diff options
| author | Freya Murphy <freya@freyacat.org> | 2024-12-23 11:13:27 -0500 |
|---|---|---|
| committer | Freya Murphy <freya@freyacat.org> | 2024-12-23 11:13:27 -0500 |
| commit | 5a2ba9c2e7605bb788bc406184547d22c6436867 (patch) | |
| tree | cbd988d534e8a8593a31d70571222443f80da0b3 /src/web/lib | |
| parent | fix about modal (diff) | |
| download | xssbook2-5a2ba9c2e7605bb788bc406184547d22c6436867.tar.gz xssbook2-5a2ba9c2e7605bb788bc406184547d22c6436867.tar.bz2 xssbook2-5a2ba9c2e7605bb788bc406184547d22c6436867.zip | |
v2.1.0, refactor w/ crimson
Diffstat (limited to 'src/web/lib')
| -rw-r--r-- | src/web/lib/_base.php | 61 | ||||
| -rw-r--r-- | src/web/lib/_controller.php | 49 | ||||
| -rw-r--r-- | src/web/lib/_model.php | 61 | ||||
| -rw-r--r-- | src/web/lib/hooks.php | 31 | ||||
| -rw-r--r-- | src/web/lib/image.php | 77 | ||||
| -rw-r--r-- | src/web/lib/utils.php | 6 |
6 files changed, 285 insertions, 0 deletions
diff --git a/src/web/lib/_base.php b/src/web/lib/_base.php new file mode 100644 index 0000000..790bac9 --- /dev/null +++ b/src/web/lib/_base.php @@ -0,0 +1,61 @@ +<?php /* Copyright (c) 2024 Freya Murphy */ + +trait XSS_Base { + + /** + * Formats a users's name + * @param array $user - the $user + * @returns the user's formatted display name + */ + public function format_name(array $user): string { + $name = ''; + // first_name + if ($user['first_name']) + $name .= $user['first_name']; + // middle_name + if ($user['middle_name']) { + if ($name != '') + $name .= ' '; + $name .= $user['middle_name']; + } + // last_name + if ($user['last_name']) { + if ($name != '') + $name .= ' '; + $name .= $user['last_name']; + } + if ($name == '') { + $name = '@' . $user['username']; + } + return $name; + } + + /** + * Formats a ISO date + * @param $iso_date the ISO date + */ + public function format_date(string $iso_date): string + { + return date("Y-m-d D H:i", strtotime($iso_date)); + } + + /** + * Loads a STRING from $_GET, or returns $default on failure + */ + public function get_string(string $key, ?string $default = NULL): ?string { + if (isset($_GET[$key])) + return $_GET[$key]; + return $default; + } + + /** + * Loads a INT from $_GET, or returns $default on failure + */ + public function get_int(string $key, ?int $default = NULL): ?int { + $value = $this->get_string($key); + if ($value) + return intval($value); + return $default; + } + +} diff --git a/src/web/lib/_controller.php b/src/web/lib/_controller.php new file mode 100644 index 0000000..122a7a7 --- /dev/null +++ b/src/web/lib/_controller.php @@ -0,0 +1,49 @@ +<?php /* Copyright (c) 2024 Freya Murphy */ + +class XSS_Controller extends Controller { + use XSS_Base; + + protected $model; + + public function __construct() { + $this->model = new XSS_model(); + $this->load_lang('common', 'api'); + } + + /** + * Formats a users's name + * @param array $user - the $user + * @returns the user's formatted display name + */ + public function format_name(array $user): string { + $name = ''; + // first_name + if ($user['first_name']) + $name .= $user['first_name']; + // middle_name + if ($user['middle_name']) { + if ($name != '') + $name .= ' '; + $name .= $user['middle_name']; + } + // last_name + if ($user['last_name']) { + if ($name != '') + $name .= ' '; + $name .= $user['last_name']; + } + if ($name == '') { + $name = '@' . $user['username']; + } + return $name; + } + + /** + * Formats a ISO date + * @param $iso_date the ISO date + */ + public function format_date(string $iso_date): string + { + return date("Y-m-d D H:i", strtotime($iso_date)); + } +} diff --git a/src/web/lib/_model.php b/src/web/lib/_model.php new file mode 100644 index 0000000..c29e015 --- /dev/null +++ b/src/web/lib/_model.php @@ -0,0 +1,61 @@ +<?php /* Copyright (c) 2024 Freya Murphy */ + +class XSS_Model extends Model { + use XSS_Base; + + private static array $loaded_users = array(); + + /** + * Gets an array of users with IDs specified by 'user_id' in $objs + */ + public function get_users($objs) { + // null check + if (!