Class XF
XF handles all low-level including initialization, database connection and basic abstraction layers
Located in /class.root.php (line 27)
'SHOW_BLANK_PAGE','PUT_IN_ANTEROOM','MAINTENANCE_MESSAGE','RANDOM_HTTP_ERROR','LOGOUT_THIS_TIME',
'REDIRECT_TO_INDEX','SCHABERNACK_MACHEN','KILL_AUTHENTICATION'
) (line 224)
'root_uri'=>array('uri'),'root_path'=>array('path'),'auth_activate_limit'=>array('utime'),'auth_bind_agent'=>array('bool'),'auth_bind_ip'=>array('bool'),'auth_max_faillogin'=>array('int'),'auth_max_lifetime'=>array('utime'),'auth_use_reauth'=>array('bool'),'auth_use_tan'=>array('bool'),'cache_acl'=>array('bool'),'cache_config'=>array('bool'),'cache_main'=>array('bool'),'cache_rss'=>array('bool'),'cache_topic'=>array('bool'),'cache_tpl'=>array('bool'),'cache_user'=>array('bool'),'cookie_domain'=>array('hostname','okifempty'),'cookie_path'=>array('path','okifempty'),'cookie_read_tracker'=>array('str'),'cookie_session'=>array('str'),'cookie_ssl_only'=>array('bool'),'help_class'=>array('enum','o=mail,o=direct'),'help_mail_address'=>array('mail','okifempty'),'http_detect_language'=>array('bool'),'http_output_zlib'=>array('bool'),'log_enable'=>array('bool'),'log_forward'=>array('enum','o=none,o=filetxt,o=filexml,o=syslog'),'log_ip'=>array('bool'),'log_max_age'=>array('utime'),'log_parameter'=>array('str'),'log_statistic'=>array('bool'),'mail_from_mail'=>array('mail'),'mail_from_name'=>array('str'),'main_debug_verbose'=>array('bool'),'main_default_group'=>array('int'),'main_enable'=>array('bool'),'main_guest_uid'=>array('int'),'main_language'=>array('lang'),'main_post_edit_limit'=>array('utime'),'main_post_per_page'=>array('int'),'main_style'=>array('style'),'main_tags_on_index'=>array('int'),'main_title'=>array('str'),'main_topic_navbar'=>array('bool'),'main_topic_per_page'=>array('int'),'main_umask'=>array('str','okifempty,forcestr'),'main_uuid'=>array('str'),'main_version'=>array('int'),'param_action'=>array('str'),'param_ajax'=>array('uri'),'param_file'=>array('uri'),'rss_limit'=>array('int'),'rss_payload'=>array('bool'),'task_enable'=>array('bool'),'uri_css'=>array('uri'),'uri_gfx'=>array('uri'),'uri_js'=>array('uri')) (line 162)
'parsed'=>false,
'acl'=>'$P acl',
'config'=>'$P config',
'config_task'=>'$P config_task',
'group'=>'$P group',
'log'=>'$P log',
'post_data'=>'$P post_data',
'post_meta'=>'$P post_meta',
'post_prefix'=>'$P post_prefix',
'post_rating'=>'$P post_rating',
'search_result'=>'$P search_result',
'statistic'=>'$P statistic',
'tag_data'=>'$P tag_data',
'tag_meta'=>'$P tag_meta',
'user'=>'$P user',
'user_blacklist'=>'$P user_blacklist',
'user_bookmark'=>'$P user_bookmark',
'user_request'=>'$P user_request'
) (line 139)
check if selected user can access an 'action'
- string $action: name of action
- integer $uid: user id, current if not given
- integer $gid: group id, current if not given
narrows an array to string
- array $a: input stream
transforms a bool to 'yes' or 'no'
- boolean $a: input stream
store a checksum locally and compare it, if requested
- string $class: 'get' does a comparison and 'put' stores a hash of input
- string $name: name
- string $data: sha1 hash on 'put' for later comparison
set a cookie. encrypted by default; not very tight, but (maybe) enough to beat junior black-hats ;) is automatically disabled, if suhosin is detected and it already encrypts cookies.
- string $a: name of cookie
- mixed $b: value to store, set null to remove
- mixed $c: expiry time, can be integer or like '3d' for three days
format a date output
- integer $a: input timestamp, should be UTC
- string $b: resulting date format (default is RFC 822)
- boolean $c: if 'true', output is 'human readable'
all-purpose file handler - abstracts common php code snippets
flags: read,write,delete,noroot,local,remote,append,verify,compression=[none|auto|gz|bz2]
- string $fd: filename
- string $data: input stream
- string $flags: options - have a look at method for details
get a configuration value
- string $a: key or '*' for all
get current supported configuration values
get vars from 'vault'
get group data
- integer $a: group id, current if not given. '*' returns all.
count set bits in input and returns them as hex
- integer $a: input stream
fetch a list of all tables currently stored in database
get user data - return data, if found, and caches it in class vars
- array $uid: user id, current if not given. if array, the first user is returned.
fetches user group from database and store them in class vars
hash a bitstream e.g. plaintext password - 256-bit requires php extension (usually available)
- string $input: input stream
- boolean $salt: add salt to password soup?
