Mercurial > hg > fapweb
view msite.inc.php @ 71:d74fb8cf0062
Adjust attendee output again, we're separating vote keys from there once more. Durr.
author | Matti Hamalainen <ccr@tnsp.org> |
---|---|
date | Fri, 11 Oct 2013 09:33:16 +0300 |
parents | d31fc2c53b2b |
children | 63a6caf59e5c |
line wrap: on
line source
<? // // FAPWEB - Demo Party Website System System // Generic and miscellaneous site support code // (C) Copyright 2012 Matti 'ccr' Hamalainen <ccr@tnsp.org> // // Globals and definitions $errorSet = FALSE; $errorMsg = ""; define("VT_STR", 1); define("VT_INT", 2); define("VT_BOOL", 3); define("VT_TEXT", 4); define("SESS_USER", "user"); define("SESS_ADMIN", "admin"); if (function_exists("ini_set")) { // Use cookies to store the session ID on the client side @ini_set("session.use_only_cookies", 1); // Disable transparent Session ID support @ini_set("session.use_trans_sid", 0); } function stError($msg) { global $errorSet, $errorMsg; $errorSet = TRUE; $errorMsg .= "<li>".$msg."</li>\n"; } function stCheckHTTPS() { return isset($_SERVER["HTTPS"]) && ($_SERVER["HTTPS"] != "" && $_SERVER["HTTPS"] != "off"); } function stSetupCacheControl() { header("Cache-Control: must-revalidate, no-store, private"); header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Date in the past } function stReloadSettings() { global $siteSettings; $res = stExecSQL("SELECT * FROM settings"); if ($res !== FALSE) { foreach ($res as $row) { switch ($row["vtype"]) { case VT_INT: $val = intval($row["vint"]); break; case VT_BOOL: $val = intval($row["vint"]) ? true : false; break; case VT_STR: $val = $row["vstr"]; break; case VT_TEXT: $val = $row["vtext"]; break; } $siteSettings[$row["key"]] = $val; } } else die("Error fetching site settings."); } function stGetSetting($name) { global $siteSettings; if (isset($siteSettings[$name])) return $siteSettings[$name]; else die("No config value for '".$name."'.\n"); } function stChkSetting($name) { global $siteSettings; return isset($siteSettings[$name]) && $siteSettings[$name]; } function dhentities($str) { return str_replace(array("<",">"), array("<", ">"), htmlentities($str, ENT_NOQUOTES, "UTF-8")); } function chentities($str) { return htmlentities($str, ENT_NOQUOTES, "UTF-8"); } function stGetIDName($name, $id, $prefix = "") { return ($id != "" ? "id=\"".$prefix.$name.$id."\" " : ""). ($name != "" ? "name=\"".$prefix.$name.$id."\" " : ""); } function stGetFormCheckBoxInput($name, $id, $prefix, $checked, $label, $extra = "") { return "<input ".$extra." type=\"checkbox\" ".stGetIDName($name, $id, $prefix). ($checked ? "checked=\"checked\" " : "")." />". ($label != "" ? "<label for=\"".$name."\">".$label."</label>" : ""); } function stGetFormRadioButtonInput($name, $id, $prefix, $value, $checked, $label, $extra = "") { return "<input ".$extra." type=\"radio\" ".stGetIDName($name, $id, $prefix). ($checked ? "checked=\"checked\" " : "")." value=\"".$value."\" />". ($label != "" ? "<label for=\"".$name."\">".$label."</label>" : ""); } function stGetFormButtonInput($name, $id, $prefix, $label, $onclick = "") { return "<input type=\"button\" ".stGetIDName($name, $id, $prefix). "value=\" ".chentities($label)." \" ". ($onclick != "" ? "onClick=\"".$onclick."\"" : "")." />"; } function stGetFormTextArea($rows, $cols, $name, $id, $prefix, $value, $extra = "") { return "<textarea ".$extra." ".stGetIDName($name, $id, $prefix). "rows=\"".$rows."\" cols=\"".$cols."\">". (isset($value) ? chentities($value) : ""). "</textarea>"; } function stGetFormTextInput($size, $len, $name, $id, $prefix, $value, $extra = "") { return "<input ".