starts_with, notice backtraces, better database error reporting and return values

.gitignore

@@ -0,0 +1,2 @@
+config.php
+config.mysql.php

base.php

@@ -13,7 +13,8 @@
 
 require("include.constants.php");
 
-require("cphp/config.php");
+require("include.config.php");
+require("include.debug.php");
 
 require("include.dependencies.php");
 require("include.exceptions.php");
@@ -23,19 +24,271 @@ require("include.misc.php");
 require("include.memcache.php");
 require("include.mysql.php");
 require("include.session.php");
+require("include.csrf.php");
+require("include.forms.php");
+
+require("include.lib.php");
 
 require("class.templater.php");
 require("class.localizer.php");
 
-$locale = new Localizer();
-$locale->Load($cphp_locale_name);
+require("include.locale.php");
 
-setlocale(LC_ALL, $locale->locale);
+if(empty($not_html))
+{
+	header("Content-Type:text/html; charset=UTF-8");
+}
 
 require("class.base.php");
 require("class.databaserecord.php");
 
-foreach($cphp_components as $component)
+foreach($cphp_config->components as $component)
 {
 	require("components/component.{$component}.php");
 }
+
+/* lighttpd (and perhaps some other HTTPds) won't pass on GET parameters
+ * when using the server.error-handler-404 directive that is required to
+ * use the CPHP router. This patch will try to detect such problems, and
+ * manually extract the GET data from the request URI. I admit, it's a
+ * bit of a hack, but there doesn't really seem to be a different way of
+ * solving this issue. */
+
+/* Detect whether the request URI and the $_GET array disagree on the
+ * existence of GET parameters. */
+if(strpos($_SERVER['REQUEST_URI'], "?") !== false && empty($_GET))
+{
+	/* Separate the protocol/host/path component from the query string. */
+	list($uri, $query) = explode("?", $_SERVER['REQUEST_URI'], 2);
+	
+	/* Store the entire query string in the relevant $_SERVER variable -
+	 * lighttpds strange behaviour breaks this variable as well. */
+	$_SERVER['QUERY_STRING'] = $query;
+	
+	/* Finally, run the query string through PHPs own internal GET data
+	 * parser, and have it store the result in the $_GET variable. This
+	 * should yield an identical result to a well-functioning HTTPd. */
+	parse_str($query, $_GET);
+}
+
+if(get_magic_quotes_gpc())
+{
+	/* By default, get rid of all quoted variables. Magic quotes are evil. */
+	foreach($_POST as &$var)
+	{
+		$var = stripslashes($var);
+	}
+	
+	foreach($_GET as &$var)
+	{
+		$var = stripslashes($var);
+	}
+}
+
+if(!empty($cphp_config->autoloader))
+{
+	function cphp_autoload_class($class_name) 
+	{
+		global $_APP;
+		
+		$class_name = str_replace("\\", "/", strtolower($class_name));
+		
+		if(file_exists("classes/{$class_name}.php"))
+		{
+			require_once("classes/{$class_name}.php");
+		}
+	}
+
+	spl_autoload_register('cphp_autoload_class');
+}
+
+/* https://stackoverflow.com/a/1159235/1332715 */
+set_error_handler(function($errno, $errstr, $errfile, $errline, $errcontext) {
+	if(!(error_reporting() & $errno))
+		return;
+	switch($errno) {
+	case E_WARNING      :
+	case E_USER_WARNING :
+	case E_STRICT       :
+	case E_NOTICE       :
+	case E_USER_NOTICE  :
+		$type = 'warning';
+		$fatal = false;
+		break;
+	default             :
+		$type = 'fatal error';
+		$fatal = true;
+		break;
+	}
+	$trace = array_reverse(debug_backtrace());
+	array_pop($trace);
+	if(php_sapi_name() == 'cli') {
+		echo 'Backtrace from ' . $type . ' \'' . $errstr . '\' at ' . $errfile . ' ' . $errline . ':' . "\n";
+		foreach($trace as $item)
+			echo '  ' . (isset($item['file']) ? $item['file'] : '<unknown file>') . ' ' . (isset($item['line']) ? $item['line'] : '<unknown line>') . ' calling ' . $item['function'] . '()' . "\n";
+	} else {
+		echo '<p class="error_backtrace">' . "\n";
+		echo '  Backtrace from ' . $type . ' \'' . $errstr . '\' at ' . $errfile . ' ' . $errline . ':' . "\n";
+		echo '  <ol>' . "\n";
+		foreach($trace as $item)
+			echo '    <li>' . (isset($item['file']) ? $item['file'] : '<unknown file>') . ' ' . (isset($item['line']) ? $item['line'] : '<unknown line>') . ' calling ' . $item['function'] . '()</li>' . "\n";
+		echo '  </ol>' . "\n";
+		echo '</p>' . "\n";
+	}
+	if(ini_get('log_errors')) {
+		$items = array();
+		foreach($trace as $item)
+			$items[] = (isset($item['file']) ? $item['file'] : '<unknown file>') . ' ' . (isset($item['line']) ? $item['line'] : '<unknown line>') . ' calling ' . $item['function'] . '()';
+		$message = 'Backtrace from ' . $type . ' \'' . $errstr . '\' at ' . $errfile . ' ' . $errline . ': ' . join(' | ', $items);
+		error_log($message);
+	}
+	if($fatal)
+		exit(1);
+});
+
+
+set_exception_handler(function($e){
+	/* Intentionally not using the templater here; any inner exceptions
+	 * cause serious debugging issues. Avoiding potential issues by just
+	 * hardcoding the response here, with no code that could raise an
+	* exception. */
+	$exception_class = get_class($e);
+	$exception_message = $e->getMessage();
+	$exception_file = $e->getFile();
+	$exception_line = $e->getLine();
+	$exception_trace = $e->getTraceAsString();
+	
+	error_log("Uncaught {$exception_class} in {$exception_file}:{$exception_line} ({$exception_message}). Traceback: {$exception_trace}");
+	
+	switch(strtolower(ini_get('display_errors')))
+	{
+		case "1":
+		case "on":
+		case "true":
+			$inner_exceptions = array();
+			$inner_e = $e;
+			
+			while(true)
+			{
+				$inner_e = $inner_e->getPrevious();
+				
+				if($inner_e === null)
+				{
+					break;
+				}
+				else
+				{
+					$inner_exceptions[] = array($inner_e->getMessage(), $inner_e->getTraceAsString());
+				}
+			}
+			
+			if(empty($inner_exceptions))
+			{
+				$inner_traces = "";
+			}
+			else
+			{
+				$inner_traces = "<h2>One or more previous exceptions were also recorded.</h2>";
+			}
+			
+			foreach($inner_exceptions as $inner_e)
+			{
+				$inner_traces .= "
+					<p>
+						<span class='message'>{$inner_e[0]}</span>
+					</p>
+					<pre>{$inner_e[1]}</pre>
+				";
+			}
+			
+			$error_body = "
+				<p>
+					An uncaught <span class='detail'>{$exception_class}</span> was thrown, in <span class='detail'>{$exception_file}</span> on line <span class='detail'>{$exception_line}</span>.
+				</p>
+				<p>
+					<span class='message'>{$exception_message}</span>
+				</p>
+				<pre>{$exception_trace}</pre>
+				{$inner_traces}
+				<p><strong>Important:</strong> These errors should never be displayed on a production server! Make sure that <em>display_errors</em> is turned off in your PHP configuration, if you want to hide these tracebacks.</p>
+			";
+			break;
+		default:
+			$error_body = "
+				<p>
+					Something went wrong while creating this page, but we're not yet quite sure what it was.
+				</p>
+				<p>
+					If the issue persists, please contact the administrator for this application or website.
+				</p>
+			";
+			break;
+	}
+	
+	http_status_code(500);
+	
+	echo("
+		<!doctype html>
+		<html>
+			<head>
+				<title>An unexpected error occurred.</title>
+				<style>
+					body
+					{
+						margin: 24px auto;
+						padding: 24px 16px;
+						font-family: sans-serif;
+						font-size: 18px;
+						width: 960px;
+						color: #676767;
+					}
+					
+					h1
+					{
+						border-bottom: 2px solid black;
+						color: #444444;
+						font-size: 26px;
+						padding-bottom: 6px;
+					}
+					
+					h2
+					{
+						color: #575757;
+						border-bottom: 2px solid #444444;
+						padding-top: 22px;
+						padding-bottom: 6px;
+						font-size: 21px;
+					}
+					
+					pre
+					{
+						overflow: auto;
+						font-size: 13px;
+						color: black;
+						padding: 10px;
+						border: 1px solid gray;
+						border-radius: 6px;
+						background-color: #F8F8F8;
+					}
+					
+					.message
+					{
+						font-weight: bold;
+						color: #5B0000;
+					}
+					
+					.detail
+					{
+						color: black;
+					}
+				</style>
+			</head>
+			<body>
+				<h1>An unexpected error occurred.</h1>
+				{$error_body}
+			</body>
+		</html>
+	");
+	
+	die();
+});

