My second engine project built from the ground up in just 2 weeks! Features an PHP5 complient code and an HTML skin parser.
Example of an installed distro:
http://cura.ath.cx/codefx
Please note this code is designed for PHP5 enabled servers. I am aware of the fact that PHP5 is not in wide distro as of yet but I just wanted to work in PHP5 because its fun, new and has cool OO features.
By : tdas
On first run open index.php to set it up to your database. The install file will automaticaly make its own database so dont worry about fiddling around with phpmyadmin.
main file common.php
---------------------------------------------------
<?
session_start();
/*
PMA_splitSqlFile() function borrowed from the phpMyAdmin project.
It takes SQL dumps generated by phpMyAdmin then splits it up
into smaller querys that can then be processed into tables and
data. I found documentation made by the orignal programer quite
lacking so I will attempt to redefine the use of this function.
&$ret - Variable you expect to be returned.
$sql - Database Dump.
$release - Version of mysql server
*/
function PMA_splitSqlFile(&$ret, $sql, $release)
{
$sql = trim($sql);
$sql_len = strlen($sql);
$char = '';
$string_start = '';
$in_string = FALSE;
$time0 = time();
for ($i = 0; $i < $sql_len; ++$i) {
$char = $sql[$i];
// We are in a string, check for not escaped end of strings except for
// backquotes that can't be escaped
if ($in_string) {
for (;;) {
$i = strpos($sql, $string_start, $i);
// No end of string found -> add the current substring to the
// returned array
if (!$i) {
$ret[] = $sql;
return TRUE;
}
// Backquotes or no backslashes before quotes: it's indeed the
// end of the string -> exit the loop
else if ($string_start == '`' || $sql[$i-1] != '\\') {
$string_start = '';
$in_string = FALSE;
break;
}
// one or more Backslashes before the presumed end of string...
else {
// ... first checks for escaped backslashes
$j = 2;
$escaped_backslash = FALSE;
while ($i-$j > 0 && $sql[$i-$j] == '\\') {
$escaped_backslash = !$escaped_backslash;
$j++;
}
// ... if escaped backslashes: it's really the end of the
// string -> exit the loop
if ($escaped_backslash) {
$string_start = '';
$in_string = FALSE;
break;
}
// ... else loop
else {
$i++;
}
} // end if...elseif...else
} // end for
} // end if (in string)
// We are not in a string, first check for delimiter...
else if ($char == ';') {
// if delimiter found, add the parsed part to the returned array
$ret[] = substr($sql, 0, $i);
$sql = ltrim(substr($sql, min($i + 1, $sql_len)));
$sql_len = strlen($sql);
if ($sql_len) {
$i = -1;
} else {
// The submited statement(s) end(s) here
return TRUE;
}
} // end else if (is delimiter)
// ... then check for start of a string,...
else if (($char == '"') || ($char == '\'') || ($char == '`')) {
$in_string = TRUE;
$string_start = $char;
} // end else if (is start of string)
// ... for start of a comment (and remove this comment if found)...
else if ($char == '#'
|| ($char == ' ' && $i > 1 && $sql[$i-2] . $sql[$i-1] == '--')) {
// starting position of the comment depends on the comment type
$start_of_comment = (($sql[$i] == '#') ? $i : $i-2);
// if no "\n" exits in the remaining string, checks for "\r"
// (Mac eol style)
$end_of_comment = (strpos(' ' . $sql, "\012", $i+2))
? strpos(' ' . $sql, "\012", $i+2)
: strpos(' ' . $sql, "\015", $i+2);
if (!$end_of_comment) {
// no eol found after '#', add the parsed part to the returned
// array if required and exit
if ($start_of_comment > 0) {
$ret[] = trim(substr($sql, 0, $start_of_comment));
}
return TRUE;
} else {
$sql = substr($sql, 0, $start_of_comment)
. ltrim(substr($sql, $end_of_comment));
$sql_len = strlen($sql);
$i--;
} // end if...else
} // end else if (is comment)
// ... and finally disactivate the "/*!...*/" syntax if MySQL < 3.22.07
else if ($release < 32270
&& ($char == '!' && $i > 1 && $sql[$i-2] . $sql[$i-1] == '/*')) {
$sql[$i] = ' ';
} // end else if
// loic1: send a fake header each 30 sec. to bypass browser timeout
$time1 = time();
if ($time1 >= $time0 + 30) {
$time0 = $time1;
header('X-pmaPing: Pong');
} // end if
} // end for
// add any rest to the returned array
if (!empty($sql) && preg_match('@[^[:space:]]+@', $sql)) {
$ret[] = $sql;
}
return TRUE;
} // end of the 'PMA_splitSqlFile()' function
include('install.php');
$dbh=mysql_connect ($setting[0], $setting[1], $setting[2]) or die ('I cannot connect to the database because: ' . mysql_error());
mysql_select_db ($setting[3]);
/*
This is common.php This files purpose is to provide all the classes for the engine
*/
