::$status values. * * ARTICLE_STATUS_HIDDEN - Article is hidden (Numeric: 0) * ARTICLE_STATUS_LIVE - Article is visible / live (Numeric: 1) * ARTICLE_STATUS_STICKY - Article is sticky (Numeric: 2) */ define("ARTICLE_STATUS_HIDDEN", 0); define("ARTICLE_STATUS_LIVE", 1); define("ARTICLE_STATUS_STICKY", 2); /* * Class: DoesNotExistError * This Exception is thrown by an ::by_*-constructor or any array-like object if the desired object is not present in the database. */ class DoesNotExistError extends Exception { } /* * Class: AlreadyExistsError * This Exception is thrown by an ::create-constructor or a save-method, if the creation/modification of the object would result in duplicates. */ class AlreadyExistsError extends Exception { } /* * Class: NotAllowedError */ class NotAllowedError extends Exception { } /* * Class: InvalidDataError * Exception that will be thrown, if a object with invalid data (e.g. urlname in this form not allowed) should have been saved / created. * Unless something else is said at a function, the exception message is a translation key. */ class InvalidDataError extends Exception { } abstract class BySQLRowEnabled { protected function __construct() { } abstract protected function populate_by_sqlrow($sqlrow); protected static function by_sqlrow($sqlrow) { $obj = new static(); $obj->populate_by_sqlrow($sqlrow); return $obj; } } /* * Class: KVStorage * An abstract class for a KVStorage. * * See also: * , */ abstract class KVStorage implements Countable, ArrayAccess, Iterator { private $keybuffer; private $counter; private $silent_mode; private $common_vals; private $stmt_get; private $stmt_unset; private $stmt_update; private $stmt_create; final protected function init($sqltable, $common) { $sqltable = sub_prefix($sqltable); $this->silent_mode = false; $this->keybuffer = []; $selector = "WHERE "; $fields = ""; foreach ($common as $field => $val) { $selector .= "`$field` = ? AND "; $fields .= ", `$field`"; $this->common_vals[] = $val; } $this->stmt_get = prep_stmt("SELECT `value` FROM `$sqltable` $selector `key` = ?"); $this->stmt_unset = prep_stmt("DELETE FROM `$sqltable` $selector `key` = ?"); $this->stmt_update = prep_stmt("UPDATE `$sqltable` SET `value` = ? $selector `key` = ?"); $this->stmt_create = prep_stmt("INSERT INTO `$sqltable` (`key`, `value` $fields) VALUES (?,?" . str_repeat(",?", count($common)) . ")"); $get_keys = prep_stmt("SELECT `key` FROM `$sqltable` $selector 1"); $get_keys->execute($this->common_vals); while ($sqlrow = $get_keys->fetch()) { $this->keybuffer[] = $sqlrow["key"]; } $this->counter = 0; } /* * Functions: Silent mode * If the silent mode is enabled, the KVStorage behaves even more like a PHP array, i.e. it just returns NULL, * if a unknown key was requested and does not throw an DoesNotExistError Exception. * * enable_silent_mode - Enable the silent mode. * disable_silent_mode - Disable the silent mode (default). */ final public function enable_silent_mode() { $this->silent_mode = true; } final public function disable_silent_mode() { $this->silent_mode = false; } /* Countable interface implementation */ final public function count() { return count($this->keybuffer); } /* ArrayAccess interface implementation */ final public function offsetExists($offset) { return in_array($offset, $this->keybuffer); } final public function offsetGet($offset) { if ($this->offsetExists($offset)) { $this->stmt_get->execute(array_merge($this->common_vals, [$offset])); $sqlrow = $this->stmt_get->fetch(); $this->stmt_get->closeCursor(); return unserialize(base64_decode($sqlrow["value"])); } elseif ($this->silent_mode) { return null; } else { throw new DoesNotExistError(); } } final public function offsetUnset($offset) { if ($this->offsetExists($offset)) { unset($this->keybuffer[array_search($offset, $this->keybuffer)]); $this->keybuffer = array_merge($this->keybuffer); $this->stmt_unset->execute(array_merge($this->common_vals, [$offset])); $this->stmt_unset->closeCursor(); } } final public function offsetSet($offset, $value) { if ($this->offsetExists($offset)) { $this->stmt_update->execute(array_merge([base64_encode(serialize($value))], $this->common_vals, [$offset])); $this->stmt_update->closeCursor(); } else { $this->stmt_create->execute(array_merge([$offset, base64_encode(serialize($value))], $this->common_vals)); $this->stmt_create->closeCursor(); $this->keybuffer[] = $offset; } } /* Iterator interface implementation */ final public function rewind() { return $this->counter = 0; } final public function current() { return $this->offsetGet($this->keybuffer[$this->counter]); } final public function key() { return $this->keybuffer[$this->counter]; } final public function next() { ++$this->counter; } final