diff --git a/COPYING b/COPYING new file mode 100644 index 00000000..c7aea189 --- /dev/null +++ b/COPYING @@ -0,0 +1,280 @@ + GNU GENERAL PUBLIC LICENSE + Version 2, June 1991 + + Copyright (C) 1989, 1991 Free Software Foundation, Inc. + 675 Mass Ave, Cambridge, MA 02139, USA + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The licenses for most software are designed to take away your +freedom to share and change it. By contrast, the GNU General Public +License is intended to guarantee your freedom to share and change free +software--to make sure the software is free for all its users. This +General Public License applies to most of the Free Software +Foundation's software and to any other program whose authors commit to +using it. (Some other Free Software Foundation software is covered by +the GNU Library General Public License instead.) You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +this service if you wish), that you receive source code or can get it +if you want it, that you can change the software or use pieces of it +in new free programs; and that you know you can do these things. + + To protect your rights, we need to make restrictions that forbid +anyone to deny you these rights or to ask you to surrender the rights. +These restrictions translate to certain responsibilities for you if you +distribute copies of the software, or if you modify it. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must give the recipients all the rights that +you have. You must make sure that they, too, receive or can get the +source code. And you must show them these terms so they know their +rights. + + We protect your rights with two steps: (1) copyright the software, and +(2) offer you this license which gives you legal permission to copy, +distribute and/or modify the software. + + Also, for each author's protection and ours, we want to make certain +that everyone understands that there is no warranty for this free +software. If the software is modified by someone else and passed on, we +want its recipients to know that what they have is not the original, so +that any problems introduced by others will not reflect on the original +authors' reputations. + + Finally, any free program is threatened constantly by software +patents. We wish to avoid the danger that redistributors of a free +program will individually obtain patent licenses, in effect making the +program proprietary. To prevent this, we have made it clear that any +patent must be licensed for everyone's free use or not licensed at all. + + The precise terms and conditions for copying, distribution and +modification follow. + + GNU GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License applies to any program or other work which contains +a notice placed by the copyright holder saying it may be distributed +under the terms of this General Public License. The "Program", below, +refers to any such program or work, and a "work based on the Program" +means either the Program or any derivative work under copyright law: +that is to say, a work containing the Program or a portion of it, +either verbatim or with modifications and/or translated into another +language. (Hereinafter, translation is included without limitation in +the term "modification".) Each licensee is addressed as "you". + +Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running the Program is not restricted, and the output from the Program +is covered only if its contents constitute a work based on the +Program (independent of having been made by running the Program). +Whether that is true depends on what the Program does. + + 1. You may copy and distribute verbatim copies of the Program's +source code as you receive it, in any medium, provided that you +conspicuously and appropriately publish on each copy an appropriate +copyright notice and disclaimer of warranty; keep intact all the +notices that refer to this License and to the absence of any warranty; +and give any other recipients of the Program a copy of this License +along with the Program. + +You may charge a fee for the physical act of transferring a copy, and +you may at your option offer warranty protection in exchange for a fee. + + 2. You may modify your copy or copies of the Program or any portion +of it, thus forming a work based on the Program, and copy and +distribute such modifications or work under the terms of Section 1 +above, provided that you also meet all of these conditions: + + a) You must cause the modified files to carry prominent notices + stating that you changed the files and the date of any change. + + b) You must cause any work that you distribute or publish, that in + whole or in part contains or is derived from the Program or any + part thereof, to be licensed as a whole at no charge to all third + parties under the terms of this License. + + c) If the modified program normally reads commands interactively + when run, you must cause it, when started running for such + interactive use in