From fac61fa985a0227a1746a671c0e54adedc96ec48 Mon Sep 17 00:00:00 2001 From: ben Date: Fri, 15 Feb 2008 18:21:35 +0000 Subject: All kinds of object and database stuff git-svn-id: https://code.elgg.org/elgg/trunk@44 36083f99-b078-4883-b0ff-0f9b5a30f544 --- engine/lib/access.php | 91 ++++++++++++++++++++++++ engine/lib/database.php | 10 +++ engine/lib/objects.php | 185 ++++++++++++++++++++++++++++++++++++++++++++++++ engine/lib/sites.php | 49 +++++++++++++ engine/lib/users.php | 97 +++++++++++++++++++++++++ 5 files changed, 432 insertions(+) create mode 100644 engine/lib/access.php create mode 100644 engine/lib/objects.php create mode 100644 engine/lib/sites.php create mode 100644 engine/lib/users.php (limited to 'engine/lib') diff --git a/engine/lib/access.php b/engine/lib/access.php new file mode 100644 index 000000000..e704dfd5e --- /dev/null +++ b/engine/lib/access.php @@ -0,0 +1,91 @@ +site_id; + $user_id = (int) $user_id; + $site_id = (int) $site_id; + + if (empty($access_list[$user_id]) || $flush == true) { + + $access_list[$user_id] = "(" . implode(",",get_access_array($user_id, $site_id, $flush)) . ")"; + + } + + return $access_list[$user_id]; + + } + + /** + * Gets an array of access restrictions the given user is allowed to see on this site + * + * @param int $user_id User ID; defaults to currently logged in user + * @param int $site_id Site ID; defaults to current site + * @param boolean $flush If set to true, will refresh the access list from the database + * @return array An array of access groups suitable for injection in an SQL call + */ + function get_access_array($user_id = 0, $site_id = 0, $flush = false) { + + global $CONFIG; + static $access_array; + + if (!isset($access_array)) + $access_array = array(); + + if ($user_id == 0) $user_id = $_SESSION['id']; + if ($site_id == 0) $site_id = $CONFIG->site_id; + $user_id = (int) $user_id; + $site_id = (int) $site_id; + + if (empty($access_array[$user_id]) || $flush == true) { + + $query = "select am.access_group_id from {$CONFIG->dbprefix}access_group_membership am "; + $query .= " left join {$CONFIG->dbprefix}access_groups ag on ag.id = am.access_group_id "; + $query .= " where am.user_id = {$user_id} and (ag.site_id = {$site_id} or ag.site_id = 0)"; + + $tmp_access_array = array(2); + if (isloggedin()) + $tmp_access_array[] = 1; + + if ($groups = get_data($query)) { + foreach($groups as $group) + $tmp_access_array[] = $group->access_group_id; + } + + $access_array[$user_id] = $tmp_access_array; + + } + + return $access_array[$user_id]; + + } + +?> \ No newline at end of file diff --git a/engine/lib/database.php b/engine/lib/database.php index 55bfc602d..ba3762a8d 100644 --- a/engine/lib/database.php +++ b/engine/lib/database.php @@ -309,6 +309,16 @@ } + /** + * Sanitise a string for database use + * + * @param string $string The string to sanitise + * @return string Sanitised string + */ + function sanitise_string($string) { + return mysql_real_escape_string($string); + } + // Stuff for initialisation register_event_handler('init','system','init_db',0); diff --git a/engine/lib/objects.php b/engine/lib/objects.php new file mode 100644 index 000000000..6a58f2709 --- /dev/null +++ b/engine/lib/objects.php @@ -0,0 +1,185 @@ +site_id; + $access = get_access_list(); + + $query = "select o.*, ot.name as typename from {$CONFIG->dbprefix}objects o "; + if (!empty($type)) $query .= " left join {$CONFIG->dbprefix}object_types ot on ot.id = o.type_id "; + if (!empty($metadata_type) && !empty($metadata_value)) { + $metadata_type = sanitise_string($metadata_type); + $metadata_value = sanitise_string($metadata_value); + $query .= " left join {$CONFIG->dbprefix}object_metadata om on om.object_id = o.id "; + $query .= " left join {$CONFIG->dbprefix}metadata_value mv on mv.id = om.value_id "; + $query .= " left join {$CONFIG->dbprefix}metadata_type mt on mt.id = om.metadata_type_id "; + } + $query .= " where o.site_id = {$site_id} "; + $query .= " and (o.access_id in {$access} or (o.access_id = 0 and o.owner_id = {$_SESSION['id']}))"; + if (!empty($type)) $query .= " and ot.name = '{$type}'"; + if ($user_id > 0) $query .= " and o.owner_id = {$user_id} "; + if (!empty($metadata_type) && !empty($metadata_value)) { + $query .= " and mv.value = '{$metadata_value}' and mt.name = '{$metadata_type}' "; + $query .= " and (om.access_id in {$access} or (om.access_id = 0 and o.owner_id = {$_SESSION['id']}))"; + } + $query .= " order by o.time_created desc "; + if ($limit > 0 || $offset > 0) $query .= " limit {$offset}, {$limit}"; + + return get_data($query); + + } + + /** + * Retrieves details about an object, if the current user is allowed to see it + * + * @param int $object_id The ID of the object to load + * @return object A database representation of the object + */ + + function get_object($object_id) { + + global $CONFIG; + + $object_id = (int) $object_id; + $access = get_access_list(); + + return get_data_row("select o.