$extra." type=\"text\" ".stGetIDName($name, $id, $prefix). "size=\"".$size."\" maxlength=\"".$len."\"". (isset($value) ? " value=\"".chentities($value)."\"" : ""). " />"; } function stGetFormPasswordInput($name, $id, $prefix) { return "<input type=\"password\" ".stGetIDName($name, $id, $prefix)." />"; } function stGetFormSubmitInput($name, $label, $onclick = "") { return "<input type=\"submit\" name=\"".$name. "\" value=\" ".chentities($label)." \" ". ($onclick != "" ? "onClick=\"".$onclick."\"" : "")." />"; } function stGetFormHiddenInput($name, $value) { return "<input type=\"hidden\" name=\"".$name. "\" value=\"".chentities($value)."\" />"; } function stGetFormStart($name, $action = "", $method = "post") { return "<form name=\"".$name."\" action=\"". ($action != "" ? $action : $name). "\" method=\"".$method."\">\n"; } function stGetTDEditTextItem($edit, $size, $len, $name, $id, $prefix, $value, $extra = "") { return "<td class=\"".$name."\">". ($edit ? stGetFormTextInput($size, $len, $name, $id, $prefix, $value, $extra) : chentities($value)). "</td>"; } function stPrintFormTextInput($text1, $text2, $size, $len, $name, $extra="") { echo " <tr><th>".chentities($text1)."</th><td>". stGetFormTextInput($size, $len, $name, "", "", stGetRequestItem($name), $extra). "</td><td>".chentities($text2)."</td></tr>\n"; } function stPrintFormHiddenInput($name, $value) { echo " ".stGetFormHiddenInput($name, $value)."\n"; } function stChkDataItem($name) { return !isset($_REQUEST[$name]) || strlen(trim($_REQUEST[$name])) < 1; } function stChkRequestItem($name) { return isset($_REQUEST[$name]); } function stGetRequestItem($name, $default = "") { return isset($_REQUEST[$name]) ? trim($_REQUEST[$name]) : $default; } function stGetDRequestItem($name, $default = "") { return trim(urldecode(stGetRequestItem($name, $default))); } function stLogSQLError($sql) { global $db; error_log("SQL error ".implode("; ", $db->errorInfo())." in statement \"".$sql."\""); } function stConnectSQLDB() { global $db; try { $db = new PDO(stGetSetting("sqlDB")); } catch (PDOException $e) { error_log("Could not connect to SQL database: ".$e->getMessage()."."); return FALSE; } return TRUE; } function stGetSQLParam($type, $value) { global $db; switch ($type) { case "d": return intval($value); case "s": return $db->quote($value); case "D": return intval(stGetRequestItem($value)); case "S": return $db->quote(stGetDRequestItem($value)); case "Q": return $db->quote(stripslashes(stGetDRequestItem($value))); case "B": return intval(stGetRequestItem($value)) ? 1 : 0; } } function stPrepareSQL() { $argc = func_num_args(); $argv = func_get_args(); if ($argc < 1) { error_log("Invalid stPrepareSQL() call, no arguments!"); return FALSE; } $fmt = $argv[0]; $len = strlen($fmt); $sql = ""; $argn = 1; $pos = 0; while ($pos < $len) { if ($fmt[$pos] == "%") { if ($argn < $argc) $sql .= stGetSQLParam($fmt[++$pos], $argv[$argn++]); else { error_log("Invalid SQL statement format string '".$fmt. "', not enough parameters specified (".$argn." of ".$argc.")"); return FALSE; } } else $sql .= $fmt[$pos]; $pos++; } return $sql; } function stPrepareSQLUpdate($table, $cond, $pairs) { $sql = array(); foreach ($pairs as $name => $attr) { $sql[] = $name."=".stGetSQLParam($attr, $name); } return "UPDATE ".$table." SET ".implode(",", $sql). ($cond != "" ? " ".$cond : ""); } function stExecSQL($sql) { global $db; if (($res = $db->query($sql)) !== FALSE) return $res; else { stLogSQLError($sql); stError("Oh noes! SQL error #23!"); return FALSE; } } function stFetchSQL($sql) { global $db; if (($res = $db->query($sql)) !