Initial commit

includes/admin/dashboard.php

@@ -0,0 +1,7 @@
+<h1>{locale:dashboard}</h1>
+
+<ul>
+	<li><a href='/admin/entry'>{locale:entry_editor}</a></li>
+	<li><a href='/admin/plugins'>{locale:plugin_manager}</a></li>
+	<li><a href='/admin/page'>{locale:page_editor}</a></li>
+</ul>

includes/admin/entry.php

@@ -0,0 +1,149 @@
+<?php
+
+if (isset($_GET['status']))
+	switch ($_GET['status'])
+	{
+		case 'added':
+			array_push($info, $_locale['entry_added']);
+		break;
+
+		case 'updated':
+			array_push($info, $_locale['entry_updated']);
+		break;
+	}
+
+if (isset($_POST['entryContent']) && $user['userLevel'] > 2)
+{
+
+	if (isset($_POST['entryAdd']))
+	{
+		if (blog::add($_POST['entryHeader'], $_POST['entryTitle'], $_POST['entrySlug'], $_POST['entryContent'], $_POST['entryPublished'], (isset($_POST['entryHidden']) ? true : false), $_POST['entryPIN']))
+			redirect(get_entry_link($_POST['entrySlug']), 'added');
+		else
+			array_push($error, $_locale['entry_not_added']);
+	} elseif (isset($_POST['entryUpdate']))
+	{
+		if (blog::update($_POST['entryUpdate'], $_POST['entryHeader'], $_POST['entryTitle'], $_POST['entryContent'], $_POST['entryPublished'], (isset($_POST['entryHidden']) ? true : false), $_POST['entryPIN']))
+			redirect(get_current_link(), 'updated');
+		else
+			array_push($error, $_locale['entry_not_updated']);
+	}
+
+}
+
+if (isset($_POST['entryTag']) && $user['userLevel'] > 2)
+{
+	if (isset($_POST['tagIdRemove']))
+	{
+		if (blog::tagRemove($_POST['tagIdRemove'], $_POST['entryId']))
+			array_push($info, $_locale['entry_tag_removed']);
+		else
+			array_push($error, $_locale['entry_tag_not_removed']);
+	} elseif (blog::tag($_POST['tagId'], $_POST['entryId']))
+		array_push($info, $_locale['entry_tag_added']);
+	else
+		array_push($error, $_locale['entry_tag_not_added']);
+}
+
+if (isset($seo[2]) && $user['userLevel'] > 2)
+{
+	$entry = new blog($seo[2]);
+	if ($entry->entries)
+	{
+		$entryData = $entry->entry();
+		if (isset($seo[3]) && $user['userLevel'] > 3)
+			switch ($seo[3])
+			{
+				case 'delete':
+					if ($entry->delete($entryData['entryId']))
+						redirect('/admin/entry');
+					else
+						array_push($error, $_locale['entry_not_deleted']);
+				break;
+
+				case 'pin':
+					if ($entry->pin($entryData['entryId']))
+						redirect();
+					else
+						array_push($error, $_locale['entry_not_pinned']);
+				break;
+
+				case 'unpin':
+					if ($entry->unpin($entryData['entryId']))
+						redirect();
+					else
+						array_push($error, $_locale['entry_not_unpinned']);
+				break;
+			}
+	}
+} else
+{
+	$timedQuery = $_sql->query("SELECT entrySlug, entryTitle, entryCreated, entryPublished FROM entries WHERE entryPublished > ".time()."");
+	if ($timedQuery->num_rows)
+	{
+		echo "<h1>{locale:timed_entries}</h1>";
+		echo "<table class='designed timed'><tr><td>{locale:entry_title}</td><td>{locale:created_on}</td><td>{locale:timed_pub_date}</td></tr>";
+		while ($data = $timedQuery->fetch_assoc())
+			echo "<tr><td><a href='".get_entry_link($data['entrySlug'])."'>$data[entryTitle]</a></td><td>".show_date($data['entryCreated'])."</td><td>".show_date($data['entryPublished'])."</td></tr>";
+		echo "</table>";
+	}
+
+	$hiddenQuery = $_sql->query("SELECT entrySlug, entryTitle, entryCreated, entryPublished FROM entries WHERE entryHidden IS NOT NULL");
+	if ($hiddenQuery->num_rows)
+	{
+		echo "<h1>{locale:hidden_entries}</h1>";
+		echo "<table class='designed timed'><tr><td>{locale:entry_title}</td><td>{locale:created_on}</td><td>{locale:timed_pub_date}</td></tr>";
+		while ($data = $hiddenQuery->fetch_assoc())
+			echo "<tr><td><a href='".get_entry_link($data['entrySlug'], null, true)."'>$data[entryTitle]</a></td><td>".show_date($data['entryCreated'])."</td><td>".show_date($data['entryPublished'])."</td></tr>";
+		echo "</table>";
+	}
+}
+?>
+<h1>{locale:entry_editor}</h1>
+<form action="<?=get_current_link()?>" method="post" name="entry-edit">
+
+<?php if (isset($entryData)) : addTitle($entryData['entryTitle']); headerImage($entryData['entryHeader']); ?>
+	<input type="text" name="entryHeader" value="<?=htmlentities($entryData['entryHeader'])?>" placeholder="{locale:entry_header}" maxlength="255" />
+	<input type="text" name="entryTitle" value="<?=htmlentities($entryData['entryTitle'])?>" placeholder="{locale:entry_title}" maxlength="250" />
+	<textarea id="entry-textarea" name="entryContent" rows="30"><?=htmlspecialchars($entryData['entryContent'])?></textarea>
+	<input id="entry-date" type="text" name="entryPublished" value="<?=date(DATE_FORMAT_DEFAULT, $entryData['entryPublished'])?>" placeholder="{locale:entry_pub_date}" maxlength="50" />
+	<label><input type="checkbox" name="entryHidden" value="1" <?=($entryData['entryHidden'] ? 'checked ' : '')?> /> {locale:entry_hide}</label>
+	<input type="text" name="entryPIN" value="<?=htmlentities($entryData['entryPIN'])?>" placeholder="{locale:entry_pin}" maxlength="6" />
+	<input type="hidden" name="entryUpdate" value="<?=$entryData['entryId']?>" />
+<?php else: ?>
+	<input type="text" name="entryHeader" id="entryHeader" placeholder="{locale:entry_header}" maxlength="255" />
+	<input type="text" name="entryTitle" id="entryTitle" placeholder="{locale:entry_title}" maxlength="250" />
+	<textarea id="entry-textarea" name="entryContent" rows="30"></textarea>
+	<input id="entry-date" type="text" name="entryPublished" placeholder="{locale:entry_pub_date}" maxlength="50" />
+	<input type="text" name="entrySlug" id="entrySlug" placeholder="{locale:entry_slug}" maxlength="100" />
+	<label><input type="checkbox" name="entryHidden" value="1" /> {locale:entry_hide}</label>
+	<input type="text" name="entryPIN" placeholder="{locale:entry_pin}" maxlength="6" />
+	<input type="hidden" name="entryAdd" value="true" />
+<?php endif ?>
+
+	<button type="submit">{locale:save}</button>
+
+</form>
+
+<?php
+if (isset($entryData))
+{
+	$tags = $_sql->query("SELECT * FROM tags");
+	if ($tags->num_rows)
+	{
+		echo "<h3>{locale:tags}</h3>";
+		echo "<table class='designed'><tr><td>{locale:tag_name}</td><td>{locale:add}</td></tr>"
+				."<form action='".get_current_link()."' method='post' name='tagentry'>"
+				."<input type='hidden' name='entryId' value='$entryData[entryId]' />"
+				."<input type='hidden' name='entryTag' value='true' />";
+
+		while ($tag = $tags->fetch_assoc())
+			echo "<tr><td>$tag[tagName]</td><td>".($_sql->query("SELECT taggedId FROM tagged WHERE taggedEntry = $entryData[entryId] AND taggedTag = $tag[tagId]")->num_rows ? "<button type='submit' name='tagIdRemove' value='$tag[tagId]'>{locale:remove}</button>":"<button type='submit' name='tagId' value='$tag[tagId]'>{locale:add}</button>")."</td></tr>";
+
+		echo "</form>"
+			."</table>";
+	}
+}
+?>
+
+<script>$("#entry-date").datepicker({ minDate: 0, maxDate: "+48M" });</script>

