Add Rin to homepage counter

A small number of PHP-sanity things (eg don't silently ignore errors) to
be included right at the very start of index.php and tests/bootstrap.php

.dockerignore

@@ -0,0 +1,8 @@
+vendor
+.git
+*.phar
+data
+images
+thumbs
+*.sqlite
+Dockerfile

.editorconfig

@@ -0,0 +1,21 @@
+# In retrospect I'm less of a fan of tabs for indentation, because
+# while they're better when they work, they're worse when they don't
+# work, and so many people use terrible editors when they don't work
+# that everything is inconsistent... but tabs are what Shimmie went
+# with back in the 90's, so that's what we use now, and we deal with
+# the pain of making sure everybody configures their editor properly
+
+# top-most EditorConfig file
+root = true
+
+# Unix-style newlines with a newline ending every file
+[*]
+end_of_line = lf
+trim_trailing_whitespace = true
+insert_final_newline = true
+
+[*.{js,css,php}]
+charset = utf-8
+indent_style = space
+indent_size = 4
+

.gitattributes

@@ -0,0 +1 @@
+*.php text eol=lf

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,28 @@
+---
+name: Bug report
+about: Create a report to help us improve
+
+---
+
+**Server Software**
+(You can get all these stats from `http://<your site>/system_info`)
+
+ - Shimmie version:
+ - Database: [mysql, postgres, ...]
+ - Web server: [apache, nginx, ...]
+
+**Client Software (please complete the following information)**
+ - Device: [e.g. iphone, windows desktop]
+ - Browser: [e.g. chrome, safari]
+
+**What steps trigger this bug**
+1. Go to '...'
+2. Click on '....'
+3. Scroll down to '....'
+
+**What did you expect to happen?**
+A clear and concise description of what you expected to happen.
+
+**What actually happened?**
+If applicable, add screenshots to help explain your problem.
+

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,17 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.

.github/workflows/release.yml

@@ -0,0 +1,62 @@
+name: Create Release
+
+on:
+  push:
+    tags:
+      - 'v*'
+
+jobs:
+  build:
+    name: Create Release
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@master
+
+      - name: Get version from tag
+        id: get_version
+        run: echo ::set-output name=VERSION::${GITHUB_REF/refs\/tags\/v/}
+
+      - name: Test version in sys_config
+        run: grep ${{ steps.get_version.outputs.VERSION }} core/sys_config.php
+
+      - name: Build
+        run: |
+          composer install --no-dev
+          cd ..
+          tar cvzf shimmie2-${{ steps.get_version.outputs.VERSION }}.tgz shimmie2
+          zip -r shimmie2-${{ steps.get_version.outputs.VERSION }}.zip shimmie2
+
+      - name: Create Release
+        id: create_release
+        uses: actions/create-release@latest
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          tag_name: ${{ github.ref }}
+          release_name: Shimmie ${{ steps.get_version.outputs.VERSION }}
+          body: Automated release from tags
+          draft: false
+          prerelease: false
+
+      - name: Upload Zip
+        id: upload-release-asset-zip
+        uses: actions/upload-release-asset@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ steps.create_release.outputs.upload_url }}
+          asset_path: ../shimmie2-${{ steps.get_version.outputs.VERSION }}.zip
+          asset_name: shimmie2-${{ steps.get_version.outputs.VERSION }}.zip
+          asset_content_type: application/zip
+
+      - name: Upload Tar
+        id: upload-release-asset-tar
+        uses: actions/upload-release-asset@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ steps.create_release.outputs.upload_url }}
+          asset_path: ../shimmie2-${{ steps.get_version.outputs.VERSION }}.tgz
+          asset_name: shimmie2-${{ steps.get_version.outputs.VERSION }}.tgz
+          asset_content_type: application/gzip

.github/workflows/test_and_publish.yml

@@ -0,0 +1,95 @@
+name: Test & Publish
+
+on:
+  push:
+  pull_request:
+  schedule:
+    - cron: '0 2 * * 0' # Weekly on Sundays at 02:00
+
+jobs:
+  test:
+    name: PHP ${{ matrix.php }} / DB ${{ matrix.database }}
+    strategy:
+      max-parallel: 3
+      fail-fast: false
+      matrix:
+        php: ['7.3']
+        database: ['pgsql', 'mysql', 'sqlite']
+
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v2
+
+    - name: Set up PHP
+      uses: shivammathur/setup-php@master
+      with:
+        php-version: ${{ matrix.php }}
+        coverage: pcov
+        extensions: mbstring
+
+    - name: Set up database
+      run: |
+        mkdir -p data/config
+        if [[ "${{ matrix.database }}" == "pgsql" ]]; then
+            sudo systemctl start postgresql ;
+            psql --version ;
+            sudo -u postgres psql -c "SELECT set_config('log_statement', 'all', false);" -U postgres ;
+            sudo -u postgres psql -c "CREATE USER shimmie WITH PASSWORD 'shimmie';" -U postgres ;
+            sudo -u postgres psql -c "CREATE DATABASE shimmie WITH OWNER shimmie;" -U postgres ;
+        fi
+        if [[ "${{ matrix.database }}" == "mysql" ]]; then
+            sudo systemctl start mysql ;
+            mysql --version ;
+            mysql -e "SET GLOBAL general_log = 'ON';" -uroot -proot ;
+            mysql -e "CREATE DATABASE shimmie;" -uroot -proot ;
+        fi
+        if [[ "${{ matrix.database }}" == "sqlite" ]]; then
+            sudo apt update && sudo apt-get install -y sqlite3 ;
+            sqlite3 --version ;
+        fi
+
+    - name: Check versions
+      run: php -v && composer -V
+
+    - name: Validate composer.json and composer.lock
+      run: composer validate
+
+    - name: Install PHP dependencies
+      run: composer install --prefer-dist --no-progress --no-suggest
+
+    - name: Install shimmie
+      run: php index.php
+        
+    - name: Run test suite
+      run: |
+        if [[ "${{ matrix.database }}" == "pgsql" ]]; then
+            export TEST_DSN="pgsql:user=shimmie;password=shimmie;host=127.0.0.1;dbname=shimmie"
+        fi
+        if [[ "${{ matrix.database }}" == "mysql" ]]; then
+            export TEST_DSN="mysql:user=root;password=root;host=127.0.0.1;dbname=shimmie"
+        fi
+        if [[ "${{ matrix.database }}" == "sqlite" ]]; then
+            export TEST_DSN="sqlite:data/shimmie.sqlite"
+        fi
+        vendor/bin/phpunit --configuration tests/phpunit.xml --coverage-clover=data/coverage.clover
+      
+    - name: Upload coverage
+      run: |
+          wget https://scrutinizer-ci.com/ocular.phar
+          php ocular.phar code-coverage:upload --format=php-clover data/coverage.clover
+  publish:
+    name: Publish
+    runs-on: ubuntu-latest
+    needs: test
+    if: github.event_name == 'push'
+    steps:
+    - uses: actions/checkout@master
+    - name: Publish to Registry
+      uses: elgohr/Publish-Docker-Github-Action@master
+      with:
+        name: shish2k/shimmie2
+        username: ${{ secrets.DOCKER_USERNAME }}
+        password: ${{ secrets.DOCKER_PASSWORD }}
+        cache: ${{ github.event_name != 'schedule' }}
+        buildoptions: "--build-arg RUN_TESTS=false"