public function valid() { return isset($this->keybuffer[$this->counter]); } } /* * Class: User * Data model for Users */ class User extends BySQLRowEnabled { private $id; /* * Variables: Public class properties * * $username - The username. * $pwhash - of the password. * $mail - E-Mail-address. * $fullname - The full name of the user. * $language - Users language */ public $username; public $pwhash; public $mail; public $fullname; public $language; /* * Constructor: create * Creates a new user. * * Parameters: * $username - The username * $pwhash - of the password * * Returns: * An User object * * Throws: * */ public static function create($username, $pwhash) { global $db_con; try { self::by_name($username); } catch (DoesNotExistError $e) { global $ratatoeskr_settings; qdb( "INSERT INTO `PREFIX_users` (`username`, `pwhash`, `mail`, `fullname`, `language`) VALUES (?, ?, '', '', ?)", $username, $pwhash, $ratatoeskr_settings["default_language"] ); $obj = new self(); $obj->id = $db_con->lastInsertId(); $obj->username = $username; $obj->pwhash = $pwhash; $obj->mail = ""; $obj->fullname = ""; $obj->language = $ratatoeskr_settings["default_language"]; return $obj; } throw new AlreadyExistsError("\"$username\" is already in database."); } protected function populate_by_sqlrow($sqlrow) { $this->id = $sqlrow["id"]; $this->username = $sqlrow["username"]; $this->pwhash = $sqlrow["pwhash"]; $this->mail = $sqlrow["mail"]; $this->fullname = $sqlrow["fullname"]; $this->language = $sqlrow["language"]; } /* * Constructor: by_id * Get a User object by ID * * Parameters: * $id - The ID. * * Returns: * An User object. * * Throws: * */ public static function by_id($id) { $stmt = qdb("SELECT `id`, `username`, `pwhash`, `mail`, `fullname`, `language` FROM `PREFIX_users` WHERE `id` = ?", $id); $sqlrow = $stmt->fetch(); if (!$sqlrow) { throw new DoesNotExistError(); } return self::by_sqlrow($sqlrow); } /* * Constructor: by_name * Get a User object by username * * Parameters: * $username - The username. * * Returns: * An User object. * * Throws: * */ public static function by_name($username) { $stmt = qdb("SELECT `id`, `username`, `pwhash`, `mail`, `fullname`, `language` FROM `PREFIX_users` WHERE `username` = ?", $username); $sqlrow = $stmt->fetch(); if (!$sqlrow) { throw new DoesNotExistError(); } return self::by_sqlrow($sqlrow); } /* * Function: all * Returns array of all available users. */ public static function all() { $rv = []; $stmt = qdb("SELECT `id`, `username`, `pwhash`, `mail`, `fullname`, `language` FROM `PREFIX_users` WHERE 1"); while ($sqlrow = $stmt->fetch()) { $rv[] = self::by_sqlrow($sqlrow); } return $rv; } /* * Function: get_id * Returns: * The user ID. */ public function get_id() { return $this->id; } /* * Function: save * Saves the object to database * * Throws: * AlreadyExistsError */ public function save() { $tx = new Transaction(); try { $stmt = qdb("SELECT COUNT(*) AS `n` FROM `PREFIX_users` WHERE `username` = ? AND `id` != ?", $this->username, $this->id); $sqlrow = $stmt->fetch(); if ($sqlrow["n"] > 0) { throw new AlreadyExistsError(); } qdb( "UPDATE `PREFIX_users` SET `username` = ?, `pwhash` = ?, `mail` = ?, `fullname` = ?, `language` = ? WHERE `id` = ?", $this->username, $this->pwhash, $this->mail, $this->fullname, $this->language, $this->id ); $tx->commit(); } catch (Exception $e) { $tx->rollback(); throw $e; } } /* * Function: delete * Deletes the user from the database. * WARNING: Do NOT use this object any longer after you called this function! */ public function delete() { $tx = new Transaction(); try { qdb("DELETE FROM `PREFIX_group_members` WHERE `user` = ?", $this->id); qdb("DELETE FROM `PREFIX_users` WHERE `id` = ?", $this->id); $tx->commit(); } catch (Exception $e) { $tx->rollback(); throw $e; } } /* * Function: get_groups * Returns: * List of all groups where this user is a member (array of objects). */ public function get_groups() { $rv = []; $stmt = qdb("SELECT `a`.`id` AS `id`, `a`.`name` AS `name` FROM `PREFIX_groups` `a` INNER JOIN `PREFIX_group_members` `b` ON `a`.`id` = `b`.`group` WHERE `b`.