freya/xssbook2
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

aaaa

Browse source
This commit is contained in:
Freya Murphy 2024-05-20 19:26:59 -04:00
parent d51b95a12c
commit 29f7c5ea41
Signed by: freya
GPG key ID: 744AB800E383AE52
4 changed files with 171 additions and 46 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
src/shim/shim.php
View file

@ -266,6 +266,18 @@ function migrate_user_media($type) {
} }
} }
function migrate_seq() {
echo "migrating sequences\n";
extract($GLOBALS);
$tables = array('user', 'post', 'like', 'comment', 'follow', 'user_media');
foreach ($tables as $table) {
$sql = "SELECT setval('sys.{$table}_id_seq', (SELECT MAX(id) FROM admin.{$table}), true);";
$psql->exec($sql);
}
}
try { try {
wait_until_ready(); wait_until_ready();
clear_all(); clear_all();
@ -276,6 +288,7 @@ try {
migrate_follow(); migrate_follow();
migrate_user_media('avatar'); migrate_user_media('avatar');
migrate_user_media('banner'); migrate_user_media('banner');
migrate_seq();
} catch (Exception $ex) { } catch (Exception $ex) {
echo "$ex\n"; echo "$ex\n";
$psql->rollBack(); $psql->rollBack();

23
src/web/_model/main.php
View file

@ -13,6 +13,9 @@ class Main_model {
// stores the current request info // stores the current request info
public $info; public $info;
// tthe logged in user
private $user;
/** /**
* Loads the main model * Loads the main model
* @param Loader $load - the main loader object * @param Loader $load - the main loader object
@ -28,6 +31,7 @@ class Main_model {
}; };
/// init other vars /// init other vars
$this->users = array(); $this->users = array();
$this->user = NULL;
} }
/** /**
@ -36,14 +40,20 @@ class Main_model {
*/ */
private function get_session($jwt) { private function get_session($jwt) {
$query = $this->db $query = $this->db
->select("_api.verify_jwt('" . $jwt . "') AS user_id;"); ->select("_api.verify_jwt(?) AS user_id;");
$result = $query->row(); $result = $query->row($jwt);
$user_id = $result['user_id']; $user_id = $result['user_id'];
if ($user_id) { if ($user_id) {
$this->session = array( $this->session = array(
'id' => $user_id, 'id' => $user_id,
'jwt' => $jwt 'jwt' => $jwt
); );
$user = $this->user();
if ($user === FALSE) {
/// valid jwt for invalid user!!!
$this->session = NULL;
$this->user = NULL;
}
} }
} }
@ -79,16 +89,19 @@ class Main_model {
* Gets the current user * Gets the current user
*/ */
public function user() { public function user() {
if ($this->user) {
return $this->user;
}
if ($this->session) { if ($this->session) {
return $this->db $this->user = $this->db
->select('*') ->select('*')
->from('api.user') ->from('api.user')
->where('id') ->where('id')
->eq($this->session['id']) ->eq($this->session['id'])
->row(); ->row();
} else { return $this->user;
return NULL;
} }
return NULL;
} }
} }