class bridge{
function __construct(){
//empty
}
}
class logscript {
function __construct(){
if($_GET['page']){
$this->back = "?page=".$_SESSION['back'];
}else{
$this->back = "?";
}
if ($_GET['action'] == "logout") {
$this->logout();
}
$this->login();
}
function logout(){
$back = $this->back;
session_destroy();
header("location: $back");
exit;
}
function login(){
$back = $this->back;
$user = strtoupper($_POST['user']);
$pass = $_POST['pass'];
$_SESSION['user'] = $user;
$_SESSION['pass'] = $pass;
if(!isset($user)) {
header("location: $back");
exit;
}
$auth = 'SELECT * FROM `user` WHERE 1 AND `User` = \''. $_POST['user'] .'\' AND `Pass` = \''. md5($pass) . '\'';
$result = mysql_query($auth);
while ($row = mysql_fetch_assoc ($result)) {
$username = $row['username'];
$userID = $row['userID'];
$_SESSION['usrinfoID'] = $userID;
}
if (mysql_num_rows($result) == 0) {
unset($_SESSION['user']);
unset($_SESSION['pass']);
unset($_SESSION['usrinfoID']);
header("location: $back");
$_SESSION['error'] = 1;
exit;
}
header("location: $back");
}
}
class admin {
/*
Core components
These are the main controls that effect the way that the primary
admin infrastructure works.
admincheck
Primary User permission checking method it is responcible for
the entire cura security system.
admin_box
This is the core of the admin infrastructure all admin addon
methods are run through this function it links up admin
addon methods with their skin. It also provides security
with the assitance of the admincheck() function.
admin_gui
admin_gui({*string input and return variable name always global*, *string allows you to cal gui functions without an admintype set*})
*/
/*
AdminCheck
Primary security method
No parms
Returns $this->checkresult;
The purpose of this method is to check if the user is in the place his ment to be.
So if UserA didnt have permission to be in AreaB this would return a value of zero
Other scripts around the engine use this is their primary account checker.
*/
function admincheck(){
//select the field in the admin table where the type is set to the current area the user is in.
$query = mysql_query("SELECT * FROM `admin` WHERE `type` = '".$_SESSION['admintype']."'");
$result = mysql_fetch_assoc($query);
//select the row from the admin_list table where the ID of the user and the ID of the area are both set
$query = mysql_query("SELECT * FROM `admin_list` WHERE `userID` = '".$_SESSION['usrinfoID']."' AND `AID` = '".$result['AID']."'");
//if such a field does exit return 1 else return nothing.
if (mysql_num_rows($query) > 0){
$this->checkresult = 1;
}
}
/*
Primary Admin framework
All primary admin components are called through here these are the actual control panels
which are skined using the <admin> tags (see advanced user manual 3.1.2)
It uses standard admincheck for security which has proven to be very secure so far.
This works in a very simlar way too parse. But not the same way I will now go over the
many differnces between admin_box and parse.
Parse is a greedy little class because it will call every singlemethod that isnt part
of the parse class at startup. It leaves it up to the method to decide if it wants to be
called or not. Parse does have a little quality control as it wont call functions that
dont have parse tags. In the case of admin_box, it only calls methods which are requested
specificaly by user because thats all it needs. Skinning is also differnt Parse will look
all over the html file for skins that match its functions while admin_box will only look
in skins kept between <admin="main"></admin="main"> tags. This doesnt really help much
but it forces the end user to keep their code organised :)
How it all works
To create an admin function you need to name it just right. The naming syntax for functions
is specifide in the advanced usermanual 3.1.2 . Once you got your name sorted its time to
getting your data your Primary working variable for this particular script is
$this->submatch[0].
To help you understand working in this environment I will call in an example
function admin_links_add(){
$this->submatch[0] = str_replace("[name]",'name',$this->submatch[0]);
$this->submatch[0] = str_replace("[address]",'address',$this->submatch[0]);
if($_POST['send']){
$sql = "INSERT INTO `links` (`LinkName`,`LinkAddress`) VALUES ('".$_POST['name']."','".$_POST['address']."')";
mysql_query($sql);
header('location: ?');
}
You will notice on lines 2 and 3 of this function I have placed 2 basic str_replaces using our
Primary working variable for this class. These form the variable syntax for the skin.