.gitignore

@@ -0,0 +1,89 @@
+backup
+data
+images
+thumbs
+*.phar
+*.sqlite
+*.cache
+.devcontainer
+trace.json
+
+#Composer
+composer.phar
+composer.lock
+/vendor/
+
+# Created by http://www.gitignore.io
+
+### Windows ###
+# Windows image file caches
+Thumbs.db
+ehthumbs.db
+
+# Folder config file
+Desktop.ini
+
+# Recycle Bin used on file shares
+$RECYCLE.BIN/
+
+### OSX ###
+.DS_Store
+.AppleDouble
+.LSOverride
+
+# Icon must ends with two \r.
+Icon
+
+# Thumbnails
+._*
+
+# Files that might appear on external disk
+.Spotlight-V100
+.Trashes
+
+
+### Linux ###
+*~
+
+# KDE directory preferences
+.directory
+
+
+### vim ###
+[._]*.s[a-w][a-z]
+[._]s[a-w][a-z]
+*.un~
+Session.vim
+.netrwhist
+
+
+### PhpStorm ###
+# Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm
+
+## Directory-based project format
+.idea/
+# if you remove the above rule, at least ignore user-specific stuff:
+# .idea/workspace.xml
+# .idea/tasks.xml
+# and these sensitive or high-churn files:
+# .idea/dataSources.ids
+# .idea/dataSources.xml
+# .idea/sqlDataSources.xml
+# .idea/dynamic.xml
+
+## File-based project format
+*.ipr
+*.iws
+*.iml
+
+## Additional for IntelliJ
+out/
+
+# generated by mpeltonen/sbt-idea plugin
+.idea_modules/
+
+# generated by JIRA plugin
+atlassian-ide-plugin.xml
+
+# generated by Crashlytics plugin (for Android Studio and Intellij)
+com_crashlytics_export_strings.xml

.htaccess

@@ -0,0 +1,67 @@
+<IfModule mod_dir.c>
+	DirectoryIndex index.php5 index.php
+</IfModule>
+
+<FilesMatch "\.(sqlite|sdb|s3db|db)$">
+	<IfModule mod_authz_host.c>
+		Require all denied
+	</IfModule>
+	<IfModule !mod_authz_host.c>
+		Deny from all
+	</IfModule>
+</FilesMatch>
+
+<IfModule mod_rewrite.c>
+	RewriteEngine On
+
+	# rather than link to images/ha/hash and have an ugly filename,
+	# we link to images/hash/tags.ext; mod_rewrite splits things so
+	# that shimmie sees hash and the user sees tags.ext
+	RewriteRule ^_(images|thumbs)/([0-9a-f]{2})([0-9a-f]{30}).*$  data/$1/$2/$2$3 [L]
+
+	# any requests for files which don't physically exist should be handled by index.php
+	RewriteCond %{REQUEST_FILENAME} !-f
+	RewriteRule ^(.*)$ index.php?q=$1&%{QUERY_STRING} [L]
+</IfModule>
+
+<IfModule mod_expires.c>
+	ExpiresActive On
+	<FilesMatch "([0-9a-f]{32}|\.(gif|jpe?g|png|webp|css|js))$">
+		<IfModule mod_headers.c>
+			Header set Cache-Control "public, max-age=2629743"
+		</IfModule>
+		ExpiresDefault "access plus 1 month"
+	</FilesMatch>
+	#ExpiresByType text/html "now"
+	#ExpiresByType text/plain "now"
+</IfModule>
+
+<IfModule mod_deflate.c>
+	AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css
+	AddOutputFilterByType DEFLATE application/x-javascript application/javascript
+</IfModule>
+
+#EXT: handle_pixel
+AddType image/jpeg  jpg jpeg
+AddType image/gif   gif
+AddType image/png   png
+AddType image/webp  webp
+
+#EXT: handle_ico
+AddType image/x-icon   ico ani cur
+
+#EXT: handle_flash
+AddType application/x-shockwave-flash swf
+
+#EXT: handle_mp3
+AddType audio/mpeg mp3
+
+#EXT: handle_svg
+AddType image/svg+xml  svg svgz
+
+#EXT: handle_video
+AddType video/x-flv    flv
+AddType video/mp4      f4v f4p m4v mp4
+AddType audio/mp4      f4a f4b m4a
+AddType video/ogg      ogv
+AddType video/webm     webm

.php_cs.dist

@@ -0,0 +1,19 @@
+<?php
+
+$finder = PhpCsFixer\Finder::create()
+  ->exclude('ext/amazon_s3/lib')
+  ->exclude('vendor')
+  ->exclude('data')
+  ->in(__DIR__)
+;
+
+return PhpCsFixer\Config::create()
+  ->setRules([
+      '@PSR2' => true,
+      //'strict_param' => true,
+      'array_syntax' => ['syntax' => 'short'],
+  ])
+  ->setFinder($finder)
+;
+
+?>

.scrutinizer.yml

@@ -0,0 +1,19 @@
+imports:
+- javascript
+- php
+
+filter:
+  excluded_paths: [ext/*/lib/*,ext/tagger/script.js,tests/*]
+
+build:
+  nodes:
+    analysis:
+      tests:
+        before:
+          - mkdir -p data/config
+          - cp tests/defines.php data/config/shimmie.conf.php
+        override:
+          - php-scrutinizer-run
+
+tools:
+  external_code_coverage: true

Dockerfile

@@ -0,0 +1,49 @@
+# "Build" shimmie (composer install - done in its own stage so that we don't
+# need to include all the composer fluff in the final image)
+FROM debian:stable-slim AS app
+RUN apt update && apt install -y composer php7.3-gd php7.3-dom php7.3-sqlite3 php-xdebug imagemagick
+COPY composer.json composer.lock /app/
+WORKDIR /app
+RUN composer install --no-dev
+COPY . /app/
+
+# Tests in their own image. Really we should inherit from app and then
+# `composer install` phpunit on top of that; but for some reason
+# `composer install --no-dev && composer install` doesn't install dev
+FROM debian:stable-slim AS tests
+RUN apt update && apt install -y composer php7.3-gd php7.3-dom php7.3-sqlite3 php-xdebug imagemagick
+COPY composer.json composer.lock /app/
+WORKDIR /app
+RUN composer install
+COPY . /app/
+ARG RUN_TESTS=true
+RUN [ $RUN_TESTS = false ] || (\
+    echo '=== Installing ===' && mkdir -p data/config && INSTALL_DSN="sqlite:data/shimmie.sqlite" php index.php && \
+    echo '=== Smoke Test ===' && php index.php get-page /post/list && \
+    echo '=== Unit Tests ===' && ./vendor/bin/phpunit --configuration tests/phpunit.xml && \
+    echo '=== Coverage ===' && ./vendor/bin/phpunit --configuration tests/phpunit.xml --coverage-text && \
+    echo '=== Cleaning ===' && rm -rf data)
+
+# Build su-exec so that our final image can be nicer
+FROM debian:stable-slim AS suexec
+RUN  apt-get update && apt-get install -y --no-install-recommends gcc libc-dev curl
+RUN  curl -k -o /usr/local/bin/su-exec.c https://raw.githubusercontent.com/ncopa/su-exec/master/su-exec.c; \
+     gcc -Wall /usr/local/bin/su-exec.c -o/usr/local/bin/su-exec; \
+     chown root:root /usr/local/bin/su-exec; \
+     chmod 0755 /usr/local/bin/su-exec;
+
+# Actually run shimmie
+FROM debian:stable-slim
+EXPOSE 8000
+HEALTHCHECK --interval=5m --timeout=3s CMD curl --fail http://127.0.0.1:8000/ || exit 1
+ENV UID=1000 \
+    GID=1000
+RUN apt update && apt install -y curl \
+    php7.3-cli php7.3-gd php7.3-pgsql php7.3-mysql php7.3-sqlite3 php7.3-zip php7.3-dom php7.3-mbstring \
+    imagemagick zip unzip && \
+    rm -rf /var/lib/apt/lists/*
+COPY --from=app /app /app
+COPY --from=suexec /usr/local/bin/su-exec /usr/local/bin/su-exec
+
+WORKDIR /app
+CMD ["/bin/sh", "/app/tests/docker-init.sh"]