includes/admin/main.php

@@ -0,0 +1,36 @@
+<?php
+
+addTitle($_locale['admin']);
+
+if (!isset($seo[1])) $seo[1] = '';
+
+switch ($seo[1])
+{
+
+	case 'upload':
+		include 'data/upload.php';
+		exit;
+	break;
+
+	case 'plugins':
+		if ($user['userLevel'] < 3) redirect();
+		addTitle($_locale['plugin_manager']);
+		include 'includes/admin/plugins.php';
+	break;
+
+	case $_set['subEntry']:
+		if ($user['userLevel'] < 2) redirect();
+		addTitle($_locale['entry_editor']);
+		include 'includes/admin/entry.php';
+	break;
+
+	case $_set['subPage']:
+		if ($user['userLevel'] < 3) redirect();
+		addTitle($_locale['page_editor']);
+		include 'includes/admin/page.php';
+	break;
+
+	default:
+		include 'includes/admin/dashboard.php';
+	break;
+}

includes/admin/page.php

@@ -0,0 +1,55 @@
+<?php
+
+if (isset($_POST['pageContent']) && isset($_POST['pageSlug']) && $user['userLevel'] > 3)
+{
+	$page = new page($_POST['pageSlug']);
+	if (isset($_POST['pageAdd']))
+	{
+		if ($page->create($_POST['pageTitle'], $_POST['pageContent']))
+			array_push($info, $_locale['page_added']);
+		else
+			array_push($error, $_locale['page_not_added']);
+	} elseif (isset($_POST['pageUpdate']))
+	{
+		if ($page->update($_POST['pageTitle'], $_POST['pageContent']))
+			array_push($info, $_locale['page_updated']);
+		else
+			array_push($error, $_locale['page_not_updated']);
+	}
+
+}
+
+if (isset($seo[2]))
+	$page = new page($seo[2]);
+else
+{
+	$pagesQuery = $_sql->query("SELECT pageSlug, pageTitle FROM pages");
+	if ($pagesQuery->num_rows)
+	{
+		echo "<h1>{locale:pages}</h1>";
+		echo "<table class='designed pages'><tr><td>{locale:page_title}</td></tr>";
+		while ($data = $pagesQuery->fetch_assoc())
+			echo "<tr><td><a href='/admin/page/$data[pageSlug]'>$data[pageTitle]</a></td></tr>";
+		echo "</table>";
+	}
+}
+?>
+<h1>{locale:page_editor}</h1>
+<form action="<?=get_current_link()?>" method="post" name="entry-edit">
+
+<?php if (isset($page->data)) : addTitle($page->data['pageTitle']); ?>
+	<input type="text" name="pageTitle" value="<?=$page->data['pageTitle']?>" placeholder="{locale:page_title}" maxlength="250" />
+	<textarea name="pageContent"><?=htmlspecialchars($page->data['pageContent'])?></textarea>
+	<input type="hidden" name="pageSlug" value="<?=$page->data['pageSlug']?>" />
+	<input type="hidden" name="pageUpdate" value="true" />
+	<button type="button" onclick="window.location.href='/admin/page'">{locale:cancel}</button>
+<?php else: ?>
+	<input type="text" id="pageTitle" name="pageTitle" value="" placeholder="{locale:page_title}" maxlength="250" />
+	<textarea name="pageContent"></textarea>
+	<input type="text" id="pageSlug" name="pageSlug" value="" placeholder="{locale:page_slug}" />
+	<input type="hidden" name="pageAdd" value="true" />
+<?php endif ?>
+
+<button type="submit">{locale:save}</button>
+
+</form>

includes/admin/plugins.php

@@ -0,0 +1,51 @@
+<?php
+
+if (isset($_POST['pluginId']) && isnum($_POST['pluginId']))
+{
+	if ($_sql->query("UPDATE plugins SET pluginStatus = ".(isset($_POST['pluginEnable']) ? 1 : 0)." WHERE pluginId = $_POST[pluginId]"))
+		redirect(get_current_link());
+	else
+		array_push($error, $_locale['plugin_not_updated']);
+}
+
+echo "<h1>$_locale[plugins]</h1>";
+
+$pluginsQuery = $_sql->query("SELECT * FROM plugins ORDER BY pluginStatus DESC");
+$plugins = array();
+if ($pluginsQuery->num_rows)
+{
+	echo "<table class='designed plugins'>";
+	echo "<tr><td>{locale:plugin_name}</td><td>{locale:description}</td><td>{locale:scope}</td><td>{locale:status}</td></tr>";
+	while ($data = $pluginsQuery->fetch_assoc())
+	{
+		$pinfo = './plugins/'.$data['pluginLib'].'/info.json';
+		if (file_exists($pinfo))
+		{
+			$pinfo = (array)json_decode(file_get_contents($pinfo));
+
+			if ($data['pluginStatus'])
+				$button = "<button name='pluginDisable' class='orange'>{locale:disable}</button>";
+			else $button = "<button name='pluginEnable'>{locale:enable}</button>";
+
+			echo "<tr><td>$pinfo[name]</td><td>$pinfo[description]<td>$pinfo[paths]</td><td><form action='".get_current_link()."' method='post'><input type='hidden' name='pluginId' value='$data[pluginId]'/>$button</form></td></tr>";
+		}
+		array_push($plugins, $data['pluginLib']);
+	}
+	echo "</table>";
+} else
+	echo "<p>$_locale[plugins_empty]</p>";
+
+
+if ($handle = opendir('./plugins')) {
+
+	while (false !== ($entry = readdir($handle)))
+	{
+		if (!in_array($entry, $plugins) && file_exists('./plugins/'.$entry.'/info.json'))
+			if ($_sql->query("INSERT INTO plugins (pluginLib, pluginStatus) VALUES ('$entry', 0)"))
+				array_push($info, $_locale['plugin_added'].$entry);
+			else
+				array_push($error, $_locale['plugin_not_added'].$entry);
+	}
+
+	closedir($handle);
+}