the most ordinary way, to print or display an + announcement including an appropriate copyright notice and a + notice that there is no warranty (or else, saying that you provide + a warranty) and that users may redistribute the program under + these conditions, and telling the user how to view a copy of this + License. (Exception: if the Program itself is interactive but + does not normally print such an announcement, your work based on + the Program is not required to print an announcement.) + +These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Program, +and can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based +on the Program, the distribution of the whole must be on the terms of +this License, whose permissions for other licensees extend to the +entire whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Program. + +In addition, mere aggregation of another work not based on the Program +with the Program (or with a work based on the Program) on a volume of +a storage or distribution medium does not bring the other work under +the scope of this License. + + 3. You may copy and distribute the Program (or a work based on it, +under Section 2) in object code or executable form under the terms of +Sections 1 and 2 above provided that you also do one of the following: + + a) Accompany it with the complete corresponding machine-readable + source code, which must be distributed under the terms of Sections + 1 and 2 above on a medium customarily used for software interchange; or, + + b) Accompany it with a written offer, valid for at least three + years, to give any third party, for a charge no more than your + cost of physically performing source distribution, a complete + machine-readable copy of the corresponding source code, to be + distributed under the terms of Sections 1 and 2 above on a medium + customarily used for software interchange; or, + + c) Accompany it with the information you received as to the offer + to distribute corresponding source code. (This alternative is + allowed only for noncommercial distribution and only if you + received the program in object code or executable form with such + an offer, in accord with Subsection b above.) + +The source code for a work means the preferred form of the work for +making modifications to it. For an executable work, complete source +code means all the source code for all modules it contains, plus any +associated interface definition files, plus the scripts used to +control compilation and installation of the executable. However, as a +special exception, the source code distributed need not include +anything that is normally distributed (in either source or binary +form) with the major components (compiler, kernel, and so on) of the +operating system on which the executable runs, unless that component +itself accompanies the executable. + +If distribution of executable or object code is made by offering +access to copy from a designated place, then offering equivalent +access to copy the source code from the same place counts as +distribution of the source code, even though third parties are not +compelled to copy the source along with the object code. + + 4. You may not copy, modify, sublicense, or distribute the Program +except as expressly provided under this License. Any attempt +otherwise to copy, modify, sublicense or distribute the Program is +void, and will automatically terminate your rights under this License. +However, parties who have received copies, or rights, from you under +this License will not have their licenses terminated so long as such +parties remain in full compliance. + + 5. You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Program or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Program (or any work based on the +Program), you indicate your acceptance of this License to do so, and +all its terms and conditions for copying, distributing or modifying +the Program or works based on it. + + 6. Each time you redistribute the Program (or any work based on the +Program), the recipient automatically receives a license from the +original licensor to copy, distribute or modify the Program subject to +these terms and conditions. You may not impose any further +restrictions on the recipients' exercise of the rights granted herein. +You are not responsible for enforcing compliance by third parties to +this License. + + 7. If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Program at all. For example, if a patent +license would not permit royalty-free redistribution of the Program by +all those who receive copies directly or indirectly through you, then +the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Program. + +If any portion of this section is held invalid or unenforceable under +any particular circumstance, the balance of the section is intended to +apply and the section as a whole is intended to apply in other +circumstances. + +It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system, which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. + +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. + + 8. If the distribution and/or use of the Program is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Program under this License +may add an explicit geographical distribution limitation excluding +those countries, so that distribution is permitted only in or among +countries not thus excluded. In such case, this License incorporates +the limitation as if written in the body of this License. + + 9. The Free Software Foundation may publish revised and/or new versions +of the General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + +Each version is given a distinguishing version number. If the Program +specifies a version number of this License which applies to it and "any +later version", you have the option of following the terms and conditions +either of that version or of any later version published by the Free +Software Foundation. If the Program does not specify a version number of +this License, you may choose any version ever published by the Free Software +Foundation. + + 10. If you wish to incorporate parts of the Program into other free +programs whose distribution conditions are different, write to the author +to ask for permission. For software which is copyrighted by the Free +Software Foundation, write to the Free Software Foundation; we sometimes +make exceptions for this. Our decision will be guided by the two goals +of preserving the free status of all derivatives of our free software and +of promoting the sharing and reuse of software generally. + + NO WARRANTY + + 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY +FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN +OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES +PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED +OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS +TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE +PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, +REPAIR OR CORRECTION. + + 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR +REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING +OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED +TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY +YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER +PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE +POSSIBILITY OF SUCH DAMAGES. + + END OF TERMS AND CONDITIONS diff --git a/README b/README new file mode 100644 index 00000000..a62f1acd --- /dev/null +++ b/README @@ -0,0 +1 @@ +This tree is soon to be home to phpultimate - a new, improved PHP version of the OCUA engine. diff --git a/src/Handler.php b/src/Handler.php new file mode 100644 index 00000000..dffb44ea --- /dev/null +++ b/src/Handler.php @@ -0,0 +1,198 @@ + + * @access public + * @copyright Dave O'Neill ; GPL. + */ +class Handler +{ + /** + * The page name to display. + * + * @access private + * @var string + */ + var $name; + + /** + * Instance of Smarty template file + * + * @access private + * @var object Smarty + */ + var $tmpl; + + + /** + * Constructor. This is called by every handler. + * Data that should be initialized for the subclass goes in here. + */ + function Handler () + { + $this->tmpl = new Smarty; + + $this->initialize(); + } + + /** + * Initialize our data + * This is where stuff that shouldn't be inherited should go. + */ + function initialize () + { + return true; + } + + /** + * Check if the logged-in user has permission for the current op + * + * This checks whether or not the user has authorization to perform + * the given operation. Returns true/false indicating success/failure + * This MUST be overridden by the subclass. + * + * @access public + * @return boolean Permission success/fail + */ + function has_permission() + { + return false; + } + + /** + * Process this operation + * + * This must be overridden by the subclass. + * + * @access public + * + */ + function process () + { + return false; + } + /** + * Set template variables for a template + * + * This sets any template variables that should be set for every + * output page. Things like app_name, cgi location, and page title + * should be set in here. DO NOT set any handler-specific variables + * in here. + * + * @access public + */ + function set_global_template_vars() + { + global $current_language; + $this->tmpl->assign("app_name", $GLOBALS['APP_NAME']); + $this->tmpl->assign("app_cgi_location", $GLOBALS['APP_CGI_LOCATION']); + $this->tmpl->assign("app_graphics_dir", $GLOBALS['APP_GRAPHICS_DIR'] . "/$current_language"); + $this->tmpl->assign("app_stylesheet_file", $GLOBALS['APP_STYLESHEET']); + $this->tmpl->assign("app_template_dir", $current_language); + + $this->tmpl->assign("page_title", $this->name); + + /* TODO: Get the currently logged in user name */ + } + + /** + * display the template filled in for this op. + * + * This displays the HTML output for this operation. Normally, + * this base function gets called