LICENSE.txt

@@ -0,0 +1,339 @@
+                    GNU GENERAL PUBLIC LICENSE
+                       Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc., <http://fsf.org/>
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+                            Preamble
+
+  The licenses for most software are designed to take away your
+freedom to share and change it.  By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users.  This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it.  (Some other Free Software Foundation software is covered by
+the GNU Lesser General Public License instead.)  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+  To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have.  You must make sure that they, too, receive or can get the
+source code.  And you must show them these terms so they know their
+rights.
+
+  We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+  Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software.  If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+  Finally, any free program is threatened constantly by software
+patents.  We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary.  To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+                    GNU GENERAL PUBLIC LICENSE
+   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+  0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License.  The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language.  (Hereinafter, translation is included without limitation in
+the term "modification".)  Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope.  The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+  1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+  2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+    a) You must cause the modified files to carry prominent notices
+    stating that you changed the files and the date of any change.
+
+    b) You must cause any work that you distribute or publish, that in
+    whole or in part contains or is derived from the Program or any
+    part thereof, to be licensed as a whole at no charge to all third
+    parties under the terms of this License.
+
+    c) If the modified program normally reads commands interactively
+    when run, you must cause it, when started running for such
+    interactive use in the most ordinary way, to print or display an
+    announcement including an appropriate copyright notice and a
+    notice that there is no warranty (or else, saying that you provide
+    a warranty) and that users may redistribute the program under
+    these conditions, and telling the user how to view a copy of this
+    License.  (Exception: if the Program itself is interactive but
+    does not normally print such an announcement, your work based on
+    the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole.  If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works.  But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+  3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+    a) Accompany it with the complete corresponding machine-readable
+    source code, which must be distributed under the terms of Sections
+    1 and 2 above on a medium customarily used for software interchange; or,
+
+    b) Accompany it with a written offer, valid for at least three
+    years, to give any third party, for a charge no more than your
+    cost of physically performing source distribution, a complete
+    machine-readable copy of the corresponding source code, to be
+    distributed under the terms of Sections 1 and 2 above on a medium
+    customarily used for software interchange; or,
+
+    c) Accompany it with the information you received as to the offer
+    to distribute corresponding source code.  (This alternative is
+    allowed only for noncommercial distribution and only if you
+    received the program in object code or executable form with such
+    an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it.  For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable.  However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+  4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License.  Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+  5. You are not required to accept this License, since you have not
+signed it.  However, nothing else grants you permission to modify or
+distribute the Program or its derivative works.  These actions are
+prohibited by law if you do not accept this License.  Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+  6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions.  You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+  7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all.  For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices.  Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+  8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded.  In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+  9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number.  If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation.  If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+  10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission.  For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this.  Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+                            NO WARRANTY
+
+  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+                     END OF TERMS AND CONDITIONS
+
+            How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+  To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+convey the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+    {description}
+    Copyright (C) {year}  {fullname}
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 2 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License along
+    with this program; if not, write to the Free Software Foundation, Inc.,
+    51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+Also add information on how to contact you by electronic and paper mail.
+
+If the program is interactive, make it output a short notice like this
+when it starts in an interactive mode:
+
+    Gnomovision version 69, Copyright (C) year name of author
+    Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+    This is free software, and you are welcome to redistribute it
+    under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License.  Of course, the commands you use may
+be called something other than `show w' and `show c'; they could even be
+mouse-clicks or menu items--whatever suits your program.
+
+You should also get your employer (if you work as a programmer) or your
+school, if any, to sign a "copyright disclaimer" for the program, if
+necessary.  Here is a sample; alter the names:
+
+  Yoyodyne, Inc., hereby disclaims all copyright interest in the program
+  `Gnomovision' (which makes passes at compilers) written by James Hacker.
+
+  {signature of Ty Coon}, 1 April 1989
+  Ty Coon, President of Vice
+
+This General Public License does not permit incorporating your program into
+proprietary programs.  If your program is a subroutine library, you may
+consider it more useful to permit linking proprietary applications with the
+library.  If this is what you want to do, use the GNU Lesser General
+Public License instead of this License.

README.md

@@ -0,0 +1,43 @@
+```
+     _________.__     .__                   .__         ________
+    /   _____/|  |__  |__|  _____    _____  |__|  ____  \_____  \
+    \_____  \ |  |  \ |  | /     \  /     \ |  |_/ __ \  /  ____/
+    /        \|   Y  \|  ||  Y Y  \|  Y Y  \|  |\  ___/ /       \
+   /_______  /|___|  /|__||__|_|  /|__|_|  /|__| \___  >\_______ \
+           \/      \/           \/       \/          \/         \/
+
+```
+
+# Shimmie
+
+[![Test & Publish](https://github.com/shish/shimmie2/workflows/Test%20&%20Publish/badge.svg)](https://github.com/shish/shimmie2/actions)
+[![Code Quality](https://scrutinizer-ci.com/g/shish/shimmie2/badges/quality-score.png?b=master)](https://scrutinizer-ci.com/g/shish/shimmie2/?branch=master)
+[![Code Coverage](https://scrutinizer-ci.com/g/shish/shimmie2/badges/coverage.png?b=master)](https://scrutinizer-ci.com/g/shish/shimmie2/?branch=master)
+
+
+# Documentation
+
+* [Install straight on disk](https://github.com/shish/shimmie2/wiki/Install)
+* [Install in docker container](https://github.com/shish/shimmie2/wiki/Docker)
+* [Upgrade process](https://github.com/shish/shimmie2/wiki/Upgrade)
+* [Basic settings](https://github.com/shish/shimmie2/wiki/Settings)
+* [Advanced config](https://github.com/shish/shimmie2/wiki/Advanced-Config)
+* [Developer notes](https://github.com/shish/shimmie2/wiki/Development-Info)
+* [High-performance notes](https://github.com/shish/shimmie2/wiki/Performance)
+
+
+# Contact
+
+Email: webmaster at shishnet.org
+
+Issue/Bug tracker: https://github.com/shish/shimmie2/issues
+
+
+# Licence
+
+All code is released under the [GNU GPL Version 2](https://www.gnu.org/licenses/gpl-2.0.html) unless mentioned otherwise.
+
+If you give shimmie to someone else, you have to give them the source (which
+should be easy, as PHP is an interpreted language...). If you want to add
+customisations to your own site, then those customisations belong to you,
+and you can do what you want with them.

README.txt

@@ -1,78 +0,0 @@
-
-             _________.__    .__                .__       ________  
-            /   _____/|  |__ |__| _____   _____ |__| ____ \_____  \ 
-            \_____  \ |  |  \|  |/     \ /     \|  |/ __ \ /  ____/ 
-            /        \|   Y  \  |  Y Y  \  Y Y  \  \  ___//       \ 
-           /_______  /|___|  /__|__|_|  /__|_|  /__|\___  >_______ \
-                   \/      \/         \/      \/        \/        \/
-
-Shimmie2 Release Candidate
-~~~~~~~~~~~~~~~~~~~~~~~~~~
-Okay, so maybe my estimate of "it should be done within the week" was a bit
-optimistic... I did get the first 3.5k lines of code done in a week, then
-another 1k of extensions in another week, but making it all work *properly*
-took 3 months...
-
-
-Requirements
-~~~~~~~~~~~~
-MySQL 4.1+
-PHP 5.0+
-GD or ImageMagick
-
-PHP 4 support has currently been dropped, because
-a) It's a pain in the ass to support
-b) Nobody has told me they want it
-
-If you want PHP 4 support, mail me, and I'll see if I can get it working for
-version 2.1...
-
-
-Installation
-~~~~~~~~~~~~
-1) Create a blank database
-2) Unzip shimmie into a folder on the web host
-3) Visit the install folder with a web browser
-4) Enter the location of the database, and choose login details for the first
-   admin of the board
-5) Click "install". Hopefully you'll end up at the configuration screen; if
-   not, you should be given instructions on how to fix any errors~
-
-
-Upgrade from 0.8.4
-~~~~~~~~~~~~~~~~~~
-BIG NOTE: 0.8.4 is the only version the upgrader supports; please upgrade to
-that before going any further! Feel free to try other versions, just don't
-complain when it doesn't work :P
-
-Upgrade process:
-1) Make backups of everything. The most important things are your database
-   data, and your images folder. config.php and the thumbs folder are also
-   very helpful.
-2) Check that your backups actually contain the important data, they aren't
-   just empty files with the right names...
-3) Create a new, blank database, separate from the old one
-4) Unzip shimmie2 into a different folder than shimmie1
-5) Visit the URL of shimmie2
-6) Full in the old database location, the new database location, and the full
-   path to the old installation folder (the folder where the old "images" and
-   "thumbs" can be found)
-7) Click "upgrade"
-8) Wait a couple of minutes while data is copied from the old install into the
-   new one. You may wish to spend these minutes in prayer :P
-9) Log in with an existing admin account and set things up to taste
-
-The old installation can now be removed, but you may wish to keep it around
-until you're sure everything in v2 is working properly~
-
-
-Contact
-~~~~~~~
-http://forum.shishnet.org/viewforum.php?f=6 -- discussion forum
-http://trac.shishnet.org/shimmie2/ -- bug tracker
-webmaster at shishnet.org -- email
-Shish on Freenode -- IRC
-
-
-
-