class.base.php

@@ -19,6 +19,8 @@ class CPHPBaseClass
 	
 	public function RenderTimeAgo($template, $property)
 	{
+		/* DEPRECATED: Please do not use this function if you can avoid it. 
+		 * The time_ago function can now be used to accomplish the same. */
 		global $locale;
 		
 		$variable_name = "s{$property}";
@@ -130,11 +132,18 @@ class CPHPBaseClass
 	
 	public function RenderTemplateExternal($template, $strings)
 	{
+		/* DEPRECATED: Please do not use this function.
+		 * Instead, you can use Templater::AdvancedParse for rendering arbitrary templates
+		 * without instantiating a Templater yourself. */
 		return $this->DoRenderTemplate($template, $strings);
 	}
 	
 	public function DoRenderTemplate($template, $strings)
 	{
+		/* DEPRECATED: Please do not use this function.
+		 * Class-specific templater functions have been discontinued. Instead, you can use
+		 * Templater::AdvancedParse for rendering templates without instantiating a Templater
+		 * yourself. */
 		global $locale;
 		
 		try

class.databaserecord.php

@@ -19,54 +19,95 @@ abstract class CPHPDatabaseRecordClass extends CPHPBaseClass
 	public $verify_query = "";
 	public $table_name = "";
 	public $query_cache = 60;
+	public $id_field = "Id";
+	public $autoloading = true;
 	
 	public $prototype = array();
 	public $prototype_render = array();	
+	public $prototype_export = array();
 	public $uData = array();
 	
+	public $sIsNewObject = true;
+	
 	public $sId = 0;
 	
-	public function __construct($uDataSource, $uCommunityId = 0)
+	public function __construct($uDataSource = 0, $defaultable = null)
 	{
-		$this->ConstructDataset($uDataSource, $uCommunityId);
+		global $cphp_config;
+		
+		if(!isset($cphp_config->class_map))
+		{
+			die("No class map was specified. Refer to the CPHP manual for instructions.");
+		}
+		
+		$this->ConstructDataset($uDataSource);
 		$this->EventConstructed();
 	}
 	