<admin="admin_links_add">
<br />
<form action="[post]" method="post" name="linkadd">
Name<input name="[name]" type="text" size="10" /> Address<input name="[address]" type="text" size="20" /><input name="[submit]" type="submit" value="go" />
</form>
</admin="admin_links_add">
Hang on a minute!?
You didnt set [post] or [submit] in links add how come they show up?
These are special variables that are automaticaly set for you by admin_box as their commonly used.
I really suggest you use them as their quite useful particaly [post] which outputs the return address
of your adminsub.
*/
function admin_box(){
//if url variable adminsub is set
if ($_GET['adminsub']){
//if in correct admin area
if($this->checkresult){
//make method name
$func = "admin_".$_SESSION['admintype']."_".$_GET['adminsub'];
//set $this->result to primary parse working variable
$this->result = $this->match[0];
//find data in between <admin="main\"</admin="main"> set it to mainmatch[0]
preg_match("/<admin=\"main\">([^.]+)<\/admin=\"main\">/",$this->match[0],$mainmatch);
//find data in between <admin="$func\"</admin="$func"> in mainmatch[0] set it to submatch[0]
preg_match("/<admin=\"$func\">([^.]+)<\/admin=\"$func\">/",$mainmatch[0],$this->submatch);
//common variable setup
$this->submatch[0] = str_replace("[post]",'?adminsub='.$_GET['adminsub'],$this->submatch[0]);
$this->submatch[0] = str_replace("[submit]",'send',$this->submatch[0]);
//call method $func
$this->$func();
//place returned submatch[0] in parse main working variable
$this->result=preg_replace("/<admin=\"main\">([^.]+)<\/admin=\"main\">/",$this->submatch[0],$this->result);
}
}
}
/*
Feature not actualy called by many admin methods rather it is a link between the user class and the admin
class. It allows for intergration of admin features such as the icons in the links admin. They appear
right next to normal user data and appear only when an admin is logged in as their corresponding admin
type. Method is very simlar to its cousin user_gui the key differnce is:
admin_gui is coverd under the admin_check security umbrella while admin_user has and (if used correctly)
needs no security.
admin_gui( [ string , string ] )
¶m1 global variable to return result
*/
function admin_gui($return = "result",$current = NULL) {
$flag = 0;
if($this->checkresult && $_SESSION['admintype'] == $this->dynfunc){
$flag = 1;
$current = $this->dynfunc;
}
if($this->checkresult && $current){
$flag = 1;
}
if ($flag == 1){
$func = "admin_".$current."_gui";
preg_match("/<sub=\"admin\">([^.]+)<\/sub=\"admin\">/",$this->$return,$this->value);
$this->$func();
$this->$return = preg_replace("/<sub=\"admin\">([^.]+)<\/sub=\"admin\">/",$this->gui,$this->$return);
unset($this->gui);
unset($this->dbridge);
}else{
$this->$return=preg_replace("/<sub=\"admin\">([^.]+)<\/sub=\"admin\">/","",$this->$return);
}
}
//menus
function admin_menu(){
$query = mysql_query('SELECT * FROM `admin_list` WHERE `userID` = '.$_SESSION['usrinfoID']);
if (@mysql_num_rows($query) > 0){
$temp = $this->match[0];
while ($result = mysql_fetch_assoc($query)){
$option = mysql_query('SELECT * FROM `admin` WHERE `AID` = '.$result['AID']);
$option = mysql_fetch_assoc($option);
if($option['type'] == $_SESSION['admintype']){
$b[0] = '<b>';
$b[1] = '</b>';
}
$temp .= str_replace("[admin_option]", "<a href=\"?admin=".$option['type']."\">".$b[0].$option['type'].$b[1]."</a>",$this->match[0]);
unset($b);
}
$this->result = str_replace("[admin_option]", "",$temp);
}
}
function admin_sub_links() {
$this->result = $this->match[0];
$this->admin_gui("result","sub");
if(!$this->checkresult){
$this->result = "";
}
}
function admin_sub_gui() {
$front = "?adminsub=";
$adminqry = mysql_fetch_assoc(mysql_query("select * from `admin` WHERE `type` = '".$_SESSION['admintype']."'"));
$query = mysql_query("select * from `adminsub` WHERE `AID` = '".$adminqry['AID']."'");
while ($result = mysql_fetch_assoc($query)){
$this->temp = $this->value[0];
$this->render($query,$result,1);
$this->temp = str_replace("[adminsub_subtype_address]",$front.$result['subtype'],$this->temp);
$this->gui .= $this->temp;
}
}
/*
Addon functions
Here are functions which work within the admin_box framework.
