X-Git-Url: https://disinclined.org/git/?a=blobdiff_plain;f=index.php;h=55986790efb50816b95c9912f18cd767a11a46a2;hb=c30849c73508b5a0168b6559b9935115186a20c7;hp=0f23b809a0fe5c7f9e3e57d77e2732d19e869946;hpb=f7025d5e13262ba32a86b04ced7a3ed47cf70f18;p=dylansserver.git diff --git a/index.php b/index.php index 0f23b80..5598679 100644 --- a/index.php +++ b/index.php @@ -3,32 +3,41 @@ abstract class cms { private $config_file = '/etc/dylanstestserver.ini'; protected $db; + protected $recaptcha_publickey; + protected $recaptcha_privatekey; public function __construct() { - $config = parse_ini_file($this->config_file); + $config = parse_ini_file($this->config_file, true); $this->db = new mysqli( - $config['domain'], - $config['user'], - $config['password'], - $config['database']); + $config[database]['domain'], + $config[database]['user'], + $config[database]['password'], + $config[database]['database']); if (mysqli_connect_errno()) { echo "Problem connecting to database: "; echo mysqli_connect_error(); exit(); } + $this->recaptcha_publickey = $config[recaptcha]['publickey']; + $this->recaptcha_privatekey = $config[recaptcha]['privatekey']; ob_start(); } public static function determine_type() { if (isset($_GET['page']) && is_numeric($_GET['page'])) { return 'page'; + } else if (isset($_GET['year'])) { + return 'archive'; } else if (isset($_GET['note'])) { return 'note'; } else if ($_SERVER['REQUEST_URI'] == '/') { return 'index'; } else if (isset($_GET['project'])) { return 'project'; + } else if (isset($_GET['challenge'])) { + return 'captcha'; } + } public function query() { @@ -49,7 +58,7 @@ abstract class cms { call_user_func_array("mysqli_stmt_bind_result", $fields); $i = 0; while ($statement->fetch()) { - foreach ($row as $key1=>$value1) $return[$i][$key1] = $value1; + foreach ($row as $key=>$value) $return[$i][$key] = $value; $i++; } $statement->free_result(); @@ -60,9 +69,14 @@ abstract class cms { $home_link = "/") { $scripts = ""; $stylesheets = ""; - if (cms::determine_type() == "index") { + if ($this->determine_type() == "index") { $scripts = ""; + $scripts .= ""; + $scripts .= ""; + $scripts .= ""; } echo <<

dylan

@psu.edu +END_OF_CONTACT; + } + + public function display_close($show_contact = true) { + if ($show_contact) { + $this->display_contact(); + } + echo <<