-	public function ConstructDataset($uDataSource, $uCommunityId = 0)
+	public function __get($name)
 	{
-		$bind_datasets = true;
+		/* TODO: Don't overwrite current value in uVariable when sVariable is requested and uVariable is already set. */
 		
-		if(is_numeric($uDataSource))
+		if($name[0] == "s" || $name[0] == "u")
 		{
-			if($uDataSource != 0)
+			$actual_name = substr($name, 1);
+			
+			$found = false;
+			
+			foreach($this->prototype as $type => $dataset)
 			{
-				if(!empty($this->fill_query))
-				{
-					$this->sId = (is_numeric($uDataSource)) ? $uDataSource : 0;
-					
-					$query = sprintf($this->fill_query, $uDataSource);
-					if($result = mysql_query_cached($query, $this->query_cache))
-					{
-						$uDataSource = $result->data[0];
-					}
-					else
-					{
-						$classname = get_class($this);
-						throw new NotFoundException("Could not locate {$classname} {$uDataSource} in database.");
-					}
-				}
-				else
+				if(isset($dataset[$actual_name]))
 				{
-					$classname = get_class($this);
-					throw new PrototypeException("No fill query defined for {$classname} class.");
+					$found = true;
+					$found_type = $type;
+					$found_field = $dataset[$actual_name];
 				}
 			}
-			else
+			
+			if($found === false)
 			{
-				$bind_datasets = false;
+				$classname = get_class($this);
+				throw new PrototypeException("The {$actual_name} variable was not found in the prototype of the {$classname} class.");
 			}
+			
+			$this->SetField($found_type, $actual_name, $found_field);
+			
+			return $this->$name;
+		}
+	}
+	
+	public function RefreshData()
+	{
+		$this->PurgeCache();
+		$this->ConstructDataset($this->sId, 0);
+		
+		if($this->autoloading === true)
+		{
+			$this->PurgeVariables();
 		}
-		elseif(is_object($uDataSource))
+	}
+	
+	public function PurgeVariables()
+	{
+		foreach($this->prototype as $type => $dataset)
+		{
+			foreach($dataset as $key => $field)
+			{
+				$variable_name_safe = "s" . $key;
+				$variable_name_unsafe = "u" . $key;
+				unset($this->$variable_name_safe);
+				unset($this->$variable_name_unsafe);
+			}
+		}
+	}
+	
+	public function ConstructDataset($uDataSource, $expiry = -1)
+	{
+		global $database;
+		
+		$bind_datasets = true;
+		
+		if(is_object($uDataSource))
 		{
 			if(isset($uDataSource->data[0]))
 			{
@@ -84,6 +125,39 @@ abstract class CPHPDatabaseRecordClass extends CPHPBaseClass
 				$uDataSource = $uDataSource[0];
 			}
 		}
+		elseif(is_string($uDataSource) || is_numeric($uDataSource))
+		{
+			if($uDataSource !== 0)
+			{
+				if(!empty($this->fill_query))
+				{
+					/* TODO: Figure out a way to store the ID internally without post-processing... */
+					$this->sId = htmlspecialchars($uDataSource);
+					$expiry = ($expiry == -1) ? $this->query_cache : $expiry;
+					
+					/* Use PDO to fetch the object from the database. */
+					if($result = $database->CachedQuery($this->fill_query, array(":Id" => (string) $uDataSource), $expiry))
+					{
+						$uDataSource = $result->data[0];
+					}
+					else
+					{
+						$classname = get_class($this);
+						throw new NotFoundException("Could not locate {$classname} {$uDataSource} in database.", 0, null, "");
+					}
+				}
+				else
+				{
+					$classname = get_class($this);
+					throw new PrototypeException("No fill query defined for {$classname} class.");
+				}
+			}
+			else
+			{
+				$bind_datasets = false;
+				$this->FillDefaults();
+			}
+		}
 		else
 		{
 			$classname = get_class($this);
@@ -92,13 +166,17 @@ abstract class CPHPDatabaseRecordClass extends CPHPBaseClass
 		
 		if($bind_datasets === true)
 		{
-			$this->sId = (is_numeric($uDataSource['Id'])) ? $uDataSource['Id'] : 0;
+			$this->sId = htmlspecialchars($uDataSource[$this->id_field]);
+			$this->sIsNewObject = false;
 			
 			$this->uData = $uDataSource;
 			
-			foreach($this->prototype as $type => $dataset)
+			if($this->autoloading === false)
 			{
-				$this->BindDataset($type, $dataset);
+				foreach($this->prototype as $type => $dataset)
+				{
+					$this->BindDataset($type, $dataset, $defaultable);
+				}
 			}
 			
 			$this->sFound = true;
@@ -107,106 +185,167 @@ abstract class CPHPDatabaseRecordClass extends CPHPBaseClass
 		{
 			$this->sFound = false;
 		}
+	}
+	
+	public function BindDataset($type, $dataset, $defaultable)
+	{
+		global $cphp_config;
 		
-		if(!empty($uCommunityId) && !empty($this->sCommunityId))
+		if(is_array($dataset))
 		{
-			$sCommunityId = (is_numeric($uCommunityId)) ? $uCommunityId : 0;
-			
-			if($sCommunityId != $this->sCommunity->sId)
+			foreach($dataset as $variable_name => $column_name) 
 			{
-				$classname = get_class($this);
-				throw new OwnershipException("{$classname} {$this->sId} does not belong to Community {$sCommunityId}.");
+				$this->SetField($type, $variable_name, $column_name);
 			}
 		}
+		else
+		{
+			$classname = get_class($this);
+			throw new Exception("Invalid dataset passed on to {$classname}.BindDataset."); 
+		}
 	}
 	