to display the contents of the + * template as filled by the process() method. + * + * Individual subclasses can override it as necessary if they need custom + * output. + * + * @access public + * @see process() + */ + function display () + { + $this->set_global_template_vars(); + register_smarty_extensions($this->tmpl); + $this->tmpl->display($this->tmplfile); + } + + /** + * Display the error message. + * + * Generates an error message using the ErrorMessage.tmpl template. + * Caller should fill in $this->error_text before calling. + * + * Note that we don't use display() to do this, but instead call the + * underlying template displaying stuff ourselves. + * + * @access public + */ + function display_error() + { + /* TODO: If we're going to use error codes, display them too. */ + + $this->tmpl = new Smarty; + $this->set_template_file("ErrorMessage.tmpl"); + $this->name = "Error"; + + if(!$this->error_text) { + $this->error_text = "Unknown Error"; + } + + $this->tmpl->assign("error_message", + $this->error_text); + + $this->set_global_template_vars(); + $this->tmpl->display($this->tmplfile); + } + + /** + * Perform page finalization + * + * Deals with any final close-off that needs to be done for the + * page. + * + * @access public + */ + function end_page () + { + /* TODO: */ + } + + /** + * Set the template file to be used + * + * This sets the path to the appropriate template file, relative to + * the template root. This also inserts the appropriate language + * directory into the pathname. + * + * @access public + * @param string $template_file Filename of the template file to use. Should be relative to the language directories. + * + */ + function set_template_file( $template_file ) + { + global $current_language; + $this->tmplfile = $current_language . "/" . $template_file; + } +} + +?> diff --git a/src/Handler/Login.php b/src/Handler/Login.php new file mode 100644 index 00000000..a49b09ed --- /dev/null +++ b/src/Handler/Login.php @@ -0,0 +1,105 @@ + + * @access public + * @copyright GPL + */ +class Login extends Handler +{ + + /** + * Initializer for Login class + * + * We simply initialize the printable name for this operation. + * + * @access public + */ + function initialize () + { + $this->name = "Login"; + } + + /** + * Check if the current session has permission to log in + * + * Since there's no other validation to be done, we always return true. + * + * @access public + * @return boolean Permission success (true) or fail (false). + */ + function has_permission() + { + return true; + } + + /** + * Process a user login + * + * Here, we take the given user login and password, and attempt to + * validate against the SQL database. + * + * @access public + * @return boolean success/fail + */ + function process () + { + global $session, $username, $password; + + + /* Now, if we can, we will create a new user session */ + if( isset($username) && isset($password) ) { + $rc = $session->create_from_login($username,$password); + } else { + $rc = false; + } + + return $rc; + } + + /** + * Display method for Login + * + * This overrides the parent class display() method to output a + * redirection header instead of an HTML page. This is only ever + * used when process () succeeds. + * + * @access public + */ + function display () + { + global $APP_COOKIE_NAME, $session; + setcookie($APP_COOKIE_NAME, $session->get_session_key()); + Header("Location: " . $GLOBALS['APP_CGI_LOCATION'] . "?op=menu"); + } + + /** + * Display error message. + * + * This display_error() function overrides the parent class so that we can + * display the error message in-context on the login screen. The + * parent's display() function is called to perform the actual display + * work, so that any necessary global variables can be set there before + * the HTML is output. + * + * @access public + */ + function display_error() + { + global $username, $password; + + $this->set_template_file("Login.tmpl"); + + if( isset($username) || isset($password) ) { + $this->tmpl->assign("error", gettext("Incorrect username or password")); + } + + parent::display(); + } +} +?> diff --git a/src/Handler/Logout.php b/src/Handler/Logout.php new file mode 100644 index 00000000..cdcf9f35 --- /dev/null +++ b/src/Handler/Logout.php @@ -0,0 +1,74 @@ + + * @access public + * @copyright GPL + */ +class Logout extends Handler +{ + /** + * Constructor + * + * @access public + */ + function initialize () + { + $this->name = "Logout"; + } + + /** + * Check authorization to log out + * + * All active sessions can be logged out. Otherwise, return an + * error. + */ + function has_permission() + { + global $session; + + /* Anyone with a valid session id has permission */ + if($session->is_valid()) { + return true; + } + /* If no session, it's error time. */ + $this->error_text = gettext("You can't log out if you're not logged in"); + return false; + } + + /** + * Process a logout attempt + * + * @access public + */ + function process () + { + global $session; + $rc = $session->expire(); + if(! $rc) { + $this->error_text = gettext("Couldn't log out!"); + } + return $rc; + } + + /** + * Display handler for Logout + * + * When logging out a user, after invalidating that user's session, we + * redirect them to the login page. + * + * @access public + */ + function display () + { + /* TODO: Should we ever display an error page? */ + Header("Location: " . $GLOBALS['APP_CGI_LOCATION'] . "?op=login"); + } +} + +?