composer.json

@@ -0,0 +1,67 @@
+{
+	"name": "shish/shimmie2",
+	"description": "A tag-based image gallery",
+	"type"    : "project",
+	"license" : "GPL-2.0-or-later",
+	"minimum-stability" : "dev",
+
+	"repositories" : [
+		{
+			"type" : "package",
+			"package" : {
+				"name" : "ifixit/php-akismet",
+				"version" : "1.1",
+				"source" : {
+					"url"       : "https://github.com/iFixit/php-akismet.git",
+					"type"      : "git",
+					"reference" : "fd4ff50eb577457c1b7b887401663e91e77625ae"
+				}
+			}
+		}
+	],
+
+	"require" : {
+		"php" : "^7.3",
+		"ext-pdo": "*",
+		"ext-json": "*",
+		"ext-fileinfo": "*",
+
+		"flexihash/flexihash"       : "^2.0.0",
+		"ifixit/php-akismet"        : "1.*",
+		"google/recaptcha"          : "~1.1",
+		"dapphp/securimage"         : "3.6.*",
+		"shish/eventtracer-php"     : "^2.0.0",
+		"shish/ffsphp"              : "^1.0.0",
+		"shish/microcrud"           : "^2.0.0",
+		"shish/microhtml"           : "^2.0.0",
+		"enshrined/svg-sanitize"    : "0.13.*",
+
+		"bower-asset/jquery"         : "1.12.*",
+		"bower-asset/jquery-timeago" : "1.5.*",
+		"bower-asset/mediaelement"   : "2.21.*",
+		"bower-asset/js-cookie"      : "2.1.*"
+    },
+
+	"require-dev" : {
+},
+
+	"suggest": {
+		"ext-memcache": "memcache caching",
+		"ext-memcached": "memcached caching",
+		"ext-apc": "apc caching",
+		"ext-redis": "redis caching",
+		"ext-dom": "some extensions",
+		"ext-curl": "some extensions",
+		"ext-ctype": "some extensions",
+		"ext-json": "some extensions",
+		"ext-zip": "self-updater extension, bulk import/export",
+		"ext-zlib": "anti-spam",
+		"ext-xml": "some extensions",
+		"ext-gd": "GD-based thumbnailing"
+	},"replace": {
+    "bower-asset/jquery": ">=1.11.0",
+    "bower-asset/inputmask": ">=3.2.0",
+    "bower-asset/punycode": ">=1.3.0",
+    "bower-asset/yii2-pjax": ">=2.0.0"
+}
+}