`user` = ?", $this->id); while ($sqlrow = $stmt->fetch()) { $rv[] = Group::by_sqlrow($sqlrow); } return $rv; } /* * Function: member_of * Checks, if the user is a member of a group. * * Parameters: * $group - A Group object * * Returns: * True, if the user is a member of $group. False, if not. */ public function member_of($group) { $stmt = qdb("SELECT COUNT(*) AS `num` FROM `PREFIX_group_members` WHERE `user` = ? AND `group` = ?", $this->id, $group->get_id()); $sqlrow = $stmt->fetch(); return ($sqlrow["num"] > 0); } } /* * Class: Group * Data model for groups */ class Group extends BySQLRowEnabled { private $id; /* * Variables: Public class properties * * $name - Name of the group. */ public $name; /* * Constructor: create * Creates a new group. * * Parameters: * $name - The name of the group. * * Returns: * An Group object * * Throws: * */ public static function create($name) { global $db_con; try { self::by_name($name); } catch (DoesNotExistError $e) { qdb("INSERT INTO `PREFIX_groups` (`name`) VALUES (?)", $name); $obj = new self(); $obj->id = $db_con->lastInsertId(); $obj->name = $name; return $obj; } throw new AlreadyExistsError("\"$name\" is already in database."); } protected function populate_by_sqlrow($sqlrow) { $this->id = $sqlrow["id"]; $this->name = $sqlrow["name"]; } /* * Constructor: by_id * Get a Group object by ID * * Parameters: * $id - The ID. * * Returns: * A Group object. * * Throws: * */ public static function by_id($id) { $stmt = qdb("SELECT `id`, `name` FROM `PREFIX_groups` WHERE `id` = ?", $id); $sqlrow = $stmt->fetch(); if (!$sqlrow) { throw new DoesNotExistError(); } return self::by_sqlrow($sqlrow); } /* * Constructor: by_name * Get a Group object by name * * Parameters: * $name - The group name. * * Returns: * A Group object. * * Throws: * */ public static function by_name($name) { $stmt = qdb("SELECT `id`, `name` FROM `PREFIX_groups` WHERE `name` = ?", $name); $sqlrow = $stmt->fetch(); if (!$sqlrow) { throw new DoesNotExistError(); } return self::by_sqlrow($sqlrow); } /* * Function: all * Returns array of all groups */ public static function all() { $rv = []; $stmt = qdb("SELECT `id`, `name` FROM `PREFIX_groups` WHERE 1"); while ($sqlrow = $stmt->fetch()) { $rv[] = self::by_sqlrow($sqlrow); } return $rv; } /* * Function: get_id * Returns: * The group ID. */ public function get_id() { return $this->id; } /* * Function: delete * Deletes the group from the database. */ public function delete() { $tx = new Transaction(); try { qdb("DELETE FROM `PREFIX_group_members` WHERE `group` = ?", $this->id); qdb("DELETE FROM `PREFIX_groups` WHERE `id` = ?", $this->id); $tx->commit(); } catch (Exception $e) { $tx->rollback(); throw $e; } } /* * Function: get_members * Get all members of the group. * * Returns: * Array of objects. */ public function get_members() { $rv = []; $stmt = qdb("SELECT `a`.`id` AS `id`, `a`.`username` AS `username`, `a`.`pwhash` AS `pwhash`, `a`.`mail` AS `mail`, `a`.`fullname` AS `fullname`, `a`.`language` AS `language` FROM `PREFIX_users` `a` INNER JOIN `PREFIX_group_members` `b` ON `a`.`id` = `b`.`user` WHERE `b`.`group` = ?", $this->id); while ($sqlrow = $stmt->fetch()) { $rv[] = User::by_sqlrow($sqlrow); } return $rv; } /* * Function: exclude_user * Excludes user from group. * * Parameters: * $user - object. */ public function exclude_user($user) { qdb("DELETE FROM `PREFIX_group_members` WHERE `user` = ? AND `group` = ?", $user->get_id(), $this->id); } /* * Function: include_user * Includes user to group. * * Parameters: * $user - object. */ public function include_user($user) { if (!$user->member_of($this)) { qdb("INSERT INTO `PREFIX_group_members` (`user`, `group`) VALUES (?, ?)", $user->get_id(), $this->id); } } } /* * Class: Translation * A translation. Can only be stored using an object. */ class Translation { /* * Variables: Public class variables. * * $text - The translated text. * $texttype - The type of the text. Has only a meaning in a context. */ public $text; public $texttype; /* * Constructor: __construct * Creates a new Translation object. * IT WILL NOT BE STORED TO DATABASE! * * Parameters: * $text - The translated text. * $texttype - The type of the text. Has only a meaning in a context. * * See also: * */ public function __construct($text, $texttype) { $this->text = $text; $this->texttype = $texttype; } /** * Applies a textprocessor to the text according to texttype. * @param TextprocessorRepository $textprocessors * @return string */ public function applyTextprocessor(TextprocessorRepository $textprocessors): string { return $textprocessors->apply((string)$this->text, (string)$this->texttype); } } /* * Class: Multilingual * Container for objects. * Translations can be accessed array-like. So, if you want the german translation: $translation = $my_multilingual["de"]; * * See also: * */ class Multilingual implements Countable, ArrayAccess, IteratorAggregate { private $translations; private $id; private $to_be_deleted; private $to_be_created; private function __construct() { $this->translations = []; $this->to_be_deleted = []; $this->to_be_created = []; } /* * Function: get_id * Retuurns the ID of the object. */ public function get_id() { return $this->id; } /* * Constructor: create * Creates a new Multilingual object * * Returns: * An Multilingual object. */ public static function