> diff --git a/src/Handler/Menu.php b/src/Handler/Menu.php new file mode 100644 index 00000000..4553ba1c --- /dev/null +++ b/src/Handler/Menu.php @@ -0,0 +1,198 @@ + + * @copyright GPL + */ +class Menu extends Handler +{ + /** + * Initializes the template for this handler. + */ + function initialize () + { + $this->name = 'LeagueRunner Menu'; + } + + /** + * Check if the logged-in user has permission to view the menu + * + * This checks whether or not the user has authorization to view the + * menu. At present, everyone with a valid session can view the menu. + * + * @access public + * @return boolean True if current session is valid, false otherwise. + */ + function has_permission() + { + global $session; + + /* Anyone with a valid session id has permission */ + if($session->is_valid()) { + return true; + } + /* If no session, it's error time. */ + $this->name = "Not Logged In"; + $this->error_text = gettext("Your session has expired. Please log in again"); + return false; + } + + /** + * Generate the menu + * + * This generates the menu. Each menu category is generated with + * its own function, which checks if the current user session + * has permission for those options. + * + * @access public + * @return boolean success or failure. + */ + function process () + { + global $session; + $this->set_template_file("Menu.tmpl"); + $this->tmpl->assign("menu_box_rows", + array( + $this->manage_account(), + $this->manage_teams(), + $this->manage_tiers(), + $this->manage_leagues(), + $this->manage_system(), + ) + ); + $this->tmpl->assign("user_name", join(" ",array( + $session->attr_get("firstname"), + $session->attr_get("lastname") + ))); + return true; + } + + /** + * Generate the account menu + * @access private + * @return array + */ + function manage_account () + { + global $session; + $ops = array( + array( + 'title' => "View/Edit My Account", + 'url_append' => '?op=playerview&userid=' . $session->attr_get("user_id"), + 'grey_out' => 0 + ), + array( + 'title' => "Change Password", + 'url_append' => '?op=changepassword', + 'grey_out' => 0 + ), + array( + 'title' => "Log Out", + 'url_append' => '?op=logout', + 'grey_out' => 0 + ), + ); + return array( + 'icon' => "menu/account.png", + 'title' => "My Account", + 'content' => $this->generate_menu_html($ops), + ); + } + + function manage_teams () + { + global $session, $DB; + $sth = $DB->prepare("SELECT t.team_id, + t.name AS team_name, + if(t.captain_id = r.player_id, + 'captain', + if(t.assistant_id = r.player_id, + 'assistant', + if(r.status = 'confirmed', + 'player', + 'requested'))) as position, + l.league_id + FROM + team t, + teamroster r, + leagueteams l + WHERE + r.team_id = t.team_id AND + t.team_id = l.team_id AND + r.player_id = ?"); + $res = $DB->execute($sth,array($session->attr_get("user_id"))); + if(DB::isError($res)) { + $output = "No teams"; + } else { + $output = ""; + while($row = $res->fetchRow(DB_FETCHMODE_ASSOC)) { + $output .= $this->gen_team_row($row['team_name'],$row['position'],$row['team_id']); + } + $output .= "
"; + } + + return array( + 'icon' => "menu/teams.png", + 'title' => "My Teams", + 'content' => $output, + ); + } + + function gen_team_row($name,$pos,$id) + { + $rv = "$poson$name"; + $rv .= "view/edit"; + return $rv; + } + + function manage_tiers () + { + } + + function manage_leagues () + { + } + + function manage_system () + { + } + + /** + * Generate the HTML for a menu box + * + * Generates the HTML for one of the menu boxes on the main menu + * screen. The argument given is an array of arrays, containing: + * title (string for menu box title) + * url_append (string to append to the CGI url) + * grey_out (Used to grey out menu options that are not + * implemented yet - deprecated) + * + * @access private + * @param array Array of operations supported + * @return string HTML code to insert into menu box + */ + function generate_menu_html ( $available_ops ) + { + global $session_id; + global $APP_CGI_LOCATION; + $s = ""; + reset($available_ops); + while (list($key, $val) = each($available_ops)) { + if($val['grey_out'] == 0) + { + $s .= "\n"; + } else { + $s .= "
".$val['title']."
".$val['title']."\n"; + } + } + $s .= "
