diff options
Diffstat (limited to 'engine/lib')
-rw-r--r-- | engine/lib/access.php | 91 | ||||
-rw-r--r-- | engine/lib/database.php | 10 | ||||
-rw-r--r-- | engine/lib/objects.php | 185 | ||||
-rw-r--r-- | engine/lib/sites.php | 49 | ||||
-rw-r--r-- | engine/lib/users.php | 97 |
5 files changed, 432 insertions, 0 deletions
diff --git a/engine/lib/access.php b/engine/lib/access.php new file mode 100644 index 000000000..e704dfd5e --- /dev/null +++ b/engine/lib/access.php @@ -0,0 +1,91 @@ +<?php
+
+ /**
+ * Elgg access permissions
+ * For users, objects, collections and all metadata
+ *
+ * @package Elgg
+ * @subpackage Core
+ * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2
+ * @author Curverider Ltd
+ * @copyright Curverider Ltd 2008
+ * @link http://elgg.org/
+ */
+
+ /**
+ * Get the list of access restrictions the given user is allowed to see on this site
+ *
+ * @uses get_access_array
+ * @param int $user_id User ID; defaults to currently logged in user
+ * @param int $site_id Site ID; defaults to current site
+ * @param boolean $flush If set to true, will refresh the access list from the database
+ * @return string A list of access groups suitable for injection in an SQL call
+ */
+ function get_access_list($user_id = 0, $site_id = 0, $flush = false) {
+
+ global $CONFIG;
+ static $access_list;
+
+ if (!isset($access_list))
+ $access_list = array();
+
+ if ($user_id == 0) $user_id = $_SESSION['id'];
+ if ($site_id == 0) $site_id = $CONFIG->site_id;
+ $user_id = (int) $user_id;
+ $site_id = (int) $site_id;
+
+ if (empty($access_list[$user_id]) || $flush == true) {
+
+ $access_list[$user_id] = "(" . implode(",",get_access_array($user_id, $site_id, $flush)) . ")";
+
+ }
+
+ return $access_list[$user_id];
+
+ }
+
+ /**
+ * Gets an array of access restrictions the given user is allowed to see on this site
+ *
+ * @param int $user_id User ID; defaults to currently logged in user
+ * @param int $site_id Site ID; defaults to current site
+ * @param boolean $flush If set to true, will refresh the access list from the database
+ * @return array An array of access groups suitable for injection in an SQL call
+ */
+ function get_access_array($user_id = 0, $site_id = 0, $flush = false) {
+
+ global $CONFIG;
+ static $access_array;
+
+ if (!isset($access_array))
+ $access_array = array();
+
+ if ($user_id == 0) $user_id = $_SESSION['id'];
+ if ($site_id == 0) $site_id = $CONFIG->site_id;
+ $user_id = (int) $user_id;
+ $site_id = (int) $site_id;
+
+ if (empty($access_array[$user_id]) || $flush == true) {
+
+ $query = "select am.access_group_id from {$CONFIG->dbprefix}access_group_membership am ";
+ $query .= " left join {$CONFIG->dbprefix}access_groups ag on ag.id = am.access_group_id ";
+ $query .= " where am.user_id = {$user_id} and (ag.site_id = {$site_id} or ag.site_id = 0)";
+
+ $tmp_access_array = array(2);
+ if (isloggedin())
+ $tmp_access_array[] = 1;
+
+ if ($groups = get_data($query)) {
+ foreach($groups as $group)
+ $tmp_access_array[] = $group->access_group_id;
+ }
+
+ $access_array[$user_id] = $tmp_access_array;
+
+ }
+
+ return $access_array[$user_id];
+
+ }
+
+?>
\ No newline at end of file diff --git a/engine/lib/database.php b/engine/lib/database.php index 55bfc602d..ba3762a8d 100644 --- a/engine/lib/database.php +++ b/engine/lib/database.php @@ -309,6 +309,16 @@ }
+ /**
+ * Sanitise a string for database use
+ *
+ * @param string $string The string to sanitise
+ * @return string Sanitised string
+ */
+ function sanitise_string($string) {
+ return mysql_real_escape_string($string);
+ }
+
// Stuff for initialisation
register_event_handler('init','system','init_db',0);
