Hey

phpn00bf4life

C&C Rest is in next post... kinda long script.


<?php
session_start();
header("Cache-Control: Private");

/*
*******************************************
#  Script Author:  Jonathon *******     #
#  Script Contact:  [email]elite_ksk@hotmail.com[/email] #
#  Script Start Date:  7/20/05            #
#  Script Description:  Well this is where#
#  all the functions are for the site, and#
#  the site class, it's kind of the main  #
#  frame for the site, with out this it   #
#  wouldn't work or anything like that    #
*******************************************
#  function[include] DESC:  Simple enough #
#  it just does a quick security check    #
#  then includes the requested file, and  #
#  of course this is a fairly simple and  #
#  easy function                          #
#  function[add] DESC:  This is a quick   #
#  add slashes function, made mainly for  #
#  all database queries.                  #
#  function[strip] DESC:  This is another #
#  quick function to strip the slashes    #
#  from returned mysql stuff.             #
#  function[bb] DESC:  This is a bb code  #
#  translater, in other words it takes    #
#  a certain var([body]), and then finds  #
#  all patterns and replaces them with    #
#  html.  This also deals with smilies    #
#  class[site] DESC:  This is a full site #
#  class.  Main areas is the db stuff, the#
*******************************************
*/

//Check and see if IN_SITE is defined
if(!defined("IN_SITE")){
	//Hacking attempt possibly
	echo'Sorry, but the file you are trying to access is not allowed, and your 
ip will be recorded';
	$ip = $_SERVER['REMOTE_ADDR'];
	$problem_body = "User trying to access the file:  " . $area . ", and their 
ip is:  " . $ip;
	$date = date("M, Y, D");
	$time = time();
	$insert = new site;
	$connect = $this->connect();
	$insert->query = "INSERT INTO " . $g_db_pre . "problems 
VAULES('$problem_body','$date','$time')";
	$insert->query();
	die();
}


class site {
	//First Site Templating System
	var $template;
	var $html;
	var $parameters = array();

//Get's Template...
function HtmlTemplate ( $template ) {
	$this->template = $template;
	$this->html = implode ("",(file($this->template)));
	//Read it up :)
}

//Now Let's Set some parameters...
function SetParameter ( $variable, $value ) {
	$this->parameters[$variable] = $value;
}

//Now Let's actually create the return stuff...
function CreatePage ( ) {
	//We'll create the {TEMPLATE}
	foreach($this->parameters as $key => $value) {
		$template_name = '{' . $key . '}';
		$this->html = str_replace($template_name,$value,$this->html);
	}
}

//Set the varialbes for the database queries now...
var $dbtype;
var $dbquery;
var $dbconnectiontype;
var $dbhost;
var $dbuser;
var $dbpass;
var $dbname;

//Here comes the fun DB PART...
function DBConnect (  ) {
	//make static variables
	if ( $this->dbtype == "mysql" ) {
		if ( $this->dbconnectiontype != "" ) {
			$connection = mysql_pconnect($this->dbhost,$this->dbuser,$this->dbpass) or die("MySQL ERROR -> DEBUG -> " . mysql_error());
			$connect = mysql_select_db($this->dbname,$connection) or die("MySQL ERROR -> DEBUG -> " . mysql_error());
			return $connect;
		//Done with if statement...	
		} else {
			$connection = mysql_connect($this->dbhost,$this->dbuser,$this->dbpass) or die("MySQL ERROR -> DEBUG -> " . mysql_error());
			$connect = mysql_select_db($this->dbname,$connection) or die("MySQL ERROR -> DEBUG -> " . mysql_error());
			return $connect;
		//Done with else statement...	
		}
	//Done with if statement...	
	} else {
		//Currently we have no other db's coding setup so just kill it...
		die("DB ERROR -> DEBUG -> Please choose a DB TYPE");
	//Done with else statement	
	}
//Done with DBConnect	
}