-	public function BindDataset($type, $dataset)
+	public function SetField($type, $variable_name, $column_name)
 	{
-		global $cphp_class_map;
+		global $cphp_config;
 		
-		if(is_array($dataset))
+		if(!isset($this->uData[$column_name]))
 		{
-			foreach($dataset as $variable_name => $column_name) 
+			throw new Exception("The column name {$column_name} was not found in the resultset - ensure the prototype corresponds to the table schema.");
+		}
+		
+		$original_value = $this->uData[$column_name];
+		
+		if($original_value === "" && ($type == "timestamp" || $type == "numeric" || $type == "boolean"))
+		{
+			$variable_name_safe = "s" . $variable_name;
+			$this->$variable_name_safe = null;
+			
+			$variable_name_unsafe = "u" . $variable_name;
+			$this->$variable_name_unsafe = null;
+		}
+		else
+		{
+			switch($type)
 			{
-				$original_value = $this->uData[$column_name];
-				
-				switch($type)
-				{
-					case "string":
-						$value = htmlspecialchars(stripslashes($original_value));
-						$variable_type = CPHP_VARIABLE_SAFE;
-						break;
-					case "html":
-						$value = filter_html(stripslashes($original_value));
-						$variable_type = CPHP_VARIABLE_SAFE;
-						break;
-					case "simplehtml":
-						$value = filter_html_strict(stripslashes($original_value));
-						$variable_type = CPHP_VARIABLE_SAFE;
-						break;
-					case "nl2br":
-						$value = nl2br(htmlspecialchars(stripslashes($original_value)), false);
-						$variable_type = CPHP_VARIABLE_SAFE;
-						break;
-					case "numeric":
-						$value = (is_numeric($original_value)) ? $original_value : 0;
-						$variable_type = CPHP_VARIABLE_SAFE;
-						break;
-					case "timestamp":
-						$value = unix_from_mysql($original_value);
-						$variable_type = CPHP_VARIABLE_SAFE;
-						break;
-					case "boolean":
-						$value = (empty($original_value)) ? false : true;
-						$variable_type = CPHP_VARIABLE_SAFE;
-						break;
-					case "user":
-						$value = new User($original_value);
-						$variable_type = CPHP_VARIABLE_SAFE;
-						break;
-					case "none":
-						$value = $original_value;
-						$variable_type = CPHP_VARIABLE_UNSAFE;
-						break;
-					default:
-						$found = false;
-						foreach($cphp_class_map as $class_type => $class_name)
+				case "string":
+					$value = htmlspecialchars(stripslashes($original_value));
+					$variable_type = CPHP_VARIABLE_SAFE;
+					break;
+				case "html":
+					$value = filter_html(stripslashes($original_value));
+					$variable_type = CPHP_VARIABLE_SAFE;
+					break;
+				case "simplehtml":
+					$value = filter_html_strict(stripslashes($original_value));
+					$variable_type = CPHP_VARIABLE_SAFE;
+					break;
+				case "nl2br":
+					$value = nl2br(htmlspecialchars(stripslashes($original_value)), false);
+					$variable_type = CPHP_VARIABLE_SAFE;
+					break;
+				case "numeric":
+					$value = (is_numeric($original_value)) ? $original_value : 0;
+					$variable_type = CPHP_VARIABLE_SAFE;
+					break;
+				case "timestamp":
+					$value = unix_from_mysql($original_value);
+					$variable_type = CPHP_VARIABLE_SAFE;
+					break;
+				case "boolean":
+					$value = (empty($original_value)) ? false : true;
+					$variable_type = CPHP_VARIABLE_SAFE;
+					break;
+				case "none":
+					$value = $original_value;
+					$variable_type = CPHP_VARIABLE_UNSAFE;
+					break;
+				default:
+					$found = false;
+					foreach(get_object_vars($cphp_config->class_map) as $class_type => $class_name)
+					{
+						if($type == $class_type)
 						{
-							if($type == $class_type)
+							try
 							{
 								$value = new $class_name($original_value);
-								$variable_type = CPHP_VARIABLE_SAFE;
-								$found = true;
 							}
+							catch (NotFoundException $e)
+							{
+								$e->field = $variable_name;
+								throw $e;
+							}
+							$variable_type = CPHP_VARIABLE_SAFE;
+							$found = true;
 						}
-						
-						if($found == false)
-						{
-							$classname = get_class($this);
-							throw new Exception("Cannot determine type of dataset ({$type}) passed on to {$classname}.BindDataset."); 
-							break;
-						}
-				}
-				
-				if($variable_type == CPHP_VARIABLE_SAFE)
-				{
-					$variable_name_safe = "s" . $variable_name;
-					$this->$variable_name_safe = $value;
-				}
-				
-				$variable_name_unsafe = "u" . $variable_name;
-				$this->$variable_name_unsafe = $original_value;
+					}
+					
+					if($found == false)
+					{
+						$classname = get_class($this);
+						throw new Exception("Cannot determine type of dataset ({$type}) passed on to {$classname}.BindDataset."); 
+						break;
+					}
 			}
+			
+			if($variable_type == CPHP_VARIABLE_SAFE)
+			{
+				$variable_name_safe = "s" . $variable_name;
+				$this->$variable_name_safe = $value;
+			}
+			
+			$variable_name_unsafe = "u" . $variable_name;
+			$this->$variable_name_unsafe = $original_value;
 		}
-		else
+	}
+	
+	public function FillDefaults()
+	{
+		foreach($this->prototype as $type => $dataset)
 		{
-			$classname = get_class($this);
-			throw new Exception("Invalid dataset passed on to {$classname}.BindDataset."); 
+			switch($type)
+			{
+				case "string":
+				case "simplehtml":
+				case "html":
+				case "nl2br":
+				case "none":
+					$safe_default_value = "";
+					$unsafe_default_value = "";
+					break;
+				case "numeric":
+					$safe_default_value = 0;
+					$unsafe_default_value = "0";
+					break;
+				case "boolean":
+					$safe_default_value = false;
+					$unsafe_default_value = "0";
+					break;
+				case "timestamp":
+					$safe_default_value = null;
+					$unsafe_default_value = null;
+					break;
+				default:
+					continue 2;
+			}
+			
+			foreach($dataset as $property)
+			{
+				$safe_variable_name = "s" . $property;
+				$this->$safe_variable_name = $safe_default_value;
+				
+				$unsafe_variable_name = "u" . $property;
+				$this->$unsafe_variable_name = $unsafe_default_value;
+			}
 		}
 	}
 	
