Mercurial > hg > fapweb

view msite.inc.php @ 70:d31fc2c53b2b

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Added stUpdateUserKey(uid) for updating / regenerating a vote key for given UID.
author Matti Hamalainen <ccr@tnsp.org>
date Fri, 11 Oct 2013 09:32:00 +0300
parents 30a4420e85ab
children d74fb8cf0062
line wrap: on
line source

<?
//
// FAPWEB - Demo Party Website System System
// Generic and miscellaneous site support code
// (C) Copyright 2012 Matti 'ccr' Hamalainen <ccr@tnsp.org>
//

// Globals and definitions
$errorSet = FALSE;
$errorMsg = "";

define("VT_STR", 1);
define("VT_INT", 2);
define("VT_BOOL", 3);
define("VT_TEXT", 4);

define("SESS_USER", "user");
define("SESS_ADMIN", "admin");


if (function_exists("ini_set"))
{
  // Use cookies to store the session ID on the client side
  @ini_set("session.use_only_cookies", 1);
      
  // Disable transparent Session ID support
  @ini_set("session.use_trans_sid", 0);
}


function stError($msg)
{
  global $errorSet, $errorMsg;
  $errorSet = TRUE;
  $errorMsg .= "<li>".$msg."</li>\n";
}


function stCheckHTTPS()
{
  return isset($_SERVER["HTTPS"]) && ($_SERVER["HTTPS"] != "" && $_SERVER["HTTPS"] != "off");
}


function stSetupCacheControl()
{
  header("Cache-Control: must-revalidate, no-store, private");
  header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Date in the past
}


function stReloadSettings()
{
  global $siteSettings;
  $res = stExecSQL("SELECT * FROM settings");
  if ($res !== FALSE)
  {
    foreach ($res as $row)
    {
      switch ($row["vtype"])
      {
        case VT_INT:  $val = intval($row["vint"]); break;
        case VT_BOOL: $val = intval($row["vint"]) ? true : false; break;
        case VT_STR:  $val = $row["vstr"]; break;
        case VT_TEXT: $val = $row["vtext"]; break;
      }
      $siteSettings[$row["key"]] = $val;
    }
  }
  else
    die("Error fetching site settings.");
}


function stGetSetting($name)
{
  global $siteSettings;
  if (isset($siteSettings[$name]))
    return $siteSettings[$name];
  else
    die("No config value for '".$name."'.\n");
}


function stChkSetting($name)
{
  global $siteSettings;
  return isset($siteSettings[$name]) && $siteSettings[$name];
}


function dhentities($str)
{
  return str_replace(array("&lt;","&gt;"), array("<", ">"), htmlentities($str, ENT_NOQUOTES, "UTF-8"));
}


function chentities($str)
{
  return htmlentities($str, ENT_NOQUOTES, "UTF-8");
}


function stGetIDName($name, $id, $prefix = "")
{
  return
    ($id != "" ? "id=\"".$prefix.$name.$id."\" " : "").
    ($name != "" ? "name=\"".$prefix.$name.$id."\" " : "");
}


function stGetFormCheckBoxInput($name, $id, $prefix, $checked, $label, $extra = "")
{
  return
    "<input ".$extra." type=\"checkbox\" ".stGetIDName($name, $id, $prefix).
    ($checked ? "checked=\"checked\" " : "")." />".
    ($label != "" ? "<label for=\"".$name."\">".$label."</label>" : "");
}


function stGetFormRadioButtonInput($name, $id, $prefix, $value, $checked, $label, $extra = "")
{
  return
    "<input ".$extra." type=\"radio\" ".stGetIDName($name, $id, $prefix).
    ($checked ? "checked=\"checked\" " : "")." value=\"".$value."\" />".
    ($label != "" ? "<label for=\"".$name."\">".$label."</label>" : "");
}


function stGetFormButtonInput($name, $id, $prefix, $label, $onclick = "")
{
  return
    "<input type=\"button\" ".stGetIDName($name, $id, $prefix).
    "value=\" ".chentities($label)." \" ".
    ($onclick != "" ? "onClick=\"".$onclick."\"" : "")." />";
}


function stGetFormTextArea($rows, $cols, $name, $id, $prefix, $value, $extra = "")
{
  return
    "<textarea ".$extra." ".stGetIDName($name, $id, $prefix).
    "rows=\"".$rows."\" cols=\"".$cols."\">".
    (isset($value) ? chentities($value) : "").
    "</textarea>";
}


function stGetFormTextInput($size, $len, $name, $id, $prefix, $value, $extra = "")
{
  return
    "<input ".$extra." type=\"text\" ".stGetIDName($name, $id, $prefix).
    "size=\"".$size."\" maxlength=\"".$len."\"".
    (isset($value) ? " value=\"".chentities($value)."\"" : "").
    " />";
}


function stGetFormPasswordInput($name, $id, $prefix)
{
  return
    "<input type=\"password\" ".stGetIDName($name, $id, $prefix)." />";
}