"; + return $s; + } + +} +?> diff --git a/src/Handler/NotFound.php b/src/Handler/NotFound.php new file mode 100644 index 00000000..d9517b45 --- /dev/null +++ b/src/Handler/NotFound.php @@ -0,0 +1,65 @@ + + * @access public + * @copyright GPL + */ +class NotFound extends Handler +{ + + function initialize () + { + $this->name = "Operation Not Found"; + } + + /** + * Check if the current session has permission for this operation + * + * If there is a current session, the user is allowed to receive the + * "operation not found" error. Otherwise, they get a "Not Logged In" + * error. + * + * @access public + * @return boolean success/fail + */ + function has_permission () + { + global $session; + /* Check that there is a session first */ + if($session->is_valid()) { + return true; + } + /* If no session, it's error time. */ + $this->name = "Not Logged In"; + $this->error_text = gettext("Sorry, you aren't logged in"); + return false; + } + + /** + * Process the "operation not found" output. + * + * @access public + * @return boolean success/fail + */ + function process () + { + global $op; + $this->set_template_file("ErrorMessage.tmpl"); + $this->tmpl->assign("message", + gettext("Sorry, you cannot perform the operation") . " " . $op . "
" + ); + return true; + } +} +?> diff --git a/src/Handler/Person.php b/src/Handler/Person.php new file mode 100644 index 00000000..a3de17c2 --- /dev/null +++ b/src/Handler/Person.php @@ -0,0 +1,3 @@ + diff --git a/src/Handler/Person/View.php b/src/Handler/Person/View.php new file mode 100644 index 00000000..80cb65db --- /dev/null +++ b/src/Handler/Person/View.php @@ -0,0 +1,106 @@ + + * @access public + * @copyright GPL + */ +class PlayerView extends Handler +{ + + /* Permissions bits for various items of interest */ + var $_permissions; + + /** + * Initializer for PlayerView class + * + * @access public + */ + function initialize () + { + $this->name = "View Player"; + $this->_permissions = array( + 'email' => false, + 'phone' => false, + 'username' => false, + 'address' => false, + 'gender' => false, + 'skill' => false, + 'name' => false, + ); + } + + /** + * Check if the current session has permission to view this player. + * + * check that the session is valid (return false if not) + * check if the session user is the target player (return true) + * check if the session user is the system admin (return true) + * Now, check permissions of session to view this user + * + * @access public + * @return boolean success/fail + */ + function has_permission () + { + global $DB, $session, $userid; + if(!$session->is_valid()) { + return false; + } + + /* Anyone with a valid session can see your name */ + $this->_permissions['name'] = true; + + /* Can always view self */ + if($session->attr_get('user_id') == $userid) { + while(list($key,) = each($this->_permissions)) { + $this->_permissions[$key] = true; + } + return true; + } + + /* Administrator can view all */ + if($session->attr_get('class') == 'administrator') { + while(list($key,) = each($this->_permissions)) { + $this->_permissions[$key] = true; + } + return true; + } + + /* + * TODO: + * See if we're looking at a volunteer or team captain + */ + + /* + * See if we're looking at a regular player with possible restrictions + */ + $sth = $DB->prepare( "SELECT class, allow_publish_email, allow_publish_phone, FROM person WHERE user_id = ?"); + $res = $DB->execute($sth,$userid); + if(DB::isError($res)) { + /* TODO: Handle database error */ + return false; + } + $row = $res->fetchRow(DB_FETCHMODE_ASSOC, 0); + $res->free(); + if($row['allow_publish_email'] == 'yes') { + $this->_permissions['email'] = true; + } + if($row['allow_publish_phone'] == 'yes') { + $this->_permissions['phone'] = true; + } + + return true; + } + + function process () + { + } +} + +?> diff --git a/src/UserSession.php b/src/UserSession.php new file mode 100644 index 00000000..29fc0c1b --- /dev/null +++ b/src/UserSession.php @@ -0,0 +1,218 @@ + + * @access public + * @copyright GPLv2; Dave O'Neill + */ +class UserSession +{ + /** + * Constructor + */ + function UserSession () + { + /* Yay, empty */ + } + + /** + * Create the user session from the given cookie + * + * @return boolean status of session creation + */ + function create_from_cookie ($cookie) + { + global $DB; + + if( !isset($cookie) ) { + return false; + } + + $sth = $DB->prepare("SELECT * FROM person WHERE session_cookie = ?"); + $res = $DB->execute($sth,$cookie); + if(DB::isError($res)) { + /* TODO: Handle database error */ + return false; + } + + ## So, we assume that the first username we get back is the only one =) + $row = $res->fetchRow(DB_FETCHMODE_ASSOC,0); + $res->free(); + + if( $cookie != $row['session_cookie']) { + /* Failed sanity check - either we didn't get a row, or the row + * contains crap. + */ + return false; + } + + /* Ok, the user is good. Now we need to save the user data + * and generate a session key. + */ + + /* TODO: We may wish to be selective here */ + $this->data = $row; + + $this->session_key = $cookie; + + return true; + } + + /** + * Create the user session from the given username and password + * + * @return boolean status of session creation + */ + function create_from_login($user,$pass) + { + global $DB; + + if( !isset($user) ) { + return false; + } + + if( !isset($pass) ) { + return false; + } + + $sth = $DB->prepare("SELECT * FROM person WHERE username = ?"); + $res = $DB->execute($sth,$user); + if(DB::isError($res)) { + /* TODO: Handle database error */ + return false; + } + + ## So, we assume that the first username we get back is the only one =) + $row = $res->fetchRow(DB_FETCHMODE_ASSOC,0); + $res->free(); + + if( $user != $row['username']) { + /* Failed sanity check - either we didn't get a row, or the row + * contains crap. + */ + return false; + } + + /* Now, check password */ + $cryptpass = crypt($pass, $row['password']); + if ($cryptpass != $row['password']) { + return false; + } + + /* Ok, the user is good. Now we need to save the user data + * and generate a session key. + */ + + /* TODO: We may wish to be selective here */ + $this->data = $row; + + $this->session_key = $this->build_session_key(); + + return true; + } + + /** + * Expire a session. + * + * TODO: WRite me! + */ + function expire () + { + global $DB; + + $user_id = $this->attr_get('user_id'); + if(is_null($user_id)) { + return false; + } + + $sth = $DB->prepare("UPDATE person SET session_cookie = NULL WHERE user_id = ?"); + $res = $DB->execute($sth,$user_id); + if(DB::isError($res)) { + /* TODO: Handle database error */ + die($res->getMessage()); + return false; + } + + return true; + } + + /** + * Return the session key for this session + */ + function get_session_key () + { + if( !isset($this->session_key) ) { + return null; + } + return $this->session_key; + } + + /** + * Return the requested attribute + */ + function attr_get ($attr) + { + if(!isset($this->data)) { + return null; + } + + if(!isset($this->data[$attr])) { + return null; + } + + return $this->data[$attr]; + + } + + /** + * Build a session key + */ + function build_session_key () + { + global $DB; + + $sesskey = strftime("%Y%m%d%H%M%S"); + $timestamp = strftime("%Y%m%d%H%M%S"); + + $sth = $DB->prepare("UPDATE person SET session_cookie = ?, last_login = ? WHERE user_id = ?"); + $res = $DB->execute($sth,array($sesskey,$timestamp,$this->data['user_id'])); + if(DB::isError($res)) { + /* TODO: Handle database error */ + echo "Error: ", $res->getMessage(); + return false; + } + + return $sesskey; + } + + /** + * Check to see if the current user session is valid. + * + * @return boolean valid or not + */ + function is_valid () + { + if( !isset($this->data) ) { + return false; + } + if( !isset($this->data['user_id']) ) { + return false; + } + return true; + } + + /** + * TODO: Needed anymore? + */ + function get_failure_message () + { + return true; + } +} +?> diff --git a/src/lib/smarty_extensions.php b/src/lib/smarty_extensions.php new file mode 100644 index 00000000..e7cf81f2 --- /dev/null +++ b/src/lib/smarty_extensions.php @@ -0,0 +1,85 @@ + + * @access private + */ + +/** + * Generate a pulldown inside a Smarty template. + * + * 
+ * This is to be called as
+ * {create_pulldown name='this_select' data=$array_var, multiple=true, size=3}
+ *
+ * $array_var should consist of a regular array of associative arrays.The
+ * internal associative arrays should be of the format:
+ * array(
+ * 	'value' => 'THis is a foo', # The value to be displayed
+ * 	'key'   => 'foo',           # The value to be returned when submitted
+ * 	'selected' => false         # Whether or not this should be marked as
+ * 	                            # selected 
+ * )
+ *
+ * + * @param string $params parameter list + */ +function create_pulldown( $params ) +{ + extract($params); + if(empty($name)) { + echo "ERROR: No name= attribute given to create_pulldown()"; + return; + } + if(is_null($data)) { + echo "ERROR: No data= attribute given to create_pulldown()"; + return; + } + if(empty($multiple)) { + $multiple = false; + } + if(empty($size)) { + $size = 1; + } + + $output = " + Username:
+ Password:
+ + +

+ Please note that this site uses cookies to store authentication information. + You must have cookies enabled in your browser to use this site. +

+{include file="$app_template_dir/common/basic_footer.tmpl"} diff --git a/src/templates/en_US/Menu.tmpl b/src/templates/en_US/Menu.tmpl new file mode 100644 index 00000000..dc5677d8 --- /dev/null +++ b/src/templates/en_US/Menu.tmpl @@ -0,0 +1,24 @@ +{include file="$app_template_dir/common/basic_header.tmpl"} + +

{$page_title}

+

+ Welcome, {$user_name}. +

+ + {foreach name=list from=$menu_box_rows item=box} + + {if $box.icon} + + {else} + + {/if} + + + + + {/foreach} +
{$box.title}{$box.title}
+ {$box.content} +
+{include file="$app_template_dir/common/basic_footer.tmpl"} +{* vim: set sw=2 ts=2 et: *} diff --git a/src/templates/en_US/common/basic_footer.tmpl b/src/templates/en_US/common/basic_footer.tmpl new file mode 100644 index 00000000..308b1d01 --- /dev/null +++ b/src/templates/en_US/common/basic_footer.tmpl @@ -0,0 +1,2 @@ + + diff --git a/src/templates/en_US/common/basic_header.tmpl b/src/templates/en_US/common/basic_header.tmpl new file mode 100644 index 00000000..289be83f --- /dev/null +++ b/src/templates/en_US/common/basic_header.tmpl @@ -0,0 +1,6 @@ + + + {$app_name} - {$page_title} + + +