includes/blog.class.php

@@ -0,0 +1,124 @@
+<?php
+
+class blog
+{
+
+	private $entry;
+	private $query;
+
+	public $perpage = 10;
+	public $entries = 0;
+
+	public function __construct($entry = false, $page = 1)
+	{
+		global $_set, $_sql;
+
+		$this->perpage = $_set['entriesPerPage'];
+		if ($entry)
+		{
+			$this->query = $_sql->query("SELECT entries.*, users.userName AS userName, users.userPublicName AS publicName FROM entries INNER JOIN users ON userId = entryBy WHERE entrySlug = '".sqlprot($entry)."' LIMIT 1");
+			if ($this->query->num_rows)
+			{
+				$this->entries = 1;
+			}
+		} else
+		{
+			$this->query = $_sql->query("SELECT entries.*, users.userName AS userName, users.userPublicName AS publicName FROM entries INNER JOIN users ON userId = entryBy WHERE entryHidden IS NULL AND entryPublished <= ".time()." ORDER BY entryPinned DESC, entryPublished DESC, entryId DESC LIMIT ".$this->perpage." OFFSET ".(($page-1) * $this->perpage)."");
+			$this->entries = $this->query->num_rows;
+		}
+	}
+
+	public function entries()
+	{
+		if ($this->entries)
+			return $this->query->fetch_assoc();
+		return false;
+	}
+
+	public function entry()
+	{
+		if ($this->entries == 1)
+			return $this->query->fetch_assoc();
+		return false;
+	}
+
+	public static function update($id, $header, $title, $text, $pub, $hidden = false, $pin = false)
+	{
+		global $_sql;
+
+		$header = sqlprot($header);
+		$title = sqlprot($title);
+		$text = sqlprot($text);
+		$published = strtotime($pub); if (!$published) $published = time();
+
+		if (is_numeric($id) && Check::url($header, true) && Check::title($title) && $_sql->query("UPDATE entries SET entryHeader = '$header', entryTitle = '$title', entryContent = '$text', entryPublished = $published, entryUpdated = ".time().", entryHidden = ".($hidden ? '1' : 'NULL').", entryPIN = ".($pin && is_numeric($pin) ? $pin : 'NULL')." WHERE entryId = $id"))
+			return true;
+		return false;
+	}
+
+	public static function add($header, $title, $slug, $text, $pub, $hidden = false, $pin = false)
+	{
+		global $_sql, $user;
+
+		$header = sqlprot($header);
+		$title = sqlprot($title);
+		$text = sqlprot($text);
+		$slug = sqlprot($slug);
+		$published = strtotime($pub); if (!$published) $published = time();
+		if (Check::url($header, true) && Check::title($title) && Check::slug($slug) && $_sql->query("INSERT INTO entries (entryHeader, entryTitle, entrySlug, entryContent, entryBy, entryCreated, entryPublished, entryHidden, entryPIN) VALUES ('$header', '$title', '$slug', '$text', $user[userId], ".time().", $published, ".($hidden ? '1' : 'NULL').", ".($pin && is_numeric($pin) ? $pin : 'NULL').")"))
+			return true;
+		//die($text);
+		return false;
+	}
+
+	public static function delete($id)
+	{
+		global $_sql;
+
+		if (is_numeric($id) && $_sql->query("DELETE FROM entries WHERE entryId = $id"))
+			return true;
+		return false;
+	}
+
+	public static function pin($id)
+	{
+		global $_sql;
+
+		if (is_numeric($id) && $_sql->query("UPDATE entries SET entryPinned = 1 WHERE entryId = $id"))
+			return true;
+		return false;
+	}
+
+	public static function unpin($id)
+	{
+		global $_sql;
+
+		if (is_numeric($id) && $_sql->query("UPDATE entries SET entryPinned = NULL WHERE entryId = $id"))
+			return true;
+		return false;
+	}
+
+	public static function tag($cid, $id)
+	{
+		if (!is_numeric($cid) || !is_numeric($id)) return false;
+
+		global $_sql;
+
+		if (!$_sql->query("SELECT * FROM tags WHERE tagId = $cid")->num_rows) return false;
+		if ($_sql->query("SELECT * FROM tagged WHERE taggedTag = $cid AND taggedEntry = $id")->num_rows) return false;
+		if ($_sql->query("INSERT INTO tagged (taggedTag, taggedEntry) VALUES ($cid, $id)")) return true;
+
+		return false;
+	}
+
+	public static function tagRemove($cid, $id)
+	{
+		if (!is_numeric($cid) || !is_numeric($id)) return false;
+
+		global $_sql;
+
+		if ($_sql->query("DELETE FROM tagged WHERE taggedTag = $cid AND taggedEntry = $id")) return true;
+
+		return false;
+	}
+}

includes/check.class.php

@@ -0,0 +1,65 @@
+<?php
+
+Class Check
+{
+
+	public static function name($str) {
+	
+		if(preg_match('/^[a-zA-ZÖÜÓŐÚÉÁŰÍöüóőúéáűí\.\d_\- ]{3,20}$/i', $str))
+			return true;
+
+		return false;
+	}
+
+	public static function link($str) {
+	
+		if(!preg_match('/^[a-z0-9\d_\-]{3,20}$/i', $str))
+			return true;
+
+		return false;
+	}
+	
+	public static function email($str) {
+	
+		if(preg_match('/^[^0-9][a-zA-Z0-9_]+([.][a-zA-Z0-9_]+)*[@][a-zA-Z0-9_]+([.][a-zA-Z0-9_]+)*[.][a-zA-Z]{2,4}$/',$str) && strlen($str)<51) 
+			return true;
+
+		return false;
+	}
+
+	public static function password($str) {
+	
+		if(strlen($str)<6 || strlen($str)>20)
+			return true;
+
+		return false;
+	}
+
+	public static function domain($str) {
+	
+		if (filter_var(gethostbyname($str), FILTER_VALIDATE_IP))
+			return true;
+
+		return false;
+	}
+
+	public static function title($title) {
+		if (strlen($title) > 0 && strlen($title) < 250)
+			return true;
+		return false;
+	}
+
+	public static function slug($str) {
+	
+		if(preg_match('/^[a-zA-Z\d_\- ]{1,100}$/i', $str))
+			return true;
+
+		return false;
+	}
+
+	public static function url($url, $lazy = false) {
+		if (($lazy && !$url) || !filter_var($url, FILTER_VALIDATE_URL) === false) return true;
+		return false;
+	}
+
+}