//For DB queries we set up a function
function DBQuery ( $db_connect ) {
	if ( $this->dbtype == "mysql" ) {
		$result = mysql_query($this->query,$db_connect);
		return $result;
	//Done with if statement	
	} else {
		//Currently we have no other db's coding setup so just kill the script...
		die("DB ERROR -> DEBUG -> Please choose a DB TYPE");
	//Done with else statement	
	}
//Done with DBQuery	
}

function DBFree ( $query ) {
	if ( $this->dbtype == "mysql" ) {
		$result = mysql_free_result ( $query );
		return $result;
	//done with the if statement	
	} else {
		//Currently we have no other db's coding setup so just kill the script...
		die("DB ERROR -> DEBUG -> Please choose a DB TYPE");
	//Close else statement	
	}
//Done with DBFree	
}

//For Fetching DB results ... pfft...
function DBFetch ( $db_connect ) {
	if ( $this->dbtype == "mysql" ) {
		$result = mysql_fetch_array(mysql_query($this->dbquery)) or die ("MySQL ERROR -> DEBUG -> " . mysql_error());
		return $result;
	//Close if statement	
	} else {
		//Currently we have no other db's coding setup so just kill the script...
		die("DB ERROR -> DEBUG -> Please choose a DB TYPE");
	//Close else statement...
	}
//Done with Function DBFetch	
}

var $temp_file_name;
var $file_name;
var $upload_dir;
var $upload_log_dir;
var $max_file_size;
var $banned_array;
var $ext_array;

function validate_extension() {
	//Variables
	$file_name = trim($this->file_name);
	$extension = strtolower(strrchr($file_name,"."));
	$ext_array = $this->ext_array;
	$ext_count = count($ext_array);

	//Validate
	if(!$file_name) {
		return false;
	} else {
		if (!$ext_array) {
			return true;
		} else {
			foreach ($ext_array as $value) {
				if ($first_char <> ".") { 

					$first_char = substr($value,0,1);
					$extension[] = ".".strtolower($value);
				} else {
					$extension[] = strtolower($value);
				}
			}

			//okay...
			foreach($extensions as $value) {
				if($value == $extension) {
					$valid_extension = "TRUE";
				}
			}

			//Let's return true or false...
			if($valid_extension) {
				return true;
			} else {
				return false;
			}
		}
	}
}

function validate_size() {
	$temp_file_name = trim($this->$temp_file_name);
	$max_file_size = trim($this->max_file_size);

	if(!$temp_file_name) {
		$size = filesize($temp_file_name);
		if($size > $max_file_size) {
			return false;
		} else {
			return true;
		}
	} else {
		return false;
	}
}

function existing_file() {
	$file_name = trim($this->file_name);
	$upload_dir = $this->get_upload_directory();

	if($upload_dir == "ERROR") {
		return true;
	} else {
		$file = $upload_dir . $file_name;
		if (file_exists($file)) {
			return true;
		} else {
			return false;
		}
	}
}

function get_file_size() {
	//Make Sizes
	$temp_file_name = trim($this->temp_file_name);
	$kb = 1024;
	$mb = 1024 * $kb;
	$gb = 1024 * $mb;
	$tb = 1024 * $gb;

	//get sizes...

	if($temp_file_name) {
		$size = filesize($temp_file_name);
		if($size < $kb) {
			$file_size = "$size Bytes";
		}
		elseif ($size < $mb) {
			$final = round($size/$kb,2);
			$file_size = "$final KB";
		}
		elseif ($size < $gb) { 
            $final = round($size/$mb,2); 
            $file_size = "$final MB"; 
        } 
        elseif($size < $tb) { 
            $final = round($size/$gb,2); 
            $file_size = "$final GB"; 
        } else { 
            $final = round($size/$tb,2); 
            $file_size = "$final TB"; 
        }
    } else {
        $file_size = "ERROR: NO FILE PASSED TO get_file_size()";
    }
    return $file_size;
}