*/
function admin_pages_Create(){
$this->submatch[0] = str_replace("[name]",'name',$this->submatch[0]);
$this->submatch[0] = str_replace("[page]",'page',$this->submatch[0]);
if($_POST['send']){
$sql = "INSERT INTO `pages` (`PageName`,`Content`) VALUES ('".$_POST['name']."','".$_POST['page']."')";
mysql_query($sql);
header('location: ?admintype=pages');
$name = str_replace(" ","%20",$_POST['name']);
$sql = "INSERT INTO `links` (`LinkName`,`LinkAddress`) VALUES ('".$_POST['name']."','?page=".$name."')";
mysql_query($sql);
}
}
function admin_pages_delete(){
if($_POST['send'] == "yes"){
$result = mysql_fetch_assoc(mysql_query("SELECT * FROM `pages` WHERE `pageID` ='".$_GET['id']."'"));
mysql_query("delete from `pages` WHERE `pageID` = '".$_GET['id']."'") or die();
$name = str_replace(" ","%20",$result['PageName']);
mysql_query("delete from `links` WHERE `LinkName` = '".$result['PageName']."' AND `LinkAddress` = '?page=".$name."'") or die();
header("location: ?");
}
if($_POST['send'] == "no"){
header("location: ?page=".$_SESSION['back']);
}
}
function admin_pages_edit(){
$this->submatch[0] = str_replace("[content]",'content',$this->submatch[0]);
$query = mysql_query("select * from `pages` WHERE `pageID` = '".$_GET['id']."'");
$result = mysql_fetch_assoc($query) or die(mysql_error());
$this->submatch[0] = str_replace("[Pg_name]",'title',$this->submatch[0]);
$this->submatch[0] = str_replace("[Pg_content]",'body',$this->submatch[0]);
$this->submatch[0] = str_replace("[Page_name]",$result['PageName'],$this->submatch[0]);
$this->submatch[0] = str_replace("[Page_content]",$result['Content'],$this->submatch[0]);
if($_POST['send']){
$name = str_replace(" ","%20",$_POST['title']);
$oldname = str_replace(" ","%20",$result['PageName']);
$sql = "UPDATE `links` SET `LinkName` = '".$_POST['title']."', `LinkAddress` = '?page=".$name."' WHERE `LinkName` = '".$result['PageName']."' AND `LinkAddress` = '?page=".$oldname."' LIMIT 1";
mysql_query($sql) or die(mysql_error());
$sql = "UPDATE `pages` SET `PageName` = '".$_POST['title']."', `content` = '".$_POST['body']."' WHERE `PageID` = '".$_GET['id']."' LIMIT 1";
mysql_query($sql);
header('location: ?admintype=news');
}
}
function admin_pages_gui(){
$this->gui = str_replace("[delete]", "?admin=pages&adminsub=delete&id=".$this->dbridge->page['pageID'] ,$this->value[0]);
$this->gui = str_replace("[edit]", "?admin=pages&adminsub=edit&id=".$this->dbridge->page['pageID'] ,$this->gui);
}
function admin_news_post(){
$this->submatch[0] = str_replace("[title]",'title',$this->submatch[0]);
$this->submatch[0] = str_replace("[body]",'body',$this->submatch[0]);
if($_POST['send']){
$sql = "INSERT INTO `news` (`header`,`body`,`date`,`userID`) VALUES ('".$_POST['title']."','".$_POST['body']."',"."NOW()".",'".$_SESSION['usrinfoID']."')";
mysql_query($sql);
header('location: ?admintype=news');
}
}
function admin_news_delete(){
if($_POST['send'] == "yes"){
mysql_query("delete from `news` WHERE `NewsID` = '".$_GET['id']."'") or die();
header("location: ?");
}
if($_POST['send'] == "no"){
header("location: ?");
}
}
function admin_news_edit(){
$this->submatch[0] = str_replace("[title]",'title',$this->submatch[0]);
$this->submatch[0] = str_replace("[body]",'body',$this->submatch[0]);
$query = mysql_query("select *, DATE_FORMAT(date, '%d-%m-%y') as date from `news` WHERE `NewsID` = '".$_GET['id']."'");
$result = mysql_fetch_assoc($query) or die(mysql_error());
$this->submatch[0] = str_replace("[news_body]",$result['body'],$this->submatch[0]);
$this->submatch[0] = str_replace("[news_header]",$result['header'],$this->submatch[0]);
if($_POST['send']){
$sql = "UPDATE `news` SET `header` = '".$_POST['title']."', `body` = '".$_POST['body']."' WHERE `NewsID` = '".$_GET['id']."' LIMIT 1";
mysql_query($sql);
header('location: ?admintype=news');
}
}
function admin_news_gui(){
$this->gui = str_replace("[delete]", "?admin=news&adminsub=delete&id=".$this->dbridge->news['NewsID'] ,$this->value[0]);
$this->gui = str_replace("[edit]", "?admin=news&adminsub=edit&id=".$this->dbridge->news['NewsID'] ,$this->gui);
