From fac61fa985a0227a1746a671c0e54adedc96ec48 Mon Sep 17 00:00:00 2001
From: ben <ben@36083f99-b078-4883-b0ff-0f9b5a30f544>
Date: Fri, 15 Feb 2008 18:21:35 +0000
Subject: All kinds of object and database stuff

git-svn-id: https://code.elgg.org/elgg/trunk@44 36083f99-b078-4883-b0ff-0f9b5a30f544
---
 engine/lib/access.php   |  91 ++++++++++++++++++++++++
 engine/lib/database.php |  10 +++
 engine/lib/objects.php  | 185 ++++++++++++++++++++++++++++++++++++++++++++++++
 engine/lib/sites.php    |  49 +++++++++++++
 engine/lib/users.php    |  97 +++++++++++++++++++++++++
 engine/schema/mysql.sql |   7 +-
 index.php               |   2 +
 7 files changed, 440 insertions(+), 1 deletion(-)
 create mode 100644 engine/lib/access.php
 create mode 100644 engine/lib/objects.php
 create mode 100644 engine/lib/sites.php
 create mode 100644 engine/lib/users.php

diff --git a/engine/lib/access.php b/engine/lib/access.php
new file mode 100644
index 000000000..e704dfd5e
--- /dev/null
+++ b/engine/lib/access.php
@@ -0,0 +1,91 @@
+<?php
+
+	/**
+	 * Elgg access permissions
+	 * For users, objects, collections and all metadata
+	 * 
+	 * @package Elgg
+	 * @subpackage Core
+	 * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2
+	 * @author Curverider Ltd
+	 * @copyright Curverider Ltd 2008
+	 * @link http://elgg.org/
+	 */
+
+	/**
+	 * Get the list of access restrictions the given user is allowed to see on this site
+	 *
+	 * @uses get_access_array
+	 * @param int $user_id User ID; defaults to currently logged in user
+	 * @param int $site_id Site ID; defaults to current site 
+	 * @param boolean $flush If set to true, will refresh the access list from the database
+	 * @return string A list of access groups suitable for injection in an SQL call
+	 */
+		function get_access_list($user_id = 0, $site_id = 0, $flush = false) {
+			
+			global $CONFIG;
+			static $access_list;
+			
+			if (!isset($access_list))
+				$access_list = array();
+			
+			if ($user_id == 0) $user_id = $_SESSION['id'];
+			if ($site_id == 0) $site_id = $CONFIG->site_id;
+			$user_id = (int) $user_id;
+			$site_id = (int) $site_id;
+			
+			if (empty($access_list[$user_id]) || $flush == true) {
+				
+				$access_list[$user_id] = "(" . implode(",",get_access_array($user_id, $site_id, $flush)) . ")";
+				
+			}
+			
+			return $access_list[$user_id];
+			
+		}
+		
+	/**
+	 * Gets an array of access restrictions the given user is allowed to see on this site
+	 *
+	 * @param int $user_id User ID; defaults to currently logged in user
+	 * @param int $site_id Site ID; defaults to current site 
+	 * @param boolean $flush If set to true, will refresh the access list from the database
+	 * @return array An array of access groups suitable for injection in an SQL call
+	 */
+		function get_access_array($user_id = 0, $site_id = 0, $flush = false) {
+			
+			global $CONFIG;
+			static $access_array;
+			
+			if (!isset($access_array))
+				$access_array = array();
+			
+			if ($user_id == 0) $user_id = $_SESSION['id'];
+			if ($site_id == 0) $site_id = $CONFIG->site_id;
+			$user_id = (int) $user_id;
+			$site_id = (int) $site_id;
+			
+			if (empty($access_array[$user_id]) || $flush == true) {
+				
+				$query = "select am.access_group_id from {$CONFIG->dbprefix}access_group_membership am ";
+				$query .= " left join {$CONFIG->dbprefix}access_groups ag on ag.id = am.access_group_id ";
+				$query .= " where am.user_id = {$user_id} and (ag.site_id = {$site_id} or ag.site_id = 0)";
+				
+				$tmp_access_array = array(2);
+				if (isloggedin())
+					$tmp_access_array[] = 1;
+				
+				if ($groups = get_data($query)) {
+					foreach($groups as $group)
+						$tmp_access_array[] = $group->access_group_id;
+				}
+				
+				$access_array[$user_id] = $tmp_access_array;
+				
+			}
+			
+			return $access_array[$user_id];
+			
+		}
+
+?>
\ No newline at end of file
diff --git a/engine/lib/database.php b/engine/lib/database.php
index 55bfc602d..ba3762a8d 100644
--- a/engine/lib/database.php
+++ b/engine/lib/database.php
@@ -309,6 +309,16 @@
         	