function get_max_size() { 
	$max_file_size = trim($this->max_file_size); 
	$kb = 1024; 
	$mb = 1024 * $kb; 
	$gb = 1024 * $mb; 
	$tb = 1024 * $gb; 

	if ($max_file_size) { 
    	if ($max_file_size < $kb) { 
        	$max_file_size = "max_file_size Bytes"; 
    	} 
    	elseif ($max_file_size < $mb) { 
     	   $final = round($max_file_size/$kb,2); 
      	   $max_file_size = "$final KB"; 
    	} 
    	elseif ($max_file_size < $gb) { 
        	$final = round($max_file_size/$mb,2); 
        	$max_file_size = "$final MB"; 
    	} 
    	elseif($max_file_size < $tb) { 
        	$final = round($max_file_size/$gb,2); 
            $max_file_size = "$final GB"; 
    	} else { 
        	$final = round($max_file_size/$tb,2); 
        	$max_file_size = "$final TB"; 
    	} 
	} else { 
    	$max_file_size = "ERROR: NO SIZE PARAMETER PASSED TO  get_max_size()"; 
	} 
    	return $max_file_size; 
} 

function validate_user() {
	//Variables
	$banned_array = $this->banned_array;
	$ip = trim($_SERVER['REMOTE_ADDR']);
	$cpu = gethostbyaddr($ip);
	$count = count($banned_array);

	//Check em...
	if($count < 1) {
		return true;
	} else {
		foreach($banned_array as $key => $value) {
			if($value == $ip ."-".$cpu) {
				return false;
			} else {
				return true;
			}
		}
	}
}

phpn00bf4life

	function get_upload_directory() {
		//variables...
		$upload_dir = trim($this->upload_dir);

	//Yeah!
	if($upload_dir) {
		$ud_len = strlen($upload_dir);
		$last_slash = substr($upload_dir,$ud_len-1,1);
		if($last_slash <> "/") {
			$upload_dir = $upload_dir ."/";
		} else {
			$upload_dir = $upload_dir;
		}

		//Handle...
		$handle = @opendir($upload_dir);
		if($handle) {
			$upload_dir = $upload_dir;
			closedir($handle);
		} else {
			$upload_dir = "ERROR";
		}
	} else {
		$upload_dir = "ERROR";
	}
	return $upload_dir;
}

function get_upload_log_directory() {
	$upload_log_dir = trim($this->upload_log_dir);
	if($upload_log_dir) {
		$ud_len = strlen($upload_log_dir);
		$last_slash = substr($upload_log_dir,$ud_len-1,1);
		if($last_slash <> "/"){
			$upload_log_dir = $upload_log_dir."/";
		} else {
			$upload_log_dir = $upload_log_dir;
		}
		$handle = @opendir($upload_log_dir);
		if($handle) {
			$upload_log_dir = $upload_log_dir;
			closedir($handle);
		} else {
			$upload_log_dir = "ERROR";
		}
	} else {
		$upload_log_dir = "ERROR";
	}
	return $upload_log_dir;
}

function upload_file_no_validation() {
	//Variables
	$temp_file_name = trim($this->temp_file_name);
	$file_name = trim(strtolower($this->file_name));
	$upload_dir = $this->get_upload_directory();
	$upload_log_dir = $this->get_upload_log_directory();
	$file_size = $this->get_file_size();
	$ip = trim($_SErver['REMOTE_ADDR']);
	$cpu = gethostbyaddr($ip);
	$m = date("m");
	$d = date("d");
	$y = date("Y");
	$date = date("m/d/Y");
	$time = date("h:i:s A");