function stGetFormSubmitInput($name, $label, $onclick = "")
{
  return
    "<input type=\"submit\" name=\"".$name.
    "\" value=\" ".chentities($label)." \" ".
    ($onclick != "" ? "onClick=\"".$onclick."\"" : "")." />";
}


function stGetFormHiddenInput($name, $value)
{
  return
    "<input type=\"hidden\" name=\"".$name.
    "\" value=\"".chentities($value)."\" />";
}


function stGetFormStart($name, $action = "", $method = "post")
{
  return
    "<form name=\"".$name."\" action=\"".
    ($action != "" ? $action : $name).
    "\" method=\"".$method."\">\n";
}


function stGetTDEditTextItem($edit, $size, $len, $name, $id, $prefix, $value, $extra = "")
{
  return
    "<td class=\"".$name."\">".
    ($edit ? stGetFormTextInput($size, $len, $name, $id, $prefix, $value, $extra) : chentities($value)).
    "</td>";
}


function stPrintFormTextInput($text1, $text2, $size, $len, $name, $extra="")
{
  echo "  <tr><th>".chentities($text1)."</th><td>".
    stGetFormTextInput($size, $len, $name, "", "", stGetRequestItem($name), $extra).
    "</td><td>".chentities($text2)."</td></tr>\n";
}


function stPrintFormHiddenInput($name, $value)
{
  echo " ".stGetFormHiddenInput($name, $value)."\n";
}


function stChkDataItem($name)
{
  return !isset($_REQUEST[$name]) || strlen(trim($_REQUEST[$name])) < 1;
}


function stChkRequestItem($name)
{
  return isset($_REQUEST[$name]);
}


function stGetRequestItem($name, $default = "")
{
  return isset($_REQUEST[$name]) ? trim($_REQUEST[$name]) : $default;
}


function stGetDRequestItem($name, $default = "")
{
  return trim(urldecode(stGetRequestItem($name, $default)));
}


function stLogSQLError($sql)
{
  global $db;
  error_log("SQL error ".implode("; ", $db->errorInfo())." in statement \"".$sql."\"");
}


function stConnectSQLDB()
{
  global $db;
  try {
    $db = new PDO(stGetSetting("sqlDB"));
  }
  catch (PDOException $e) {
    error_log("Could not connect to SQL database: ".$e->getMessage().".");
    return FALSE;
  }
  return TRUE;
}


function stGetSQLParam($type, $value)
{
  global $db;
  switch ($type)
  {
    case "d":
      return intval($value);

    case "s":
      return $db->quote($value);

    case "D":
      return intval(stGetRequestItem($value));

    case "S":
      return $db->quote(stGetDRequestItem($value));

    case "Q":
      return $db->quote(stripslashes(stGetDRequestItem($value)));

    case "B":
      return intval(stGetRequestItem($value)) ? 1 : 0;
  }
}


function stPrepareSQL()
{
  $argc = func_num_args();
  $argv = func_get_args();
  if ($argc < 1)
  {
    error_log("Invalid stPrepareSQL() call, no arguments!");
    return FALSE;
  }
  
  $fmt = $argv[0];
  $len = strlen($fmt);
  $sql = "";
  $argn = 1;
  $pos = 0;
  while ($pos < $len)
  {
    if ($fmt[$pos] == "%")
    {
      if ($argn < $argc)
        $sql .= stGetSQLParam($fmt[++$pos], $argv[$argn++]);
      else
      {
        error_log("Invalid SQL statement format string '".$fmt.
          "', not enough parameters specified (".$argn." of ".$argc.")");
        return FALSE;
      }
    }
    else
      $sql .= $fmt[$pos];
    $pos++;
  }
  
  return $sql;
}


function stPrepareSQLUpdate($table, $cond, $pairs)
{
  $sql = array();
  foreach ($pairs as $name => $attr)
  {
    $sql[] = $name."=".stGetSQLParam($attr, $name);
  }
  return
    "UPDATE ".$table." SET ".implode(",", $sql).
    ($cond != "" ? " ".$cond : "");
}


function stExecSQL($sql)
{
  global $db;
  if (($res = $db->query($sql)) !== FALSE)
    return $res;
  else
  {
    stLogSQLError($sql);
    stError("Oh noes! SQL error #23!");
    return FALSE;
  }
}


function stFetchSQL($sql)
{
  global $db;
  if (($res = $db->query($sql)) !== FALSE)
  {
    return $res->fetch();
  }
  else
  {
    stLogSQLError($sql);
    stError("Oh noes! SQL error #31!");
    return FALSE;
  }
}


function stFetchSQLColumn($sql, $column = 0)
{
  global $db;
  if (($res = $db->query($sql)) !== FALSE)
  {
    return $res->fetchColumn($column);
  }
  else
  {
    stLogSQLError($sql);
    stError("Oh noes! SQL error #81!");
    return FALSE;
  }
}