create() { global $db_con; $obj = new self(); qdb("INSERT INTO `PREFIX_multilingual` () VALUES ()"); $obj->id = $db_con->lastInsertId(); return $obj; } /* * Constructor: by_id * Gets an Multilingual object by ID. * * Parameters: * $id - The ID. * * Returns: * An Multilingual object. * * Throws: * */ public static function by_id($id) { $obj = new self(); $stmt = qdb("SELECT `id` FROM `PREFIX_multilingual` WHERE `id` = ?", $id); $sqlrow = $stmt->fetch(); if ($sqlrow == false) { throw new DoesNotExistError(); } $obj->id = $id; $stmt = qdb("SELECT `language`, `text`, `texttype` FROM `PREFIX_translations` WHERE `multilingual` = ?", $id); while ($sqlrow = $stmt->fetch()) { $obj->translations[$sqlrow["language"]] = new Translation($sqlrow["text"], $sqlrow["texttype"]); } return $obj; } /* * Function: save * Saves the translations to database. */ public function save() { $tx = new Transaction(); try { foreach ($this->to_be_deleted as $deletelang) { qdb("DELETE FROM `PREFIX_translations` WHERE `multilingual` = ? AND `language` = ?", $this->id, $deletelang); } foreach ($this->to_be_created as $lang) { qdb( "INSERT INTO `PREFIX_translations` (`multilingual`, `language`, `text`, `texttype`) VALUES (?, ?, ?, ?)", $this->id, $lang, $this->translations[$lang]->text, $this->translations[$lang]->texttype ); } foreach ($this->translations as $lang => $translation) { if (!in_array($lang, $this->to_be_created)) { qdb( "UPDATE `PREFIX_translations` SET `text` = ?, `texttype` = ? WHERE `multilingual` = ? AND `language` = ?", $translation->text, $translation->texttype, $this->id, $lang ); } } $this->to_be_deleted = []; $this->to_be_created = []; $tx->commit(); } catch (Exception $e) { $tx->rollback(); throw $e; } } /* * Function: delete * Deletes the data from database. */ public function delete() { $tx = new Transaction(); try { qdb("DELETE FROM `PREFIX_translations` WHERE `multilingual` = ?", $this->id); qdb("DELETE FROM `PREFIX_multilingual` WHERE `id` = ?", $this->id); $tx->commit(); } catch (Exception $e) { $tx->rollback(); throw $e; } } /* Countable interface implementation */ public function count() { return count($this->languages); } /* ArrayAccess interface implementation */ public function offsetExists($offset) { return isset($this->translations[$offset]); } public function offsetGet($offset) { if (isset($this->translations[$offset])) { return $this->translations[$offset]; } else { throw new DoesNotExistError(); } } public function offsetUnset($offset) { unset($this->translations[$offset]); if (in_array($offset, $this->to_be_created)) { unset($this->to_be_created[array_search($offset, $this->to_be_created)]); } else { $this->to_be_deleted[] = $offset; } } public function offsetSet($offset, $value) { if (!isset($this->translations[$offset])) { if (in_array($offset, $this->to_be_deleted)) { unset($this->to_be_deleted[array_search($offset, $this->to_be_deleted)]); } else { $this->to_be_created[] = $offset; } } $this->translations[$offset] = $value; } /* IteratorAggregate interface implementation */ public function getIterator() { return new ArrayIterator($this->translations); } } class SettingsIterator implements Iterator { private $index; private $keys; private $settings_obj; public function __construct($settings_obj, $keys) { $this->index = 0; $this->settings_obj = $settings_obj; $this->keys = $keys; } /* Iterator implementation */ public function current() { return $this->settings_obj[$this->keys[$this->index]]; } public function key() { return $this->keys[$this->index]; } public function next() { ++$this->index; } public function rewind() { $this->index = 0; } public function valid() { return $this->index < count($this->keys); } } /* * Class: Settings * A class that holds the Settings of Ratatöskr. * You can access settings like an array. */ class Settings implements ArrayAccess, IteratorAggregate, Countable { /* Singleton implementation */ private function __copy() { } private static $instance = null; /* * Constructor: get_instance * Get an instance of this class. * All instances are equal (ie. this is a singleton), so you can also use * the global <$ratatoeskr_settings> instance. */ public static function get_instance() { if (self::$instance === null) { self::$instance = new self; } return self::$instance; } private $buffer; private $to_be_deleted; private $to_be_created; private $to_be_updated; private function __construct() { $this->buffer = []; $stmt = qdb("SELECT `key`, `value` FROM `PREFIX_settings_kvstorage` WHERE 1"); while ($sqlrow = $stmt->fetch()) { $this->buffer[$sqlrow["key"]] = unserialize(base64_decode($sqlrow["value"])); } $this->to_be_created = []; $this->to_be_deleted = []; $this->to_be_updated = []; } public function save() { $tx = new Transaction(); try { foreach ($this->to_be_deleted as $k) { qdb("DELETE FROM `PREFIX_settings_kvstorage` WHERE `key` = ?", $k); } foreach ($this->to_be_updated as $k) { qdb("UPDATE `PREFIX_settings_kvstorage` SET `value` = ? WHERE `key` = ?", base64_encode(serialize($this->buffer[$k])), $k); } foreach ($this->to_be_created as $k) { qdb("INSERT INTO `PREFIX_settings_kvstorage` (`key`, `value`) VALUES (?, ?)", $k, base64_encode(serialize($this->buffer[$k]))); } $this->to_be_created = []; $this->to_be_deleted = []; $this->to_be_updated = []; $tx->commit(); } catch (Exception $e) { $tx->rollback(); throw $e; } } /* ArrayAccess implementation */ public function offsetExists($offset) { return isset($this->buffer[$offset]); } public function offsetGet($offset) { return $this->buffer[$offset]; } public function offsetSet($offset, $value) { if (!$this->offsetExists($offset)) { if (in_array($offset, $this->to_be_deleted)) { $this->to_be_updated[] = $offset; unset($this->to_be_deleted[array_search($offset, $this->to_be_deleted)]); } else { $this->to_be_created[] = $offset; } } elseif ((!in_array($offset, $this->to_be_created)) and (!in_array($offset, $this->to_be_updated))) { $this->to_be_updated[] = $offset; } $this->buffer[$offset] = $value; } public function offsetUnset($offset) { if (in_array($offset, $this->to_be_created)) { unset($this->to_be_created[array_search($offset, $this->to_be_created)]); } else { $this->to_be_deleted[] = $offset; } unset($this->buffer[$offset]); } /* IteratorAggregate implementation */ public function getIterator() { return new SettingsIterator($this, array_keys($this->buffer)); } /* Countable implementation */ public function count() { return count($this->buffer); } } $ratatoeskr_settings = Settings::get_instance(); /* * Class: PluginKVStorage * A Key-Value-Storage for Plugins * Can be accessed like an array. * Keys are strings and Values can be everything serialize() can process. * * Extends the abstract class. */ class PluginKVStorage extends KVStorage { /* * Constructor: __construct * * Parameters: * $plugin_id - The ID of the Plugin. */ public function __construct($plugin_id) { $this->init("PREFIX_plugin_kvstorage", ["plugin" => $plugin_id]); } } /* * Class: Comment * Representing a user comment */ class Comment extends BySQLRowEnabled { private $id; private $article_id; private $language; private $timestamp; /* * Variables: Public class variables. * * $author_name - Name of comment author. * $author_mail - E-Mail of comment author. * $text - Comment text. * $visible - Should the comment be visible? * $read_by_admin - Was the comment read by an admin. */ public $author_name; public $author_mail; public $text; public $visible; public $read_by_admin; /* * Functions: Getters * * get_id - Gets the comment ID. * get_article - Gets the article. * get_language - Gets the language. * get_timestamp - Gets the timestamp. */ public function get_id() { return $this->id; } public function get_article() { return Article::by_id($this->article_id); } public function get_language() { return $this->language; } public function get_timestamp() { return $this->timestamp; } /* * Constructor: create * Creates a new comment. * Automatically sets the $timestamp and $visible (default from setting "comment_visible_default"). * * Parameters: * $article - An

Object. * $language - Which language? (see ) */ public static function create($article, $language) { global $ratatoeskr_settings; global $db_con; $obj = new self(); $obj->timestamp = time(); qdb( "INSERT INTO `PREFIX_comments` (`article`, `language`, `author_name`, `author_mail`, `text`, `timestamp`, `visible`, `read_by_admin`) VALUES (?, ?, '', '', '', ?, ?, 0)", $article->get_id(), $language, $obj->timestamp, $ratatoeskr_settings["comment_visible_default"] ? 1 : 0 ); $obj->id = $db_con->lastInsertId(); $obj->article_id = $article->get_id(); $obj->language = $language; $obj->author_name = ""; $obj->author_mail = ""; $obj->text = ""; $obj->visible = $ratatoeskr_settings["comment_visible_default"]; $obj->read_by_admin = false; return $obj; } protected function populate_by_sqlrow($sqlrow) { $this->id = $sqlrow["id"]; $this->article_id = $sqlrow["article"]; $this->language = $sqlrow["language"]; $this->author_name = $sqlrow["author_name"]; $this->author_mail = $sqlrow["author_mail"]; $this->text = $sqlrow["text"]; $this->timestamp = $sqlrow["timestamp"]; $this->visible = $sqlrow["visible"] == 1; $this->read_by_admin = $sqlrow["read_by_admin"] == 1; } /* * Constructor: by_id * Gets a Comment by ID. * * Parameters: * $id - The comments ID. * * Throws: * */ public static function by_id($id) { $stmt = qdb("SELECT `id`, `article`, `language`, `author_name`, `author_mail`, `text`, `timestamp`, `visible`, `read_by_admin` FROM `PREFIX_comments` WHERE `id` = ?", $id); $sqlrow = $stmt->fetch(); if ($sqlrow === false) { throw new DoesNotExistError(); } return self::by_sqlrow($sqlrow); } /* * Constructor: all * Get all comments * * Returns: * Array of Comment objects */ public static function all() { $rv = []; $stmt = qdb("SELECT `id`, `article`, `language`, `author_name`, `author_mail`, `text`, `timestamp`, `visible`, `read_by_admin` FROM `PREFIX_comments` WHERE 1"); while ($sqlrow = $stmt->fetch()) { $rv[] = self::by_sqlrow($sqlrow); } return $rv; } /** * Creates the HTML representation of a comment text. It applies the page's comment textprocessor on it * and filters some potentially harmful tags using kses. * * @param string $text Text to HTMLize. * @return string HTML code. */ public static function htmlize_comment_text($text, ?TextprocessorRepository $textprocessors = null) { global $ratatoeskr_settings; $textprocessors = $textprocessors ?? Env::getGlobal()->textprocessors(); return kses($textprocessors->mustApply($text, $ratatoeskr_settings["comment_textprocessor"]), [ "a" => ["href" => 1, "hreflang" => 1, "title" => 1, "rel" => 1, "rev" => 1], "b" => [], "i" => [], "u" => [], "strong" => [], "em" => [], "p" => ["align" => 1], "br" => [], "abbr" => [], "acronym" => [], "code" => [], "pre" => [], "blockquote" => ["cite" => 1], "h1" => [], "h2" => [], "h3" => [], "h4" => [], "h5" => [], "h6" => [], "img" => ["src" => 1, "alt" => 1, "width" => 1, "height" => 1], "s" => [], "q" => ["cite" => 1], "samp" => [], "ul" => [], "ol" => [], "li" => [], "del" => [], "ins" => [], "dl" => [], "dd" => [], "dt" => [], "dfn" => [], "div" => [], "dir" => [], "kbd" => ["prompt" => 1], "strike" => [], "sub" => [], "sup" => [], "table" => ["style" => 1], "tbody" => [], "thead" => [], "tfoot" => [], "tr" => [], "td" => ["colspan" => 1, "rowspan" => 1], "th" => ["colspan" => 1, "rowspan" => 1], "tt" => [], "var" => [] ]); } /* * Function: create_html * Applys onto this comment's text. * * Returns: * The HTML representation. */ public function create_html() { return self::htmlize_comment_text($this->text); } /* * Function: save * Save changes to database. */ public function save() { qdb( "UPDATE `PREFIX_comments` SET `author_name` = ?, `author_mail` = ?, `text` = ?, `visible` = ?, `read_by_admin` = ? WHERE `id` = ?", $this->author_name, $this->author_mail, $this->text, ($this->visible ? 1 : 0), ($this->read_by_admin ? 1 : 0), $this->id ); } /* * Function: delete */ public function delete() { qdb("DELETE FROM `PREFIX_comments` WHERE `id` = ?", $this->id); } } /* * Class: Style * Represents a Style */ class Style extends BySQLRowEnabled { private $id; /* * Variables: Public class variables. * * $name - The name of the style. * $code - The CSS code. */ public $name; public $code; protected function populate_by_sqlrow($sqlrow) { $this->id = $sqlrow["id"]; $this->name = $sqlrow["name"]; $this->code = $sqlrow["code"]; } /* * Function: test_name * Test, if a name is a valid Style name. * * Parameters: * $name - The name to test * * Returns: * True, if the name is a valid style name, False if not. */ public static function test_name($name) { return preg_match("/^[a-zA-Z0-9\\-_\\.]+$/", $name) == 1; } /* * Function: get_id */ public function get_id() { return $this->id; } /* * Constructor: create * Create a new style. * * Parameters: * $name - A name for the new style. * * Throws: * */ public static function create($name) { global $db_con; if (!self::test_name($name)) { throw new InvalidDataError("invalid_style_name"); } try { self::by_name($name); } catch (DoesNotExistError $e) { $obj = new self(); $obj->name = $name; $obj->code = ""; qdb("INSERT INTO `PREFIX_styles` (`name`, `code`) VALUES (?, '')", $name); $obj->id = $db_con->lastInsertId(); return $obj; } throw new AlreadyExistsError(); } /* * Constructor: by_id * Gets a Style object by ID. * * Parameters: * $id - The ID * * Throws: * */ public static function by_id($id) { $stmt = qdb("SELECT `id`, `name`, `code` FROM `PREFIX_styles` WHERE `id` = ?", $id); $sqlrow = $stmt->fetch(); if (!$sqlrow) { throw new DoesNotExistError(); } return self::by_sqlrow($sqlrow); } /* * Constructor: by_name * Gets a Style object by name. * * Parameters: * $name - The name. * * Throws: * */ public static function by_name($name) { $stmt = qdb("SELECT `id`, `name`, `code` FROM `PREFIX_styles` WHERE `name` = ?", $name); $sqlrow = $stmt->fetch(); if (!