includes/comment.class.php

@@ -0,0 +1,45 @@
+<?php
+
+class comments
+{
+
+	private $id;
+	private $comments;
+	private $replies;
+
+	public function __construct($id)
+	{
+		if (!isnum($id)) return false;
+		$this->id = $id;
+	}
+
+	public function get_comments($check = false)
+	{
+		if (!$this->comments)
+		{
+			global $_sql;
+			$query = $_sql->query("SELECT `comments`.*, users.userName AS bySlug, users.userPublicName AS byName, users.userPic FROM `comments` INNER JOIN users ON commentBy = userId WHERE commentEntry = ".$this->id." AND commentReply = 0 ORDER BY commentTime DESC");
+			if ($check)
+				return $query->num_rows;
+			else
+				$this->comments = $query;
+		}
+		return $this->comments->fetch_assoc();
+	}
+
+	public function get_replies($check = false)
+	{
+		if (!$this->replies)
+		{
+			global $_sql;
+			$query = $_sql->query("SELECT `comments`.*, users.userName AS bySlug, users.userPublicName AS byName, users.userPic FROM `comments` INNER JOIN users ON commentBy = userId WHERE commentReply = ".$this->id." ORDER BY commentTime DESC");
+			if ($check)
+				return $query->num_rows;
+			$this->replies = $query;
+		}
+		return $this->replies->fetch_assoc();
+	}
+
+
+
+}

includes/filtr.class.php

@@ -0,0 +1,173 @@
+<?php
+
+/* ---------
+	Filtr. Class 4 your Entertainment
+	filtr.sandros.hu
+	Sandros Industries
+	2015. June 28.
+
+	Version: 2.2.1.00b	<== If the last 2 numbers are equal, this version is untested!
+
+	Usage:
+
+		- Basic
+
+		$filtr = new filtrLogin( [ CUSTOM API URL / NULL ] );
+
+		$filtr->setAppid( [ APPLICATION IDENTIFIER ] );
+		$filtr->setApptoken( [ APPLICATION TOKEN HASH ] );
+
+		$filtr->setToken( [ USER'S TOKEN GENERATED BY FILTR. APL.REDIRECT ] );
+
+		- Advanced
+		$filtr->DataStorage( [ WAT TO DO (read, write, erase) ], [ KEY (only for writing) ], [ VALUE (only for writing) ]);
+		$filtr->cache = '/tmp/[ YOUR PROJECTS CODENAME ]/filtrd/';
+
+	Comments:
+		The Filtr. API has a geniune and valid SSL certificate, but it slows down the process.
+		Use it only if your connection is not trusted!
+		We're logging EVERY requests, so you will be able to monitor every access and you will be able to limit the APP's access by IP.
+
+		Public UNAME/PASSWD authentication NEVER GONNA HAPPEN!
+
+		The specified cache must end with '/'. Automatic detection just slows down the process and generates unnecessary load.
+
+	That's it! Have fun!
+	Don't forget to go out and become black. This is important! And cool! You'll be less awesome, but eh.
+
+	Just do it! Tomorrow.
+--------- */
+
+
+class filtrLogin
+{
+	/* User authentication */
+	private $token;
+
+	/* Filtr. authentication */
+	private $appid;
+	private $apptoken;
+	private $apiurl = 'http://filtr.sandros.hu/api.php';
+
+	/* This holds the response from Filtr. */
+	private $apiResponse;
+
+	// Cache
+	public $cache;
+	public $cachetimeout = 60;
+
+	/* Hey! :) */
+	public function __construct($apiurl = false, $cache = false) {
+		if ($apiurl)
+			$this->apiurl = $apiurl; // Override the class-default API url with the given one
+	}
+
+	/* Data collectors */
+	public function setToken($token = 0)	{ $this->token = $token; }
+	public function setAppid($user = 0)	{ $this->appid = $user; }
+	public function setApptoken($key = 0)	{ $this->apptoken = $key; }
+
+	/* Data storage */
+	private $datastorage = array();
+	public function DataStorage($todo, $key = false, $value = false) {
+		switch($todo)
+		{
+			case 'read':
+				$this->datastorage = array('data_storage'=>'read');
+			break;
+
+			case 'write':
+				$this->datastorage = array('data_storage'=>'write', 'data_storage_key'=>$key, 'data_storage_value'=>$value);
+			break;
+
+			case 'erase':
+				$this->datastorage = array('data_storage'=>'erase');
+			break;
+		}
+		if ($this->status())
+		{
+			$this->Login();
+			return (isset($this->apiResponse->data_storage) ? true : false);
+		}
+		return true;
+	}
+
+	/* Nasty things */
+	public function Login($timeout = 6) {
+
+		// Caching
+		if ($this->cache && file_exists($this->cache.$this->token) && filemtime($this->cache.$this->token) > time()-$this->cachetimeout)
+		{
+			$this->apiResponse = json_decode(file_get_contents($this->cache.$this->token));
+			return true;
+		}
+
+		// Collect the auth infos
+		// ! This looks pretty bad. In the next release, there will be a JSON encoder.
+		$array = array_merge(array(
+			'appid'		=> $this->appid,
+			'apptoken'	=> $this->apptoken,
+			'token'		=> $this->token,
+		), $this->datastorage);
+
+		// Convert to GET like string
+		$fields = '';
+		foreach($array as $key=>$value)
+			$fields .= $key.'='.$value.'&';
+		$fields = rtrim($fields, '&');
+
+
+		// Connect options and set data
+		$ch = curl_init();
+		curl_setopt($ch, CURLOPT_URL,		$this->apiurl);
+		curl_setopt($ch, CURLOPT_POST,		count($array));
+		curl_setopt($ch, CURLOPT_POSTFIELDS,	$fields);
+		curl_setopt($ch, CURLOPT_TIMEOUT,	$timeout);
+		curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
+
+		// Free up some memory
+		unset($fields);
+		unset($array);
+		$this->datastorage	= false;
+
+		// Do what we need to
+		$rawResponse		= curl_exec($ch);
+		$this->apiResponse	= json_decode($rawResponse);
+
+		// Basic cache
+		if ($this->cache)
+		{
+			$cache = fopen($this->cache.$this->token, 'w');
+			fwrite($cache, $rawResponse);
+			fclose($cache);
+			unset($cache);
+		}
+		unset($rawResponse);
+
+		// Close the connection to the login server
+		curl_close($ch);
+		unset($ch);
+
+		// '1' means the response has came from the remote server
+		// Not relevant for this script, but you can build an advanced cache control for better performance.
+		return 1;
+	}
+
+	// Logged in?
+	public function status() {
+		if (isset($this->apiResponse->status) && $this->apiResponse->status == 'ok')
+			return true;
+		return false;
+	}
+
+	// Return user's data
+	// Array mode is the default, because this could cause serious problems if someone auto-updating this script.
+	public function getData($array = true) {
+		if ($array)
+			return (array)$this->apiResponse;
+		return $this->apiResponse;
+	}
+
+}
+
+?>

