /*
+ * Initializes a new instance of the database abstraction class, for MySQL engine
+ */
+ function __construct($host = 'localhost', $username = '', $password = '', $database = '') {
+ //Connects to MySQL server
+ $this->id = @mysql_connect($host, $username, $password) or $this->sql_die();
+
+ //Selects database
+ if ($database != '') {
+ mysql_select_db($database, $this->id);
+ }
+ }
+
+ /*
+ * Outputs a can't connect to the SQL server message and exits.
+ * It's called on connect failure
+ */
+ private function sql_die () {
+ //You can custom here code when you can't connect to SQL server
+ //e.g. in a demo or appliance context, include('start.html'); exit;
+ die ("Can't connect to SQL server.");
+ }
+
+ /*
+ * Sends a unique query to the database
+ * @return mixed if the query is successful, a result identifier ; otherwise, false
+ */
+ function sql_query ($query) {
+ return mysql_query($query, $this->id);
+ }
+
+ /*
+ * Fetches a row of result into an associative array
+ * @return array an associative array with columns names as keys and row values as values
+ */
+ function sql_fetchrow ($result) {
+ return mysql_fetch_array($result);
+ }
+
+ /*
+ * Gets last SQL error information
+ * @return array an array with two keys, code and message, containing error information
+ */
+ function sql_error () {
+ $error['code'] = mysql_errno($this->id);
+ $error['message'] = mysql_error($this->id);
+ return $error;
+ }
+
+ /*
+ * Gets the number of rows affected or returned by a query
+ * @return int the number of rows affected (delete/insert/update) or the number of rows in query result
+ */
+ function sql_numrows ($result) {
+ return mysql_num_rows($result);
+ }
+
+ /*
+ * Gets the primary key value of the last query (works only in INSERT context)
+ * @return int the primary key value
+ */
+ function sql_nextid () {
+ return mysql_insert_id($this->id);
+ }
+
+ /*
+ * Express query method, returns an immediate and unique result
+ *
+ * @param string $query the query to execute
+ * @param string $error_message the error message
+ * @param boolean $return_as_string return result as string, and not as an array
+ * @return mixed the row or the scalar result
+ */
+ function sql_query_express ($query = '', $error_message = "Impossible d'exécuter cette requête.", $return_as_string = true) {
+ if ($query === '' || $query === false || $query === null) {
+ //No query, no value
+ return '';
+ } elseif (!$result = $this->sql_query($query)) {
+ //An error have occured
+ message_die(SQL_ERROR, $error_message, '', '', '', $query);
+ } else {
+ //Fetches row
+ $row = $this->sql_fetchrow($result);
+
+ //If $return_as_string is true, returns first query item (scalar mode) ; otherwise, returns row
+ return $return_as_string ? $row[0] : $row;
+ }
+ }
+
+ /*
+ * Escapes a SQL expression
+ * @param string expression The expression to escape
+ * @return string The escaped expression
+ */
+ function sql_escape ($expression) {
+ return mysql_real_escape_string($expression);
+ }
+
+ /*
+ * Set charset
+ */
+ function set_charset ($encoding) {
+ if (function_exists('mysql_set_charset')) {
+ //>PHP 5.2.3
+ mysql_set_charset($encoding, $this->id);
+ } else {
+ //TODO: set connection variables to utf8
+ }
+ }
+ }
+
+ //Creates an instance of this database class with configuration values
+ $db = new sql_db($Config['sql']['host'], $Config['sql']['username'], $Config['sql']['password'], $Config['sql']['database']);
+
+ //To improve security, we unset sql parameters
+ unset($Config['sql']);
+
+ //Sets SQL connexion in UTF8. PHP 5.2.3+
+ $db->set_charset('utf8');
+}
+?>
\ No newline at end of file
diff --git a/includes/session.php b/includes/session.php
new file mode 100644
index 0000000..4a0ffbb
--- /dev/null
+++ b/includes/session.php
@@ -0,0 +1,248 @@
+<?php
+
+/*
+ * Keruald, core libraries for Pluton and Xen engines.
+ * (c) 2010, Sébastien Santoro aka Dereckson, some rights reserved
+ * Released under BSD license
+ *
+ * Session
+ *
+ * 0.1 2010-02-26 18:06 DcK
+ *
+ * This class uses a singleton pattern, as we only need one single instance.
+ * Cf. http://www.php.net/manual/en/language.oop5.patterns.php
+ *
+ * @package Keruald
+ * @subpackage Keruald
+ * @copyright Copyright (c) 2010, Sébastien Santoro aka Dereckson
+ * @license Released under BSD license
+ * @version 0.1
+ */
+class Session {
+ /*
+ * @var Session current session instance
+ */
+ private static $instance;
+
+ /*
+ * Gets or initializes current session instance
+ * @return Session current session instance
+ */
+ public static function load () {
+ if (!isset(self::$instance)) {
+ //Creates new session instance
+ $c = __CLASS__;
+ self::$instance = new $c;
+ }
+
+ return self::$instance;
+ }
+
+ /*
+ * @var string session ID
+ */
+ public $id;
+
+ /*
+ * @var string remote client IP
+ */
+ public $ip;
+
+ /*
+ * Initializes a new instance of Session object
+ */
+ private function __construct () {
+ //Starts PHP session, and gets id
+ session_start();
+ $_SESSION['ID'] = session_id();
+ $this->id = $_SESSION['ID'];
+
+ //Gets remote client IP
+ $this->ip = self::get_ip();
+
+ //Updates or creates the session in database
+ $this->update();
+ }
+
+ /*
+ * Gets remote client IP address
+ * @return string IP
+ */
+ public static function get_ip () {
+ //mod_proxy + mod_rewrite (old pluton url scheme) will define 127.0.0.1
+ //in REMOTE_ADDR, and will store ip in HTTP_X_FORWARDED_FOR variable.