*, ot.name as typename from {$CONFIG->dbprefix}objects left join {$CONFIG->dbprefix}object_types ot on ot.id = o.type_id where (o.access_id in {$access} or (o.access_id = 0 and o.owner_id = {$_SESSION['id']}))"); + + } + + /** + * Deletes an object and all accompanying metadata + * + * @param int $object_id The ID of the object + * @return true|false Depending on success + */ + function delete_object($object_id) { + + global $CONFIG; + + $object_id = (int) $object_id; + $access = get_access_list(); + + if (delete_data("delete from {$CONFIG->dbprefix}objects where o.owner_id = {$_SESSION['id']}")) { + remove_object_metadata("",$object_id); + return true; + } + + return false; + } + + /** + * Creates an object + * + * @param string $title Object title + * @param string $description A description of the object + * @param string $type The textual type of the object (eg "blog") + * @param int $owner The owner of the object (defaults to currently logged in user) + * @param int $access_id The access restriction on the object (defaults to private) + * @param int $site_id The site the object belongs to + * @return int The ID of the newly-inserted object + */ + function create_object($title, $description, $type, $owner = 0, $access_id = 0, $site_id = 0) { + + global $CONFIG; + + $title = sanitise_string($title); + $description = sanitise_string($description); + $owner = (int) $owner; + $site_id = (int) $site_id; + $access_id = (int) $access_id; + if ($site_id == 0) $site_id = $CONFIG->site_id; + if ($owner == 0) $owner = $_SESSION['id']; + + // We can't let non-logged in users create data + // We also need the access restriction to be valid + if ($owner > 0 && in_array($access_id,get_access_array())) { + + $type_id = get_object_type_id($type); + + $query = " insert into {$CONFIG->dbprefix}objects "; + $query .= "(`title`,`description`,`type_id`,`owner_id`,`site_id`,`access_id`) values "; + $query .= "('{$title}','{$description}', {$type_id}, {$owner}, {$site_id}, {$access_id}"; + return insert_data($query); + + } + return false; + + } + + /** + * Gets the ID of an object type in the database, setting it if necessary + * + * @param string $type The name of the object type + * @return int|false The database ID of the object type, or false if the given type was invalid + */ + function get_object_type_id($type) { + + global $CONFIG; + + $type = strtolower(trim(sanitise_string($type))); + if (!empty($type) && $dbtype = get_data_row("select id from {$CONFIG->dbprefix}object_types where name = '{$type}'")) { + return $dbtype->id; + } else if (!empty($type)) { + return insert_data("insert into {$CONFIG->dbprefix}object_types set name = '{$type}'"); + } + return false; + + } + + /** + * Sets a piece of metadata for a particular object. + * + * @param string $metadata_name The type of metadata + * @param string $metadata_value Its value + * @param int $access_id The access level of the metadata + * @param int $object_id The ID of the object + * @return true|false depending on success + */ + function set_object_metadata($metadata_name, $metadata_value, $access_id, $object_id) { + return true; + } + + /** + * Removes a piece of (or all) metadata for a particular object. + * + * @param string $metadata_name The type of metadata; blank for all metadata + * @param int $object_id The ID of the object + * @return true|false depending on success + */ + function remove_object_metadata($metadata_name = "", $object_id) { + return true; + } + +?> \ No newline at end of file diff --git a/engine/lib/sites.php b/engine/lib/sites.php new file mode 100644 index 000000000..c9785e4ab --- /dev/null +++ b/engine/lib/sites.php @@ -0,0 +1,49 @@ +site_id. + * + * @uses $CONFIG + * @param string $event Event API required parameter + * @param string $object_type Event API required parameter + * @param null $object Event API required parameter + * @return true + */ + function sites_init($event, $object_type, $object) { + global $CONFIG; + + $CONFIG->site_id = 1; + + trigger_event('init','sites'); + + if ($site = get_data_row("select * from {$CONFIG->dbprefix}sites where id = 1")) { + if (!empty($site->name)) + $CONFIG->sitename = $site->name; + if (!empty($site->domain)) + $CONFIG->wwwroot = $site->domain; + } + + return true; + } + + // Register event handlers + + register_event_handler('init','system','sites_init',0); + +?> \ No newline at end of file diff --git a/engine/lib/users.php b/engine/lib/users.php new file mode 100644 index 000000000..9d5e40288 --- /dev/null +++ b/engine/lib/users.php @@ -0,0 +1,97 @@ + 0) + return true; + return false; + + } + + /** + * Initialises the system session and potentially logs the user in + * + * This function looks for: + * + * 1. $_SESSION['id'] - if not present, we're logged out, and this is set to -1 + * 2. The cookie 'elggperm' - if present, checks it for an authentication token, validates it, and potentially logs the user in + * + * @uses $_SESSION + * @param unknown_type $event + * @param unknown_type $object_type + * @param unknown_type $object + */ + function session_init($event, $object_type, $object) { + session_name('Elgg'); + session_start(); + + if (empty($_SESSION['id'])) { + if (isset($_COOKIE['elggperm'])) { + + $code = $_COOKIE['elggperm']; + $code = md5($code); + if ($users = get_users(array( + "code" =>$code + ), "id, username, name, password")) { + foreach($users as $user) { + $_SESSION['id'] = $user->id; + $_SESSION['username'] = $user->username; + $_SESSION['name'] = $user->name; + $_SESSION['code'] = $_COOKIE['elggperm']; + // set_login_fields($user->id); + } + } else { + $_SESSION['id'] = -1; + } + } else { + $_SESSION['id'] = -1; + } + } else { + if (!empty($_SESSION['code'])) { + $code = md5($_SESSION['code']); + if ($uid = get_users(array( + "code" =>$code + ), "id")) { + $id = $uid->id; + } else { + + } + } else { + $_SESSION['id'] = -1; + } + } + if ($_SESSION['id'] > 0) { + // set_last_action($_SESSION['id']); + } + } + + register_event_handler("init","system","session_init"); + +?> \ No newline at end of file -- cgit v1.2.3