includes/js/functions.js

@@ -0,0 +1,10 @@
+function set_comment_reply(cid)
+{
+	$("form[name='new-comment'] input[name='entryReply']").val(cid);
+	$("#new-comment-reply span").html('Reply');
+}
+
+function spoilerToggle(selem)
+{
+	selem.parent().children(".spoiler_c").stop().slideToggle();
+}

includes/locale/hu_HU.lng

@@ -0,0 +1,128 @@
+{
+	"home":	"Kezdőlap",
+	"navigation": "Navigáció",
+	"login": "Belépés",
+	"logout": "Kilépés",
+
+	"new_entry": "Új bejegyzés készítése",
+	"next_page": "Következő oldal",
+	"prev_page": "Előző oldal",
+
+	"profile_edit": "Profil szerkesztése",
+	"s_profile": " profilja",
+	"introduction": "Bemutatkozás",
+	"web": "Honalp",
+	"email": "Email",
+	"name": "Név",
+	"registration": "Regisztráció",
+
+	"username": "Felhasználónév",
+	"password": "Jelszó",
+	"password_again": "Jelszó újra",
+
+	"login_failed": "A bejelentkezés sikertelen.",
+
+	"upload_failed": "A feltöltés sikertelen.",
+	"upload_successful": "Sikeresen feltöltve.",
+
+	"contact": "Elérhetőség",
+	"public_name": "Látható név",
+
+	"edit_wrong_public_name": "Nem megfelelő a látható név.",
+	"edit_wrong_real_name": "Nem megfelelő a valódi név.",
+	"edit_wrong_email": "Nem megfelelő az email cím.",
+	"edit_wrong_web": "Nem megfelelő a honlap.",
+	"edit_wrong_introduction": "Nem megfelelő a bemutatkozás.",
+
+	"categories": "Kategóriák",
+
+	"entries": "Bejegyzések",
+
+	"entry_not_found_title":	"Nahát-nahát...",
+	"entry_not_found":			"Ez a bejegyzés elköltözhetett időközben. A helyén nincs, az biztos.",
+	"no_more_title":	"Ez a hely aztán kong az ürességtől",
+	"no_more":	"Valamikor talán lesz itt valami, de egyelőre még nincs. Hmm...",
+
+	"entry_read_more": "Olvasd tovább >>",
+	"published_on": "Publikálva",
+	"entry_by": "Szerző",
+
+	"entry_editor":	"Bejegyzésszerkesztő",
+	"entry_header":	"Bejegyzéshez tartozó fejléc képének elérési útvonala",
+	"entry_title":	"Bejegyzés címe",
+	"entry_slug":	"A bejegyzés linkje (example.org/post/ez-itt)",
+	"created_on": "Létrehozva",
+	"entry_pub_date":	"Bejegyzés megjelenésének dátuma (csak késleltetés esetén)",
+	"timed_entries": "Időzített bejegyzések",
+	"timed_pub_date": "Megjelenés dátuma",
+	"hidden_entries":	"Rejtett bejegyzések",
+	"entry_hide":	"Bejegyzés elrejtése",
+	"entry_pin":	"Bejegyzés megtekintéségez szükséges PIN",
+
+	"pin_protected_content":	"Ez a tartom kóddal védett. A megtekintéséhez add meg a megfelelő kódot vagy keress más olvasnivalót.",
+	"unlock":	"Feloldás",
+	"hidden_content":	"A jelenleg megtekintett tartalom rejtett. Csak hivatkozással lehet megtalálni.",
+	"show_hidden_content": "Szpooooooojler",
+
+	"entry_added":	"A bejegyzés mentése sikeresen megtörtént.",
+	"entry_not_added":	"A bejegyzés nem lett mentve.",
+	"entry_updated":	"A bejegyzés frissítve lett.",
+	"entry_not_updated":	"A bejegyzés nem lett frissítve.",
+	"entry_not_deleted":	"A bejegyzés nem lett törölve.",
+	"entry_not_pinned":	"A bejegyzés nem lett kitűzve.",
+	"entry_not_unpinned":	"A bejegyzés kitűzése nem lett törölve.",
+	"entry_tag_added":	"A kategória sikeresen hozzárendelve.",
+	"entry_tag_not_added":	"A kategóriát nem sikerült hozzárendelni.",
+
+	"tags":	"Kategóriák",
+	"tag_name":	"Kategória neve",
+	"add":	"Hozzáadás",
+	"remove":	"Eltávolítás",
+
+	"entry_tag_removed":	"Eltávolítva a kategóriából.",
+	"entry_tag_not_removed":	"Nem sikerült eltávolítani a kategóriából.",
+
+	"pages": "Oldalak",
+	"page_editor": "Oldal szerkesztése",
+	"page_title": "Az oldal címe",
+	"page_slug":	"Az oldal linkje (example.org/page/ez-itt)",
+	"page_added":	"Az oldal mentése sikeresen megtörtént.",
+	"page_not_added":	"Az oldal nem lett mentve.",
+	"page_updated":	"Az oldal frissítve lett.",
+	"page_not_updated":	"Az oldal nem lett frissítve.",
+	"page_not_found":	"A keresett oldal nem található.",
+	"page_not_found_text":	"Szerintem a cica megint eldugta valahová. Ki tudja, hátha később előkerül.",
+
+	"pin": "Kitűzés",
+	"unpin": "Kitűzés megszüntetése",
+
+	"browse": "Tallózás",
+	"save":	"Mentés",
+	"edit":	"Szerkesztés",
+	"cancel": "Mégsem",
+	"delete":	"Törlés",
+	"delete_confirm": "Biztosan törölni szeretnéd ezt a bejegyzést?",
+	"description": "Leírás",
+
+
+	"admin":			"Adminisztráció",
+	"dashboard":		"Műszerfal",
+	"plugin_manager":	"Bővítmények",
+
+	"disable": "Letiltás",
+	"enable": "Engedélyezés",
+	"status": "Állapot",
+
+	"plugins":					"Bővítmények",
+	"plugin_name":				"Név",
+	"scope":					"Hatáskör",
+	"plugins_empty":			"Nincsenek elérhető bővítmények.",
+	"plugin_added":				"Bővítmény sikeresen hozzáadva.",
+	"plugin_not_added":			"A bővítmény nem lett hozzáadva.",
+	"plugin_not_updated":		"A beállítást nem lehet elvégezni.",
+
+	"comments": "Hozzászólások",
+	"post_reply": "Válasz",
+	"share_impressions": "Oszd meg a véleményed...",
+	"reply_to": "Válasz neki: "
+}