composer.lock

@@ -0,0 +1,461 @@
+{
+    "_readme": [
+        "This file locks the dependencies of your project to a known state",
+        "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
+        "This file is @generated automatically"
+    ],
+    "content-hash": "ca096500833679c5fa819eb5cfbd1d80",
+    "packages": [
+        {
+            "name": "bower-asset/jquery-timeago",
+            "version": "v1.5.4",
+            "source": {
+                "type": "git",
+                "url": "git@github.com:rmm5t/jquery-timeago.git",
+                "reference": "180864a9c544a49e43719b457250af216d5e4c3a"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/rmm5t/jquery-timeago/zipball/180864a9c544a49e43719b457250af216d5e4c3a",
+                "reference": "180864a9c544a49e43719b457250af216d5e4c3a"
+            },
+            "require": {
+                "bower-asset/jquery": ">=1.4"
+            },
+            "type": "bower-asset",
+            "license": [
+                "MIT"
+            ]
+        },
+        {
+            "name": "bower-asset/js-cookie",
+            "version": "v2.1.4",
+            "source": {
+                "type": "git",
+                "url": "git@github.com:js-cookie/js-cookie.git",
+                "reference": "8b70250875f7e07445b6a457f9c2474ead4cba44"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/js-cookie/js-cookie/zipball/8b70250875f7e07445b6a457f9c2474ead4cba44",
+                "reference": "8b70250875f7e07445b6a457f9c2474ead4cba44"
+            },
+            "type": "bower-asset",
+            "license": [
+                "MIT"
+            ]
+        },
+        {
+            "name": "bower-asset/mediaelement",
+            "version": "2.21.2",
+            "source": {
+                "type": "git",
+                "url": "git@github.com:johndyer/mediaelement.git",
+                "reference": "394db3b4a2e3f5f7988cacdefe62ed973bf4a3ce"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/johndyer/mediaelement/zipball/394db3b4a2e3f5f7988cacdefe62ed973bf4a3ce",
+                "reference": "394db3b4a2e3f5f7988cacdefe62ed973bf4a3ce"
+            },
+            "type": "bower-asset",
+            "license": [
+                "MIT"
+            ]
+        },
+        {
+            "name": "dapphp/securimage",
+            "version": "3.6.8",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/dapphp/securimage.git",
+                "reference": "5fc5953c4ffba1eb214cc83100672f238c184ca4"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/dapphp/securimage/zipball/5fc5953c4ffba1eb214cc83100672f238c184ca4",
+                "reference": "5fc5953c4ffba1eb214cc83100672f238c184ca4",
+                "shasum": ""
+            },
+            "require": {
+                "ext-gd": "*",
+                "php": ">=5.4"
+            },
+            "suggest": {
+                "ext-pdo": "For database storage support",
+                "ext-pdo_mysql": "For MySQL database support",
+                "ext-pdo_sqlite": "For SQLite3 database support"
+            },
+            "type": "library",
+            "autoload": {
+                "classmap": [
+                    "securimage.php"
+                ]
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "BSD-3-Clause"
+            ],
+            "authors": [
+                {
+                    "name": "Drew Phillips",
+                    "email": "drew@drew-phillips.com"
+                }
+            ],
+            "description": "PHP CAPTCHA Library",
+            "homepage": "https://www.phpcaptcha.org",
+            "keywords": [
+                "Forms",
+                "anti-spam",
+                "captcha",
+                "security"
+            ],
+            "time": "2020-05-30T09:43:22+00:00"
+        },
+        {
+            "name": "enshrined/svg-sanitize",
+            "version": "0.13.3",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/darylldoyle/svg-sanitizer.git",
+                "reference": "bc66593f255b7d2613d8f22041180036979b6403"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/darylldoyle/svg-sanitizer/zipball/bc66593f255b7d2613d8f22041180036979b6403",
+                "reference": "bc66593f255b7d2613d8f22041180036979b6403",
+                "shasum": ""
+            },
+            "require": {
+                "ext-dom": "*",
+                "ext-libxml": "*"
+            },
+            "require-dev": {
+                "codeclimate/php-test-reporter": "^0.1.2",
+                "phpunit/phpunit": "^6"
+            },
+            "type": "library",
+            "autoload": {
+                "psr-4": {
+                    "enshrined\\svgSanitize\\": "src"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "GPL-2.0-or-later"
+            ],
+            "authors": [
+                {
+                    "name": "Daryll Doyle",
+                    "email": "daryll@enshrined.co.uk"
+                }
+            ],
+            "description": "An SVG sanitizer for PHP",
+            "time": "2020-01-20T01:34:17+00:00"
+        },
+        {
+            "name": "flexihash/flexihash",
+            "version": "v2.0.2",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/pda/flexihash.git",
+                "reference": "497ba5782606d998f8ab0b4e5942e3a799bec018"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/pda/flexihash/zipball/497ba5782606d998f8ab0b4e5942e3a799bec018",
+                "reference": "497ba5782606d998f8ab0b4e5942e3a799bec018",
+                "shasum": ""
+            },
+            "require": {
+                "php": ">=5.4.0"
+            },
+            "require-dev": {
+                "phpunit/phpunit": "^4.8",
+                "satooshi/php-coveralls": "~1.0",
+                "squizlabs/php_codesniffer": "^2.3",
+                "symfony/config": "^2.0.0",
+                "symfony/console": "^2.0.0",
+                "symfony/filesystem": "^2.0.0",
+                "symfony/stopwatch": "^2.0.0",
+                "symfony/yaml": "^2.0.0"
+            },
+            "type": "library",
+            "autoload": {
+                "psr-4": {
+                    "Flexihash\\": "src/"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Paul Annesley",
+                    "email": "paul@annesley.cc",
+                    "homepage": "http://paul.annesley.cc"
+                },
+                {
+                    "name": "Dom Morgan",
+                    "email": "dom@d3r.com",
+                    "homepage": "https://d3r.com"
+                }
+            ],
+            "description": "Flexihash is a small PHP library which implements consistent hashing",
+            "homepage": "https://github.com/pda/flexihash",
+            "time": "2016-04-22T21:03:23+00:00"
+        },
+        {
+            "name": "google/recaptcha",
+            "version": "dev-master",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/google/recaptcha.git",
+                "reference": "79ccf652575e138d51742d04e78a5adbb9892f9d"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/google/recaptcha/zipball/79ccf652575e138d51742d04e78a5adbb9892f9d",
+                "reference": "79ccf652575e138d51742d04e78a5adbb9892f9d",
+                "shasum": ""
+            },
+            "require": {
+                "php": ">=5.5"
+            },
+            "require-dev": {
+                "friendsofphp/php-cs-fixer": "^2.2.20|^2.15",
+                "php-coveralls/php-coveralls": "^2.1",
+                "phpunit/phpunit": "^4.8.36|^5.7.27|^6.59|^7.5.11"
+            },
+            "type": "library",
+            "extra": {
+                "branch-alias": {
+                    "dev-master": "1.2.x-dev"
+                }
+            },
+            "autoload": {
+                "psr-4": {
+                    "ReCaptcha\\": "src/ReCaptcha"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "BSD-3-Clause"
+            ],
+            "description": "Client library for reCAPTCHA, a free service that protects websites from spam and abuse.",
+            "homepage": "https://www.google.com/recaptcha/",
+            "keywords": [
+                "Abuse",
+                "captcha",
+                "recaptcha",
+                "spam"
+            ],
+            "time": "2020-05-21T08:56:25+00:00"
+        },
+        {
+            "name": "ifixit/php-akismet",
+            "version": "1.1",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/iFixit/php-akismet.git",
+                "reference": "fd4ff50eb577457c1b7b887401663e91e77625ae"
+            },
+            "type": "library"
+        },
+        {
+            "name": "shish/eventtracer-php",
+            "version": "v2.0.0",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/shish/eventtracer-php.git",
+                "reference": "0328454c58d240667f004f3efd863b8ef521ba2a"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/shish/eventtracer-php/zipball/0328454c58d240667f004f3efd863b8ef521ba2a",
+                "reference": "0328454c58d240667f004f3efd863b8ef521ba2a",
+                "shasum": ""
+            },
+            "require": {
+                "ext-json": "*",
+                "php": "^7.3"
+            },
+            "require-dev": {
+                "phpunit/phpunit": "^9.0"
+            },
+            "type": "library",
+            "autoload": {
+                "classmap": [
+                    "src/"
+                ]
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Shish",
+                    "email": "webmaster@shishnet.org",
+                    "homepage": "http://shishnet.org",
+                    "role": "Developer"
+                }
+            ],
+            "description": "An API to write JSON traces as used by the Chrome Trace Viewer",
+            "homepage": "https://github.com/shish/eventtracer-php",
+            "time": "2020-09-20T11:46:44+00:00"
+        },
+        {
+            "name": "shish/ffsphp",
+            "version": "v1.0.2",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/shish/ffsphp.git",
+                "reference": "82d45b2691da11c82a28f85b07752334a06b8a8e"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/shish/ffsphp/zipball/82d45b2691da11c82a28f85b07752334a06b8a8e",
+                "reference": "82d45b2691da11c82a28f85b07752334a06b8a8e",
+                "shasum": ""
+            },
+            "require": {
+                "php": "^7.3"
+            },
+            "require-dev": {
+                "phpunit/phpunit": "^9.0"
+            },
+            "type": "library",
+            "autoload": {
+                "psr-4": {
+                    "FFSPHP\\": "src"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Shish",
+                    "email": "webmaster@shishnet.org",
+                    "homepage": "http://shishnet.org",
+                    "role": "Developer"
+                }
+            ],
+            "description": "A collection of workarounds for stupid PHP things",
+            "homepage": "https://github.com/shish/ffsphp",
+            "time": "2020-09-20T13:15:53+00:00"
+        },
+        {
+            "name": "shish/microcrud",
+            "version": "v2.0.0",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/shish/microcrud.git",
+                "reference": "1d55c02c405fc75ad6a0e952e9333552bef492f0"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/shish/microcrud/zipball/1d55c02c405fc75ad6a0e952e9333552bef492f0",
+                "reference": "1d55c02c405fc75ad6a0e952e9333552bef492f0",
+                "shasum": ""
+            },
+            "require": {
+                "ext-pdo": "*",
+                "php": "^7.3",
+                "shish/ffsphp": "^1.0",
+                "shish/microhtml": "^2.0.2"
+            },
+            "require-dev": {
+                "phpunit/phpunit": "^9.0"
+            },
+            "type": "library",
+            "autoload": {
+                "psr-4": {
+                    "MicroCRUD\\": "src"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Shish",
+                    "email": "webmaster@shishnet.org",
+                    "homepage": "http://shishnet.org",
+                    "role": "Developer"
+                }
+            ],
+            "description": "A minimal CRUD generating library",
+            "homepage": "https://github.com/shish/microcrud",
+            "keywords": [
+                "crud",
+                "generator"
+            ],
+            "time": "2020-09-20T13:10:42+00:00"
+        },
+        {
+            "name": "shish/microhtml",
+            "version": "v2.0.2",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/shish/microhtml.git",
+                "reference": "d5c393d5a47bb3b3febdfde9ebf6e91cb9b41947"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/shish/microhtml/zipball/d5c393d5a47bb3b3febdfde9ebf6e91cb9b41947",
+                "reference": "d5c393d5a47bb3b3febdfde9ebf6e91cb9b41947",
+                "shasum": ""
+            },
+            "require": {
+                "php": "^7.3"
+            },
+            "require-dev": {
+                "phpunit/phpunit": "^9.0"
+            },
+            "type": "library",
+            "autoload": {
+                "files": [
+                    "src/microhtml.php"
+                ]
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Shish",
+                    "email": "webmaster@shishnet.org",
+                    "homepage": "http://shishnet.org",
+                    "role": "Developer"
+                }
+            ],
+            "description": "A minimal HTML generating library",
+            "homepage": "https://github.com/shish/microhtml",
+            "keywords": [
+                "generator",
+                "html"
+            ],
+            "time": "2020-09-20T13:05:01+00:00"
+        }
+    ],
+    "packages-dev": [],
+    "aliases": [],
+    "minimum-stability": "dev",
+    "stability-flags": [],
+    "prefer-stable": false,
+    "prefer-lowest": false,
+    "platform": {
+        "php": "^7.3",
+        "ext-pdo": "*",
+        "ext-json": "*",
+        "ext-fileinfo": "*"
+    },
+    "platform-dev": [],
+    "plugin-api-version": "1.1.0"
+}