diff --git a/engine/lib/objects.php b/engine/lib/objects.php new file mode 100644 index 000000000..6a58f2709 --- /dev/null +++ b/engine/lib/objects.php @@ -0,0 +1,185 @@ +<?php
+
+ /**
+ * Elgg objects
+ * Forms the basis of object storage and retrieval
+ *
+ * @package Elgg
+ * @subpackage Core
+ * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2
+ * @author Curverider Ltd
+ * @copyright Curverider Ltd 2008
+ * @link http://elgg.org/
+ */
+
+ /**
+ * Get object reverse ordered by publish time, optionally filtered by user and/or type
+ *
+ * @param int $user_id The ID of the publishing user; set to 0 for all users
+ * @param string $type The type of the object; set to blank for all types
+ * @param string $metadata_type The type of metadata that we're searching on (blank for none)
+ * @param string $metadata_value The value of metadata that we're searching on (blank for none)
+ * @param int $limit The number of objects (default 10)
+ * @param int $offset The offset of the return, for pagination
+ * @param int $site_id The site the objects belong to (leave blank for default site)
+ * @return unknown
+ */
+ function get_objects($user_id = 0, $type = "", $metadata_type = "", $metadata_value = "", $limit = 10, $offset = 0, $site_id = 0) {
+
+ global $CONFIG;
+
+ $user_id = (int) $user_id;
+ $type = sanitise_string($type);
+ $limit = (int) $limit;
+ $offset = (int) $offset;
+ $site_id = (int) $site_id;
+ if ($site_id == 0) $site_id = $CONFIG->site_id;
+ $access = get_access_list();
+
+ $query = "select o.*, ot.name as typename from {$CONFIG->dbprefix}objects o ";
+ if (!empty($type)) $query .= " left join {$CONFIG->dbprefix}object_types ot on ot.id = o.type_id ";
+ if (!empty($metadata_type) && !empty($metadata_value)) {
+ $metadata_type = sanitise_string($metadata_type);
+ $metadata_value = sanitise_string($metadata_value);
+ $query .= " left join {$CONFIG->dbprefix}object_metadata om on om.object_id = o.id ";
+ $query .= " left join {$CONFIG->dbprefix}metadata_value mv on mv.id = om.value_id ";
+ $query .= " left join {$CONFIG->dbprefix}metadata_type mt on mt.id = om.metadata_type_id ";
+ }
+ $query .= " where o.site_id = {$site_id} ";
+ $query .= " and (o.access_id in {$access} or (o.access_id = 0 and o.owner_id = {$_SESSION['id']}))";
+ if (!empty($type)) $query .= " and ot.name = '{$type}'";
+ if ($user_id > 0) $query .= " and o.owner_id = {$user_id} ";
+ if (!empty($metadata_type) && !empty($metadata_value)) {
+ $query .= " and mv.value = '{$metadata_value}' and mt.name = '{$metadata_type}' ";
+ $query .= " and (om.access_id in {$access} or (om.access_id = 0 and o.owner_id = {$_SESSION['id']}))";
+ }
+ $query .= " order by o.time_created desc ";
+ if ($limit > 0 || $offset > 0) $query .= " limit {$offset}, {$limit}";
+
+ return get_data($query);
+
+ }
+
+ /**
+ * Retrieves details about an object, if the current user is allowed to see it
+ *
+ * @param int $object_id The ID of the object to load
+ * @return object A database representation of the object
+ */
+
+ function get_object($object_id) {
+
+ global $CONFIG;
+
+ $object_id = (int) $object_id;
+ $access = get_access_list();
+
+ return get_data_row("select o.*, ot.name as typename from {$CONFIG->dbprefix}objects left join {$CONFIG->dbprefix}object_types ot on ot.id = o.type_id where (o.access_id in {$access} or (o.access_id = 0 and o.owner_id = {$_SESSION['id']}))");
+
+ }
+
+ /**
+ * Deletes an object and all accompanying metadata
+ *
+ * @param int $object_id The ID of the object
+ * @return true|false Depending on success
+ */
+ function delete_object($object_id) {
+
+ global $CONFIG;
+
