diff --git a/.gitignore b/.gitignore
index 619e492..1a17791 100755
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,4 @@
*#
.#*
*.DS_Store
+/.idea/
\ No newline at end of file
diff --git a/lib/Sky/Memcache/Transaction/Type.php b/lib/Sky/Memcache/Transaction/Type.php
index d0032a9..b655284 100755
--- a/lib/Sky/Memcache/Transaction/Type.php
+++ b/lib/Sky/Memcache/Transaction/Type.php
@@ -42,7 +42,7 @@ abstract class Type
/**
* Abstract constructor, child class should
*/
- abstract public function __construct();
+ abstract public function __construct($key, $value, $duration = null);
/**
* Type should be either set | delete
diff --git a/lib/Sky/Page.php b/lib/Sky/Page.php
index 8282efc..788c2b2 100755
--- a/lib/Sky/Page.php
+++ b/lib/Sky/Page.php
@@ -54,7 +54,7 @@ class Page
/**
* @var string
*/
- public $favicon = '/favicon.ico';
+ public $favicon = '/gethotwired-icon.png';
/**
* @var string
diff --git a/lib/class/class.Model.php b/lib/class/class.Model.php
index 7422ca7..3eb05d7 100755
--- a/lib/class/class.Model.php
+++ b/lib/class/class.Model.php
@@ -324,8 +324,11 @@ final public function __construct($data = null, $aql = null, $force_db = false,
list($aql, $force_db, $cnf) = $this->mapConstructArgs($aql, $force_db, $cnf);
# initialize this model
+ $r = new ReflectionClass($this);
+ $this->_model_path = dirname($r->getFilename());
$this->_model_name = get_class($this);
$this->getModelAql($aql)->makeProperties();
+ //$this->_token = $this->getToken();
# set if we're refreshing it
$this->_force_db = ($force_db || $_GET['refresh']);
@@ -338,6 +341,58 @@ final public function __construct($data = null, $aql = null, $force_db = false,
$this->checkConstructorData($data, $force_db);
}
+ /**
+ * returns sql query results
+ *
+ * @param array $a array of ids to return records on
+ *
+ */
+ public function getRecords($a) {
+ $aql_array = null;
+ if(file_exists($this->_model_path.'/'.$this->_model_name.'.aql')){
+ $set_joins = ((isset($a['joins']))?false:true);
+ $set_columns = ((isset($a['columns']))?false:true);
+
+ $a['primary_id'] = $this->_primary_table.'.id';
+ $a['columns'][] = $this->_primary_table.".id as ".$this->_primary_table."_id";
+
+ $aql = file_get_contents($this->_model_path.'/'.$this->_model_name.'.aql');
+ $aql_array = aql2array($aql);
+ $tables = null; $ta = 'table';
+//echo "".print_r($aql_array,true)."
";
+ foreach($aql_array as $table => $array){
+ if($set_joins){
+ if(isset($array['on'])){
+ $a['joins'][] = "LEFT JOIN ".$array['table'].(($array['table']!=$table)?' '.$table:'')." ON ".$array['on'];
+ $ta = ((isset($array['as']))?'as':'table');
+ $a['columns'][] = $array[$ta].".id as ".$array[$ta]."_id";
+ $tables[] = $array[$ta];
+ }
+ }
+ if($set_columns){
+ foreach($array['fields'] as $key => $link){
+ if($this->_primary_table."_id"==$key) continue;
+ $a['columns'][] = $link." as ".(($key=='id')?$array[$ta]."_":'').$key;
+ }
+ }
+ }
+ }
+ $sql = "SELECT ".((!empty($a['columns']))?join(",",$a['columns']):'*')." FROM ".$this->_primary_table." ".((!empty($a['joins']))?join(" ",$a['joins']):'')." WHERE ".$a['primary_id']." IN ('".((!empty($a['ids']))?join("','",$a['ids']):'')."')".((isset($a['order_by']))?' ORDER BY '.$a['order_by']:" ORDER BY FIELD(".$a['primary_id'].", '".((!empty($a['ids']))?join("','",$a['ids']):'')."')");
+ //echo $sql;
+ $results = sql_array($sql);
+ //echo "".print_r($results, true)."