         }
         
+	/**
+	 * Sanitise a string for database use
+	 *
+	 * @param string $string The string to sanitise
+	 * @return string Sanitised string
+	 */
+        function sanitise_string($string) {
+        	return mysql_real_escape_string($string);
+        }
+        
 	// Stuff for initialisation
 
 		register_event_handler('init','system','init_db',0);
diff --git a/engine/lib/objects.php b/engine/lib/objects.php
new file mode 100644
index 000000000..6a58f2709
--- /dev/null
+++ b/engine/lib/objects.php
@@ -0,0 +1,185 @@
+<?php
+
+	/**
+	 * Elgg objects
+	 * Forms the basis of object storage and retrieval
+	 * 
+	 * @package Elgg
+	 * @subpackage Core
+	 * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2
+	 * @author Curverider Ltd
+	 * @copyright Curverider Ltd 2008
+	 * @link http://elgg.org/
+	 */
+
+	/**
+	 * Get object reverse ordered by publish time, optionally filtered by user and/or type
+	 *
+	 * @param int $user_id The ID of the publishing user; set to 0 for all users
+	 * @param string $type The type of the object; set to blank for all types
+	 * @param string $metadata_type The type of metadata that we're searching on (blank for none)
+	 * @param string $metadata_value The value of metadata that we're searching on (blank for none)
+	 * @param int $limit The number of objects (default 10)
+	 * @param int $offset The offset of the return, for pagination
+	 * @param int $site_id The site the objects belong to (leave blank for default site)
+	 * @return unknown
+	 */
+		function get_objects($user_id = 0, $type = "", $metadata_type = "", $metadata_value = "", $limit = 10, $offset = 0, $site_id = 0) {
+			
+			global $CONFIG;
+			
+			$user_id = (int) $user_id;
+			$type = sanitise_string($type);
+			$limit = (int) $limit;
+			$offset = (int) $offset;
+			$site_id = (int) $site_id;
+			if ($site_id == 0) $site_id = $CONFIG->site_id;
+			$access = get_access_list();
+			
+			$query = "select o.*, ot.name as typename from {$CONFIG->dbprefix}objects o ";
+			if (!empty($type)) $query .= " left join {$CONFIG->dbprefix}object_types ot on ot.id = o.type_id ";
+			if (!empty($metadata_type) && !empty($metadata_value)) {
+				$metadata_type = sanitise_string($metadata_type);
+				$metadata_value = sanitise_string($metadata_value);
+				$query .= " left join {$CONFIG->dbprefix}object_metadata om on om.object_id = o.id ";
+				$query .= " left join {$CONFIG->dbprefix}metadata_value mv on mv.id = om.value_id ";
+				$query .= " left join {$CONFIG->dbprefix}metadata_type mt on mt.id = om.metadata_type_id "; 
+			}
+			$query .= " where o.site_id = {$site_id} ";
+			$query .= " and (o.access_id in {$access} or (o.access_id = 0 and o.owner_id = {$_SESSION['id']}))";
+			if (!empty($type)) $query .= " and ot.name = '{$type}'";
+			if ($user_id > 0) $query .= " and o.owner_id = {$user_id} ";
+			if (!empty($metadata_type) && !empty($metadata_value)) {
+				$query .= " and mv.value = '{$metadata_value}' and mt.name = '{$metadata_type}' ";
+				$query .= " and (om.access_id in {$access} or (om.access_id = 0 and o.owner_id = {$_SESSION['id']}))";
+			}
+			$query .= " order by o.time_created desc ";
+			if ($limit > 0 || $offset > 0) $query .= " limit {$offset}, {$limit}";
+			
+			return get_data($query);
+			
+		}
+
+	/**
+	 * Retrieves details about an object, if the current user is allowed to see it
+	 *
+	 * @param int $object_id The ID of the object to load
+	 * @return object A database representation of the object
+	 */
+		
+		function get_object($object_id) {
+			
+			global $CONFIG;
+			
+			$object_id = (int) $object_id;
+			$access = get_access_list();
+			
+			return get_data_row("select o.*, ot.name as typename from {$CONFIG->dbprefix}objects left join {$CONFIG->dbprefix}object_types ot on ot.id = o.type_id where (o.access_id in {$access} or (o.access_id = 0 and o.owner_id = {$_SESSION['id']}))");			
+			
+		}
+		
+	/**
+	 * Deletes an object and all accompanying metadata
+	 *
+	 * @param int $object_id The ID of the object
+	 * @return true|false Depending on success