 	public function DoRenderInternalTemplate()
 	{
+		/* DEPRECATED: Please do not use this function.
+		 * Class-specific templater functions have been discontinued. Instead, you can use
+		 * Templater::AdvancedParse for rendering templates without instantiating a Templater
+		 * yourself. */
 		if(!empty($this->render_template))
 		{
 			$strings = array();
@@ -224,18 +363,25 @@ abstract class CPHPDatabaseRecordClass extends CPHPBaseClass
 		}
 	}
 	
-	public function InsertIntoDatabase()
+	public function InsertIntoDatabase($force_data = false)
 	{
+		global $cphp_config, $database;
+		
 		if(!empty($this->verify_query))
 		{
-			if($this->sId == 0)
+			if(strpos($this->verify_query, ":Id") === false)
+			{
+				throw new DeprecatedException("Support for mysql_* has been removed from CPHP. Please update your queries to be in CachedPDO-style.");
+			}
+			
+			if($this->sIsNewObject === true)
 			{
 				$insert_mode = CPHP_INSERTMODE_INSERT;
 			}
 			else
 			{
-				$query = sprintf($this->verify_query, $this->sId);
-				if($result = mysql_query_cached($query))
+				/* FIXME: This can probably be optimized... */
+				if($result = $database->CachedQuery($this->verify_query, array(":Id" => $this->sId), 0))
 				{
 					$insert_mode = CPHP_INSERTMODE_UPDATE;
 				}
@@ -245,6 +391,29 @@ abstract class CPHPDatabaseRecordClass extends CPHPBaseClass
 				}
 			}
 			
+			if($force_data === true)
+			{
+				foreach($this->prototype as $type_key => $type_value)
+				{
+					foreach($type_value as $element_key => $element_value)
+					{
+						$variable_name_unsafe = "u" . $element_key;
+						
+						if(!isset($this->$variable_name_unsafe))
+						{
+							foreach($this->prototype as $type => $dataset)
+							{
+								if(isset($dataset[$element_key]))
+								{
+									$column_name = $dataset[$element_key];
+									$this->$variable_name_unsafe = $this->uData[$column_name];
+								}
+							}
+						}
+					}
+				}
+			}
+			
 			$element_list = array();
 			
 			foreach($this->prototype as $type_key => $type_value)
@@ -258,6 +427,9 @@ abstract class CPHPDatabaseRecordClass extends CPHPBaseClass
 						case "boolean":
 						case "timestamp":
 						case "string":
+						case "simplehtml":
+						case "html":
+						case "nl2br":
 							$element_list[$element_value] = array(
 								'key'	=> $element_key,
 								'type'	=> $type_key
@@ -270,7 +442,8 @@ abstract class CPHPDatabaseRecordClass extends CPHPBaseClass
 			}
 			
 			$sKeyList = array();
-			$sValueList = array();
+			$sKeyIdentifierList = array();
+			$uValueList = array();
 			
 			foreach($element_list as $sKey => $value)
 			{				
@@ -282,77 +455,121 @@ abstract class CPHPDatabaseRecordClass extends CPHPBaseClass
 					switch($value['type'])
 					{
 						case "none":
-							$sFinalValue = mysql_real_escape_string($this->$variable_name_unsafe);
+							$uFinalValue = $this->$variable_name_unsafe;
 							break;
 						case "numeric":
 							$number = (isset($this->$variable_name_unsafe)) ? $this->$variable_name_unsafe : $this->$variable_name_safe;
-							$sFinalValue = (is_numeric($number)) ? $number : 0;
+							$uFinalValue = (is_numeric($number)) ? $number : 0;
 							break;
 						case "boolean":
 							$bool = (isset($this->$variable_name_unsafe)) ? $this->$variable_name_unsafe : $this->$variable_name_safe;
-							$sFinalValue = ($bool) ? "1" : "0";
+							$uFinalValue = ($bool) ? "1" : "0";
 							break;
 						case "timestamp":
-							$sFinalValue = (isset($this->$variable_name_safe)) ? mysql_from_unix($this->$variable_name_safe) : mysql_from_unix(unix_from_local($this->$variable_name_unsafe));
+							if(is_numeric($this->$variable_name_unsafe))
+							{
+								$uFinalValue = mysql_from_unix($this->$variable_name_unsafe);
+							}
+							else
+							{
+								if(isset($this->$variable_name_safe))
+								{
+									$uFinalValue = mysql_from_unix($this->$variable_name_safe);
+								}
+								else
+								{
+									$uFinalValue = mysql_from_unix(unix_from_local($this->$variable_name_unsafe));
+								}
+							}
 							break;
 						case "string":
-							$sFinalValue = (isset($this->$variable_name_unsafe)) ? mysql_real_escape_string($this->$variable_name_unsafe) : mysql_real_escape_string($this->$variable_name_safe);
+						case "simplehtml":
+						case "html":
+						case "nl2br":
+							$uFinalValue = (isset($this->$variable_name_unsafe)) ? $this->$variable_name_unsafe : $this->$variable_name_safe;
 							break;
 						case "default":
-							$sFinalValue = mysql_real_escape_string($this->$variable_name_unsafe);
+							$uFinalValue = $this->$variable_name_unsafe;
 							break;
 					}
 					