	//Let's go...
	if(($upload_dir == "ERROR") OR ($upload_log_dir == "ERROR")){
		return false;
	} else {
		if(is_upload_file($temp_file_name)) {
			if (move_uploaded_file($temp_file_name,$upload_dir . $file_name)) {
				$log = $upload_log_dir.$y."_".$m."_".$d.".txt";
				$fp = fopen($log,"a+");
				fwrite($fp,"$ip-$cpu | $file_name | $file_size | $date | $time");
				fclose($fp);
				return true;
			} else {
				return false;
			}
		} else {
			return false;
		}
	}
}

function upload_file_with_validation() { 
//SECTION #1 
$temp_file_name = trim($this->temp_file_name); 
$file_name =  
$upload_dir = $this->get_upload_directory(); 
$upload_log_dir = $this->get_upload_log_directory(); 
$file_size = $this->get_file_size(); 
$ip = trim($_SERVER['REMOTE_ADDR']); 
$cpu = gethostbyaddr($ip); 
$m = date("m"); 
$d = date("d"); 
$y = date("Y"); 
$date = date("m/d/Y"); 
$time = date("h:i:s A"); 
$existing_file = $this->existing_file();    //<-Add On 
$valid_user = $this->validate_user();        //<-Add On 
$valid_size = $this->validate_size();        //<-Add On 
$valid_ext = $this->validate_extension();    //<-Add On 

//SECTION #2 
if (($upload_dir == "ERROR") OR ($upload_log_dir == "ERROR")) { 
    return false; 
} 
elseif ((((!$valid_user) OR (!$valid_size) OR (!$valid_ext) OR ($existing_file)))) { 
    return false; 
} else { 
    if (is_uploaded_file($temp_file_name)) { 
        if (move_uploaded_file($temp_file_name,$upload_dir . $file_name)) { 
            $log = $upload_log_dir.$y."_".$m."_".$d.".txt"; 
            $fp = fopen($log,"a+"); 
            fwrite($fp," 
$ip-$cpu | $file_name | $file_size | $date | $time"); 
                fclose($fp); 
                return true; 
            } else { 
                return false; 
            } 
        } else { 
            return false; 
        } 
    } 


#### Function Include ####
//Start the function
function includefile ($area) {
	$id = $_GET['id'];
	//Quick pattern check, for security :D
	if ( !eregi("^[-?_?a-z0-9]+$",$area) ) { //Only allow a-z, 0-9, -, _ :)
		//Let's stop them, and record the problem...
		echo'Sorry, but the file you are trying to access is not allowed, and your 
ip will be recorded';
		$ip = $_SERVER['REMOTE_ADDR'];
		$problem_body = "User trying to access the file:  " . $area . ", and their 
ip is:  " . $ip;
		$date = date("M, Y, D");
		$time = time();
		$insert = new site;
		$connect = $this->connect();
		$insert->query = "INSERT INTO " . $g_db_pre . "problems 
VAULES('$problem_body','$date','$time')";
		$insert->query();
	//Close if( !eregi("") ...
	}
	elseif ( file_exists("./includes/" . $area . ".incphp") ) { 
		//Check if the file exists
		include_once("./includes/" . $area . ".inc.php");
	//Close elseif( file_ex ...
	}
	elseif ( !isset($id) ) {
		include ( "./includes/index.inc.php" );
	//No id, close function
	}
	else { //File didn't exist, record problem again...
		echo'Sorry, but the file you are trying to access is not allowed, and your 
ip recorded';
		$ip = $_SERVER['REMOTE_ADDR'];
		$problem_body = "User trying to access the file:  " . $area . ", and their 
ip is:  " . $ip;
		$date = date ( "M, Y, D" );
		$time = time ( );
		$insert = new site;
		$connect = $this->connect ( );
		$insert->query = "INSERT INTO " . $g_db_pre . "problems 
		VAULES('$problem_body','$date','$time')";
		$insert->query ( );
	//Close else
	}

//Close the function include();
}

#### Function Add ####
//Start function
function add( $addit ) { //Add slashes
	$val = $addit;
	$addit = addslashes( $val );
//done with function add();
}