+	 */
+		function delete_object($object_id) {
+			
+			global $CONFIG;
+			
+			$object_id = (int) $object_id;
+			$access = get_access_list();
+			
+			if (delete_data("delete from {$CONFIG->dbprefix}objects where o.owner_id = {$_SESSION['id']}")) {
+				remove_object_metadata("",$object_id);
+				return true;
+			}
+			
+			return false;
+		}
+		
+	/**
+	 * Creates an object
+	 *
+	 * @param string $title Object title
+	 * @param string $description A description of the object
+	 * @param string $type The textual type of the object (eg "blog")
+	 * @param int $owner The owner of the object (defaults to currently logged in user)
+	 * @param int $access_id The access restriction on the object (defaults to private)
+	 * @param int $site_id The site the object belongs to
+	 * @return int The ID of the newly-inserted object
+	 */
+		function create_object($title, $description, $type, $owner = 0, $access_id = 0, $site_id = 0) {
+			
+			global $CONFIG;
+			
+			$title = sanitise_string($title);
+			$description = sanitise_string($description);
+			$owner = (int) $owner;
+			$site_id = (int) $site_id;
+			$access_id = (int) $access_id;
+			if ($site_id == 0) $site_id = $CONFIG->site_id;
+			if ($owner == 0) $owner = $_SESSION['id'];
+			
+			// We can't let non-logged in users create data
+			// We also need the access restriction to be valid
+			if ($owner > 0 && in_array($access_id,get_access_array())) {
+				
+				$type_id = get_object_type_id($type);
+				
+				$query = " insert into {$CONFIG->dbprefix}objects ";
+				$query .= "(`title`,`description`,`type_id`,`owner_id`,`site_id`,`access_id`) values ";
+				$query .= "('{$title}','{$description}', {$type_id}, {$owner}, {$site_id}, {$access_id}";
+				return insert_data($query);
+				
+			}
+			return false;
+			
+		}
+		
+	/**
+	 * Gets the ID of an object type in the database, setting it if necessary 
+	 *
+	 * @param string $type The name of the object type
+	 * @return int|false The database ID of the object type, or false if the given type was invalid
+	 */
+		function get_object_type_id($type) {
+			
+			global $CONFIG;
+			
+			$type = strtolower(trim(sanitise_string($type)));
+			if (!empty($type) && $dbtype = get_data_row("select id from {$CONFIG->dbprefix}object_types where name = '{$type}'")) {
+				return $dbtype->id;
+			} else if (!empty($type)) {
+				return insert_data("insert into {$CONFIG->dbprefix}object_types set name = '{$type}'");
+			}
+			return false;
+			
+		}
+		
+	/**
+	 * Sets a piece of metadata for a particular object.
+	 *
+	 * @param string $metadata_name The type of metadata
+	 * @param string $metadata_value Its value
+	 * @param int $access_id The access level of the metadata
+	 * @param int $object_id The ID of the object
+	 * @return true|false depending on success
+	 */
+		function set_object_metadata($metadata_name, $metadata_value, $access_id, $object_id) {
+			return true;
+		}
+
+	/**
+	 * Removes a piece of (or all) metadata for a particular object.
+	 *
+	 * @param string $metadata_name The type of metadata; blank for all metadata
+	 * @param int $object_id The ID of the object
+	 * @return true|false depending on success
+	 */
+		function remove_object_metadata($metadata_name = "", $object_id) {
+			return true;
+		}
+
+?>
\ No newline at end of file
diff --git a/engine/lib/sites.php b/engine/lib/sites.php
new file mode 100644
index 000000000..c9785e4ab
--- /dev/null
+++ b/engine/lib/sites.php
@@ -0,0 +1,49 @@
+<?php
+
+	/**
+	 * Elgg sites
+	 * Functions to manage multiple or single sites in an Elgg install
+	 * 
+	 * @package Elgg
+	 * @subpackage Core
+	 * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2
+	 * @author Curverider Ltd
+	 * @copyright Curverider Ltd 2008
+	 * @link http://elgg.org/
+	 */
+
+	/**
+	 * Initialise site handling
+	 *
+	 * Called at the beginning of system running, to set the ID of the current site.
+	 * This is 0 by default, but plugins may alter this behaviour by attaching functions
+	 * to the sites init event and changing $CONFIG->site_id.