}
function admin_links_add(){
$this->submatch[0] = str_replace("[name]",'name',$this->submatch[0]);
$this->submatch[0] = str_replace("[address]",'address',$this->submatch[0]);
if($_POST['send']){
$sql = "INSERT INTO `links` (`LinkName`,`LinkAddress`) VALUES ('".$_POST['name']."','".$_POST['address']."')";
mysql_query($sql);
header('location: ?');
}
}
function admin_links_delete(){
if($_POST['send'] == "yes"){
mysql_query("delete from `links` WHERE `LinkID` = '".$_GET['id']."'") or die();
header("location: ?");
}
if($_POST['send'] == "no"){
header("location: ?");
}
}
function admin_links_edit(){
$this->submatch[0] = str_replace("[name]",'name',$this->submatch[0]);
$this->submatch[0] = str_replace("[address]",'address',$this->submatch[0]);
$sql = "select * from `links` where `LinkID`='".$_GET['id']."'";
$sql = mysql_query($sql);
$result = mysql_fetch_assoc($sql);
$this->submatch[0] = str_replace("[links_LinkName]",$result['LinkName'],$this->submatch[0]);
$this->submatch[0] = str_replace("[links_LinkAddress]",$result['LinkAddress'],$this->submatch[0]);
if($_POST['send']){
$sql = "UPDATE `links` SET `LinkName` = '".$_POST['name']."', `LinkAddress` = '".$_POST['address']."' WHERE `LinkID` = '".$_GET['id']."' LIMIT 1";
mysql_query($sql) or die(mysql_error());
header('location: ?');
}
}
function admin_links_gui(){
$this->gui = str_replace("[address]", "?admin=".$this->dbridge->linktype['type']."&adminsub=delete&id=".$this->dbridge->linktype['id'] ,$this->value[0]);
$this->gui = str_replace("[editaddress]", "?admin=".$this->dbridge->linktype['type']."&adminsub=edit&id=".$this->dbridge->linktype['id'] ,$this->gui);
}
function admin_users_Create(){
if ($_POST['send']){
mysql_query("INSERT INTO `user` ( `User` , `Pass` , `email` ) VALUES ('".$_POST['usrname']."', '".md5($_POST['passwrd'])."', '".$_POST['usremail']."')");
$usrID = mysql_insert_id();
$query = mysql_query("select * from `admin`");
while($result = mysql_fetch_assoc($query)){
if($_POST['users_'.$result['AID']]){
mysql_query("INSERT INTO `admin_list` ( `AID` , `userID` ) VALUES ( '".$result['AID']."', '".$usrID."')");
}
}
header("location: ?");
}
$this->temp = str_replace("[usrname]",'usrname',$this->submatch[0]);
$this->temp = str_replace("[passwrd]",'passwrd',$this->temp);
$this->temp = str_replace("[usremail]",'usremail',$this->temp);
$this->admin_gui("temp","users");
$this->submatch[0] = $this->temp;
}
function admin_users_gui(){
$query = mysql_query("select * from `admin`");
while($result = mysql_fetch_assoc($query)){
$temp = str_replace("[admin_type]", $result['type'] ,$this->value[0]);
$temp = str_replace("[admintypeID]", "users_".$result['AID'] ,$temp);
$this->gui .= $temp;
}
}
}
class user extends admin {
function links() {
$query = mysql_query("select * from `links` ORDER BY `LinkID` ASC");
while ($result = mysql_fetch_assoc($query)){
$pagetype = strripos($result['LinkAddress'], "?page=");
if($pagetype === false){
$type['type'] = "links";
$type['id'] = $result['LinkID'];
}else{
$pageinfo = mysql_fetch_assoc(mysql_query("select * from `pages` where `PageName` = '".$result['LinkName']."'"));
$type['type'] = "pages";
$type['id'] = $pageinfo['pageID'];
}
$this->databridge("linktype", $type);
$result['LinkAddress'] = str_replace(".","%2e",$result['LinkAddress']);
$this->databridge("links",$result);
$this->render($query,$result);
$this->admin_gui();
}
}
function news(){
if (!$_GET['page'] Xor $_GET['adminsub']){
if($_GET['newspage']){
$page = $_GET['newspage'];
}else{
$page = 1;
}
$query = mysql_query("select *, DATE_FORMAT(date, '%d-%m-%y') as date from `news` ORDER BY NewsID DESC limit ".(($page*5)-5).",5");
$this->temp = $this->match[0];
while ($result = mysql_fetch_assoc($query)){
$usrqry = mysql_query("Select * from `user` where `userID` = '".$result['userID']."'");
$usrez = mysql_fetch_assoc($usrqry);
$this->render($query,$result,1);
$this->render($usrqry,$usrez,1);
$this->databridge("news",$result);
$this->admin_gui("temp");
$this->result .= $this->temp;