+ $object_id = (int) $object_id;
+ $access = get_access_list();
+
+ if (delete_data("delete from {$CONFIG->dbprefix}objects where o.owner_id = {$_SESSION['id']}")) {
+ remove_object_metadata("",$object_id);
+ return true;
+ }
+
+ return false;
+ }
+
+ /**
+ * Creates an object
+ *
+ * @param string $title Object title
+ * @param string $description A description of the object
+ * @param string $type The textual type of the object (eg "blog")
+ * @param int $owner The owner of the object (defaults to currently logged in user)
+ * @param int $access_id The access restriction on the object (defaults to private)
+ * @param int $site_id The site the object belongs to
+ * @return int The ID of the newly-inserted object
+ */
+ function create_object($title, $description, $type, $owner = 0, $access_id = 0, $site_id = 0) {
+
+ global $CONFIG;
+
+ $title = sanitise_string($title);
+ $description = sanitise_string($description);
+ $owner = (int) $owner;
+ $site_id = (int) $site_id;
+ $access_id = (int) $access_id;
+ if ($site_id == 0) $site_id = $CONFIG->site_id;
+ if ($owner == 0) $owner = $_SESSION['id'];
+
+ // We can't let non-logged in users create data
+ // We also need the access restriction to be valid
+ if ($owner > 0 && in_array($access_id,get_access_array())) {
+
+ $type_id = get_object_type_id($type);
+
+ $query = " insert into {$CONFIG->dbprefix}objects ";
+ $query .= "(`title`,`description`,`type_id`,`owner_id`,`site_id`,`access_id`) values ";
+ $query .= "('{$title}','{$description}', {$type_id}, {$owner}, {$site_id}, {$access_id}";
+ return insert_data($query);
+
+ }
+ return false;
+
+ }
+
+ /**
+ * Gets the ID of an object type in the database, setting it if necessary
+ *
+ * @param string $type The name of the object type
+ * @return int|false The database ID of the object type, or false if the given type was invalid
+ */
+ function get_object_type_id($type) {
+
+ global $CONFIG;
+
+ $type = strtolower(trim(sanitise_string($type)));
+ if (!empty($type) && $dbtype = get_data_row("select id from {$CONFIG->dbprefix}object_types where name = '{$type}'")) {
+ return $dbtype->id;
+ } else if (!empty($type)) {
+ return insert_data("insert into {$CONFIG->dbprefix}object_types set name = '{$type}'");
+ }
+ return false;
+
+ }
+
+ /**
+ * Sets a piece of metadata for a particular object.
+ *
+ * @param string $metadata_name The type of metadata
+ * @param string $metadata_value Its value
+ * @param int $access_id The access level of the metadata
+ * @param int $object_id The ID of the object
+ * @return true|false depending on success
+ */
+ function set_object_metadata($metadata_name, $metadata_value, $access_id, $object_id) {
+ return true;
+ }
+
+ /**
+ * Removes a piece of (or all) metadata for a particular object.
+ *
+ * @param string $metadata_name The type of metadata; blank for all metadata
+ * @param int $object_id The ID of the object
+ * @return true|false depending on success
+ */
+ function remove_object_metadata($metadata_name = "", $object_id) {
+ return true;
+ }
+
+?>
\ No newline at end of file diff --git a/engine/lib/sites.php b/engine/lib/sites.php new file mode 100644 index 000000000..c9785e4ab --- /dev/null +++ b/engine/lib/sites.php @@ -0,0 +1,49 @@ +<?php
+
+ /**
+ * Elgg sites
+ * Functions to manage multiple or single sites in an Elgg install
+ *
+ * @package Elgg
+ * @subpackage Core
+ * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2
+ * @author Curverider Ltd
+ * @copyright Curverider Ltd 2008
+ * @link http://elgg.org/
+ */
+
+ /**
+ * Initialise site handling
+ *
+ * Called at the beginning of system running, to set the ID of the current site.
