kumpulink/functions.php at master · CornerGeeks/kumpulink · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
<?php

require_once("header.php");

function add_tags($id,$tags){
	$tags=explode(",",mb_strtolower($tags)); //split csv string into array
		foreach($tags as $t){
			$t = preg_replace("/[^a-z0-9\-]+/", "", $t);  //allow only alphanumber and '-'
			$tag=R::dispense("tag");
			$tag->text=$t;
			$tag->bookmark=$id;  //maybe bookmark->ownTag[] would be better
			R::store($tag);
		}
	return true;
}

function add_bookmark($uri,$title,$description){
	$bookmark=R::dispense("bookmark"); //hrm. should we protect for XSS before or after SQL insert?
	$bookmark->title=$title;
	$bookmark->description=$description;
	$bookmark->uri=$uri;
	$bookmark_id=R::store($bookmark);
	return $bookmark_id; //wonder if should return $bookmark instead
}

if(isset($_POST["action"])){
	if($_POST["action"]=="logout"){
		unset($_SESSION);
		session_destroy();
	}
}

class User
{
	private static $user_id=0;
	private static $initialized=false;
	private static function init(){
		if(self::$initialized)
			return;

		if(isset($_SESSION["user_id"])){
			self::$user_id=$_SESSION["user_id"];
		}
	}

	private static function login($username,$password){
		self::init();
		$user=R::findOne("user","name = ?",array($username));
		if($user->id && check_hash($password,$user->password)){
			$_SESSION["user_id"]=$user->id;
			self::$user_id=$user->id;
		}
		return self::$user_id;
	}

	private static function logout(){
		unset($_SESSION);
		session_destroy();
		self::$user_id=0;
	}

	private static function get_id($username){
		self::init();
		$existing=R::findOne("user","name = ?",array($username));
		return $existing->id;
	}
	private static function register($arr){  //$arr passed from $_POST ?
		self::init();
		if(isset($arr["username"],$arr["password"])){ //variables set
		if(!self::get_id($arr["username"])){  //username doesn't exist
			$user=R::dispense("user");
			$user->name=$arr["username"];
			$user->password=hasher($arr["password"]);
			self::$user_id=R::store($user);
		} //username doestn't exist
		} //variables set
		return self::$user_id;
	}
	private static function logged_in(){
		self::init();
		return self::$user_id;
	}
}

?>