includes/main/entries.php

@@ -0,0 +1,29 @@
+<?php
+
+addTitle($_locale['entries']);
+
+if (isset($seo[1]) && isnum($seo[1]))
+	$blog = new blog(null, $seo[1]);
+else
+	$blog = new blog();
+
+if (theme_component('entries'))
+	include theme_component('entries');
+else
+{
+	if (LOGGEDIN && $user['userLevel'] > 2) echo "<a href='/admin/entry'><p class='phantom'>{locale:new_entry}</p></a>";
+	if ($blog->entries)
+	{
+		while ($data = $blog->entries())
+			echo "<article>
+					<header>
+						<h2><a href='".get_entry_link($data['entrySlug'])."'>".htmlspecialchars($data['entryTitle'])."</a></h2>
+						<p class='meta'><time class='date' title='{locale:published_on}'>".show_date($data['entryPublished'])."</time><a href='".get_profile_link($data['userName'])."' class='by' title='{locale:entry_by}'>$data[publicName]</a>".get_entry_admin($data)."</p>
+					</header>
+					<div class='content'>".entry_show_init($data['entryContent'], $data['entrySlug'])."</div>
+				</article>\n";
+		echo "<p class='paginator'>".(isset($seo[1]) && isnum($seo[1]) ? "<a href='/p/".($seo[1]+1)."'>{locale:next_page}</a><a href='/p/".($seo[1]-1)."'>{locale:prev_page}</a>" : "<a href='/p/2'>{locale:next_page}</a>")."</p>";
+	} else
+		echo "<h1>{locale:entry_not_found_title}</h1>"
+			."<p>{locale:entry_not_found}</p>\n";
+}

includes/main/entry.php

@@ -0,0 +1,37 @@
+<?php
+
+if (!isset($seo[1])) redirect();
+
+$blog = new blog($seo[1]);
+
+if (theme_component('entry'))
+	include theme_component('entry');
+else
+	if ($blog->entries)
+		while ($data = $blog->entry())
+		{
+			addTitle($data['entryTitle']);
+
+			if ($data['entryHidden']) echo "<p>{locale:hidden_content}</p>";
+
+			if ($data['entryPIN'] && get_pin() != $data['entryPIN'])
+				echo "<p>{locale:pin_protected_content}</p>
+				<form action='".get_entry_link($data['entrySlug'])."' method='post' name='entry-pin-input'>
+					<input type='text' name='read_entry_pin' placeholder='{locale:entry_pin}' />
+					<button type='submit'>{locale:unlock}</button>
+				</form>";
+			else
+			{
+				addDescription(entry_show_init($data['entryContent'], $data['entrySlug']));
+				addImage((preg_match('/< *img[^>]*src *= *["\']?([^"\']*)/i', $data['entryContent'], $images) ? $images[1] : 0));
+				headerImage($data['entryHeader']);
+				echo "<article class='full'>
+						<h2>".htmlspecialchars($data['entryTitle'])."</h2>
+						<div class='content'>".entry_show_all($data['entryContent'])."</div>
+						<p class='meta'><time class='date' title='{locale:published_on}'>".show_date($data['entryPublished'])."</time><a href='".get_profile_link($data['userName'])."' class='by' title='{locale:entry_by}'>$data[publicName]</a>".get_entry_admin($data)."</p>
+					</article>\n";
+			}
+		}
+	else
+		echo "<h1>{locale:entry_not_found_title}</h1>"
+			."<p>{locale:entry_not_found}</p>\n";

includes/main/login.php

@@ -0,0 +1,38 @@
+<?php
+
+if (LOGGEDIN) redirect(get_profile_link());
+
+addTitle($_locale['login']);
+
+if (theme_component('login')) :
+	include theme_component('login');
+else :
+?>
+
+<div style="float: left; width: 48%;">
+	<h1>{locale:login}</h1>
+	<form action="<?=get_current_link()?>" method="post" name="login-form">
+
+		<input type="text" name="login_name" value="" />
+		<input type="password" name="login_pass" value="" />
+
+		<button type="submit">{locale:login}</button>
+
+	</form>
+</div>
+<div style="float: right; width: 48%;">
+	<h1>{locale:registration}</h1>
+	<form action="<?=get_current_link()?>" method="post" name="registration-form">
+
+		<input type="text" name="reg_name" value="" placeholder="{locale:username}" autocomplete="off" />
+		<input type="password" name="reg_pass" value="" placeholder="{locale:password}" autocomplete="off" />
+		<input type="password" name="reg_pass2" value="" placeholder="{locale:password_again}" autocomplete="off" />
+		<input type="text" name="reg_email" value="" placeholder="{locale:email}" autocomplete="off" />
+
+		<button type="submit">{locale:registration}</button>
+
+	</form>
+</div>
+<div class="clear"></div>
+
+<?php endif ?>

includes/main/page.php

@@ -0,0 +1,16 @@
+<?php
+
+if (!isset($seo[1])) redirect();
+
+$page = new page($seo[1]);
+
+if (theme_component('page'))
+	include theme_component('page');
+else
+	if ($page->readable())
+	{
+		addTitle($page->data['pageTitle']);
+
+		echo "<h1>".htmlspecialchars($page->data['pageTitle'])."</h1>";
+		echo entry_show_all($page->data['pageContent']);
+	}