core/basepage.php

@@ -0,0 +1,667 @@
+<?php declare(strict_types=1);
+require_once "core/event.php";
+
+abstract class PageMode
+{
+    const REDIRECT = 'redirect';
+    const DATA = 'data';
+    const PAGE = 'page';
+    const FILE = 'file';
+    const MANUAL = 'manual';
+}
+
+/**
+ * Class Page
+ *
+ * A data structure for holding all the bits of data that make up a page.
+ *
+ * The various extensions all add whatever they want to this structure,
+ * then Layout turns it into HTML.
+ */
+class BasePage
+{
+    /** @var string */
+    public $mode = PageMode::PAGE;
+    /** @var string */
+    private $type = "text/html; charset=utf-8";
+
+    /**
+     * Set what this page should do; "page", "data", or "redirect".
+     */
+    public function set_mode(string $mode): void
+    {
+        $this->mode = $mode;
+    }
+
+    /**
+     * Set the page's MIME type.
+     */
+    public function set_type(string $type): void
+    {
+        $this->type = $type;
+    }
+
+    public function __construct()
+    {
+        if (@$_GET["flash"]) {
+            $this->flash[] = $_GET['flash'];
+            unset($_GET["flash"]);
+        }
+    }
+
+    // ==============================================
+
+    /** @var string; public only for unit test */
+    public $data = "";
+
+    /** @var string */
+    private $file = null;
+
+    /** @var bool */
+    private $file_delete = false;
+
+    /** @var string */
+    private $filename = null;
+
+    private $disposition = null;
+
+    /**
+     * Set the raw data to be sent.
+     */
+    public function set_data(string $data): void
+    {
+        $this->data = $data;
+    }
+
+    public function set_file(string $file, bool $delete = false): void
+    {
+        $this->file = $file;
+        $this->file_delete = $delete;
+    }
+
+    /**
+     * Set the recommended download filename.
+     */
+    public function set_filename(string $filename, string $disposition = "attachment"): void
+    {
+        $this->filename = $filename;
+        $this->disposition = $disposition;
+    }
+
+    // ==============================================
+
+    /** @var string */
+    public $redirect = "";
+
+    /**
+     * Set the URL to redirect to (remember to use make_link() if linking
+     * to a page in the same site).
+     */
+    public function set_redirect(string $redirect): void
+    {
+        $this->redirect = $redirect;
+    }
+
+    // ==============================================
+
+    /** @var int */
+    public $code = 200;
+
+    /** @var string */
+    public $title = "";
+
+    /** @var string */
+    public $heading = "";
+
+    /** @var string */
+    public $subheading = "";
+
+    /** @var string[] */
+    public $html_headers = [];
+
+    /** @var string[] */
+    public $http_headers = [];
+
+    /** @var string[][] */
+    public $cookies = [];
+
+    /** @var Block[] */
+    public $blocks = [];
+
+    /** @var string[] */
+    public $flash = [];
+
+    /**
+     * Set the HTTP status code
+     */
+    public function set_code(int $code): void
+    {
+        $this->code = $code;
+    }
+
+    public function set_title(string $title): void
+    {
+        $this->title = $title;
+    }
+
+    public function set_heading(string $heading): void
+    {
+        $this->heading = $heading;
+    }
+
+    public function set_subheading(string $subheading): void
+    {
+        $this->subheading = $subheading;
+    }
+
+    public function flash(string $message): void
+    {
+        $this->flash[] = $message;
+    }
+
+    /**
+     * Add a line to the HTML head section.
+     */
+    public function add_html_header(string $line, int $position = 50): void
+    {
+        while (isset($this->html_headers[$position])) {
+            $position++;
+        }
+        $this->html_headers[$position] = $line;
+    }
+
+    /**
+     * Add a http header to be sent to the client.
+     */
+    public function add_http_header(string $line, int $position = 50): void
+    {
+        while (isset($this->http_headers[$position])) {
+            $position++;
+        }
+        $this->http_headers[$position] = $line;
+    }
+
+    /**
+     * The counterpart for get_cookie, this works like php's
+     * setcookie method, but prepends the site-wide cookie prefix to
+     * the $name argument before doing anything.
+     */
+    public function add_cookie(string $name, string $value, int $time, string $path): void
+    {
+        $full_name = COOKIE_PREFIX . "_" . $name;
+        $this->cookies[] = [$full_name, $value, $time, $path];
+    }
+
+    public function get_cookie(string $name): ?string
+    {
+        $full_name = COOKIE_PREFIX . "_" . $name;
+        if (isset($_COOKIE[$full_name])) {
+            return $_COOKIE[$full_name];
+        } else {
+            return null;
+        }
+    }
+
+    /**
+     * Get all the HTML headers that are currently set and return as a string.
+     */
+    public function get_all_html_headers(): string
+    {
+        $data = '';
+        ksort($this->html_headers);
+        foreach ($this->html_headers as $line) {
+            $data .= "\t\t" . $line . "\n";
+        }
+        return $data;
+    }
+
+    /**
+     * Add a Block of data to the page.
+     */
+    public function add_block(Block $block): void
+    {
+        $this->blocks[] = $block;
+    }
+
+    /**
+     * Find a block which contains the given text
+     * (Useful for unit tests)
+     */
+    public function find_block(string $text): ?Block
+    {
+        foreach ($this->blocks as $block) {
+            if ($block->header == $text) {
+                return $block;
+            }
+        }
+        return null;
+    }
+
+    // ==============================================
+
+    public function send_headers(): void
+    {
+        if (!headers_sent()) {
+            header("HTTP/1.0 {$this->code} Shimmie");
+            header("Content-type: " . $this->type);
+            header("X-Powered-By: Shimmie-" . VERSION);
+
+            foreach ($this->http_headers as $head) {
+                header($head);
+            }
+            foreach ($this->cookies as $c) {
+                setcookie($c[0], $c[1], $c[2], $c[3]);
+            }
+        } else {
+            print "Error: Headers have already been sent to the client.";
+        }
+    }
+
+    /**
+     * Display the page according to the mode and data given.
+     */
+    public function display(): void
+    {
+        if ($this->mode!=PageMode::MANUAL) {
+            $this->send_headers();
+        }
+
+        switch ($this->mode) {
+            case PageMode::MANUAL:
+                break;
+            case PageMode::PAGE:
+                usort($this->blocks, "blockcmp");
+                $this->add_auto_html_headers();
+                $this->render();
+                break;
+            case PageMode::DATA:
+                header("Content-Length: " . strlen($this->data));
+                if (!is_null($this->filename)) {
+                    header('Content-Disposition: ' . $this->disposition . '; filename=' . $this->filename);
+                }
+                print $this->data;
+                break;
+            case PageMode::FILE:
+                if (!is_null($this->filename)) {
+                    header('Content-Disposition: ' . $this->disposition . '; filename=' . $this->filename);
+                }
+
+                // https://gist.github.com/codler/3906826
+                $size = filesize($this->file); // File size
+                $length = $size;           // Content length
+                $start = 0;               // Start byte
+                $end = $size - 1;       // End byte
+
+                header("Content-Length: " . $size);
+                header('Accept-Ranges: bytes');
+
+                if (isset($_SERVER['HTTP_RANGE'])) {
+                    list(, $range) = explode('=', $_SERVER['HTTP_RANGE'], 2);
+                    if (strpos($range, ',') !== false) {
+                        header('HTTP/1.1 416 Requested Range Not Satisfiable');
+                        header("Content-Range: bytes $start-$end/$size");
+                        break;
+                    }
+                    if ($range == '-') {
+                        $c_start = $size - (int)substr($range, 1);
+                        $c_end = $end;
+                    } else {
+                        $range = explode('-', $range);
+                        $c_start = (int)$range[0];
+                        $c_end = (isset($range[1]) && is_numeric($range[1])) ? (int)$range[1] : $size;
+                    }
+                    $c_end = ($c_end > $end) ? $end : $c_end;
+                    if ($c_start > $c_end || $c_start > $size - 1 || $c_end >= $size) {
+                        header('HTTP/1.1 416 Requested Range Not Satisfiable');
+                        header("Content-Range: bytes $start-$end/$size");
+                        break;
+                    }
+                    $start = $c_start;
+                    $end = $c_end;
+                    $length = $end - $start + 1;
+                    header('HTTP/1.1 206 Partial Content');
+                }
+                header("Content-Range: bytes $start-$end/$size");
+                header("Content-Length: " . $length);
+
+                try {
+                    stream_file($this->file, $start, $end);
+                } finally {
+                    if ($this->file_delete === true) {
+                        unlink($this->file);
+                    }
+                }
+                break;
+            case PageMode::REDIRECT:
+                if ($this->flash) {
+                    $this->redirect .= (strpos($this->redirect, "?") === false) ? "?" : "&";
+                    $this->redirect .= "flash=" . url_escape(implode("\n", $this->flash));
+                }
+                header('Location: ' . $this->redirect);
+                print 'You should be redirected to <a href="' . $this->redirect . '">' . $this->redirect . '</a>';
+                break;
+            default:
+                print "Invalid page mode";
+                break;
+        }
+    }
+
+    /**
+     * This function grabs all the CSS and JavaScript files sprinkled throughout Shimmie's folders,
+     * concatenates them together into two large files (one for CSS and one for JS) and then stores
+     * them in the /cache/ directory for serving to the user.
+     *
+     * Why do this? Two reasons:
+     *  1. Reduces the number of files the user's browser needs to download.