+	 * 
+	 * @uses $CONFIG
+	 * @param string $event Event API required parameter
+	 * @param string $object_type Event API required parameter
+	 * @param null $object Event API required parameter
+	 * @return true
+	 */
+		function sites_init($event, $object_type, $object) {
+			global $CONFIG;
+			
+			$CONFIG->site_id = 1;
+			
+			trigger_event('init','sites');
+			
+			if ($site = get_data_row("select * from {$CONFIG->dbprefix}sites where id = 1")) {
+				if (!empty($site->name))
+					$CONFIG->sitename = $site->name;
+				if (!empty($site->domain))
+					$CONFIG->wwwroot = $site->domain;
+			}
+			
+			return true;
+		}
+		
+	// Register event handlers
+
+		register_event_handler('init','system','sites_init',0);
+
+?>
\ No newline at end of file
diff --git a/engine/lib/users.php b/engine/lib/users.php
new file mode 100644
index 000000000..9d5e40288
--- /dev/null
+++ b/engine/lib/users.php
@@ -0,0 +1,97 @@
+<?php
+
+	/**
+	 * Elgg users
+	 * User and session management
+	 * 
+	 * @package Elgg
+	 * @subpackage Core
+	 * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2
+	 * @author Curverider Ltd
+	 * @copyright Curverider Ltd 2008
+	 * @link http://elgg.org/
+	 */
+
+	// This is here as a dummy for now
+		function get_users($param, $param2) {
+			return false;
+		}
+
+	/**
+	 * Session management
+	 */
+
+	/**
+	 * Returns whether or not the user is currently logged in
+	 *
+	 * @uses $_SESSION
+	 * @return true|false
+	 */
+		function isloggedin() {
+			
+			if ($_SESSION['id'] > 0)
+				return true;
+			return false;
+			
+		}
+		
+	/**
+	 * Initialises the system session and potentially logs the user in
+	 * 
+	 * This function looks for:
+	 * 
+	 * 1. $_SESSION['id'] - if not present, we're logged out, and this is set to -1
+	 * 2. The cookie 'elggperm' - if present, checks it for an authentication token, validates it, and potentially logs the user in 
+	 *
+	 * @uses $_SESSION
+	 * @param unknown_type $event
+	 * @param unknown_type $object_type
+	 * @param unknown_type $object
+	 */
+		function session_init($event, $object_type, $object) {
+			session_name('Elgg');
+	        session_start();
+	        
+	        if (empty($_SESSION['id'])) {
+	            if (isset($_COOKIE['elggperm'])) {
+	                                
+	                $code = $_COOKIE['elggperm'];
+	                $code = md5($code);
+	                if ($users = get_users(array(
+	                                                "code" =>$code
+	                                            ), "id, username, name, password")) {
+	                    foreach($users as $user) {
+	                        $_SESSION['id'] = $user->id;
+	                        $_SESSION['username'] = $user->username;
+	                        $_SESSION['name'] = $user->name;
+	                        $_SESSION['code'] = $_COOKIE['elggperm'];
+	                        // set_login_fields($user->id);
+	                    }
+	                } else {
+	                    $_SESSION['id'] = -1;
+	                }
+	            } else {
+	                $_SESSION['id'] = -1;
+	            }
+	        } else {
+	            if (!empty($_SESSION['code'])) {
+	                $code = md5($_SESSION['code']);
+	                if ($uid = get_users(array(
+	                                                "code" =>$code
+	                                            ), "id")) {
+	                    $id = $uid->id;
+	                } else {
+	                    
+	                }
+	            } else {
+	                $_SESSION['id'] = -1;
+	            }
+	        }
+	        if ($_SESSION['id'] > 0) {
+	            // set_last_action($_SESSION['id']);
+	        }
+		}
+
+	register_event_handler("init","system","session_init");
+		
+?>
\ No newline at end of file
diff --git a/engine/schema/mysql.sql b/engine/schema/mysql.sql
index 2882d2c7a..787a44e15 100644
--- a/engine/schema/mysql.sql
+++ b/engine/schema/mysql.sql
@@ -17,6 +17,7 @@
 CREATE TABLE `prefix_access_groups` (
   `id` int(11) NOT NULL,
   `name` varchar(16) NOT NULL,
+  `owner_id` int(11) NOT NULL,
   `site_id` int(11) NOT NULL default '0',
   PRIMARY KEY  (`id`),
   KEY `name` (`name`)
@@ -98,6 +99,7 @@ CREATE TABLE `prefix_objects` (
   `owner_id` int(11) NOT NULL,
   `site_id` int(11) NOT NULL default '0',
   `type_id` int(11) NOT NULL,
+  `access_id` int(11) NOT NULL default '0',
   `title` text NOT NULL,
   `description` text NOT NULL,
   `time_created` int(11) NOT NULL,
@@ -190,4 +192,7 @@ CREATE TABLE `prefix_sites` (
   `name` text NOT NULL,
   `domain` text NOT NULL,
   PRIMARY KEY  (`id`)
-) ENGINE=MyISAM ;
\ No newline at end of file
+) ENGINE=MyISAM ;
+
+INSERT INTO `prefix_elggnew`.`sites` (`id` ,`name` ,`domain`) VALUES 
+(1 , 'New Elgg site', '');
diff --git a/index.php b/index.php
index 2260b1e95..7057aadb1 100644
--- a/index.php
+++ b/index.php
@@ -21,4 +21,6 @@
 	 */
 		echo page_draw(null, elgg_view("homepage"));
 
+		get_objects(3,"blog","mammals","are lovely", 7, 2, 1);
+		
 ?>
\ No newline at end of file
-- 
cgit v1.2.3