";
+ foreach($results as $k=>$r){
+ //$results[$k][$this->_primary_table.'_id'] = $r[$this->_primary_table.'_id'];
+ $results[$k][$this->_primary_table.'_ide'] = encrypt($r[$this->_primary_table.'_id'],$this->_primary_table);
+ if(isset($tables)){
+ foreach($tables as $table){
+ $results[$k][$table.'_ide'] = encrypt($results[$k][$table.'_id'],$table);
+ }
+ }
+ }
+// echo "".print_r($results, true)."
";
+ return $results;
+ }
/**
* checks for a proper identifier, loads object if set runs construct()
@@ -1514,7 +1569,7 @@ public function getToken($id = null, $primary_table = null)
$id = decrypt($id, $primary_table);
}
$id = ($id) ?: $this->getID();
-
+//echo "".print_r(array($primary_table,$id, self::_makeToken($id, $primary_table)),true)."
";
return self::_makeToken($id, $primary_table);
}
diff --git a/lib/class/class.aql.php b/lib/class/class.aql.php
index f3b2778..20e9bb9 100755
--- a/lib/class/class.aql.php
+++ b/lib/class/class.aql.php
@@ -485,8 +485,9 @@ public static function insert($table, $fields, $silent = false)
unset($fields['id']);
foreach ($fields as $k => $v) {
if ($v === null || $v === '') {
- unset($fields[$k]);
+ unset($fields[$k]); continue;
}
+ $fields[$k] = trim($v);
}
if (!$fields) {
@@ -663,6 +664,8 @@ public function update($table, $fields, $identifier, $silent = false)
return false;
}
+ foreach ($fields as $k => $v) { $fields[$k] = trim($v); } //($v=='-0001-11-30'?NULL:trim($v)); }
+
$dbw = self::getMasterDB();
$result = $dbw->AutoExecute($table, $fields, 'UPDATE', 'id = ' . $id);
if ($result === true) {
@@ -1068,7 +1071,11 @@ private static function sql_result($arr, $settings, $db_conn = null)
$select_type = ($settings['select_type']) ?: 'sql';
$rs = array();
+ $microtime_start = microtime(true);
$r = $db_conn->Execute($arr[$select_type]);
+ if(class_exists('hwc_debug')){
+ hwc_debug::add_aql($arr[$select_type], number_format(microtime(true) - $microtime_start,3));
+ }
if ($r === false) {
@@ -1142,11 +1149,16 @@ private static function sql_result($arr, $settings, $db_conn = null)
);
if ($query) {
- foreach ($query as $row) {
+ // new getRecords method
+ $ca = $s['constructor argument']; $p = new $m();
+ $arr = array('ids'=>array_map(function($a) use ($ca) { return $a[$ca]; },$query));
+ foreach($p->getRecords($arr) as $row){ $tmp[$k][]['_data'] = $row; }
+ // old query loop method
+/* foreach ($query as $row) {
$arg = $row[$s['constructor argument']];
$o = Model::get($m, $arg, $sub_do_set);
$tmp[$k][] = ($object) ? $o : $o->dataToArray();
- }
+ }*/
}
} else if (!$s['plural']) {
$arg = (int) $tmp[$s['constructor argument']];
diff --git a/lib/core/functions.inc.php b/lib/core/functions.inc.php
index 4f02a9a..d3d7f19 100755
--- a/lib/core/functions.inc.php
+++ b/lib/core/functions.inc.php
@@ -776,162 +776,13 @@ function encode($input) {
* @param string $access_group...