+     *  2. Allows these cached files to be compressed/minified by the admin.
+     *
+     * TODO: This should really be configurable somehow...
+     */
+    public function add_auto_html_headers(): void
+    {
+        global $config;
+
+        $data_href = get_base_href();
+        $theme_name = $config->get_string(SetupConfig::THEME, 'default');
+
+        $this->add_html_header("<script type='text/javascript'>base_href = '$data_href';</script>", 40);
+
+        # static handler will map these to themes/foo/static/bar.ico or ext/static_files/static/bar.ico
+        $this->add_html_header("<link rel='icon' type='image/x-icon' href='$data_href/favicon.ico'>", 41);
+        $this->add_html_header("<link rel='apple-touch-icon' href='$data_href/apple-touch-icon.png'>", 42);
+
+        //We use $config_latest to make sure cache is reset if config is ever updated.
+        $config_latest = 0;
+        foreach (zglob("data/config/*") as $conf) {
+            $config_latest = max($config_latest, filemtime($conf));
+        }
+
+        /*** Generate CSS cache files ***/
+        $css_latest = $config_latest;
+        $css_files = array_merge(
+            zglob("ext/{" . Extension::get_enabled_extensions_as_string() . "}/style.css"),
+            zglob("themes/$theme_name/style.css")
+        );
+        foreach ($css_files as $css) {
+            $css_latest = max($css_latest, filemtime($css));
+        }
+        $css_md5 = md5(serialize($css_files));
+        $css_cache_file = data_path("cache/style/{$theme_name}.{$css_latest}.{$css_md5}.css");
+        if (!file_exists($css_cache_file)) {
+            $css_data = "";
+            foreach ($css_files as $file) {
+                $file_data = file_get_contents($file);
+                $pattern = '/url[\s]*\([\s]*["\']?([^"\'\)]+)["\']?[\s]*\)/';
+                $replace = 'url("../../../' . dirname($file) . '/$1")';
+                $file_data = preg_replace($pattern, $replace, $file_data);
+                $css_data .= $file_data . "\n";
+            }
+            file_put_contents($css_cache_file, $css_data);
+        }
+        $this->add_html_header("<link rel='stylesheet' href='$data_href/$css_cache_file' type='text/css'>", 43);
+
+        /*** Generate JS cache files ***/
+        $js_latest = $config_latest;
+        $js_files = array_merge(
+            [
+                "vendor/bower-asset/jquery-timeago/jquery.timeago.js",
+                "vendor/bower-asset/js-cookie/src/js.cookie.js",
+                "ext/static_files/modernizr-3.3.1.custom.js",
+            ],
+            zglob("ext/{" . Extension::get_enabled_extensions_as_string() . "}/script.js"),
+            zglob("themes/$theme_name/script.js")
+        );
+        foreach ($js_files as $js) {
+            $js_latest = max($js_latest, filemtime($js));
+        }
+        $js_md5 = md5(serialize($js_files));
+        $js_cache_file = data_path("cache/script/{$theme_name}.{$js_latest}.{$js_md5}.js");
+        if (!file_exists($js_cache_file)) {
+            $js_data = "";
+            foreach ($js_files as $file) {
+                $js_data .= file_get_contents($file) . "\n";
+            }
+            file_put_contents($js_cache_file, $js_data);
+        }
+        $this->add_html_header("<script defer src='$data_href/$js_cache_file' type='text/javascript'></script>", 44);
+    }
+
+    protected function get_nav_links()
+    {
+        $pnbe = send_event(new PageNavBuildingEvent());
+
+        $nav_links = $pnbe->links;
+
+        $active_link = null;
+        // To save on event calls, we check if one of the top-level links has already been marked as active
+        foreach ($nav_links as $link) {
+            if ($link->active===true) {
+                $active_link = $link;
+                break;
+            }
+        }
+        $sub_links = null;
+        // If one is, we just query for sub-menu options under that one tab
+        if ($active_link!==null) {
+            $psnbe = send_event(new PageSubNavBuildingEvent($active_link->name));
+            $sub_links = $psnbe->links;
+        } else {
+            // Otherwise we query for the sub-items under each of the tabs
+            foreach ($nav_links as $link) {
+                $psnbe = send_event(new PageSubNavBuildingEvent($link->name));
+
+                // Now we check for a current link so we can identify the sub-links to show
+                foreach ($psnbe->links as $sub_link) {
+                    if ($sub_link->active===true) {
+                        $sub_links = $psnbe->links;
+                        break;
+                    }
+                }
+                // If the active link has been detected, we break out
+                if ($sub_links!==null) {
+                    $link->active = true;
+                    break;
+                }
+            }
+        }
+
+        $sub_links = $sub_links??[];
+        usort($nav_links, "sort_nav_links");
+        usort($sub_links, "sort_nav_links");
+
+        return [$nav_links, $sub_links];
+    }
+
+    /**
+     * turns the Page into HTML
+     */
+    public function render()
+    {
+        $head_html = $this->head_html();
+        $body_html = $this->body_html();
+
+        print <<<EOD
+<!doctype html>
+<html class="no-js" lang="en">
+    $head_html
+    $body_html
+</html>
+EOD;
+    }
+
+    protected function head_html(): string
+    {
+        $html_header_html = $this->get_all_html_headers();
+
+        return "
+        <head>
+		    <title>{$this->title}</title>
+            $html_header_html
+	    </head>
+        ";
+    }
+
+    protected function body_html(): string
+    {
+        $left_block_html = "";
+        $main_block_html = "";
+        $sub_block_html  = "";
+
+        foreach ($this->blocks as $block) {
+            switch ($block->section) {
+                case "left":
+                    $left_block_html .= $block->get_html(true);
+                    break;
+                case "main":
+                    $main_block_html .= $block->get_html(false);
+                    break;
+                case "subheading":
+                    $sub_block_html .= $block->get_html(false);
+                    break;
+                default:
+                    print "<p>error: {$block->header} using an unknown section ({$block->section})";
+                    break;
+            }
+        }
+
+        $wrapper = "";
+        if (strlen($this->heading) > 100) {
+            $wrapper = ' style="height: 3em; overflow: auto;"';
+        }
+
+        $footer_html = $this->footer_html();
+        $flash_html = $this->flash ? "<b id='flash'>".nl2br(html_escape(implode("\n", $this->flash)))."</b>" : "";
+        return "
+            <body>
+                <header>
+                    <h1$wrapper>{$this->heading}</h1>
+                    $sub_block_html
+                </header>
+                <nav>
+                    $left_block_html
+                </nav>
+                <article>
+                    $flash_html
+                    $main_block_html
+                </article>
+                <footer>
+                    $footer_html
+                </footer>
+            </body>
+        ";
+    }
+
+    protected function footer_html(): string
+    {
+        $debug = get_debug_info();
+        $contact_link = contact_link();
+        $contact = empty($contact_link) ? "" : "<br><a href='$contact_link'>Contact</a>";
+
+        return "
+			Images &copy; their respective owners,
+			<a href=\"https://code.shishnet.org/shimmie2/\">Shimmie</a> &copy;
+			<a href=\"https://www.shishnet.org/\">Shish</a> &amp;
+			<a href=\"https://github.com/shish/shimmie2/graphs/contributors\">The Team</a>
+			2007-2020,
+			based on the Danbooru concept.
+			$debug
+			$contact
+        ";
+    }
+}
+
+class PageNavBuildingEvent extends Event
+{
+    public $links = [];
+
+    public function add_nav_link(string $name, Link $link, string $desc, ?bool $active = null, int $order = 50)
+    {
+        $this->links[]  = new NavLink($name, $link, $desc, $active, $order);
+    }
+}
+
+class PageSubNavBuildingEvent extends Event
+{
+    public $parent;
+
+    public $links = [];
+
+    public function __construct(string $parent)
+    {
+        parent::__construct();
+        $this->parent= $parent;
+    }
+
+    public function add_nav_link(string $name, Link $link, string $desc, ?bool $active = null, int $order = 50)
+    {
+        $this->links[]  = new NavLink($name, $link, $desc, $active, $order);
+    }
+}
+
+class NavLink
+{
+    public $name;
+    public $link;
+    public $description;
+    public $order;
+    public $active = false;
+
+    public function __construct(String $name, Link $link, String $description, ?bool $active = null, int $order = 50)
+    {
+        global $config;
+
+        $this->name = $name;
+        $this->link = $link;
+        $this->description = $description;
+        $this->order = $order;
+        if ($active==null) {
+            $query = ltrim(_get_query(), "/");
+            if ($query === "") {
+                // This indicates the front page, so we check what's set as the front page
+                $front_page = trim($config->get_string(SetupConfig::FRONT_PAGE), "/");
+
+                if ($front_page === $link->page) {
+                    $this->active = true;
+                } else {
+                    $this->active = self::is_active([$link->page], $front_page);
+                }
+            } elseif ($query===$link->page) {
+                $this->active = true;
+            } else {
+                $this->active = self::is_active([$link->page]);
+            }
+        } else {
+            $this->active = $active;
+        }
+    }
+
+    public static function is_active(array $pages_matched, string $url = null): bool
+    {
+        /**
+         * Woo! We can actually SEE THE CURRENT PAGE!! (well... see it highlighted in the menu.)
+         */
+        $url = $url??ltrim(_get_query(), "/");
+
+        $re1='.*?';
+        $re2='((?:[a-z][a-z_]+))';
+
+        if (preg_match_all("/".$re1.$re2."/is", $url, $matches)) {
+            $url=$matches[1][0];
+        }
+
+        $count_pages_matched = count($pages_matched);
+
+        for ($i=0; $i < $count_pages_matched; $i++) {
+            if ($url == $pages_matched[$i]) {
+                return true;
+            }
+        }
+
+        return false;
+    }
+}
+
+function sort_nav_links(NavLink $a, NavLink $b)
+{
+    return $a->order - $b->order;
+}