- boolean $ext: if 'true' returns 256-bit hash, otherwise 160-bit
calculate the hash from input - usuable on non-scalar values
- mixed $a: input stream
- boolean $b: if 'true', use keys instead of values from input as long as it is an array
returns value if is set otherwise a default
- string $class: location to look: 'get', 'post' or other
- string $name: name of variable
- string $default: default value to return, if not set
well, prepare some fun for inconvenient users *haha*
initialize basics: check php settings and prepare user input arrays
initialize caching system
process configuration
initialize database connection
set 'action' to run, access checks and set basic template vars
intialize common variables and prepare database table array
fetch core language file and detect preferred language by browser settings
run a scheduled task, if enabled.
prepare smarty template engine handing html outputs
initialize user data and cache group data
parse a link
- string $action: use 'action'
- mixed $params: any params to append?
- boolean $encode_amp: if 'true', ampersands are encoded to '&'
forward an entry to log system deliver input as args: first is level 'system', 'info' or 'error'. any following are combined as message.
odd [1,3,5,...] become a 'description' for an entry. even [2,4,6,...] are its message. you may also pass all args in an array as first argument. example: logger('info','foo','bar','userid',3,'select','false') or logger(array('info','foo','bar','userid',3,'select','false'))
parse logging messages for (human readable) output
- object $r: results of log entry from database
- &$r
output maintenance message and end execution
reset all template vars except common one
scan through folders recursively
- string $base: base folder
- boolean $list_files: if true, also list files
- array $data: data stream
- &$data
sanitize user inputs - very(!) important
available flags: okifempty,forcestr,enforce,stripspaces,restrict,fullascii,hex,oct,length=,range=,o= 'str,strwbr,path,file' are *sanitizing* (strip illegal chars), others are *validating* (return 'false' on illegal chars) normally we do not allow empty input (zero strlen), use 'okifempty' flag to change this! hex|oct (currently) not support 'range='
- string $input: input stream
- string $class: validate against what type?
- string $flags: some flags - see method for details
(de)scramble a string using cryptography
- string $a: input stream
- string $b: use 'auto' mode or 'encrypt' respectively 'decrypt'
- string $c: select algorithm: 'ARC4' is fast and 'Blowfish' is slow, but more secure
return last inserted id after sql query
- string $a: resource descriptor - currently only for postgres
perform a sql query
first char can be a flag: ?=debug selects, -=just simulate and !=only output query params === '-' -> do not log query in debug trace AND no check before execution if table exists
- string $query: the query
- array $params: params for prepared statements
- string $method: what method issued it?
- integer $line: on which line?
transaction abstraction layer
mysql gets a simulation by locking because it (still/actually) lacks transactions *sigh* you should not use nested transactions to allow using databases not support them
- string $class: 'begin', 'commit', 'rollback' or 'is_running', may contain a name separated by colon
- array $params: additional table locks for databases not supporting transactions
increase statistic counter by one
- string $a: descriptor - see statistic table for details
strips trailing slashes
- string $a: input stream
store a transaction number to session for using in forms
- string $a: requested 'action'
- $b
returns a valid database table name for usage in sql queries
- string $a: name of table (keys of array XF::tbl()), '*' selects all
- boolean $b: if 'true', returns raw value
terminate script execution and output error message
- string $msg: input stream
- boolean $beautify: if 'true', displays some nice error messages for users instead of 'cold' exception report
create a token - useful on creating passwords or digests
- integer $a: length of token
- string $b: choose token type: 'int', 'alnum' or 'binary'
- string $c: using 'strong' here creates a token for cryptographic use, forces 'binary'
rewire template engine cache to 'pool' when required
- integer $a: id translated by 'XF::get_masqueraded_folder()'
- string $b: use 'begin' first, then 'change' to alter the folders and 'reset' after work
update the local caches like self::$user with new values
- string $a: cache identifier (currently 'user' only)
- integer $b: identifier of cache entry
- string $c: name of dataset
- mixed $d: new value
create an 'universal unique identifier'.
if we didn't make a mistake on calculation, this should be about 120-bit of randomness... output example: 550e8400-e29b-11d4-a716-446655440000 (not really strict RFC!)
validates input array for rejected 'false' data
- array $a: input stream
our 'vault': values can be stored here for class-wide reference
flags: pub,rw,required,token=
- string $name: name, '*' fetches all
- string $value: data
- string $flags: options, default is protected and read-only
start your engines :)
- string $mode: select mode to execute: 'regular', 'ajax' or 'setup'
- array $options: options - see method for details
well, clean up after work and turn off the lights...
ANNOY_PROBABILITY_ON_AJAX
= 75
(line 75)
ANNOY_TIMESPAN
= '10,20'
(line 71)
DATABASE_VERSION
= 1
(line 39)
DATE_RFC822
= 'D, d M Y H:i:s O'
(line 87)
DEBUG
= false
(line 31)
ENABLE_SCRAMBLE
= true
(line 63)
POST_MAXLEN
= 20000
(line 67)
RSS_LAST
= 2147483638
(line 79)
RSS_MOD_UNAPPROVE
= 2147483639
(line 83)
TASK_INTERVAL
= 3
(line 59)
VAULT_PROTECTED
= 0x02
(line 51)
VAULT_PUBLIC
= 0x01
(line 55)
VAULT_RO
= 0x08
(line 43)
VAULT_RW
= 0x04
(line 47)
VERSION
= '0.9.11'
(line 35)
Documentation generated on Tue, 03 Mar 2009 17:58:07 +0100 by phpDocumentor 1.4.1