+ //Some ISP/orgz proxies also use this setting.
+ if (array_key_exists('HTTP_X_FORWARDED_FOR', $_SERVER)) {
+ return $_SERVER['HTTP_X_FORWARDED_FOR'];
+ }
+
+ //Standard cases
+ return $_SERVER['REMOTE_ADDR'];
+ }
+
+ /*
+ * Cleans up session
+ * i. deletes expired session
+ * ii. sets offline relevant sessions
+ */
+ public static function clean_old_sessions () {
+ global $db, $Config;
+
+ //Gets session and online status lifetime (in seconds)
+ //If not specified in config, sets default 5 and 120 minutes values
+ $onlineDuration = array_key_exists('OnlineDuration', $Config) ? $Config['OnlineDuration'] : 300;
+ $sessionDuration = array_key_exists('SessionDuration', $Config) ? $Config['SessionDuration'] : 7200;
+
+ //Deletes expired sessions
+ $sql = "DELETE FROM " . TABLE_SESSIONS . " WHERE TIMESTAMPDIFF(SECOND, session_updated, NOW()) > $sessionDuration";
+ if (!$db->sql_query($sql)) message_die(SQL_ERROR, "Can't delete expired sessions", '', __LINE__, __FILE__, $sql);
+
+ //Online -> offline
+ $sql = "UPDATE " . TABLE_SESSIONS . " SET session_online = 0 WHERE TIMESTAMPDIFF(SECOND, session_updated, NOW()) > $onlineDuration";
+ if (!$db->sql_query($sql)) message_die(SQL_ERROR, 'Can\'t update sessions online statuses', '', __LINE__, __FILE__, $sql);
+ }
+
+
+ /*
+ * Updates or creates a session in the database
+ */
+ public function update () {
+ global $db, $Config;
+
+ //Cleans up session
+ //To boost SQL performances, try a random trigger
+ // e.g. if (rand(1, 100) < 3) self::clean_old_sessions();
+ //or comment this line and execute a cron script you launch each minute.
+ self::clean_old_sessions();
+
+ //Saves session in database.
+ //If the session already exists, it updates the field online and updated.
+ $id = $db->sql_escape($this->id);
+ $resource = $db->sql_escape($Config['ResourceID']);
+ $user_id = $db->sql_escape(ANONYMOUS_USER);
+ $sql = "INSERT INTO " . TABLE_SESSIONS . " (session_id, session_ip, session_resource, user_id) VALUES ('$id', '$this->ip', '$resource', '$user_id') ON DUPLICATE KEY UPDATE session_online = 1";
+ if (!$db->sql_query($sql)) message_die(SQL_ERROR, 'Can\'t save current session', '', __LINE__, __FILE__, $sql);
+ }
+
+ /*
+ * Gets the number of online users
+ * @return int the online users count
+ */
+ public function count_online () {
+ //Keeps result for later method call
+ static $count = -1;
+
+ if ($count == -1) {
+ //Queries sessions table
+ global $db, $Config;
+
+ $resource = $db->sql_escape($Config['ResourceID']);
+ $sql = "SELECT count(*) FROM " . TABLE_SESSIONS . " WHERE session_resource = '$resource' AND session_online = 1";
+ $count = (int)$db->sql_query_express($sql, "Can't count online users");
+ }
+
+ //Returns number of users online
+ return $count;
+ }
+
+ /*
+ * Gets the value of a custom session table field
+ * @param string $info the field to get
+ * @return string the session specified field's value
+ */
+ public function get_info ($info) {
+ global $db;
+
+ $id = $db->sql_escape($this->id);
+ $sql = "SELECT `$info` FROM " . TABLE_SESSIONS . " WHERE session_id = '$id'";
+ return $db->sql_query_express($sql, "Can't get session $info info");
+ }
+
+ /*
+ * Sets the value of a custom session table field to the specified value
+ * @param string $info the field to update
+ * @param string $value the value to set
+ */
+ public function set_info ($info, $value) {
+ global $db;
+
+ $value = ($value === null) ? 'NULL' : "'" . $db->sql_escape($value) . "'";
+ $id = $db->sql_escape($this->id);
+ $sql = "UPDATE " . TABLE_SESSIONS . " SET `$info` = $value WHERE session_id = '$id'";
+ if (!$db->sql_query($sql))
+ message_die(SQL_ERROR, "Can't set session $info info", '', __LINE__, __FILE__, $sql);
+ }
+
+ /*
+ * Gets logged user information
+ * @return User the logged user information
+ */
+ public function get_logged_user () {
+ global $db;
+
+ //Gets session information
+ $id = $db->sql_escape($this->id);
+ $sql = "SELECT * FROM " . TABLE_SESSIONS . " WHERE session_id = '$id'";
+ if (!$result = $db->sql_query($sql))
+ message_die(SQL_ERROR, "Can't query session information", '', __LINE__, __FILE__, $sql);
+ $row = $db->sql_fetchrow($result);
+
+ //Gets user instance