@@ -111,6 +133,10 @@ END_OF_CLOSE; } +class blank_page extends cms { + +} + class index extends cms { public function display() { $this->display_head(); @@ -151,9 +177,13 @@ class index extends cms {
    • - OTHER_PROJECTS; - $this->display_close(); + // Because of the CSS necessary for the animations, + // the contact link needs to be in #portfolio to clear + // the floats. + $this->display_contact(); + echo ""; + $this->display_close($show_contact = false); } protected function display_exhibits() { @@ -273,9 +303,220 @@ class page extends cms { class note extends cms { + private $id; + private $comments_enabled = false; + private $failed_captcha; + public $url; + public $title; + public $year_posted; + public $month_posted; + public $day_posted; + public $text; + public $number_of_comments; + + public function __construct($comments_enabled = false) { + parent::__construct(); + $this->comments_enabled = $comments_enabled; + $url = htmlspecialchars($_SERVER['REQUEST_URI']); + if (isset($_GET['verify'])) { + $url = substr($url, 0, (strlen($url)-6)); + } + $this->url = $url; + $sql = "SELECT title, date_posted, text, id + FROM notes WHERE url = ?"; + $result = $this->query($sql, "s", + $_GET['note']); + if ($result) { + $entry = $result[0]; + $this->id = $entry["id"]; + $this->title = $entry["title"]; + $date_posted = explode("-", $entry["date_posted"]); + $this->year_posted = $date_posted[0]; + $this->month_posted = $date_posted[1]; + $datetime_posted = explode(' ', $date_posted[2]); + $this->day_posted = $datetime_posted[0]; + $this->text = $entry["text"]; + } else { + throw new notFound(); + } + $sql = "SELECT COUNT(*) FROM comments + WHERE note = $this->id"; + $result = $this->db->query($sql); + $result = $result->fetch_array(); + $this->number_of_comments = $result[0]; + if (isset($_GET['verify'])) { + $this->verify(); + } + } + + public function display() { + $this->display_head(); + $this->display_note(); + if ($this->comments_enabled) { + $this->display_comments(); + $this->display_comment_form(); + } + $this->write_navigation(); + $this->display_close(); + } + + private function verify() { + if (!isset($_POST['captcha'])) { + require_once('includes/recaptchalib.php'); + echo "
    "; + $resp = recaptcha_check_answer ($this->recaptcha_privatekey, + $_SERVER["REMOTE_ADDR"], + $_POST["recaptcha_challenge_field"], + $_POST["recaptcha_response_field"]); + if (!$resp->is_valid) { + $this->failed_captcha = true; + } + } + if (isset($_POST['captcha']) || $resp->is_valid) { + $sql = ("INSERT INTO comments (date_posted, author, + email, text, note) + VALUES(NOW(), ?, ?, ?, ?)"); + $stmt = $this->db->prepare($sql); + // Checks are needed here (no blank text, + // and a default author / email need to be set + // for no-javascript users. + $stmt->bind_param('ssss', + htmlspecialchars($_POST['name']), + htmlspecialchars($_POST['email']), + htmlspecialchars($_POST['text']), + $this->id); + $stmt->execute(); + } + } + + private function display_note() { + echo "
    "; + echo "

    $this->year_posted/$this->month_posted/$this->day_posted/$this->title

    "; + echo $this->text; + } + + private function write_navigation() { + echo << +
    +

    +END_OF_NAVIGATION; + if (!$this->comments_enabled) { + $this->display_comment_link(); + } + echo <<notes/ +

    +
    +END_OF_NAVIGATION; + } + + private function display_comment_link() { + if ($this->number_of_comments > 0) { + $anchor_text = "comments ($this->number_of_comments)"; + } else { + $anchor_text = "comment?"; + } + if (substr($this->url, (strlen($this->url)-1), strlen($this->url)) == '/') { + $url = $this->url . 'comments/'; + } else { + $url = $this->url . '/comments/'; + } + echo "$anchor_text"; + } + + private function display_comments() { + echo "
    "; + $sql= "SELECT date_posted, author, email, text + FROM comments WHERE note = ? + ORDER BY date_posted DESC"; + $result = $this->query($sql, "d", $this->id); + foreach ($result as $row => $entry) { + $date_posted = $entry['date_posted']; + $author = $entry['author']; + $email = $entry['email']; + $text = htmlspecialchars($entry['text']); + if ($email == '') { + $head = "

    $author

    "; + } else { + $head = "

    $author

    "; + } + echo << + $head + $text +
    +END_OF_COMMENT; + } + echo "
    "; + } + + private function display_comment_form() { + $publickey = $this->recaptcha_publickey; + echo << +Recaptcha.create("$publickey", + "recaptcha_div", + { + theme : 'custom', + custom_theme_widget: 'recaptcha_widget', + callback: Recaptcha.focus_response_field + }); + +END_CAPTCHA_STYLE; + require_once('includes/recaptchalib.php'); + $url = $this->url . "verify"; + echo "
    "; + echo << +

    comment:

    + +

    name:

    + +

    email:

    +
    + + +
    +

    what's this say?

    +

    enter the numbers you hear:

    + + ( another / + audio / + Get an image CAPTCHAhelp ) + +

    + +

    +
    +
    +
    +



    +
    +END_OF_FORM; + echo recaptcha_get_html($this->recaptcha_publickey); + if ($this->failed_captcha) { + echo <<reCAPTCHA said you're not human, + + + +END_OF_FORM; + } else { + echo << + + +END_OF_FORM; + } + } +} + + +class archive extends cms { + public function __construct() { parent::__construct(); - $this->check_exists(); } private function check_exists() { @@ -283,27 +524,66 @@ class note extends cms { WHERE url = ?"; $results = $this->query($sql, "s", $_GET['note']); if ($results[0]["COUNT(*)"] != 1) { - throw new notFound(); + $this->not_found(); } } public function display() { + // this really needs its own pagination... + // there should be a class for that. $this->display_head(); - $sql = "SELECT title, date_posted, text - FROM notes WHERE url = ?"; - $result = $this->query($sql, "s", - $_GET['note']); - $entry = $result[0]; - $title = $entry["title"]; - $date_posted = explode("-", $entry["date_posted"]); - $year_posted = $date_posted[0]; - $month_posted = $date_posted[1]; - $datetime_posted = explode(' ', $date_posted[2]); - $day_posted = $datetime_posted[0]; - echo "
    "; - echo "

    $year_posted/$month_posted/$day_posted/$title

    "; - echo $entry['text']; - $this->write_navigation(); + switch (true) { + case (isset($_GET['year']) && !isset($_GET['month']) + && !isset($_GET['day'])): + $sql = "SELECT title, url, date_posted, text + FROM notes WHERE YEAR(date_posted) = ? + ORDER BY date_posted DESC"; + $result = $this->query($sql, "d", + $_GET['year']); + break; + case (isset($_GET['year']) && isset($_GET['month']) + && !isset($_GET['day'])): + $sql = "SELECT title, url, date_posted, text + FROM notes WHERE YEAR(date_posted) = ? + AND MONTH(date_posted) = ? + ORDER BY date_posted DESC"; + $result = $this->query($sql, "dd", + $_GET['year'], $_GET['month']); + break; + case (isset($_GET['year']) && isset($_GET['month']) + && isset($_GET['day'])): + $sql = "SELECT title, url, date_posted, text + FROM notes WHERE YEAR(date_posted) = ? + AND MONTH(date_posted) = ? + AND DAY(date_posted) = ? + ORDER BY date_posted DESC"; + $result = $this->query($sql, "ddd", + $_GET['year'], $_GET['month'], + $_GET['day']); + break; + } + if (count($result) >= 1) { + echo "
    "; + foreach ($result as $row => $entry) { + $title = $entry['title']; + $url = '/note/' . $entry['url']; + $date_posted = explode("-", $entry['date_posted']); + $year_posted = $date_posted[0]; + $month_posted = $date_posted[1]; + $datetime_posted = explode(' ', $date_posted[2]); + $day_posted = $datetime_posted[0]; + echo "
    "; + echo "

    $year_posted/$month_posted/$day_posted/$title

    "; + echo $entry['text']; + echo "
    "; + } + echo "
    "; + $this->write_navigation(); + } else { + echo "
    "; + echo "

    sorry, nothing here

    "; + echo "
    Empty set (0.00 sec)
    "; + } $this->display_close(); } @@ -311,12 +591,13 @@ class note extends cms { echo "
    "; echo "
    "; echo "

    "; - echo "notes/"; + // fill me in! echo "

    "; echo "
    "; } } + class notFound extends Exception { public function __construct() { header("HTTP/1.0 404 Not Found"); @@ -326,6 +607,19 @@ class notFound extends Exception { } } +class captcha extends cms { + public function display() { + $challenge = $_GET['challenge']; + $response = $_GET['response']; + $remoteip = $_SERVER['REMOTE_ADDR']; + $curl = curl_init('http://api-verify.recaptcha.net/verify?'); + curl_setopt ($curl, CURLOPT_POST, 4); + curl_setopt ($curl, CURLOPT_POSTFIELDS, "privatekey=$this->recaptcha_privatekey&remoteip=$remoteip&challenge=$challenge&response=$response"); + $result = curl_exec ($curl); + curl_close ($curl); + } +} + ## now actually do something: switch (cms::determine_type()) { case "index": @@ -337,13 +631,25 @@ switch (cms::determine_type()) { $project->display(); break; case "note": - $note = new note; + if (isset($_GET['comments'])) { + $note = new note($comments_enabled = true); + } else { + $note = new note; + } $note->display(); break; case "page": $page = new page; $page->display(); break; + case "archive": + $archive = new archive; + $archive->display(); + break; + case "captcha": + $captcha = new captcha; + $captcha->display(); + break; } ?>