$this->temp = $this->match[0];
}
}
unset($this->temp);
}
function news_pages(){
if (!$_GET['page'] Xor $_GET['adminsub']){
$query = mysql_query("select * from `news`");
$data['count'] = mysql_num_rows($query);
$data['pagecount'] = ceil(($data['count'] / 5));
$this->result = $this->match[0];
$this->databridge("newspage",$data);
if($_GET['newspage'] == 1 xor !$_GET['newspage']){
$back = 1;
}
if($this->dbridge->newspage['pagecount'] == 1){
$pl = 1;
}
if($this->dbridge->newspage['pagecount'] <= $_GET['newspage']){
$next = 1;
}
$this->user_gui("backpage",$back);
$this->user_gui("pagelist",$pl);
$this->user_gui("nextpage",$next);
}else{
$this->result = "";
}
}
function news_pages_backpage(){
$this->gui = str_replace("[backpage]", "?newspage=".($_GET['newspage']-1) ,$this->value[0]);
}
function news_pages_pagelist(){
$current = 1;
while ($current <= $this->dbridge->newspage['pagecount']){
$temp = str_replace("[pagenum]", $current ,$this->value[0]);
$this->gui .= str_replace("[pageaddy]", "?newspage=".$current ,$temp);
$current++;
}
}
function news_pages_nextpage(){
if($_GET['newspage']){
$page = $_GET['newspage'];
}else{
$page = 1;
}
$this->gui = str_replace("[nextpage]", "?newspage=".($page+1) ,$this->value[0]);
}
function pages(){
if ($_GET['page']){
$query = mysql_query("SELECT * FROM `pages` WHERE `PageName` = '".$_GET['page']."'");
while ($result = mysql_fetch_assoc($query)){
$this->render($query,$result);
$this->databridge("page",$result);
$this->admin_gui();
}
}
}
function logbox(){
$this->result = $this->match[0];
if (!$_SESSION['usrinfoID']){
$flag = 1;
}else{
$flag = 0;
}
$this->user_gui("success",$flag);
$this->user_gui("start",!$flag);
}
function logbox_start(){
$this->gui = $this->value[0];
}
function logbox_success(){
$sql = "SELECT * FROM `user` WHERE `userID` = '".$_SESSION['usrinfoID']."'";
$query = mysql_query($sql);
$result = mysql_fetch_assoc($query);
$this->gui = str_replace("[username]",$result['User'],$this->value[0]);
$this->gui = str_replace("[logout]",'<a href="?action=logout">LogOut</a>',$this->gui);
}
}
class parse extends user{
protected $data;
protected $match;
protected $rematch;
protected $dynarray;
function __construct(){
//define dbridge as object bridge
$this->dbridge = new bridge();
/*if on a dynamic page element then set the session
variable 'back' to the url variable 'page' so that
when people login to their account they will be
returned to the page they start from.*/
if($_GET['page']){
$_SESSION['back'] = $_GET['page'];
/*else if url variable page is not set or url
variable admin is set then send the user to
the news page. This is useful for when an
pesron in an admin panel logs out they will
be returned to the main page rather than an
error.*/
}else if (!$_GET['page'] Xor $_GET['admin']){
$_SESSION['back'] = "";
}
/*
This checks to see if the main admin menu has set the
admin type if so it has then the url will be passed on
to a session so that it can be used in other parts of the
script.
The next if checks to see if any selection has been made
from the admin sub menu if it has then a admin control
box will pop up else the user will be sent back to the
page he selected the admintype from.
*/
//checks if url variable admin is set
if ($_GET['admin']){
//sets session variable admintype to url variable admin
$_SESSION['admintype'] = $_GET['admin'];
//checks if url variable adminsub is set
if(!$_GET['adminsub']){
//sends admin back to page they came from.
header("location: ?page=".$_SESSION['back']);
}
}
//check if admin return $this->checkresult = 1 if user is admin
//please check admincheck() function in the admin class for more
//information.
$this->admincheck();
/*
Open template file
This file holds all the html used by the parse,user and admin
classes.
*/
$fd = fopen('template/index.html', 'r');
$this->data = fread($fd, filesize('template/index.html'));
fclose($fd);
/*
The regular expression I created for this project does not like
'.' so to combat this I wrote this next line to replace every
'.' with its html equivlent.