* @return boolean returns true if the user is granted access to one or more of the specified access_groups, otherwise returns false
*/
- function auth() {
- for ($i=0; $i < func_num_args(); $i++) {
-
- $arg = func_get_arg($i);
-
- $person_id = $_SESSION['login']['person_id'];
-
- if ( !$person_id ) return false;
- if ( !$arg ) return true;
-
- // new method -- check the appropriate keytable on demand
- if ( strpos($arg,':') ):
-
- return auth_person($arg, $person_id);
-
- // old method -- for backwards compatibility -- check the session for the desired access group (person.access_group)
- else:
- $arr = explode(',',$arg);
- foreach ($arr as $arg):
- if ( strpos(strtolower($_SESSION['login']['access_group']),strtolower($arg)) !== false ):
- return true;
- endif;
- endforeach;
- endif;
-
- }//for
- return false;
- }//function
-
- /**
-
- will return an auth function that uses those contraints
-
- value arguments for now only accept ['constant']
-
- KEYS MUST BE SET
-
- constraints = array(
- 'arg1' => $vars, // check contants
- 'arg2' => $vars // dont check for constant
- );
- */
-
- function makeAuthFn($constraints) {
-
- static $results = array();
-
- if (!is_assoc($constraints)) {
- throw new Exception('constraints needs to be an associative array');
- }
-
- $constraint_hash = md5(serialize($constraints));
-
- $trim_to_lower = function($str) {
- return trim(strtolower($str));
- };
-
- return function($access_level_str, $params = null) use($constraints, $constraint_hash, $trim_to_lower, &$results) {
-
- // set key for this auth_function if it doesnt exist
- if (!array_key_exists($constraint_hash, $results)) {
- $results[$constraint_hash] = array();
- }
-
- // make sure parms is an array regardless of what's given.
- if (count($constraints) == 1) {
- if (!is_array($params)) {
- $params = array( reset(array_keys($constraints)) => $params);
- }
- }
-
- // generate where, look for constants if check_for_constant is true and the params are not defined
- // return false if it isn't set, exit early
- $where = array();
- foreach ($constraints as $constraint => $vars) {
- if (!$params[$constraint]) {
- if (!$vars['constant']) return false;
- if (defined($vars['constant'])) {
- $params[$constraint] = constant($vars['constant']);
- }
- if (!$params[$constraint]) return false;
- }
- $where[] = "{$constraint} = {$params[$constraint]}";
- }
-
- // make hash
- $param_hash = md5(sprintf('%s:::%s', $access_level_str, serialize($params)));
-
- // if this has been computed for this page return the result
- if (array_key_exists($param_hash, $results[$constraint_hash])) {
- return $results[$constraint_hash][$param_hash];
- }
-
- $allowed = false;
- $access_level_arr = explode(';', $access_level_str);
-
- foreach ($access_level_arr as $access_level) {
-
- $access = array_map($trim_to_lower, explode(':', $access_level, 2));
- $key_table = $access[0];
-
- if (!$key_table) continue;
-
- $access_needed_arr = my_array_unique(
- array_map($trim_to_lower,
- explode(',', $access[1])
- )
- );
-
- if ($access_needed_arr[0] == '*') {
- $access_needed_arr = array();
- }
-
- $aql = " $key_table { id, access_group } ";
- $rs = aql::select($aql, array(
- 'where' => $where,
- 'limit' => 1
- ));
-
- if (!$rs) continue;
-
- if (!$access_needed_arr) {
- $allowed = true;
- break;
- }
-
- $granted = array_map($trim_to_lower, explode(',', $rs[0]['access_group']));
- foreach ($access_needed_arr as $needed) {
- if (in_array($needed, $granted)) {
- $allowed = true;
- break 2; // break out of both loops if a match is found
- }
- }
-
- }
-
- // return and store value
- return $results[$constraint_hash][$param_hash] = $allowed;
-
- };
-
+ function auth($params=null) {