includes/main/profile.php

@@ -0,0 +1,126 @@
+<?php
+
+$profile = new user($seo[1], null, null, true);
+if ($profile) :
+	$userData = $profile->get_data();
+	$me = (LOGGEDIN && $user['userId'] == $userData['userId'] ? true : false);
+endif;
+
+if ($me)
+{
+
+	if (isset($_POST["userEdit"]))
+	{
+		$name	= $_POST['userPublicName'];		if (!Check::name($name))						array_push($error, $_locale['edit_wrong_public_name']);
+		$rname	= $_POST['userRealName'];		if (!Check::name($rname))						array_push($error, $_locale['edit_wrong_real_name']);
+		$email	= $_POST['userEmail'];			if (strlen($email) && !Check::email($email))	array_push($error, $_locale['edit_wrong_email']);
+		$web	= $_POST['userWeb'];			if (!Check::domain($web))						array_push($error, $_locale['edit_wrong_web']);
+		$bio	= htmlspecialchars($_POST['userIntroduction']);	if (strlen($bio) > 200)			array_push($error, $_locale['edit_wrong_introduction']);
+
+		$bio = sqlprot($bio);
+
+		if (empty($error))
+			if ($_sql->query("UPDATE users SET userPublicName = '$name',userRealName = '$rname',userEmail = '$email',userWeb = '$web',userIntroduction = '$bio' WHERE userId = $user[userId]"))
+				redirect(get_profile_link());
+			else
+				array_push($error, $_locale['profile_not_updated']);
+	}
+
+	if (isset($_FILES["userPic"]))
+	{
+		$file = 'data/profile_pics/'.$user['userId'].'.jpg';
+		if (file_exists($file)) unlink($file);
+		if ($_FILES["userPic"]["error"] < 1 && in_array($_FILES["userPic"]["type"], explode(',', $_set['allowedPicTypes'])))
+		{
+			clear_cache();
+
+			$thumb = new Imagick($_FILES["userPic"]["tmp_name"]);
+			//$thumb->resizeImage(500, 500, Imagick::FILTER_POINT, 1, true);
+			$thumb->cropThumbnailImage(500, 500);
+			$thumb->setImageFormat('jpg');
+			$thumb->writeImage($file);
+			$thumb->destroy(); 
+
+			$profile->setPic(true);
+
+			redirect(get_current_link());
+		} else
+		{
+			$profile->setPic(false);
+		}
+	} else
+	{
+		//$profile->setPic(false);
+		//redirect(get_current_link());
+	}
+}
+
+if (isset($seo[2]) && $seo[2] == 'edit')
+{
+	addTitle($_locale['profile_edit']);
+	if (theme_component('profile_edit'))
+		include theme_component('profile_edit');
+	else
+		include 'includes/main/profile_edit.php';
+}
+else
+{
+	addTitle($userData['userPublicName'].$_locale['s_profile']);
+
+if (theme_component('profile')) :
+	include theme_component('profile');
+else :
+	if ($profile) :
+?>
+	<div class="profile pic">
+		<div id="profile_pic" style="background-image: url('<?=get_profile_picture($userData)?>')">
+		<?php if ($me) : ?>
+			<form action="<?=get_current_link()?>" method="post" name="userpic-upload" enctype="multipart/form-data">
+				<input type="file" name="userPic" id="userPicInput" style="display: none" />
+				<button type="button" onclick="$('#userPicInput').focus().click()">{locale:browse}</button><button type="submit" id="userPicSaveBtn" class="orange">{locale:delete}</button>
+			</form>
+			<script>
+				$("#userPicInput").change(function() {
+					$("#userPicSaveBtn").html('{locale:save}').removeClass('orange');
+				});
+			</script>
+		<?php endif ?>
+		</div>
+	</div>
+	<div class="profile details">
+		<h1><?=$userData['userPublicName'].$_locale['s_profile']?></h1>
+		<h3><?=$userData['userName'].($me ? ' <a href="'.get_current_link().'/edit" class="edit">{locale:profile_edit}</a>' : '')?></h3>
+
+		<?php if (LOGGEDIN) : ?>
+		<div class='box contact'>
+			<p><strong>{locale:name}:</strong> <?=$userData['userRealName']?></p>
+			<p><strong>{locale:email}:</strong> <?=$userData['userEmail']?></p>
+			<p><strong>{locale:web}:</strong> <?=$userData['userWeb']?></p>
+		</div>
+		<div class='spacer'></div>
+		<?php endif ?>
+
+		<?php
+		$recent = $_sql->query("SELECT entrySlug, entryTitle FROM entries WHERE entryBy = $userData[userId] AND entryPublished <= ".time()." ORDER BY entryPublished DESC LIMIT 5");
+		if ($recent->num_rows) : ?>
+		<div class='box recent'>
+			<?php
+			while ($data = $recent->fetch_assoc())
+				echo "<p><a href='".get_entry_link($data['entrySlug'])."'>".trimlink($data['entryTitle'], 42)."</a></p>\n";
+			?>
+		</div>
+		<?php endif; unset($recent); ?>
+
+		<?php if ($userData['userIntroduction']) : ?>
+		<div class='box introduction'>
+			<p><?=$userData['userIntroduction']?></p>
+		</div>
+		<?php endif ?>
+
+		<div class="clear"></div>
+	</div>
+	<div class="clear"></div>
+<?php else : ?>
+	<h1>{locale:profile}</h1>
+	<p>{locale:profile_not_found}</p>
+<?php endif; endif; } ?>

includes/main/profile_edit.php

@@ -0,0 +1,17 @@
+<h1>{locale:profile_edit}: <?=$userData['userPublicName']?></h1>
+
+<form action="<?=get_current_link()?>" method="post" name="edit-profile">
+
+<h3>{locale:contact}</h3>
+<input type="text" name="userPublicName" value="<?=$userData['userPublicName']?>" placeholder="{locale:public_name}" maxlength="50" />
+<input type="text" name="userRealName" value="<?=$userData['userRealName']?>" placeholder="{locale:name}" maxlength="50" />
+<input type="text" name="userEmail" value="<?=$userData['userEmail']?>" placeholder="{locale:email}" maxlength="50" />
+<input type="text" name="userWeb" value="<?=$userData['userWeb']?>" placeholder="{locale:web}" maxlength="50" />
+
+
+<h3>{locale:introduction}</h3>
+<textarea name="userIntroduction" maxlength="320"><?=htmlentities($userData['userIntroduction'])?></textarea>
+
+<button type="submit" name="userEdit">{locale:save}</button>
+
+</form>

includes/main/tag.php

@@ -0,0 +1,29 @@
+<?php
+
+if (!isset($seo[1]) || !is_numeric($seo[1])) redirect();
+
+$tagged = $_sql->query("SELECT tagName FROM tags WHERE tagId = $seo[1]");
+$entries = $_sql->query("SELECT entrySlug, entryTitle, entryPublished, entryBy FROM entries INNER JOIN tagged ON taggedEntry = entryId WHERE taggedTag = $seo[1] AND entryHidden IS NULL ORDER BY entryPublished DESC");
+
+if (theme_component('tag'))
+	include theme_component('tag');
+else
+{
+	if ($tagged->num_rows)
+	{
+		$tag = $tagged->fetch_assoc();
+		addTitle($tag['tagName']);
+		echo "<h1>$tag[tagName]</h1>";
+		if ($entries->num_rows)
+		{
+			echo "<ul>";
+			while ($data = $entries->fetch_assoc())
+				echo "<li><a href='".get_entry_link($data['entrySlug'])."'>$data[entryTitle]</a></li>";
+			echo "</ul>";
+		}
+	}
+}
+
+unset($tag);
+unset($tagged);
+unset($entries);