-					$sFinalValue = "'{$sFinalValue}'";
-					$sKey = "`{$sKey}`";
+					$sIdentifier = ":{$sKey}";
 					
-					$sKeyList[] = $sKey;
-					$sValueList[] = $sFinalValue;
+					$sKeyList[] = "`{$sKey}`";
+					$sKeyIdentifierList[] = $sIdentifier;
+					$uValueList[$sIdentifier] = $uFinalValue;
 				}
 				else
 				{
-					$classname = get_class($this);
-					throw new Exception("Database insertion failed: prototype property {$value['key']} not found in object of type {$classname}.");
+					if($this->autoloading === false)
+					{
+						$classname = get_class($this);
+						throw new Exception("Database insertion failed: prototype property {$value['key']} not found in object of type {$classname}.");
+					}
 				}
 			}
 			
 			
 			if($insert_mode == CPHP_INSERTMODE_INSERT)
 			{
+				if(!empty($this->uId))
+				{
+					$sIdentifier = ":{$this->id_field}";
+					$sKeyList[] = "`{$this->id_field}`";
+					$sKeyIdentifierList[] = $sIdentifier;
+					$uValueList[$sIdentifier] = $this->uId;
+				}
+				
 				$sQueryKeys = implode(", ", $sKeyList);
-				$sQueryValues = implode(", ", $sValueList);
-				$query = "INSERT INTO {$this->table_name} ({$sQueryKeys}) VALUES ({$sQueryValues})";
+				$sQueryKeyIdentifiers = implode(", ", $sKeyIdentifierList);
+				$query = "INSERT INTO {$this->table_name} ({$sQueryKeys}) VALUES ({$sQueryKeyIdentifiers})";
 			}
 			elseif($insert_mode == CPHP_INSERTMODE_UPDATE)
 			{
-				$sKeyValueList = array();
+				$sKeysIdentifiersList = array();
 				
 				for($i = 0; $i < count($sKeyList); $i++)
 				{
 					$sKey = $sKeyList[$i];
-					$sValue = $sValueList[$i];
-					$sKeyValueList[] = "{$sKey} = {$sValue}";
+					$sValue = $sKeyIdentifierList[$i];
+					$sKeysIdentifiersList[] = "{$sKey} = {$sValue}";
 				}
 				
-				$sQueryKeysValues = implode(", ", $sKeyValueList);
-				$query = "UPDATE {$this->table_name} SET {$sQueryKeysValues} WHERE `Id` = '{$this->sId}'";
+				$sQueryKeysIdentifiers = implode(", ", $sKeysIdentifiersList);
+				/* We use :CPHPID here because it's unlikely to be used in the application itself. */
+				$query = "UPDATE {$this->table_name} SET {$sQueryKeysIdentifiers} WHERE `{$this->id_field}` = :CPHPID";
+				$uValueList[':CPHPID'] = $this->sId;
 			}
 			
-			if($result = mysql_query($query))
+			try
 			{
+				$result = $database->CachedQuery($query, $uValueList, 0);
+				
 				if($insert_mode == CPHP_INSERTMODE_INSERT)
 				{
-					$this->sId = mysql_insert_id();
+					$this->sId = $database->lastInsertId();
+					$this->sIsNewObject = false;
 				}
 				
-				$this->PurgeCache();
+				$this->RefreshData();
 				
 				return $result;
 			}
-			else
+			catch (DatabaseException $e)
 			{
 				$classname = get_class($this);
-				throw new DatabaseException("Database insertion query failed in object of type {$classname}. Error message: " . mysql_error());
+				$error = $database->errorInfo();
+				
+				if(empty($error[2]))
+				{
+					$errmsg = $e->getMessage();
+				}
+				else
+				{
+					$errmsg = $error[2];
+				}
+				
+				throw new DatabaseException("Database insertion query failed in object of type {$classname}. Error message: " . $errmsg);
 			}
 		}
 		else
@@ -364,13 +581,15 @@ abstract class CPHPDatabaseRecordClass extends CPHPBaseClass
 	
 	public function RetrieveChildren($type, $field)
 	{
-		if(!isset($cphp_class_map[$type]))
+		/* Probably won't ever be fully implemented, now that there is CreateFromQuery. */
+		
+		if(!isset($cphp_config->class_map->$type))
 		{
 			$classname = get_class($this);
 			throw new NotFoundException("Non-existent 'type' argument passed on to {$classname}.RetrieveChildren function.");
 		}
 		