+ return auth::permission($params);
}
- function auth_person( $access_level_str, $person_id=NULL ) {
-
- if (!$person_id) $person_id = $_SESSION['login']['person_id'];
- if (strpos($access_level_str,'person:') !== false) $idField = 'id';
- else $idField = 'person_id';
- $auth_fn = makeAuthFn(array(
- $idField=> array(
- 'constant' => 'PERSON_ID'
- )
- ));
- return $auth_fn($access_level_str, $person_id);
-
- }//auth_person
+ function auth_person($access_level_str, $person_id=null) {
+ return auth::permission($access_level_str, $person_id);
+ }
function login_person($person,$remember_me) {
@@ -2035,17 +1886,21 @@ function getMimeTypes()
'class' => 'application/java-vm',
'jar' => 'application/java-archive',
- // multimedia
- 'mp3' => 'audio/mpeg',
- 'wav' => 'audio/vnd.wav',
- 'oga' => 'audio/vorbis',
- 'ogv' => 'video/ogg',
- 'ogg' => 'video/ogg',
- 'webm' => 'video/webm',
+ // audio
+ 'mp3' => 'audio/mpeg',
+ 'wav' => 'audio/vnd.wav',
+ 'oga' => 'audio/vorbis',
+
+ // video
+ 'ogv' => 'video/ogg',
+ 'ogg' => 'video/ogg',
+ 'webm' => 'video/webm',
'qt' => 'video/quicktime',
'mov' => 'video/quicktime',
'flv' => 'video/x-flv',
'swf' => 'application/x-shockwave-flash',
+ 'mp4' => 'video/mp4',
+ 'mpg' => 'video/mpeg',
// adobe
@@ -2066,3 +1921,59 @@ function getMimeTypes()
'ods' => 'application/vnd.oasis.opendocument.spreadsheet',
);
}
+
+class auth {
+ /**
+ * auth class
+ *
+ * Organization: Hotwire Communications
+ * Author: Harley Fischel
+ */
+ public static function permission($params=null, $person_id=null) {
+ $params = trim($params);
+ if (empty($params)) return false;
+ if (empty($person_id)&&isset($_SESSION['login']['person_id'])) {
+ $person_id = $_SESSION['login']['person_id'];
+ }
+
+ // old method support
+ if (!strpos($params,':')) {
+ $arr = explode(',',$params);
+ foreach ($arr as $arg) {
+ if (strpos(strtolower($_SESSION['login']['access_group']),strtolower($arg))!==false) return true;
+ }
+ return false;
+ }
+
+ static $access, $key;
+
+ // new method
+ $perms = explode(';',$params);
+ foreach($perms as $perm){
+ list($group, $granted) = explode(':',$perm);
+
+ if (empty($group)) return false;
+ if (empty($key[$group])) $key[$group] = md5($group.$person_id);
+
+ if (empty($access[$key[$group]])&&!empty($person_id)) {
+ $rs = aql::select(" {$group} { id, access_group } ", array(
+ 'where' => array(0=>(($group!='person')?'person_':'').'id='.$person_id),
+ 'limit' => 1 ));
+ $access[$key[$group]] = array_map(function($str) {
+ return md5(trim(strtolower($str)));
+ }, explode(',', $rs[0]['access_group']));
+ // un-comment to see access array
+// echo "md5:\n".print_r($access,true)."
";
+ }
+
+ if ($granted=='*') return true;
+
+ if (is_array($access[$key[$group]])) {
+ if (in_array(md5($granted), $access[$key[$group]])) {
+ return true;
+ }
+ }
+ }
+ return false;
+ }
+}
diff --git a/sky.php b/sky.php
index 357045f..5238966 100755
--- a/sky.php
+++ b/sky.php
@@ -43,6 +43,22 @@
return array('path' => $t[0], 'query' => $t[1]);
}, explode('?', $_SERVER['REQUEST_URI']));
+// If the url ends with a single quote, redirect back to main page
+if(strpos($uri["path"], "'") !== FALSE)
+{
+ redirect("/");
+ /*
+ The code below is my alternative. Not sure which is better:
+
+ redirect("/");
+ die();
+
+ OR
+
+ $uri["path"] = str_replace(array("'", "\""), "", $uri["path"]);
+ */
+}
+
# check if quick serve
$check_paths = array(
array('path' => null, 'is_file' => true), # checks for exact file
diff --git a/templates/html5/html5.php b/templates/html5/html5.php
index bf506a2..0f8d3c9 100755
--- a/templates/html5/html5.php
+++ b/templates/html5/html5.php
@@ -26,7 +26,7 @@
<?=$this->title?>
-
+
seoMetaContent();