//
// Site-specific common functions .. these should be elsewhere
//
function stPrintAttendee($item, $row, $edit, $eclass = "")
{
  $id = $item["id"];
  $prefix = "at";
  echo "  ".
    " <tr class=\"".($item["active"] ? "vactive " : "").
    ($row % 2 == 1 ? "rodd" : "reven")."\" id=\"attendee".$id."\">";
  
  if ($edit)
  {
    echo
    stGetTDEditTextItem(FALSE, 20, 40, "name", $id, $prefix, $item["name"]." / ".$item["groups"]);
  }
  else
  {
    echo
    stGetTDEditTextItem(FALSE, 20, 40, "name", $id, $prefix, $item["name"]).
    stGetTDEditTextItem(FALSE, 20, 40, "groups", $id, $prefix, $item["groups"]).
    "<td class=\"regtime\">".date("d M Y / H:i", $item["regtime"])."</td>";
  }

  echo
    stGetTDEditTextItem($edit, 30, 64, "oneliner", $id, $prefix, $item["oneliner"], "autocomplete=\"off\"");

  if ($edit)
  {
    echo
      stGetTDEditTextItem($edit, 20, 40, "email", $id, $prefix, $item["email"], "autocomplete=\"off\"").

      "<td>".
      "<button class=\"button\" id=\"atupd".$id."\" type=\"button\" onclick=\"updateAttendee(".$id.")\">Update</button>".
      "<button class=\"button\" id=\"atdel".$id."\" type=\"button\" onclick=\"deleteAttendee(".$id.")\">Delete</button>".
      "</td>".

      "  <td class=\"vkey\">".chentities($item["key"])."</td>\n".
      "  <td class=\"vactive\">".stGetFormCheckBoxInput("active", $id, $prefix, $item["active"], "",
      "onClick=\"updateAttendee2(".$id.")\"")."</td>\n";
  }

  echo "</tr>\n";
}


function stPrintNewsItem($item, $edit = "")
{
  echo
  "<div class=\"newsitem\" id=\"news".$item["id"]."\">\n".
  "  <h2>".chentities($item["title"])."</h2>\n".
  "  <div class=\"text\">".dhentities($item["text"])."</div>\n".
  "  <div class=\"sig\">-- ".chentities($item["author"])."<br />".
    date("d M Y / H:i", $item["utime"]).
    $edit."</div>\n".
  "</div>\n";
}


function stGetCompoList($fvisible, $fvoting = FALSE)
{
  global $compos;

  // Get entries and competitions into an array structure
  $sql = "SELECT * FROM compos";
  if ($fvisible || $fvoting)
  {
    $sql .= " WHERE ".implode(" AND ", array($fvisible ? "visible<>0" : "", $fvoting ? "voting<>0" : ""));
  }
  foreach (stExecSQL($sql) as $compo)
  {
    $id = $compo["id"];

    $compos[$compo["id"]] = array(
      "name" => $compo["name"],
      "entries" => array()
    );

    $sql = stPrepareSQL("SELECT * FROM entries WHERE compo_id=%d", $id);
    foreach (stExecSQL($sql) as $entry)
    {
      $compos[$id]["entries"][$entry["id"]] = $entry;
    }
  }
}


function stGenerateUserKey()
{
  global $db;
  $keyChars = "abcdefghjkmnpqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ23456789";
  
  while (TRUE)
  {
    // Generate one randomized keycode
    $key = "";
    for ($n = 0; $n < stGetSetting("userKeyLength"); $n++)
      $key .= $keyChars[rand() % strlen($keyChars)];

    // Check if it already exists, to avoid duplicates
    // We need custom query code here, because stFetchSQLColumn()
    // won't work due to it returning FALSE in error cases.
    $sql = stPrepareSQL("SELECT * FROM attendees WHERE key=%s", $key);
    if (($res = @$db->query($sql)) !== FALSE)
    {
      // Did we get results?
      if ($res->fetchColumn() === FALSE)
      {
        // Nope, return key
        return $key;
      }
    }
    else
    {
      stLogSQLError($sql);
      return FALSE;
    }
  }
}


function stUpdateUserKey($uid)
{
  if (($res = stGenerateUserKey()) !== FALSE)
  {
    // Nope, add key into database
    $sql = stPrepareSQL(
      "UPDATE attendees SET key=%s,active=0 WHERE id=%d",
      $key, $uid);
    
    return stExecSQL($sql);
  }
  else
    return FALSE;
}


function stSetStatus($val, $msg)
{
  global $statusSet;
  if (!$statusSet)
  {
    header("Status: ".$val." ".$msg);
  }
  $statusSet = TRUE;
}


function stExecSQLCond($sql, $okmsg)
{
  if (($res = stExecSQL($sql)) !== FALSE)
  {
    if ($okmsg != "")
      stSetStatus(200, $okmsg);
    return $res;
  }
  else
  {
    stSetStatus(900, "Error in SQL execution.");
    return FALSE;
  }
}


?>