-		$parent_type = get_parent_class($cphp_class_map[$type]);
+		$parent_type = get_parent_class($cphp_config->class_map->$type);
 		if($parent_type !== "CPHPDatabaseRecordClass")
 		{
 			$parent_type = ($parent_type === false) ? "NONE" : $parent_type;
@@ -383,9 +602,13 @@ abstract class CPHPDatabaseRecordClass extends CPHPBaseClass
 	
 	public function PurgeCache()
 	{
-		$query = sprintf($this->fill_query, $this->sId);
-		$key = md5($query) . md5($query . "x");
-		mc_delete($key);
+		$parameters = array(":Id" => (string) $this->sId);
+		
+		$query_hash = md5($this->fill_query);
+		$parameter_hash = md5(serialize($parameters));
+		$cache_hash = $query_hash . $parameter_hash;
+		
+		mc_delete($cache_hash);
 	}
 	
 	public function RenderTemplate($template = "")
@@ -398,6 +621,69 @@ abstract class CPHPDatabaseRecordClass extends CPHPBaseClass
 		return $this->DoRenderInternalTemplate();
 	}
 	
+	public function Export()
+	{
+		/* This function is DEPRECATED and should not be used. Please manually build your arrays instead. */
+		$export_array = array();
+		
+		foreach($this->prototype_export as $field)
+		{
+			$variable_name = "s{$field}";
+			if(is_object($this->$variable_name))
+			{
+				if(!empty($this->$variable_name->sId))
+				{
+					$export_array[$field] = $this->$variable_name->Export();
+				}
+				else
+				{
+					$export_array[$field] = null;
+				}
+			}
+			else
+			{
+				$export_array[$field] = $this->$variable_name;
+			}
+		}
+		
+		return $export_array;
+	}
+	
+	public static function CreateFromQuery($query, $parameters = array(), $expiry = 0, $first_only = false)
+	{
+		global $database;
+		
+		$result = $database->CachedQuery($query, $parameters, $expiry);
+		
+		if($result)
+		{
+			if($first_only === true)
+			{
+				/* TODO: Try to run the query with LIMIT 1 if only the first result is desired. */
+				return new static($result);
+			}
+			elseif(count($result->data) == 1)
+			{
+				return array(new static($result));
+			}
+			else
+			{
+				$result_array = array();
+				
+				foreach($result->data as $row)
+				{
+					$result_array[] = new static($row);
+				}
+				
+				return $result_array;
+			}
+		}
+		else
+		{
+			throw new NotFoundException("No results for specified query.");
+		}
+	}
+	
 	// Define events
 	
 	protected function EventConstructed() { }

class.localizer.php

@@ -22,6 +22,7 @@ class Localizer
 	public $date_short = "";
 	public $date_long = "";
 	public $time = "";
+	public $name = "";
 	
 	public function Load($locale)
 	{
@@ -32,8 +33,14 @@ class Localizer
 	
 	public function LoadInternal($locale)
 	{
-		global $cphp_locale_path, $cphp_locale_ext;
-		$lng_contents = file_get_contents("{$cphp_locale_path}/{$locale}.{$cphp_locale_ext}");
+		global $cphp_config;
+		
+		if(!isset($cphp_config->locale->path) || !isset($cphp_config->locale->extension))
+		{
+			throw new Exception("The locale path settings are not specified correctly. Refer to the CPHP manual for instructions.");
+		}
+		
+		$lng_contents = file_get_contents("{$cphp_config->locale->path}/{$locale}.{$cphp_config->locale->extension}");
 		if($lng_contents !== false)
 		{
 			$lines = explode("\n", $lng_contents);
@@ -70,6 +77,8 @@ class Localizer
 					}
 				}
 			}
+			
+			$this->name = $locale;
 		}
 		else
 		{

components/component.errorhandler.php

@@ -42,31 +42,27 @@ class CPHPErrorHandler
 	{
 		global $locale;
 		
-		$template['error'] = new Templater();
-		
 		switch($this->sErrorType)
 		{
 			case CPHP_ERRORHANDLER_TYPE_ERROR:
-				$template['error']->Load("errorhandler.error");
+				$template = "errorhandler.error";
 				break;
 			case CPHP_ERRORHANDLER_TYPE_INFO:
-				$template['error']->Load("errorhandler.info");
+				$template = "errorhandler.info";
 				break;
 			case CPHP_ERRORHANDLER_TYPE_WARNING:
-				$template['error']->Load("errorhandler.warning");
+				$template = "errorhandler.warning";
 				break;
 			case CPHP_ERRORHANDLER_TYPE_SUCCESS:
-				$template['error']->Load("errorhandler.success");
+				$template = "errorhandler.success";
 				break;
+			default:
+				return false;
 		}
 		
-		$template['error']->Localize($locale->strings);
-		$template['error']->Compile(array(
+		return Templater::AdvancedParse($template, $locale->strings, array(
 			'title'		=> $this->sTitle,
 			'message'	=> $this->sMessage
 		));
-		
-		return $template['error']->Render();
 	}
 }
-?>