+ * This is 0 by default, but plugins may alter this behaviour by attaching functions
+ * to the sites init event and changing $CONFIG->site_id.
+ *
+ * @uses $CONFIG
+ * @param string $event Event API required parameter
+ * @param string $object_type Event API required parameter
+ * @param null $object Event API required parameter
+ * @return true
+ */
+ function sites_init($event, $object_type, $object) {
+ global $CONFIG;
+
+ $CONFIG->site_id = 1;
+
+ trigger_event('init','sites');
+
+ if ($site = get_data_row("select * from {$CONFIG->dbprefix}sites where id = 1")) {
+ if (!empty($site->name))
+ $CONFIG->sitename = $site->name;
+ if (!empty($site->domain))
+ $CONFIG->wwwroot = $site->domain;
+ }
+
+ return true;
+ }
+
+ // Register event handlers
+
+ register_event_handler('init','system','sites_init',0);
+
+?>
\ No newline at end of file diff --git a/engine/lib/users.php b/engine/lib/users.php new file mode 100644 index 000000000..9d5e40288 --- /dev/null +++ b/engine/lib/users.php @@ -0,0 +1,97 @@ +<?php
+
+ /**
+ * Elgg users
+ * User and session management
+ *
+ * @package Elgg
+ * @subpackage Core
+ * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2
+ * @author Curverider Ltd
+ * @copyright Curverider Ltd 2008
+ * @link http://elgg.org/
+ */
+
+ // This is here as a dummy for now
+ function get_users($param, $param2) {
+ return false;
+ }
+
+ /**
+ * Session management
+ */
+
+ /**
+ * Returns whether or not the user is currently logged in
+ *
+ * @uses $_SESSION
+ * @return true|false
+ */
+ function isloggedin() {
+
+ if ($_SESSION['id'] > 0)
+ return true;
+ return false;
+
+ }
+
+ /**
+ * Initialises the system session and potentially logs the user in
+ *
+ * This function looks for:
+ *
+ * 1. $_SESSION['id'] - if not present, we're logged out, and this is set to -1
+ * 2. The cookie 'elggperm' - if present, checks it for an authentication token, validates it, and potentially logs the user in
+ *
+ * @uses $_SESSION
+ * @param unknown_type $event
+ * @param unknown_type $object_type
+ * @param unknown_type $object
+ */
+ function session_init($event, $object_type, $object) {
+ session_name('Elgg');
+ session_start();
+
+ if (empty($_SESSION['id'])) {
+ if (isset($_COOKIE['elggperm'])) {
+
+ $code = $_COOKIE['elggperm'];
+ $code = md5($code);
+ if ($users = get_users(array(
+ "code" =>$code
+ ), "id, username, name, password")) {
+ foreach($users as $user) {
+ $_SESSION['id'] = $user->id;
+ $_SESSION['username'] = $user->username;
+ $_SESSION['name'] = $user->name;
+ $_SESSION['code'] = $_COOKIE['elggperm'];
+ // set_login_fields($user->id);
+ }
+ } else {
+ $_SESSION['id'] = -1;
+ }
+ } else {
+ $_SESSION['id'] = -1;
+ }
+ } else {
+ if (!empty($_SESSION['code'])) {
+ $code = md5($_SESSION['code']);
+ if ($uid = get_users(array(
+ "code" =>$code
+ ), "id")) {
+ $id = $uid->id;
+ } else {
+
+ }
+ } else {
+ $_SESSION['id'] = -1;
+ }
+ }
+ if ($_SESSION['id'] > 0) {
+ // set_last_action($_SESSION['id']);
+ }
+ }
+
+ register_event_handler("init","system","session_init");
+
+?>
\ No newline at end of file |