*/
$this->data = str_replace(".", ".", $this->data);
/*
Simple set of if statements. Their job isnt all that important
all they do is set the heading of the page which gets printed
out ontop of the main area. Created to ease confusion for the
user as to where they are in the site.
*/
if ($_GET['page']){
$header = $_GET['page'];
}
if (!$_GET['page']){
$header = "news";
}
if ($_GET['adminsub']){
$header = $_SESSION['admintype']."->".$_GET['adminsub'];
}
$this->data = str_replace("[header]", "$header", $this->data);
//Variable where entire ouput of parse is stored.
$this->final = $this->data;
//Make $user an instance of object user
$user = new user();
//get list of functions from object 'user' and the class it extends 'admin'
$dyn = get_class_methods(get_class($user));
/*
Main beef of parse construct
For each function listed in array $dyn it will find tags which match
the functions name, then call the function.
After the function has finished its buissness it will return
$this->result.
another function $this->output will be called which will take the
returned data and place it in the tags that match the function.
*/
foreach ($dyn as $method_name) {
unset($this->rematch);
unset($this->result);
unset($this->temp);
$this->dynfunc = $method_name;
$temp = $this->dynfunc;
preg_match("/<parse=\"$temp\">([^.]+)<\/parse=\"$temp\">/",$this->data,$this->match);
if ($this->match[0]){
$this->$temp();
$this->output();
}
}
}
/*
This method stores data in a object to make moving data around easier.
$this->databridge( string , mixed );
@param1 name of variable you want
@parma2 data you want it to store
Example:
$data = "test";
$this->databridge("data", $data);
print $this->dbridge->data;
Output
test
This saves you having to set heaps of global variables that can some times
be hard to keep track of.
*/
function databridge($name,$var) {
$this->dbridge->$name = $var;
}
/*
User gui method
The purpose of this function is to get the data from <sub> tags
placed in the body of your parse tags process them then dump
return back into the <sub> tags. For more information about
working with tags see the advanced user manual(3.1.0).
$this->user_gui( string , [ integer , string ] );
@param1 part gui function name you wish to call*
@param2 run actual function (0) or send back empty tags(1)**
@param3 setname of variable you want to hold the return***
*This follows a naming structure
current parse function_@param1_gui
So if you wanted to call this function from links you would
make a function called links_myparm_gui then run this function from links
Examplle
$this->user_gui("myparam");
**This is useful for conditional subtags when you only want them show if
a condition is met.
example
if( condition == true) {
$this->("myparam",0);
//places result in <sub="myparam">
}else{
$this->("myparam",1);
//return nothing
}
***Somtimes you dont want to slot the result of this function into the main
global variable just yet for instance if you were to have a subtag within a
subtag sending the result of the second subtag to the main global variable
would cause some problems. So instead you'd want to get the return in the form
of the working variable.
*/
function user_gui($current,$flag = 0,$return = "result") {
if($flag == 0){
//make function name
$func = $this->dynfunc."_".$current;
//find data between <sub> tags and place it into $this->value[0]
preg_match("/<sub=\"$current\">([^.]+)<\/sub=\"$current\">/",$this->$return,$this->value);
//call the function
$this->$func();
//place results of function(stored in $this->gui) into <sub> tags stored in $this->$return
$this->$return = preg_replace("/<sub=\"$current\">([^.]+)<\/sub=\"$current\">/",$this->gui,$this->$return);
//unset global variable $this->gui to help prevent errors
unset($this->gui);
//unset($this->dbridge);
}else{
//return nothing between the tags
$this->$return = preg_replace("/<sub=\"$current\">([^.]+)<\/sub=\"$current\">/","",$this->$return);
}
}
/*finish me
Render, strlist Methods
First of all I'd liket to start off by saying that strlist is for exclusive use of method
I'd recommend against using it for any other part of this project unless called through
the render method.
With that out of the way I can now tell you the purpose of this method. The purpose of
Render is to execute a mysql query and replace template variables in the selected peice
of html with their php cousins. Render has to get all its variables from sql query so
it isnt suited for all senarios. So you will have to do traditional str_replace function.