components/component.formbuilder.php

@@ -1,319 +0,0 @@
-<?php
-/*
- * CPHP is more free software. It is licensed under the WTFPL, which
- * allows you to do pretty much anything with it, without having to
- * ask permission. Commercial use is allowed, and no attribution is
- * required. We do politely request that you share your modifications
- * to benefit other developers, but you are under no enforced
- * obligation to do so :)
- * 
- * Please read the accompanying LICENSE document for the full WTFPL
- * licensing text.
- */
-
-cphp_dependency_provides("cphp_formbuilder", "1.0");
-
-$cphp_formbuilder_increment = 0;
-
-abstract class CPHPFormBuilderBaseClass
-{
-	public $parameters = array();
-	
-	public function AddParameter($key, $value)
-	{
-		$this->parameters[$key] = $value;
-	}
-	
-	public function RenderParameters($parameters)
-	{
-		if(empty($parameters))
-		{
-			return "";
-		}
-		
-		$rendered = array();
-		
-		foreach($parameters as $key => $value)
-		{
-			$value = utf8entities($value);
-			$rendered[] = "{$key}=\"{$value}\"";
-		}
-		
-		return " " . implode(" ", $rendered);
-	}
-	
-	public function RenderNote()
-	{
-		if(!empty($this->note))
-		{
-			return "<div class=\"cphp_fbd_note\">{$this->note}</div>";
-		}
-		else
-		{
-			return "";
-		}
-	}
-}
-
-abstract class CPHPFormBuilderContainer extends CPHPFormBuilderBaseClass
-{
-	public $elements = array();
-	
-	public function AddElement($element)
-	{
-		$this->elements[] = $element;
-	}
-}
-
-class CPHPFormBuilder extends CPHPFormBuilderContainer
-{
-	public $method = "";
-	public $action = "";
-	
-	public function __construct($method, $target)
-	{
-		$this->method = strtolower($method);
-		$this->action = $target;
-	}
-	
-	public function Render()
-	{		
-		$rendered_elements = "";
-		
-		foreach($this->elements as $element)
-		{
-			$rendered_elements .= $element->Render();
-		}
-		
-		$this->AddParameter("method", $this->method);
-		$this->AddParameter("action", $this->action);
-		
-		$rendered_parameters = $this->RenderParameters($this->parameters);
-		
-		return "<form{$rendered_parameters}>{$rendered_elements}</form>";
-	}
-}
-
-class CPHPFormSection extends CPHPFormBuilderContainer
-{
-	public $label = "";
-	public $fieldset = true;
-	public $classname = "";
-	
-	public function __construct($fieldset = true, $label = "")
-	{
-		if(!empty($label))
-		{
-			$this->label = $label;
-		}
-		
-		$this->fieldset = $fieldset;
-	}
-	
-	public function Render()
-	{
-		if(!empty($this->label))
-		{
-			$legend = "<legend>{$this->label}</legend>";
-		}
-		else
-		{
-			$legend = "";
-		}
-		
-		if($this->fieldset === true)
-		{
-			$this->classname = trim("{$this->classname} cphp_fbd_fieldset");
-		}
-		
-		$rendered_elements = "";
-		
-		foreach($this->elements as $element)
-		{
-			$rendered_elements .= $element->Render();
-		}
-		
-		if($this->fieldset === true)
-		{
-			$this->AddParameter("class", $this->classname);
-			$rendered_parameters = $this->RenderParameters($this->parameters);
-			return "<fieldset{$rendered_parameters}>{$legend}<div class=\"cphp_fbd_form\">{$rendered_elements}</div></fieldset>";
-		}
-		else
-		{
-			return "<div class=\"cphp_fbd_form\"{$rendered_parameters}>{$rendered_elements}</div>";
-		}
-	}
-}
-
-abstract class CPHPFormInputElement extends CPHPFormBuilderBaseClass
-{
-	public $id = "";
-	public $name = "";
-	public $value = "";
-	public $label = "";
-	
-	public function __construct($label, $name, $value = "", $note = "", $id = "")
-	{
-		global $cphp_formbuilder_increment;
-		
-		$this->name = $name;
-		$this->value = $value;
-		$this->label = $label;
-		$this->note = $note;
-		
-		if(empty($id))
-		{
-			$this->id = "cphp_fbd_{$cphp_formbuilder_increment}";
-			$cphp_formbuilder_increment += 1;
-		}
-		else
-		{
-			$this->id = $id;
-		}
-	}
-	
-}
-
-abstract class CPHPFormInput extends CPHPFormInputElement
-{
-	public function Render()
-	{
-		$this->AddParameter("id", $this->id);
-		$this->AddParameter("type", $this->type);
-		$this->AddParameter("name", $this->name);
-		$this->AddParameter("value", $this->value);
-		
-		$rendered_parameters = $this->RenderParameters($this->parameters);
-		$rendered_note = $this->RenderNote();
-		
-		return "<div class=\"cphp_fbd_row\"><div class=\"cphp_fbd_label\">{$this->label}{$rendered_note}</div><div class=\"cphp_fbd_field\"><input{$rendered_parameters}></div></div>";
-	}
-}
-
-class CPHPFormTextInput extends CPHPFormInput
-{
-	public $type = "text";
-}
-
-class CPHPFormPasswordInput extends CPHPFormInput
-{
-	public $type = "password";
-}
-
-class CPHPFormDateInput extends CPHPFormInput
-{
-	public $type = "date";
-}
-
-class CPHPFormTimeInput extends CPHPFormInput
-{
-	public $type = "time";
-}
-
-class CPHPFormEmailInput extends CPHPFormInput
-{
-	public $type = "email";
-}
-
-class CPHPFormUrlInput extends CPHPFormInput
-{
-	public $type = "url";
-}
-
-class CPHPFormRangeInput extends CPHPFormInput
-{
-	public $type = "range";
-}
-
-class CPHPFormColorInput extends CPHPFormInput
-{
-	public $type = "color";
-}
-
-class CPHPFormSearchInput extends CPHPFormInput
-{
-	public $type = "search";
-}
-
-class CPHPFormCheckboxGroup extends CPHPFormBuilderContainer
-{
-	public function __construct($label, $note = "")
-	{
-		global $cphp_formbuilder_increment;
-		
-		$this->label = $label;
-		$this->note = $note;
-	}
-	
-	public function Render()
-	{		
-		$rendered_note = $this->RenderNote();
-		
-		$rendered_elements = "";
-		
-		foreach($this->elements as $element)