#### Function strip ####
//Initiate function
function strip( $stripit ) { //Strip slashes
	$val = $stripit;
	$stripit = stripslashes( $val );
//done with function strip();
}

#### Function BB ####
//Initiate function
function bb( $body ) {
	//Let's make 2 arrays, $patterns and $replacements
	//$patterns
	$patterns[0] = "|\[p\](.*?)[/p\]|s";
	$patterns[1] = "|\[b\](.*?)\[/b\]|s";
	$patterns[2] = "|\[i\](.*?)\[/i\]|s";
	$patterns[3] = "|\[u\](.*?)\[/u\]|s";
	$patterns[4] = "|\[center\](.*?)\[/center\]|s";
	$patterns[5] = "|\[hr\](.*?),(.*?)\[/hr\]|s";
	$patterns[6] = "|\[code\](.*?)\[/code\]|s";
	$patterns[7] = "|\[url\](.*?)\[/url\]|s";
	$patterns[8] = "|\[url=(.*?)\](.*?)\[/url\]|s";
	$patterns[9] = "|\[img\]([url]http://.*?[/url])\[/img\]|s";
	$patterns[10] = "|\[right\](.*?)[/right\]|s";
	$patterns[11] = "|\[left\](.*?)[/left\]|s";
	//$replacements
	$replacements[0] = "<p>\$1</p>";
	$replacements[1] = "<b>\$1</b>";
	$replacements[2] = "<i>\$1</i>";
	$replacements[3] = "<u>\$1</u>";
	$replacements[4] = "<p align=\"center\">\$1</p>";
	$replacements[5] = "<hr size=\"\$1\" width=\"\$2\" />";
	$replacements[6] = "<div class=\"code\">\$1</div>";
	$replacements[7] = "<a href=\"\$1\" target=\"_blank\">\$1</a>";
	$replacements[8] = "<a href=\"\$2\" target=\"_blank\">\$2</a>";
	$replacements[9] = "<img src=\"\$1\" /><br />";
	$replacements[10] = "<p align=\"right\">\$1</p>";
	$replacements[11] = "<p align=\"left\">\$1</p>";
	//Let's do the annoying list function...
	preg_match_all("|\[list\](.*?)\[/list\]|s", $body, $matches);
	$g = 12;
	//Let's do some changing
	foreach($matches[2] as $key => $value) {
		//# of *'s.  

		$itemsu = count(explode("*", $matches[2][$key]));
		//# of #'s.
		$itemso = count(explode("#", $matches[2][$key]));
		//Chop it up.
		$chop = chop($matches[2][$key]);
		//last one...
		$listregpat[$g] = $chop[0];
		//Okay structure part...
		if($itemsu > 1) {
			$listregrep = "<ol>";
			for($i = 1; $i < $itemsu; $i++) {
				if($i == 1) $firstlet = $chop[0];
				else $firstlet = "";
				$listregpat[$g] = "(.*?)\*";
				$listregrep .= "<li>" . $firstlet . "\$" . $i . "</li>";
			}
			$listregpat[$g] .= "(.*?)";
			$listregrep .= "<li>\$" . $itemso . "</li></ol>";
			$patterns[$g] = "|\[list\]" . $listregpat[$g] . "|\[/list\]|s";
			$replacements[$g] = $listregrep;
		} else {
			$patterns[$g] = "|\[list\](" . $chop[0] . ")(.*?)\[/list\]|s";
			$replacements[$g] = "<ul><li>\$1\$2</li></ul>";
		}
		$g++;
	}
	ksort($patterns);
	ksort($replacements);
	$replaced = preg_replace($patterns, $replacements, $body);
//done with bb code :-)
}			

?>

also there is an error...

on a line that doesn't exist it says unexpected $ or something like that...anyone see that?

thorpe

do you really want this critiqued?