== FALSE) { return $res->fetch(); } else { stLogSQLError($sql); stError("Oh noes! SQL error #31!"); return FALSE; } } function stFetchSQLColumn($sql, $column = 0) { global $db; if (($res = $db->query($sql)) !== FALSE) { return $res->fetchColumn($column); } else { stLogSQLError($sql); stError("Oh noes! SQL error #81!"); return FALSE; } } // // Site-specific common functions .. these should be elsewhere // function stPrintAttendee($item, $row, $edit, $eclass = "") { $id = $item["id"]; $prefix = "at"; echo " <tr class=\"".($row % 2 == 1 ? "rodd" : "reven")."\" id=\"attendee".$id."\">"; echo stGetTDEditTextItem(FALSE, 20, 40, "name", $id, $prefix, $item["name"]). stGetTDEditTextItem(FALSE, 20, 40, "groups", $id, $prefix, $item["groups"]). "<td class=\"regtime\">".date("d.m. H:i", $item["regtime"])."</td>". stGetTDEditTextItem($edit, 30, 64, "oneliner", $id, $prefix, $item["oneliner"], "autocomplete=\"off\""); if ($edit) { echo stGetTDEditTextItem($edit, 20, 40, "email", $id, $prefix, $item["email"], "autocomplete=\"off\""). "<td>". "<button class=\"button\" id=\"atupd".$id."\" type=\"button\" onclick=\"updateAttendee(".$id.")\"> Upd </button>". "<button class=\"button\" id=\"atdel".$id."\" type=\"button\" onclick=\"deleteAttendee(".$id.")\"> Del </button>". "</td>"; } echo "</tr>\n"; } function stPrintNewsItem($item, $edit = "") { echo "<div class=\"newsitem\" id=\"news".$item["id"]."\">\n". " <h2>".chentities($item["title"])."</h2>\n". " <div class=\"text\">".dhentities($item["text"])."</div>\n". " <div class=\"sig\">-- ".chentities($item["author"])."<br />". date("d M Y / H:i", $item["utime"]). $edit."</div>\n". "</div>\n"; } function stGetCompoList($fvisible, $fvoting = FALSE) { global $compos; // Get entries and competitions into an array structure $sql = "SELECT * FROM compos"; if ($fvisible || $fvoting) { $sql .= " WHERE ".implode(" AND ", array($fvisible ? "visible<>0" : "", $fvoting ? "voting<>0" : "")); } foreach (stExecSQL($sql) as $compo) { $id = $compo["id"]; $compos[$compo["id"]] = array( "name" => $compo["name"], "entries" => array() ); $sql = stPrepareSQL("SELECT * FROM entries WHERE compo_id=%d", $id); foreach (stExecSQL($sql) as $entry) { $compos[$id]["entries"][$entry["id"]] = $entry; } } } function stGenerateUserKey() { global $db; $keyChars = "abcdefghjkmnpqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ23456789"; while (TRUE) { // Generate one randomized keycode $key = ""; for ($n = 0; $n < stGetSetting("userKeyLength"); $n++) $key .= $keyChars[rand() % strlen($keyChars)]; // Check if it already exists, to avoid duplicates // We need custom query code here, because stFetchSQLColumn() // won't work due to it returning FALSE in error cases. $sql = stPrepareSQL("SELECT * FROM attendees WHERE key=%s", $key); if (($res = @$db->query($sql)) !== FALSE) { // Did we get results? if ($res->fetchColumn() === FALSE) { // Nope, return key return $key; } } else { stLogSQLError($sql); return FALSE; } } } function stUpdateUserKey($uid) { if (($res = stGenerateUserKey()) !== FALSE) { // Nope, add key into database $sql = stPrepareSQL( "UPDATE attendees SET key=%s,active=0 WHERE id=%d", $key, $uid); return stExecSQL($sql); } else return FALSE; } function stSetStatus($val, $msg) { global $statusSet; if (!$statusSet) { header("Status: ".$val." ".$msg); } $statusSet = TRUE; } function stExecSQLCond($sql, $okmsg) { if (($res = stExecSQL($sql)) !== FALSE) { if ($okmsg != "") stSetStatus(200, $okmsg); return $res; } else { stSetStatus(900, "Error in SQL execution."); return FALSE; } } ?>