$sqlrow) { throw new DoesNotExistError(); } return self::by_sqlrow($sqlrow); } /* * Constructor: all * Get all styles * * Returns: * Array of Style objects */ public static function all() { $rv = []; $stmt = qdb("SELECT `id`, `name`, `code` FROM `PREFIX_styles` WHERE 1"); while ($sqlrow = $stmt->fetch()) { $rv[] = self::by_sqlrow($sqlrow); } return $rv; } /* * Function: save * Save changes to database. * * Throws: * */ public function save() { if (!self::test_name($this->name)) { throw new InvalidDataError("invalid_style_name"); } $tx = new Transaction(); try { $stmt = qdb("SELECT COUNT(*) AS `n` FROM `PREFIX_styles` WHERE `name` = ? AND `id` != ?", $this->name, $this->id); $sqlrow = $stmt->fetch(); if ($sqlrow["n"] > 0) { throw new AlreadyExistsError(); } qdb( "UPDATE `PREFIX_styles` SET `name` = ?, `code` = ? WHERE `id` = ?", $this->name, $this->code, $this->id ); $tx->commit(); } catch (Exception $e) { $tx->rollback(); throw $e; } } /* * Function: delete */ public function delete() { $tx = new Transaction(); try { qdb("DELETE FROM `PREFIX_styles` WHERE `id` = ?", $this->id); qdb("DELETE FROM `PREFIX_section_style_relations` WHERE `style` = ?", $this->id); $tx->commit(); } catch (Exception $e) { $tx->rollback(); throw $e; } } } /* * Class: Plugin * The representation of a plugin in the database. */ class Plugin extends BySQLRowEnabled { private $id; /* * Variables: Public class variables. * * $name - Plugin name. * $code - Plugin code. * $classname - Main class of the plugin. * $active - Is the plugin activated? * $author - Author of the plugin. * $versiontext - Version (text) * $versioncount - Version (counter) * $short_description - A short description. * $updatepath - URL for updates. * $web - Webpage of the plugin. * $help - Help page. * $license - License text. * $installed - Is this plugin installed? Used during the installation process. * $update - Should the plugin be updated at next start? * $api - The API version this Plugin needs. */ public $name; public $code; public $classname; public $active; public $author; public $versiontext; public $versioncount; public $short_description; public $updatepath; public $web; public $help; public $license; public $installed; public $update; public $api; /* * Function: clean_db * Performs some datadase cleanup jobs on the plugin table. */ public static function clean_db() { qdb("DELETE FROM `PREFIX_plugins` WHERE `installed` = 0 AND `added` < ?", (time() - (60*5))); } /* * Function: get_id */ public function get_id() { return $this->id; } /* * Constructor: create * Creates a new, empty plugin database entry */ public static function create() { global $db_con; $obj = new self(); qdb("INSERT INTO `PREFIX_plugins` (`added`) VALUES (?)", time()); $obj->id = $db_con->lastInsertId(); return $obj; } /* * Function: fill_from_pluginpackage * Fills plugin data from an object. * * Parameters: * $pkg - The object. */ public function fill_from_pluginpackage($pkg) { $this->name = $pkg->name; $this->code = $pkg->code; $this->classname = $pkg->classname; $this->author = $pkg->author; $this->versiontext = $pkg->versiontext; $this->versioncount = $pkg->versioncount; $this->short_description = $pkg->short_description; $this->updatepath = $pkg->updatepath; $this->web = $pkg->web; $this->license = $pkg->license; $this->help = $pkg->help; $this->api = $pkg->api; if (!empty($pkg->custompub)) { array2dir($pkg->custompub, dirname(__FILE__) . "/../plugin_extradata/public/" . $this->get_id()); } if (!empty($pkg->custompriv)) { array2dir($pkg->custompriv, dirname(__FILE__) . "/../plugin_extradata/private/" . $this->get_id()); } if (!empty($pkg->tpls)) { array2dir($pkg->tpls, dirname(__FILE__) . "/../templates/src/plugintemplates/" . $this->get_id()); } } protected function populate_by_sqlrow($sqlrow) { $this->id = $sqlrow["id"]; $this->name = $sqlrow["name"]; $this->code = $sqlrow["code"]; $this->classname = $sqlrow["classname"]; $this->active = ($sqlrow["active"] == 1); $this->author = $sqlrow["author"]; $this->versiontext = $sqlrow["versiontext"]; $this->versioncount = $sqlrow["versioncount"]; $this->short_description = $sqlrow["short_description"]; $this->updatepath = $sqlrow["updatepath"]; $this->web = $sqlrow["web"]; $this->help = $sqlrow["help"]; $this->license = $sqlrow["license"]; $this->installed = ($sqlrow["installed"] == 1); $this->update = ($sqlrow["update"] == 1); $this->api = $sqlrow["api"]; } /* * Constructor: by_id * Gets plugin by ID. * * Parameters: * $id - The ID * * Throws: * */ public static function by_id($id) { $stmt = qdb("SELECT `id`, `name`, `author`, `versiontext`, `versioncount`, `short_description`, `updatepath`, `web`, `help`, `code`, `classname`, `active`, `license`, `installed`, `update`, `api` FROM `PREFIX_plugins` WHERE `id` = ?", $id); $sqlrow = $stmt->fetch(); if ($sqlrow === false) { throw new DoesNotExistError(); } return self::by_sqlrow($sqlrow); } /* * Constructor: all * Gets all Plugins * * Returns: * List of objects. */ public static function all() { $rv = []; $stmt = qdb("SELECT `id`, `name`, `author`, `versiontext`, `versioncount`, `short_description`, `updatepath`, `web`, `help`, `code`, `classname`, `active`, `license`, `installed`, `update`, `api` FROM `PREFIX_plugins` WHERE 1"); while ($sqlrow = $stmt->fetch()) { $rv[] = self::by_sqlrow($sqlrow); } return $rv; } /* * Function: save */ public function save() { qdb( "UPDATE `PREFIX_plugins` SET `name` = ?, `author` = ?, `code` = ?, `classname` = ?, `active` = ?, `versiontext` = ?, `versioncount` = ?, `short_description` = ?, `updatepath` = ?, `web` = ?, `help` = ?, `installed` = ?, `update` = ?, `license` = ?, `api` = ? WHERE `id` = ?", $this->name, $this->author, $this->code, $this->classname, ($this->active ? 1 : 0), $this->versiontext, $this->versioncount, $this->short_description, $this->updatepath, $this->web, $this->help, ($this->installed ? 1 : 0), ($this->update ? 1 : 0), $this->license, $this->api, $this->id ); } /* * Function: delete */ public function delete() { $tx = new Transaction(); try { qdb("DELETE FROM `PREFIX_plugins` WHERE `id` = ?", $this->id); qdb("DELETE FROM `PREFIX_plugin_kvstorage` WHERE `plugin` = ?", $this->id); qdb("DELETE FROM `PREFIX_article_extradata` WHERE `plugin` = ?", $this->id); $tx->commit(); } catch (Exception $e) { $tx->rollback(); throw $e; } if (is_dir(SITE_BASE_PATH . "/ratatoeskr/plugin_extradata/private/" . $this->id)) { delete_directory(SITE_BASE_PATH . "/ratatoeskr/plugin_extradata/private/" . $this->id); } if (is_dir(SITE_BASE_PATH . "/ratatoeskr/plugin_extradata/public/" . $this->id)) { delete_directory(SITE_BASE_PATH . "/ratatoeskr/plugin_extradata/public/" . $this->id); } if (is_dir(SITE_BASE_PATH . "/ratatoeskr/templates/src/plugintemplates/" . $this->id)) { delete_directory(SITE_BASE_PATH . "/ratatoeskr/templates/src/plugintemplates/" . $this->id); } } /* * Function get_kvstorage * Get the KeyValue Storage for the plugin. * * Returns: * An object. */ public function get_kvstorage() { return new PluginKVStorage($this->id); } } /* * Class: Section * Representing a section */ class Section extends BySQLRowEnabled { private $id; /* * Variables: Public class variables * * $name - The name of the section. * $title - The title of the section (a object). * $template - Name of the template. */ public $name; public $title; public $template; protected function populate_by_sqlrow($sqlrow) { $this->id = $sqlrow["id"]; $this->name = $sqlrow["name"]; $this->title = Multilingual::by_id($sqlrow["title"]); $this->template = $sqlrow["template"]; } /* * Function: test_name * Tests, if a name is a valid section name. * * Parameters: * $name - The name to test. * * Returns: * True, if the name is a valid section name, False otherwise. */ public static function test_name($name) { return preg_match("/^[a-zA-Z0-9\\-_]+$/", $name) != 0; } /* * Function: get_id */ public function get_id() { return $this->id; } /* * Constructor: create * Creates a new section. * * Parameters: * $name - The name of the new section. * * Throws: * , */ public static function create($name) { global $db_con; if (!self::test_name($name)) { throw new InvalidDataError("invalid_section_name"); } try { self::by_name($name); } catch (DoesNotExistError $e) { $obj = new self(); $obj->name = $name; $obj->title = Multilingual::create(); $obj->template = ""; qdb("INSERT INTO `PREFIX_sections` (`name`, `title`, `template`) VALUES (?, ?, '')", $name, $obj->title->get_id()); $obj->id = $db_con->lastInsertId(); return $obj; } throw new AlreadyExistsError(); } /* * Constructor: by_id * Gets section by ID. * * Parameters: * $id - The ID. * * Returns: * A

object. * * Throws: * */ public static function by_id($id) { $stmt = qdb("SELECT `id`, `name`, `title`, `template` FROM `PREFIX_sections` WHERE `id` = ?", $id); $sqlrow = $stmt->fetch(); if ($sqlrow === false) { throw new DoesNotExistError(); } return self::by_sqlrow($sqlrow); } /* * Constructor: by_name * Gets section by name. * * Parameters: * $name - The name. * * Returns: * A

object. * * Throws: * */ public static function by_name($name) { $stmt = qdb("SELECT `id`, `name`, `title`, `template` FROM `PREFIX_sections` WHERE `name` = ?", $name); $sqlrow = $stmt->fetch(); if ($sqlrow === false) { throw new DoesNotExistError(); } return self::by_sqlrow($sqlrow); } /* * Constructor: all * Gets all sections. * * Returns: * Array of Section objects. */ public static function all() { $rv = []; $stmt = qdb("SELECT `id`, `name`, `title`, `template` FROM `PREFIX_sections` WHERE 1"); while ($sqlrow = $stmt->fetch()) { $rv[] = self::by_sqlrow($sqlrow); } return $rv; } /* * Function: get_styles * Get all styles associated with this section. * * Returns: * List of