is this all one class? if you ask me this is a poor design. what is the point of putting all these unrelated functions into 1 massive class? you might want to read up on some oop theory before you start playing with classes, youve kinda missed the point here.

edit:

Script Start Date: 7/20/05

maybe thats why i dont get it.... its from the future.

phpn00bf4life

June / 20th / 2005 ... lol sry

anyways i'll read up, this is really my first class to, so take it easy ... lol 😃 😉 :p

thorpe

man... i feel bad about some of the stuff i come out with on this board, i really need to be more constructive at times.

its not that i see anything to bad with your code, you might want to just break it down into smaller pieces. classes should really be built to deal with a particular task. for instance, from the code you have here i can see the makings of a database class,template class, and maybe even an upload class.

if your where to break this code down into smaller chunks you would find it easier to maintain, it would become instantly more flexable, and it would come more into line with the whole idea of object orientated programming.

im no expert in the field, but its something to think about. when im desgning classes my whole objective is to make them as flexable and independent as possible.

for instance, you might consider making a 'base' database class. this would deal with making the connection and provide some methods for performing different queries. you would not have any sql in this class (that would limit it to a particular db design), but instead might consider extending the 'base' class with another more suited to your current projects database structure.

anyway... like i said, im no expert. just trying to be a bit more constructive.

good luck.

halojoy

🙂

Hello php starter, phpn00bf4life
Wasnt long ago I wrote my first class, too.

What I miss is a Demo, to show what your code can do.
Who knows? Maybe it can do good stuff ....

Nice member name, by the way: PHP Newbie for Life

😉

planetsim

Im going to have to agree with thorpe on this one.

To really make full use of OOP, you really need to make sure it does one thing. Basically I usually think of OOP as a collection of functions (methods) that are there for one purpose.

Now again like thorpe said you have DB, Upload and some other things which could use there own seperate class.

There is a short OO Tutorial/Example Newbies forum FAQ + Bookmarked threads

I should probably update it a little as well. If you really want to learn OO than you should probably learn Java everything is an Object and although I dont like things that have been done in Java, the language itself makes quite a lot of sense. If learning Java isnt exactly on your list on things to learn getting a OO Concepts book would be handy not just for PHP (you will find PHP even in PHP 5 is still lacking quite a bit in OO as well) but for Java, C++ and .NET if any of these later on you wish to learn.

phpn00bf4life

thanks guys 🙂 I'll remodel my script, and see if i can weed out that error to 😉

TimTimTimma

Just another small note on your structure here, when making classes it also helps, in my opinion anyway, if you think of each class as its own private organization. The db organization, the upload organization etc. In my mind classes are easiest and best described as a way of better organizing your code. Like on my CMS I have 3 BIG classes currently MySQL class, User class, and Error class. Sure I could put all of these together and make one BIG class but then, it wouldnt be as organized. because when you go to use your pointer and your pointer just doesnt seem to name everything in your class, its just not organized, because theres so much in that on class it can be hard to remember exactly what the name of the function u r trying to get is.

For instance..

These examples DONT make alot of sense..

$bigclass->mysql_query(SQL HERE);

$bigclass->username(FILE TO UPLOAD HERE);

$bigclass->error_403(SPECIAL PARAMS HERE);

While this is easier, and more organized..

$mysql->query(SQL HERE);

$user->name(FILE TO UPLOAD HERE);

$error->403(SPECIAL PARAMS HERE);

The name of a class doesnt help it perform better, but it makes for easier reading understanding and even developing.

Weedpacket

I'm just wondering if the file upload facility is broken.

BuzzLY

noob,

Let me translate: In the future, if you have a lot of code to share with us, simply save it as a text file (as Weed has shown), and attach the file to the thread. This way, we won't get carpal tunnel trying to scroll through the whole thread.

Another option, if you have a server available for us to hit, is to save your code as a phps file, and simply link us to it. For example, if I wanted you to critique my color picker app, you can simply look at my code here.