user = 'guest'; if(isset($_SESSION['user'])) $this->user = htmlspecialchars($_SESSION['user']); //Get page name $this->pagename = "Start"; if(isset($_GET['p'])) $this->pagename = htmlspecialchars($conn->escapeString($_GET['p'])); //Get page $query=$conn->query("SELECT * FROM Page WHERE name='$this->pagename'"); $this->pageRow=$query->fetchArray() or print($silent ? "" : "Couldn't find page: ".$this->pagename.""); /*header("Location: /?p=error")*/ //Import scripts $this->scripts = ""; foreach (glob("scripts/*.js") as $filename) $this->scripts .= ""; //Import stylesheets $this->styles = ""; foreach (glob("stylesheets/*.css") as $filename) $this->styles .= ""; //Setup variables $this_year = getdate()['year']; $loginbuttons = <<Log in or Sign up EOT; $this->vars = array( '{$year}' => $this_year, '{$user}' => $this->user, '{$sitename}' => Config::$sitename, '{$menuitems}' => $this->getMenuItems(), '{$login}' => isset($_SESSION['user']) ? "Control panel " : $loginbuttons ); //Get components $this->components = array(); $query=$conn->query("SELECT * FROM Component"); while ($compRow = $query->fetchArray()) { $this->components[$compRow['name']] = strtr($compRow['content'], $this->vars); } } function addSection($sectionName) { global $conn; $query=$conn->query("SELECT * FROM Section WHERE name='$sectionName' OR UID='$sectionName'"); $sectionrow=$query->fetchArray(); echo "
"; echo strtr($sectionrow['content'], $this->vars); echo '
'; } function printPage() { $sections = json_decode($this->pageRow['sections']); if ($sections === NULL) $sections = explode(',', $this->pageRow['sections']); foreach ($sections as $section) { $this->addSection($section); } } function getMenuItems() { global $conn; $menuquery = $conn->query("SELECT * FROM Menu ORDER BY listId"); $menuString = ""; while($menurow = $menuquery->fetchArray()) { $selected = ""; if ($this->pagename == $menurow['value']) $selected = "active"; if ($menurow['valuetype'] == "page") { $link = "?p=" . $menurow['value']; } else { $link = $menurow['value']; } $menuString .= "
  • ".$menurow['name']."
    • "; } return $menuString; } } class Message { public $text; public $type; function __construct($message, $messtype) { $this->text = $message; $this->type = $messtype; } } function display_message($message) { ?>
    text ?>
    query("SELECT Email FROM Users WHERE User='$user'")->fetchArray()['Email']; } $key = generateKey(16); if ($conn->query("INSERT INTO Activations (User,Type,Val,Activation_key) VALUES ('$user','$type','$value','$key')")) { mail($mail, Config::$sitename . " $type confirmation", "To activate your new $type, navigate to this address: http://tankernn.eu/admin/actions/activate.php?key=" . $key); return new Message("Activation E-mail sent to " . $mail, "success"); } else { return new Message("Failed to update database. Error: " . $conn->lastErrorMsg(), "danger"); } } function changePassword($userid, $newPass, $newPassRepeat, $oldPass = false) { global $conn; if ($newPass === $newPassRepeat) { if (strlen($newPass) < 8) { queue_message(new Message("Your password must be at least 8 characters long.", "danger")); return false; } $query = $conn->query("SELECT * FROM Users WHERE UID='$userid'"); $row = $query->fetchArray(); if ($oldPass === false || password_verify($oldPass, $row['Password'])) { $pass_hashed = password_hash($newPass, PASSWORD_DEFAULT); if($conn->query("UPDATE Users SET Password='$pass_hashed' WHERE UID='$userid'")) { queue_message(new Message("Successfully updated password.", "success")); return true; } else { queue_message(new Message("SQL error: " . $conn->lastErrorMsg(), "danger")); return false; } } else { queue_message(new Message("Password incorrect.", "danger")); return false; } } else { queue_message(new Message("Passwords do not match.", "danger")); return false; } } function hasPermission($permission = 2) { if (!isset($_SESSION['user']) or !isset($_SESSION['permissions'])) return false; $myPermissions = json_decode($_SESSION['permissions']); if ($myPermissions->permission_level >= 2) return true; switch (gettype($permission)) { case "string": return in_array($permission, $myPermissions->custom_permissions); break; case "integer": return $myPermissions->permission_level >= $permission; break; default: throw new InvalidArgumentException("Permission type must be integer or string.", 1); } } function admin_check() { if (!hasPermission(2)) { die("Not enough permissions."); } } ?>