+ //require_once('includes/objects/user.php');
+ //$user = new User($row['user_id']);
+
+ //Adds session property to this user instance
+ $user->session = $row;
+
+ //Returns user instance
+ return $user;
+ }
+
+ /*
+ * Cleans session
+ * This method is to be called when an event implies a session destroy
+ */
+ public function clean () {
+ //Destroies $_SESSION array values, help ID
+ foreach ($_SESSION as $key => $value) {
+ if ($key != 'ID') unset($_SESSION[$key]);
+ }
+ }
+
+ /*
+ * Updates the session in an user login context
+ * @param string $user_id the user ID
+ */
+ public function user_login ($user_id) {
+ global $db;
+
+ //Sets specified user ID in sessions table
+ $user_id = $db->sql_escape($user_id);
+ $id = $db->sql_escape($this->id);
+ $sql = "UPDATE " . TABLE_SESSIONS . " SET user_id = '$user_id' WHERE session_id = '$id'";
+ if (!$db->sql_query($sql))
+ message_die(SQL_ERROR, "Can't set logged in status", '', __LINE__, __FILE__, $sql);
+ }
+
+ /*
+ * Updates the session in an user logout context
+ */
+ public function user_logout () {
+ global $db;
+
+ //Sets anonymous user in sessions table
+ $user_id = $db->sql_escape(ANONYMOUS_USER);
+ $id = $db->sql_escape($this->id);
+ $sql = "UPDATE " . TABLE_SESSIONS . " SET user_id = '$user_id' WHERE session_id = '$id'";
+ if (!$db->sql_query($sql))
+ message_die(SQL_ERROR, "Can't set logged out status", '', __LINE__, __FILE__, $sql);
+
+ //Cleans session
+ $this->clean();
+ }
+}
+
+//The user_id matching anonymous user
+if (!defined('ANONYMOUS_USER')) define('ANONYMOUS_USER', -1);
+
+?>
\ No newline at end of file
diff --git a/index.php b/index.php
new file mode 100644
index 0000000..ff13cd9
--- /dev/null
+++ b/index.php
@@ -0,0 +1,84 @@
+<?php
+
+/*
+ * Keruald, core libraries for Pluton and Xen engines.
+ * (c) 2010, Sébastien Santoro aka Dereckson, some rights reserved
+ * Released under BSD license
+ *
+ * Application entry point
+ *
+ * Keruald is mainly a repository for common libraries elements between
+ * engines like Pluton (content-oriented site) and Xen (MVC).
+ *
+ * You should consider to start with one of those.
+ *
+ */
+
+////////////////////////////////////////////////////////////////////////////////
+///
+/// Initialization
+///
+
+//Keruald libraries
+include('includes/core.php');
+
+////////////////////////////////////////////////////////////////////////////////
+///
+/// Session
+///
+
+//[TODO] If your session contains classes, and you don't implement __autoload,
+//you've to require those items before session_start();
+//You can implement this here or in _includes/sessions.php
+
+//Starts a new session or recovers current session
+$Session = Session::load();
+
+//Handles login or logout
+include("includes/login.php");
+
+//Gets current user information
+$CurrentUser = $Session->get_logged_user();
+
+////////////////////////////////////////////////////////////////////////////////
+///
+/// Your application initialization logic
+///
+
+//[TODO] Loads your template engine or prepares the document to print
+//[TODO] Loads languages file if you're into L10n
+
+////////////////////////////////////////////////////////////////////////////////
+///
+/// Serves the requested page
+///
+
+//[TODO] Understand the URL if not done yet and calls relevant script
+//[TODO] As a MVC sample, here a Xen-like approach.
+// For a content-or iented, see the Pluton index.php
+//
+//Tip: to understand the url, get_current_url_fragments will output an array:
+//www.yourdomain.tld/planet/mars/sat?name=demios -> {'planet', 'mars', 'sat'}
+
+/*
+$url = get_current_url_fragments();
+switch ($controller = $url[0]) {
+ case '':
+ //Calls homepage controller
+ include("controllers/home.php");
+ break;
+
+ case 'planet':
+ case 'user':
+ case 'anotherstuff':
+ //Calls requested controller
+ include("controllers/$controller.php");
+ break;
+
+ default:
+ header("HTTP/1.0 404 Not Found");
+ dieprint_r($url, 'Unknown URL');
+}
+*/
+
+?>
\ No newline at end of file

File Metadata

Mime Type
text/x-diff
Expires
Thu, Sep 18, 11:46 (14 h, 12 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2989125
Default Alt Text
(38 KB)

Event Timeline

Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator