disinclined.org / git / dylansserver.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Fixed validation errors
[dylansserver.git] / index.php
1 <?php
2
3 abstract class cms {
4 private $config_file = '/etc/dylanstestserver.ini';
5 protected $db;
6 protected $recaptcha_publickey;
7 protected $recaptcha_privatekey;
8
9 public function __construct() {
10 $config = parse_ini_file($this->config_file, true);
11 $this->db = new mysqli(
12 $config[database]['domain'],
13 $config[database]['user'],
14 $config[database]['password'],
15 $config[database]['database']);
16 if (mysqli_connect_errno()) {
17 echo "Problem connecting to database: ";
18 echo mysqli_connect_error();
19 exit();
20 }
21 $this->recaptcha_publickey = $config[recaptcha]['publickey'];
22 $this->recaptcha_privatekey = $config[recaptcha]['privatekey'];
23 ob_start();
24 }
25
26 public static function determine_type() {
27 if (isset($_GET['page']) && is_numeric($_GET['page'])) {
28 return 'page';
29 } else if (isset($_GET['year'])) {
30 return 'archive';
31 } else if (isset($_GET['note'])) {
32 return 'note';
33 } else if ($_SERVER['REQUEST_URI'] == '/') {
34 return 'index';
35 } else if (isset($_GET['project'])) {
36 return 'project';
37 } else if (isset($_GET['challenge'])) {
38 return 'captcha';
39 }
40
41 }
42
43 public function query() {
44 $args = func_get_args();
45 $statement = $this->db->prepare($args[0]);
46 $args = array_slice($args, 1);
47 call_user_func_array(array($statement, 'bind_param'), &$args);
48 $statement->execute();
49 $return = array();
50 $statement->store_result();
51 $row = array();
52 $data = $statement->result_metadata();
53 $fields = array();
54 $fields[0] = &$statement;
55 while($field = $data->fetch_field()) {
56 $fields[] = &$row[$field->name];
57 }
58 call_user_func_array("mysqli_stmt_bind_result", $fields);
59 $i = 0;
60 while ($statement->fetch()) {
61 foreach ($row as $key=>$value) $return[$i][$key] = $value;
62 $i++;
63 }
64 $statement->free_result();
65 return $return;
66 }
67
68 public function display_head($title = "dylanstestserver",
69 $home_link = "/") {
70 $scripts = "";
71 $stylesheets = "<link href=\"/includes/style.css\" rel=\"stylesheet\" type=\"text/css\">";
72 if (cms::determine_type() == "index") {
73 $scripts = "<script type=\"text/javascript\" src=\"/includes/all.js\"></script>";
74 $home_link = "http://validator.w3.org/unicorn/check?ucn_uri=dylanstestserver.com&amp;ucn_task=conformance#";
75 } else if ($this->determine_type() == 'note') {
76 $scripts = "<script type=\"text/javascript\" src=\"http://www.google.com/recaptcha/api/js/recaptcha_ajax.js\"></script>";
77 $scripts .= "<script type=\"text/javascript\" src=\"/includes/jquery-core.js\"></script>";
78 $scripts .= "<script type=\"text/javascript\" src=\"/includes/jquery-all-components.js\"></script>";
79 $scripts .= "<script type=\"text/javascript\" src=\"/includes/ajax.js\"></script>";
80 }
81 echo <<<END_OF_HEAD
82 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
83 "http://www.w3.org/TR/html4/loose.dtd">
84
85 <html>
86 <head>
87 <meta name="generator" content=
88 "HTML Tidy for Linux (vers 25 March 2009), see www.w3.org">
89 <meta http-equiv="Content-type" content="text/html;charset=UTF-8">
90
91 <title>$title</title>
92 <link rel="icon" href="favicon.ico" type="image/png">
93 $stylesheets
94 $scripts
95 </head>
96
97 <body>
98 <div id="structure">
99 <div id="banner">
100 <a href="$home_link">
101 <img src="/images/dylanstestserver.png" alt="dylanstestserver"
102 border="0"></a>
103 </div>
104
105 <div id="content">
106 END_OF_HEAD;
107 }
108
109 public function display_contact() {
110 echo <<<END_OF_CONTACT
111 <div id="contact_me"><h1><a href=
112 "mailto:dylan@psu.edu">dylan</a></h1><a href=
113 "mailto:dylan@psu.edu">@psu.edu</a>
114 </div>
115 END_OF_CONTACT;
116 }
117
118 public function display_close($show_contact = true) {
119 if ($show_contact) {
120 $this->display_contact();
121 }
122 echo <<<END_OF_CLOSE
123 </div>
124 <br>
125 <br>
126 </div>
127 </body>
128 </html>
129 END_OF_CLOSE;
130 ob_flush();
131 }
132
133 }
134
135
136 class index extends cms {
137 public function display() {
138 $this->display_head();
139 $this->display_exhibits();
140 echo "<ul id=\"portfolio\" style=\"text-align:right\">";
141 $this->list_projects();
142 echo <<<OTHER_PROJECTS
143 <li>
144 <h3>things i've done for others:</h3>
145 </li>
146
147 <li><a href=
148 "http://activehamptons.com">activehamptons.com</a></li>
149
150 <li><a href=
151 "http://transfishing.com">transfishing.com</a></li>
152
153 <li>
154 <h3>something i've worked on:</h3>
155 </li>
156
157 <li><a href=
158 "http://tempositions.com">tempositions.com</a></li>
159
160 <li>
161 <h3>my repositories:</h3>
162 </li>
163
164 <li><a href=
165 "git">git://dylanstestserver.com</a></li>
166
167 <li>
168 <h3>some notes:</h3>
169 </li>
170
171 <li><a href=
172 "/notes/">here</a></li>
173
174 <li>
175 </li>
176 OTHER_PROJECTS;
177 // Because of the CSS necessary for the animations,
178 // the contact link needs to be in #portfolio to clear
179 // the floats.
180 echo "<li>";
181 $this->display_contact();
182 echo "</li>";
183 echo "</ul>";
184 $this->display_close($show_contact = false);
185 }
186
187 protected function display_exhibits() {
188 echo "<div id=\"exhibit\">";
189 $sql = "SELECT text FROM projects";
190 $result = $this->db->query($sql);
191 while ($entry = $result->fetch_object()) {
192 echo $entry->text;
193 }
194 echo "</div>";
195 }
196
197 private function list_projects() {
198 echo <<<HEREDOC
199 <li>
200 <h3>my projects:</h3>
201 </li>
202 HEREDOC;
203 $sql = "SELECT title FROM projects";
204 $result = $this->db->query($sql);
205 while ($entry = $result->fetch_object()) {
206 echo "<li><a class=\"tab\" href=\"$entry->title\">$entry->title</a></li>";
207 }
208 }
209 }
210
211 class project extends index {
212 protected function display_exhibits() {
213 echo "<div id=\"exhibit\">";
214 $sql = "SELECT text FROM projects
215 WHERE title = ?";
216 $result = $this->query($sql, "s", $_GET['project']);
217 if ($result = $result[0]['text']) {
218 $text = str_replace("class=\"exhibit\"", "class=\"exhibit\" style=\"display:block;\"", $result);
219 echo $text;
220 echo "</div>";
221 } else {
222 throw new notFound();
223 }
224 }
225 }
226
227 class page extends cms {
228 private $page = 1;
229 private $offset = 0;
230 private $notes_per_page = 4;
231 private $number_of_pages = 1;
232
233 public function __construct() {
234 parent::__construct();
235 $this->page_offset();
236 }
237
238 private function page_offset() {
239 $sql = "SELECT COUNT(*) FROM notes";
240 $result = $this->db->query($sql);
241 $result = $result->fetch_array();
242 $this->number_of_pages = ceil($result[0] / $this->notes_per_page);
243 if (isset($_GET['page']) && is_numeric($_GET['page'])) {
244 $this->page = (int) $_GET['page'];
245 } else {
246 throw new notFound();
247 }
248 if ($this->page > $this->number_of_pages) {
249 throw new notFound();
250 }
251 if ($this->page < 1) {
252 throw new notFound();
253 }
254 $this->offset = ($this->page - 1) * $this->notes_per_page;
255 }
256
257 public function display() {
258 $this->display_head();
259 echo "<div id=\"notes\">";
260 $sql = "SELECT date_posted, title, url, text
261 FROM notes ORDER BY date_posted DESC
262 LIMIT ?, ?";
263 $result = $this->query($sql, "ii",
264 $this->offset,
265 $this->notes_per_page);
266 foreach ($result as $row => $entry) {
267 $title = $entry['title'];
268 $url = '/note/' . $entry['url'];
269 $date_posted = explode("-", $entry['date_posted']);
270 $year_posted = $date_posted[0];
271 $month_posted = $date_posted[1];
272 $datetime_posted = explode(' ', $date_posted[2]);
273 $day_posted = $datetime_posted[0];
274 echo "<div class=\"note\">";
275 echo "<h2><span style=\"color:grey;\">$year_posted/$month_posted/$day_posted/</span><a href=\"$url\">$title</a></h2>";
276 echo $entry['text'];
277 echo "</div>";
278 }
279 echo "</div>";
280 $this->write_navigation();
281 $this->display_close();
282 }
283
284 private function write_navigation() {
285 echo "<div id=\"navigation\">";
286 echo "<h2>";
287 if($this->page > 1){
288 $previous_page = $this->page - 1;
289 echo "<a href=\"/notes/page/$previous_page\">prev</a>";
290 }
291 if($this->page < $this->number_of_pages) {
292 $forward_page = $this->page + 1;
293 echo " <a href=\"/notes/page/$forward_page\">next</a>";
294 }
295 echo "</h2>";
296 echo "</div>";
297 }
298
299 }
300
301 class note extends cms {
302
303 private $id;
304 private $comments_enabled = false;
305 private $failed_captcha;
306 public $url;
307 public $title;
308 public $year_posted;
309 public $month_posted;
310 public $day_posted;
311 public $text;
312 public $number_of_comments;
313
314 public function __construct($comments_enabled = false) {
315 parent::__construct();
316 $this->comments_enabled = $comments_enabled;
317 $url = htmlspecialchars($_SERVER['REQUEST_URI']);
318 if (isset($_GET['verify'])) {
319 $url = substr($url, 0, (strlen($url)-6));
320 }
321 $this->url = $url;
322 $sql = "SELECT title, date_posted, text, id
323 FROM notes WHERE url = ?";
324 $result = $this->query($sql, "s",
325 $_GET['note']);
326 if ($result) {
327 $entry = $result[0];
328 $this->id = $entry["id"];
329 $this->title = $entry["title"];
330 $date_posted = explode("-", $entry["date_posted"]);
331 $this->year_posted = $date_posted[0];
332 $this->month_posted = $date_posted[1];
333 $datetime_posted = explode(' ', $date_posted[2]);
334 $this->day_posted = $datetime_posted[0];
335 $this->text = $entry["text"];
336 } else {
337 throw new notFound();
338 }
339 $sql = "SELECT COUNT(*) FROM comments
340 WHERE note = $this->id";
341 $result = $this->db->query($sql);
342 $result = $result->fetch_array();
343 $this->number_of_comments = $result[0];
344 if (isset($_GET['verify'])) {
345 $this->verify();
346 }
347 }
348
349 public function display() {
350 $this->display_head();
351 $this->display_note();
352 if ($this->comments_enabled) {
353 $this->display_comments();
354 $this->display_comment_form();
355 }
356 $this->write_navigation();
357 $this->display_close();
358 }
359
360 private function verify() {
361 if (!isset($_POST['captcha'])) {
362 require_once('includes/recaptchalib.php');
363 echo "<br>";
364 $resp = recaptcha_check_answer ($this->recaptcha_privatekey,
365 $_SERVER["REMOTE_ADDR"],
366 $_POST["recaptcha_challenge_field"],
367 $_POST["recaptcha_response_field"]);
368 if (!$resp->is_valid) {
369 $this->failed_captcha = true;
370 }
371 }
372 if (isset($_POST['captcha']) || $resp->is_valid) {
373 $sql = ("INSERT INTO comments (date_posted, author,
374 email, text, note)
375 VALUES(NOW(), ?, ?, ?, ?)");
376 $stmt = $this->db->prepare($sql);
377 // Checks are needed here (no blank text,
378 // and a default author / email need to be set
379 // for no-javascript users.
380 $stmt->bind_param('ssss',
381 htmlspecialchars($_POST['name']),
382 htmlspecialchars($_POST['email']),
383 htmlspecialchars($_POST['text']),
384 $this->id);
385 $stmt->execute();
386 }
387 }
388
389 private function display_note() {
390 echo <<<END_OF_NOTE
391 <div id='note'>
392 <h2><span style='color:grey;'>$this->year_posted/$this->month_posted/$this->day_posted/</span>$this->title</h2>
393 $this->text
394 </div>
395 END_OF_NOTE;
396 }
397
398 private function write_navigation() {
399 echo <<<END_OF_NAVIGATION
400 <br>
401 <div id='navigation'>
402 <h2>
403 END_OF_NAVIGATION;
404 if (!$this->comments_enabled) {
405 $this->display_comment_link();
406 }
407 echo <<<END_OF_NAVIGATION
408 <a href="/notes/">back to notes</a>/
409 </h2>
410 </div>
411 END_OF_NAVIGATION;
412 }
413
414 private function display_comment_link() {
415 if ($this->number_of_comments > 0) {
416 $anchor_text = "comments($this->number_of_comments)/";
417 } else {
418 $anchor_text = "comment?";
419 }
420 if (substr($this->url, (strlen($this->url)-1), strlen($this->url)) == '/') {
421 $url = $this->url . 'comments/';
422 } else {
423 $url = $this->url . '/comments/';
424 }
425 echo "<a id=\"comment_link\" href=\"$url\">$anchor_text</a>";
426 }
427
428 private function display_comments() {
429 echo "<div id=\"comments\">";
430 $sql= "SELECT date_posted, author, email, text
431 FROM comments WHERE note = ?
432 ORDER BY date_posted DESC";
433 $result = $this->query($sql, "d", $this->id);
434 foreach ($result as $row => $entry) {
435 $date_posted = $entry['date_posted'];
436 $author = $entry['author'];
437 $email = $entry['email'];
438 $text = htmlspecialchars($entry['text']);
439 if ($email == '') {
440 $head = "<h3>$author</h3>";
441 } else {
442 $head = "<h3><a href='mailto:$email'>$author</a></h3>";
443 }
444 echo <<<END_OF_COMMENT
445 <div class='comment'>
446 $head
447 $text
448 </div>
449 END_OF_COMMENT;
450 }
451 echo "</div>";
452 }
453
454 private function display_comment_form() {
455 $publickey = $this->recaptcha_publickey;
456 echo <<<END_CAPTCHA_STYLE
457 <script type="text/javascript">
458 Recaptcha.create("$publickey",
459 "recaptcha_div",
460 {
461 theme : 'custom',
462 custom_theme_widget: 'recaptcha_widget',
463 callback: Recaptcha.focus_response_field
464 });
465 </script>
466 END_CAPTCHA_STYLE;
467 require_once('includes/recaptchalib.php');
468 $url = $this->url . "verify";
469 echo "<form id=\"comment_form\" method=\"post\" action=\"$url\">";
470 echo <<<END_OF_FORM
471 <div id="comment">
472 <h3>comment:</h3>
473 <textarea rows="10" cols="70" name="text" id="comment_text"></textarea>
474 <h3>name:</h3>
475 <input type=text name="name" id="comment_name">
476 <h3>email:</h3>
477 <input type=text name="email" id="comment_email"><br>
478
479 <nowiki>
480 <div id="recaptcha_widget">
481 <h3 class="recaptcha_only_if_image"><b>what's this say</b>?</h3>
482 <h3 class="recaptcha_only_if_audio"><b>enter the numbers you hear</b>:</h3>
483 <span style="font-size:80%;">
484 ( <a href="javascript:Recaptcha.reload()">another</a> /
485 <span class="recaptcha_only_if_image"><a href="javascript:Recaptcha.switch_type('audio')">audio</a></span> /
486 <span class="recaptcha_only_if_audio"><a href="javascript:Recaptcha.switch_type('image')">Get an image CAPTCHA</a></span><a href="javascript:Recaptcha.showhelp()">help</a> )
487 </span>
488 <br><br>
489 <input type="text" id="recaptcha_response_field" name="recaptcha_response_field" />
490 <br><br>
491 <div style="float:right;position:relative;width:100px;">
492 <div id="recaptcha_image"></div>
493 </div>
494 <br><br><br><br>
495 </div>
496 END_OF_FORM;
497 echo recaptcha_get_html($this->recaptcha_publickey);
498 if ($this->failed_captcha) {
499 echo <<<END_OF_FORM
500 <span style='font-weight:bold;font-family:sans-serif;color:red;margin-top:15px;'>reCAPTCHA said you're not human,</span>
501 <input id="submit" class="submit" type="submit" value="try again?">
502 </form>
503 </div>
504 END_OF_FORM;
505 } else {
506 echo <<<END_OF_FORM
507 <input id="submit" class="submit" type="submit" value="post comment">
508 </form>
509 </div>
510 END_OF_FORM;
511 }
512 }
513 }
514
515
516 class archive extends cms {
517
518 public function __construct() {
519 parent::__construct();
520 }
521
522 private function check_exists() {
523 $sql = "SELECT COUNT(*) FROM notes
524 WHERE url = ?";
525 $results = $this->query($sql, "s", $_GET['note']);
526 if ($results[0]["COUNT(*)"] != 1) {
527 $this->not_found();
528 }
529 }
530
531 public function display() {
532 // this really needs its own pagination...
533 // there should be a class for that.
534 $this->display_head();
535 switch (true) {
536 case (isset($_GET['year']) && !isset($_GET['month'])
537 && !isset($_GET['day'])):
538 $sql = "SELECT title, url, date_posted, text
539 FROM notes WHERE YEAR(date_posted) = ?
540 ORDER BY date_posted DESC";
541 $result = $this->query($sql, "d",
542 $_GET['year']);
543 break;
544 case (isset($_GET['year']) && isset($_GET['month'])
545 && !isset($_GET['day'])):
546 $sql = "SELECT title, url, date_posted, text
547 FROM notes WHERE YEAR(date_posted) = ?
548 AND MONTH(date_posted) = ?
549 ORDER BY date_posted DESC";
550 $result = $this->query($sql, "dd",
551 $_GET['year'], $_GET['month']);
552 break;
553 case (isset($_GET['year']) && isset($_GET['month'])
554 && isset($_GET['day'])):
555 $sql = "SELECT title, url, date_posted, text
556 FROM notes WHERE YEAR(date_posted) = ?
557 AND MONTH(date_posted) = ?
558 AND DAY(date_posted) = ?
559 ORDER BY date_posted DESC";
560 $result = $this->query($sql, "ddd",
561 $_GET['year'], $_GET['month'],
562 $_GET['day']);
563 break;
564 }
565 if (count($result) >= 1) {
566 echo "<div id=\"notes\">";
567 foreach ($result as $row => $entry) {
568 $title = $entry['title'];
569 $url = '/note/' . $entry['url'];
570 $date_posted = explode("-", $entry['date_posted']);
571 $year_posted = $date_posted[0];
572 $month_posted = $date_posted[1];
573 $datetime_posted = explode(' ', $date_posted[2]);
574 $day_posted = $datetime_posted[0];
575 echo "<div class=\"note\">";
576 echo "<h2><span style=\"color:grey;\">$year_posted/$month_posted/$day_posted/</span><a href=\"$url\">$title</a></h2>";
577 echo $entry['text'];
578 echo "</div>";
579 }
580 echo "</div>";
581 $this->write_navigation();
582 } else {
583 echo "<br>";
584 echo "<h2 style=\"font-family:sans-serif;\">sorry, nothing here</h2>";
585 echo "<pre>Empty set (0.00 sec)</pre>";
586 }
587 $this->display_close();
588 }
589
590 private function write_navigation() {
591 echo "<br>";
592 echo "<div id=\"navigation\">";
593 echo "<h2>";
594 // fill me in!
595 echo "</h2>";
596 echo "</div>";
597 }
598 }
599
600
601 class notFound extends Exception {
602 public function __construct() {
603 header("HTTP/1.0 404 Not Found");
604 ob_end_clean();
605 include("404.php");
606 exit();
607 }
608 }
609
610 class captcha extends cms {
611 public function display() {
612 $challenge = $_GET['challenge'];
613 $response = $_GET['response'];
614 $remoteip = $_SERVER['REMOTE_ADDR'];
615 $curl = curl_init('http://api-verify.recaptcha.net/verify?');
616 curl_setopt ($curl, CURLOPT_POST, 4);
617 curl_setopt ($curl, CURLOPT_POSTFIELDS, "privatekey=$this->recaptcha_privatekey&remoteip=$remoteip&challenge=$challenge&response=$response");
618 $result = curl_exec ($curl);
619 curl_close ($curl);
620 }
621 }
622
623 ## now actually do something:
624 switch (cms::determine_type()) {
625 case "index":
626 $index = new index();
627 $index->display();
628 break;
629 case "project":
630 $project = new project();
631 $project->display();
632 break;
633 case "note":
634 if (isset($_GET['comments'])) {
635 $note = new note($comments_enabled = true);
636 } else {
637 $note = new note;
638 }
639 $note->display();
640 break;
641 case "page":
642 $page = new page;
643 $page->display();
644 break;
645 case "archive":
646 $archive = new archive;
647 $archive->display();
648 break;
649 case "captcha":
650 $captcha = new captcha;
651 $captcha->display();
652 break;
653 }
654
655 ?>
my (old) website