$this->render( string , [ string , integer ] );
@param1
@param2 run actual function (0) or send back empty tags(1)**
@param3 setname of variable you want to hold the return***
*/
function render ($query,$result = "",$sub = 0){
$table = mysql_field_table($query,0);
$fieldlist = mysql_list_fields($_SESSION['database'], $table);
$fieldnum = mysql_num_fields($fieldlist);
if (!$sub){
$this->temp = $this->match[0];
}
$this->strlist($table,$fieldlist,$result,$temp,$fieldnum);
if (!$sub){
$this->result .= $this->temp;
//unset($this->temp);
}
unset($x);
//unset($this->temp);
}
function strlist($table,$fieldlist,$result,$temp,$fieldnum){
while ($x < $fieldnum){
$field = mysql_field_name($fieldlist,$x);
$this->temp = str_replace('['.$table.'_'.$field.']', str_replace("\n", "<BR/>", $result[$field]),$this->temp);
$x++;
}
//$this->temp = $temp;
}
//This function is simple enough it takes the working variable $this->result and places its data
//and places it data in the parse tags of the current function.
function output(){
$this->final = preg_replace("/<parse=\"".$this->dynfunc."\">([^.]+)<\/parse=\"".$this->dynfunc."\">/",$this->result,$this->final);
}
}
?>
Click to
Download File| DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware. |
More Content Management Code Articles
More By Codewalkers
 developerWorks - FREE Tools!
|
Join this Rational Talks to You teleconference, featuring Paul Boustany and Mark Krasovich, to speak to the experts about becoming a Rational ClearCase power user. Get a chance to ask your questions and learn tips and tricks for using Rational ClearCase in Agile development
FREE! Go There Now!
|
|
|
|
Learn field-tested SOA principles, methodology, technology and implementation from the global SOA market leader - in a new e-book by an IBM SOA expert. Written by IBM Certified SOA Solution Designer Bobby Woolf, "Exploring IBM SOA Technology & Practice" is the ultimate insider's guide to SOA - a PDF e-book packed cover to cover with IBM's specific advice on how to make your SOA implementation a success.
FREE! Go There Now!
|
|
|
|
WebSphere Process Server delivers a unique integration framework that simplifies existing IT resources. Often, as IT assets grow to support business demand, so too does their complexity and manageability. In this webcast, we’ll discuss how WebSphere Process Server helps deliver an SOA infrastructure that provides a common model to orchestrate, mediate, connect, map, and execute the underlying IT functions. Discover how WebSphere Process Server simplifies integration of business processes by leveraging existing IT assets as reusable services without the complexities of traditional integration methodologies.
FREE! Go There Now!
|
|
|
|
Download a free trial version of IBM DB2 9.5 for Linux, UNIX, and Windows. DB2 9 is the result of a five-year development project that transformed traditional (static) database technology into an interactive data server that merges the high performance and ease of use of DB2 with the self-describing benefits of XML.
FREE! Go There Now!
|
|
|
|
Visit IBM developerWorks to download the latest trial version of IBM Data Studio V1.1 at no cost. IBM Data Studio is a comprehensive data management solution that helps you effectively design, develop, deploy and manage your data, databases, and database applications throughout the data management life cycle utilizing a consistent and integrated user interface. Unlike other client-side data management solutions that focus on only one aspect of the application lifecycle or database administration, Data Studio complements the Rational Software Delivery platform, providing unparalleled flexibility for a heterogeneous data server environment across platforms.
FREE! Go There Now!
|
|
|
|
Learn from the best! Find out how developers use Rational ClearCase to be more flexible, innovative and deliver higher quality code in the Rational ClearCase Power Users eKit. This complimentary eKit provides a collection of materials, like articles, whitepapers, and demos that can help you become a power user of Rational ClearCase.
FREE! Go There Now!
|
|
|
|
As systems increase in complexity, communication between systems and software teams becomes more and more difficult. Now, there’s a way to improve product quality and communication.<br />Read the “Model Driven Systems Development” white paper to see how. Also included in this kit are more educational white papers, customer examples, tutorials, informative Webcasts, and best practices for designing, building and managing systems.<br />
FREE! Go There Now!
|
|
|
|
Get a free trial download of the latest version of IBM Rational Performance Tester V7.0.1, a load and performance testing solution for teams concerned about the scalability of their Web-based applications. Combining multiple ease-of-use features with granular detail, Rational Performance Tester simplifies the test-creation, load-generation and data-collection processes that help teams ensure the ability of their applications to accommodate required user loads.
FREE! Go There Now!
|
|
|
|
Whether you are creating new applications or modifying existing ones, managing integration of new components with traditional z/OS elements is a critical part of building and deploying modern applications. Listen to this webcast to see how IBM can help you optimize your development process using an IDE like Rational Developer for System z that integrates with management tools, such as ClearCase to manage your application development on mainframes.
FREE! Go There Now!
|
|
|
|
In this webcast, IBM Rational will discuss the importance of Web application security and will share techniques and best practices to introduce application security testing into current QA processes including: understanding common security vulnerabilities and techniques to integrate security testing with defect tracking and remediation systems in an effort to safeguard sensitive online information.
FREE! Go There Now!
|
|
|
|
All FREE IBM® developerWorks Tools!
|