includes/page.class.php

@@ -0,0 +1,92 @@
+<?php
+
+class page
+{
+
+	private $query;
+	public $exists;
+	public $data;
+
+	public $slug;
+
+	public function __construct($slug = false)
+	{
+
+		global $_sql;
+
+		if ($slug)
+		{
+			$slug = sqlprot($slug);
+			$this->slug = $slug;
+			$this->query = $_sql->query("SELECT * FROM pages WHERE pageSlug = '$slug'");
+			$this->exists = ($this->query->num_rows ? true : false);
+
+			if ($this->exists)
+				$this->data = $this->query->fetch_assoc();
+		} else
+		{
+			$this->query = $_sql->query("SELECT * FROM pages".($trash ? ' WHERE pageDeleted = 1' : ''));
+			$this->exists = ($this->query->num_rows ? true : false);
+		}
+
+	}
+
+
+	public function status()
+	{
+		if ($this->exists)
+			return true;
+		return false;
+	}
+
+	public function readable()
+	{
+		if ($this->exists && !$this->data['pageDeleted'])
+			return true;
+		return false;
+	}
+
+	public function get_list()
+	{
+		$pages = array();
+		while ($data = $this->query->fetch_assoc())
+			array_push($pages, $data);
+	}
+
+	public function update($title, $content)
+	{
+		global $_sql;
+
+		$title = sqlprot($title);
+		$content = sqlprot($content);
+
+		if (Check::title($title) && $this->data)
+			if ($_sql->query("UPDATE pages SET pageTitle = '$title', pageContent = '$content' WHERE pageSlug = '".$this->data['pageSlug']."'"))
+				return true;
+		return false;
+	}
+
+	public function create($title, $content)
+	{
+		global $_sql;
+
+		$slug = sqlprot($this->slug);
+		$title = sqlprot($title);
+		$content = sqlprot($content);
+
+		if (Check::title($title) && Check::slug($slug) && !$this->data)
+			if ($_sql->query("INSERT INTO pages (pageSlug, pageTitle, pageContent) VALUES ('$slug', '$title', '$content')"))
+				return true;
+		return false;
+	}
+
+	public function delete()
+	{
+		global $_sql;
+
+		if ($this->data)
+			if ($_sql->query("UPDATE pages SET pageDeleted = 1 WHERE pageSlug = '".$this->data['pageSlug']."'"))
+				return true;
+		return false;
+	}
+}

includes/rss.php

@@ -0,0 +1,28 @@
+<?php
+
+	header("Content-Type: application/xml"); 
+	echo '<?xml version="1.0" encoding="UTF-8" ?>'."\n";
+
+?>
+<rss version="2.0"> 
+	<channel> 
+		<title><?=$_set['title']?></title> 
+		<link><?=$_set['url']?></link> 
+		<description><?=$_set['description']?></description> 
+		<language>hu-hu</language>
+<?php
+	$blog = new blog();
+	while ($data = $blog->entries())
+	{
+		$image = preg_match('/< *img[^>]*src *= *["\']?([^"\']*)/i', $data['entryContent'], $images);
+		echo "		<item>\n"
+							."			<title>".htmlspecialchars($data['entryTitle'])."</title>\n"
+							."			<pubDate>".show_date($data['entryPublished'])."</pubDate>\n"
+							."			<link>".$_set['url'].get_entry_link($data['entrySlug'])."</link>\n"
+							."			<description>".strip_tags(nl2br(explode('[[MORE]]', $data['entryContent'])[0]))."</description>\n"
+				.($image ?	 "			<media:thumbnail url='".$_set['url'].$images[1]."' />\n" : null)
+			."		</item>\n";
+	}
+?>
+	</channel>
+</rss>

includes/sidebar/account.php

@@ -0,0 +1,9 @@
+<?php
+echo "<ul>";
+	echo "<li><a href='".get_profile_link()."'>$user[userName]$_locale[s_profile]</a></li>";
+
+	if ($user['userLevel'] > 1) echo "<li><a href='".get_site_link()."/admin'>$_locale[admin]</a></li>";
+	if ($user['userLevel'] > 2) echo "<li><a href='".get_site_link()."/admin/entry'>$_locale[new_entry]</a></li>";
+
+	echo "<li><a href='?logout'>$_locale[logout]</a></li>";
+echo "</ul>";

includes/sidebar/sidebar.php

@@ -0,0 +1,29 @@
+<?php
+
+if (LOGGEDIN) :
+	echo "<li>";
+	echo "<h2>$user[userName]</h2>";
+	echo "<a href='".get_profile_link()."'><img src='".get_profile_picture()."' alt='' style='width: 120px' /></a>";
+	include 'includes/sidebar/account.php';
+	echo "</li>";
+else :
+?>
+<li>
+	<h2><?=$_locale['login']?></h2>
+	<form action="<?=get_current_link()?>" method="post" name="login-form">
+
+		<input type="text" name="login_name" value="" placeholder="<?=$_locale['username']?>" />
+		<input type="password" name="login_pass" value="" placeholder="<?=$_locale['password']?>" />
+
+		<button type="submit"><?=$_locale['login']?></button>
+
+	</form>
+</li>
+<?php endif;
+
+echo "<li><h2>$_locale[tags]</h2><ul class='tags'>";
+	get_tags();
+echo "</ul></li>";
+
+
+?>

includes/user.class.php

@@ -0,0 +1,68 @@
+<?php
+
+class user
+{
+
+	private $id = 0;
+	private $name;
+	public $data;
+
+	private $udata = array();
+
+	private $counter = 0;
+
+	public function __construct($name = false, $data = false)
+	{
+		if ($this->counter > 2) return false;
+		$this->counter++;
+
+		global $_sql;
+
+		$query = $_sql->query("SELECT * FROM users WHERE userName = '$name'");
+		if ($query->num_rows)
+		{
+			$this->data = $query->fetch_assoc();
+			$this->id = $this->data['userId'];
+			return true;
+		} else
+		{
+			if ($data && $_sql->query("INSERT INTO users (userFiltrId, userName, userPublicName, userEmail, userRegistered, userRealName) VALUES ('$data[id]', '".$_sql->real_escape_string($name)."', '".$_sql->real_escape_string($data['name'])."', '".$_sql->real_escape_string($data['email'])."', '".time()."', '".$_sql->real_escape_string($data['name'])."')"))
+				return $this->__construct($name, $data);
+		}
+		return false;
+	}
+
+
+	public function get_data()
+	{
+		if ($this->data)
+			return $this->data;
+
+		global $_sql;
+		$query = $_sql->query("SELECT * FROM users WHERE ".($this->name ? "userName = '".$this->name."'" : "userId = ".$this->id));
+		if ($query->num_rows)
+			return $query->fetch_assoc();
+		return false;
+	}
+
+
+	public function setPic($status = false)
+	{
+		global $_sql;
+		$this->get_data();
+		if ($_sql->query("UPDATE users SET userPic = ".($status ? 1 : 0)." WHERE userId = ".$this->data['userId']))
+			return true;
+		return false;
+	}
+
+
+	public function setData($field, $value)
+	{
+		global $_sql;
+		$this->get_data();
+		if ($_sql->query("UPDATE users SET `$field` = '".sqlprot($value)."' WHERE userId = ".$this->data['userId']))
+			return true;
+		return false;
+	}
+
+}