179
src/web/core/database.php
View file

@ -19,6 +19,89 @@ class DatabaseQuery {
$this->param = array(); $this->param = array();
} }
///
/// ARBITRARY QUERY
///
public function query($query) {
$this->query .= $query;
return $this;
}
///
/// SELECT
///
public function select($select) {
$this->query .= "SELECT $select\n";
return $this;
}
public function from($from) {
$this->query .= "FROM $from\n";
return $this;
}
///
/// INSERT
///
public function insert_into($insert, ...$columns) {
$this->query .= "INSERT INTO $insert\n (";
foreach ($columns as $idx => $column) {
if ($idx !== 0) {
$this->query .= ",";
}
$this->query .= $column;
}
$this->query .= ")\n";
return $this;
}
public function values(...$values) {
$this->query .= "VALUES (";
foreach ($values as $idx => $value) {
if ($idx !== 0) {
$this->query .= ",";
}
$this->query .= "?";
array_push($this->param, $value);
}
$this->query .= ")\n";
return $this;
}
///
/// WHERE
///
public function where($cond) {
if (!$this->where) {
$this->where = TRUE;
$this->query .= "WHERE ";
} else {
$this->query .= "AND ";
}
$this->query .= "$cond ";
return $this;
}
public function where_in($column, $array) {
if (!$this->where) {
$this->where = TRUE;
$this->query .= "WHERE ";
} else {
$this->query .= "AND ";
}
if (empty($array)) {
$this->query .= "FALSE\n";
return $this;
}
$in = $this->in($array);
$this->query .= "$column $in\n";
return $this;
}
private function in($array) { private function in($array) {
$in = 'IN ('; $in = 'IN (';
foreach ($array as $idx => $item) { foreach ($array as $idx => $item) {
@ -32,26 +115,9 @@ class DatabaseQuery {
return $in; return $in;
} }
public function select($select) { ///
$this->query .= "SELECT $select\n"; /// OPERATORS
return $this; ///
}
public function from($from) {
$this->query .= "FROM $from\n";
return $this;
}
public function where($cond) {
if (!$this->where) {
$this->where = TRUE;
$this->query .= "WHERE ";
} else {
$this->query .= "AND ";
}
$this->query .= "$cond ";
return $this;
}
public function like($item) { public function like($item) {
$this->query .= "LIKE ?\n"; $this->query .= "LIKE ?\n";
@ -83,27 +149,19 @@ class DatabaseQuery {
return $this; return $this;
} }
public function where_in($column, $array) { ///
if (!$this->where) { /// JOINS
$this->where = TRUE; ///
$this->query .= "WHERE ";
} else {
$this->query .= "AND ";
}
if (empty($array)) {
$this->query .= "FALSE\n";
return $this;
}
$in = $this->in($array);
$this->query .= "$column $in\n";
return $this;
}
public function join($table, $on, $type = 'LEFT') { public function join($table, $on, $type = 'LEFT') {
$this->query .= "$type JOIN $table ON $on\n"; $this->query .= "$type JOIN $table ON $on\n";
return $this; return $this;
} }
///
/// LIMIT, OFFSET, ORDER
///
public function limit($limit) { public function limit($limit) {
$this->query .= "LIMIT ?\n"; $this->query .= "LIMIT ?\n";
array_push($this->param, $limit); array_push($this->param, $limit);
@ -121,10 +179,18 @@ class DatabaseQuery {
return $this; return $this;
} }
public function rows() { ///
/// COLLECT
///
public function rows(...$params) {
$args = $this->param;
foreach ($params as $param) {
array_push($args, $param);
}
$stmt = $this->conn->prepare($this->query); $stmt = $this->conn->prepare($this->query);
try { try {
$stmt->execute($this->param); $stmt->execute($args);
} catch (Exception $ex) { } catch (Exception $ex) {
echo $ex; echo $ex;
echo '<br> >> caused by <<<br>'; echo '<br> >> caused by <<<br>';
@ -133,17 +199,38 @@ class DatabaseQuery {
return $stmt->fetchAll(PDO::FETCH_ASSOC); return $stmt->fetchAll(PDO::FETCH_ASSOC);
} }
public function row() { public function row(...$params) {
$args = $this->param;
foreach ($params as $param) {
array_push($args, $param);
}
$stmt = $this->conn->prepare($this->query); $stmt = $this->conn->prepare($this->query);
$stmt->execute($this->param); $stmt->execute($args);
return $stmt->fetch(PDO::FETCH_ASSOC); return $stmt->fetch(PDO::FETCH_ASSOC);
} }
public function execute(...$params) {
$args = $this->param;
foreach ($params as $param) {
array_push($args, $param);
}
$stmt = $this->conn->prepare($this->query);
try {
$stmt->execute($args);
return TRUE;
} catch (Exception $_e) {
echo $_e;
echo '<br> >> caused by <<<br>';
echo str_replace("\n", "<br>", $this->query);
return FALSE;
}
}
} }
/** /**
* DatabaseHelper * DatabaseHelper
* allows queries on the * allows queries on the
* xssbook postgres database * postgres database
*/ */
class DatabaseHelper { class DatabaseHelper {
@ -180,4 +267,16 @@ class DatabaseHelper {
return $query->select($select); return $query->select($select);
} }
public function insert_into($insert, ...$columns) {
$conn = $this->connect();
$query = new DatabaseQuery($conn);
return $query->insert_into($insert, ...$columns);
}
public function query($query_str) {
$conn = $this->connect();
$query = new DatabaseQuery($conn);
return $query->query($query_str);
}
} }

2
src/web/lang/en_US/common_lang.php
View file

@ -1,6 +1,6 @@
<?php /* Copyright (c) 2024 Freya Murphy */ <?php /* Copyright (c) 2024 Freya Murphy */
$lang['version'] = 'Version 2.0.1'; $lang['version'] = 'Version 2.0.2';
$lang['copyright'] = 'Freya Murphy © 2024'; $lang['copyright'] = 'Freya Murphy © 2024';
// Navigation Bar Lang // Navigation Bar Lang