$objs) + return self::$loaded_users; + + $ids = array(); + // get all user_id's to load (not in loaded_users) + foreach ($objs as $obj) { + $id = $obj['user_id']; + if (!isset(self::$loaded_users[$id])) + $ids[] = intval($id); + } + // if there are users to load + if (count($ids)) { + $result = $this->db() + ->select('*') + ->from('api.user') + ->where_in('id', $ids) + ->rows(); + foreach ($result as $user) + self::$loaded_users[$user['id']] = $user; + } + // return result + return self::$loaded_users; + } + + /** + * Gets the page's title + */ + public function get_title(): string { + $xssbook = lang('xssbook'); + $title = lang('title'); + if ($title) + return "$xssbook - $title"; + return $xssbook; + } + + /** + * Adds title to base data + */ + #[\Override] + public function get_data(): ?array { + $data = parent::get_data(); + // title + $data['title'] = $this->get_title(); + // session + $auth_model = $this->load_model('auth'); + $data['session'] = $auth_model->session();; + return $data; + } +} diff --git a/src/web/lib/hooks.php b/src/web/lib/hooks.php new file mode 100644 index 0000000..45316ec --- /dev/null +++ b/src/web/lib/hooks.php @@ -0,0 +1,31 @@ +<?php /* Copyright (c) 2024 Freya Murphy */ + +function XSSBOOK_begin_session(): void { + session_start(); + setcookie( + session_name(), + session_id(), + array( + 'expires' => time() + 60*60*24*7, + 'path' => '/', + 'domain' => NULL, + 'secure' => FALSE, + 'httponly' => FALSE, + 'samesite' => 'Lax' + ) + ); +} + +function CRIMSON_init_hook(): void { + //date_default_timezone_set('America/New_York'); + XSSBOOK_begin_session(); +} + +function CRIMSON_pre_route_hook(Router $router): void { +} + +function CRIMSON_error_hook(?array $req, int $code): never { + $error_controller = ROUTER->load_controller('error'); + $error_controller->code($code); + CRIMSON_DIE(); +} diff --git a/src/web/lib/image.php b/src/web/lib/image.php new file mode 100644 index 0000000..6d42678 --- /dev/null +++ b/src/web/lib/image.php @@ -0,0 +1,77 @@ +<?php /* Copyright (c) 2024 Freya Murphy */ + +function image( + $src, + $class = NULL, + $link = NULL, + $click = NULL, + $height = NULL, + $width = NULL, + $mime = NULL, +): string { + if ($class) { + $class = 'image loading ' . $class; + } else { + $class = 'image loading'; + } + + $content = ''; + + // dont need mime for images + if ($mime && strpos($mime, 'image') !== FALSE) { + $mime = NULL; + } + + if ($link) { + $content .= '<a class="' . $class . '" href="' . $link . '">'; + } else if ($click) { + $content .= '<button class="' . $class . '" onclick="' . $click . '">'; + } else { + $content .= '<span class="' . $class . '">'; + } + if ($mime) { + $content .= '<object class="inner" type="' . $mime . '" data="' . $src . '" '; + } else { + $content .= '<img class="inner" src="' . $src . '" '; + } + if ($height) { + $content .= "height=\"{$height}\" "; + } + if ($width) { + $content .= "width=\"{$width}\" "; + } + if ($mime) { + $content .= '></object>'; + } else { + $content .= 'onerror="onImgError(this)" onload="onImgLoad(this)"/>'; + } + if ($link) { + $content .= '</a>'; + } else if ($click) { + $content .= '</button>'; + } else { + $content .= '</span>'; + } + + return $content; +} + +function pfp( + $user, + $link = TRUE, + $click = NULL +): string { + if ($link === TRUE) { + $link = '/profile?id=' . $user['id']; + } + $mime = NULL; + if (isset($user['avatar_mime'])) { + $mime = $user['avatar_mime']; + } + return image('/api/rpc/profile_avatar?user_id=' . $user['id'], + 'pfp', + link: $link, + click: $click, + mime: $mime + ); +} diff --git a/src/web/lib/utils.php b/src/web/lib/utils.php new file mode 100644 index 0000000..254f9ea --- /dev/null +++ b/src/web/lib/utils.php @@ -0,0 +1,6 @@ +<?php /* Copyright (c) 2024 Freya Murphy */ + +function random_value(array $array): mixed { + shuffle($array); + return end($array); +} |