core/basethemelet.php

@@ -0,0 +1,149 @@
+<?php declare(strict_types=1);
+
+/**
+ * Class BaseThemelet
+ *
+ * A collection of common functions for theme parts
+ */
+class BaseThemelet
+{
+
+    /**
+     * Generic error message display
+     */
+    public function display_error(int $code, string $title, string $message): void
+    {
+        global $page;
+        $page->set_code($code);
+        $page->set_title($title);
+        $page->set_heading($title);
+        $has_nav = false;
+        foreach ($page->blocks as $block) {
+            if ($block->header == "Navigation") {
+                $has_nav = true;
+                break;
+            }
+        }
+        if (!$has_nav) {
+            $page->add_block(new NavBlock());
+        }
+        $page->add_block(new Block("Error", $message));
+    }
+
+    /**
+     * A specific, common error message
+     */
+    public function display_permission_denied(): void
+    {
+        $this->display_error(403, "Permission Denied", "You do not have permission to access this page");
+    }
+
+
+    /**
+     * Generic thumbnail code; returns HTML rather than adding
+     * a block since thumbs tend to go inside blocks...
+     */
+    public function build_thumb_html(Image $image): string
+    {
+        global $config;
+
+        $i_id = (int) $image->id;
+        $h_view_link = make_link('post/view/'.$i_id);
+        $h_thumb_link = $image->get_thumb_link();
+        $h_tip = html_escape($image->get_tooltip());
+        $h_tags = html_escape(strtolower($image->get_tag_list()));
+
+        $extArr = array_flip([EXTENSION_FLASH, EXTENSION_SVG, EXTENSION_MP3]); //List of thumbless filetypes
+        if (!isset($extArr[$image->ext])) {
+            $tsize = get_thumbnail_size($image->width, $image->height);
+        } else {
+            //Use max thumbnail size if using thumbless filetype
+            $tsize = get_thumbnail_size($config->get_int(ImageConfig::THUMB_WIDTH), $config->get_int(ImageConfig::THUMB_WIDTH));
+        }
+
+        $custom_classes = "";
+        if (class_exists("Relationships")) {
+            if (property_exists($image, 'parent_id') && $image->parent_id !== null) {
+                $custom_classes .= "shm-thumb-has_parent ";
+            }
+            if (property_exists($image, 'has_children') && bool_escape($image->has_children)) {
+                $custom_classes .= "shm-thumb-has_child ";
+            }
+        }
+
+        return "<a href='$h_view_link' class='thumb shm-thumb shm-thumb-link {$custom_classes}' data-tags='$h_tags' data-post-id='$i_id'>".
+                "<img id='thumb_$i_id' title='$h_tip' alt='$h_tip' height='{$tsize[1]}' width='{$tsize[0]}' src='$h_thumb_link'>".
+                "</a>\n";
+    }
+
+    public function display_paginator(Page $page, string $base, ?string $query, int $page_number, int $total_pages, bool $show_random = false)
+    {
+        if ($total_pages == 0) {
+            $total_pages = 1;
+        }
+        $body = $this->build_paginator($page_number, $total_pages, $base, $query, $show_random);
+        $page->add_block(new Block(null, $body, "main", 90, "paginator"));
+
+        $page->add_html_header("<link rel='first' href='".make_http(make_link($base.'/1', $query))."'>");
+        if ($page_number < $total_pages) {
+            $page->add_html_header("<link rel='prefetch' href='".make_http(make_link($base.'/'.($page_number+1), $query))."'>");
+            $page->add_html_header("<link rel='next' href='".make_http(make_link($base.'/'.($page_number+1), $query))."'>");
+        }
+        if ($page_number > 1) {
+            $page->add_html_header("<link rel='previous' href='".make_http(make_link($base.'/'.($page_number-1), $query))."'>");
+        }
+        $page->add_html_header("<link rel='last' href='".make_http(make_link($base.'/'.$total_pages, $query))."'>");
+    }
+
+    private function gen_page_link(string $base_url, ?string $query, int $page, string $name): string
+    {
+        $link = make_link($base_url.'/'.$page, $query);
+        return '<a href="'.$link.'">'.$name.'</a>';
+    }
+
+    private function gen_page_link_block(string $base_url, ?string $query, int $page, int $current_page, string $name): string
+    {
+        $paginator = "";
+        if ($page == $current_page) {
+            $paginator .= "<b>";
+        }
+        $paginator .= $this->gen_page_link($base_url, $query, $page, $name);
+        if ($page == $current_page) {
+            $paginator .= "</b>";
+        }
+        return $paginator;
+    }
+
+    private function build_paginator(int $current_page, int $total_pages, string $base_url, ?string $query, bool $show_random): string
+    {
+        $next = $current_page + 1;
+        $prev = $current_page - 1;
+
+        $at_start = ($current_page <= 1 || $total_pages <= 1);
+        $at_end = ($current_page >= $total_pages);
+
+        $first_html  = $at_start ? "First" : $this->gen_page_link($base_url, $query, 1, "First");
+        $prev_html   = $at_start ? "Prev"  : $this->gen_page_link($base_url, $query, $prev, "Prev");
+
+        $random_html = "-";
+        if ($show_random) {
+            $rand = mt_rand(1, $total_pages);
+            $random_html =                   $this->gen_page_link($base_url, $query, $rand, "Random");
+        }
+
+        $next_html   = $at_end   ? "Next"  : $this->gen_page_link($base_url, $query, $next, "Next");
+        $last_html   = $at_end   ? "Last"  : $this->gen_page_link($base_url, $query, $total_pages, "Last");
+
+        $start = $current_page-5 > 1 ? $current_page-5 : 1;
+        $end = $start+10 < $total_pages ? $start+10 : $total_pages;
+
+        $pages = [];
+        foreach (range($start, $end) as $i) {
+            $pages[] = $this->gen_page_link_block($base_url, $query, $i, $current_page, (string)$i);
+        }
+        $pages_html = implode(" | ", $pages);
+
+        return $first_html.' | '.$prev_html.' | '.$random_html.' | '.$next_html.' | '.$last_html
+                .'<br>&lt;&lt; '.$pages_html.' &gt;&gt;';
+    }
+}

core/block.class.php

@@ -1,11 +0,0 @@
-<?php
-class Block {
-	var $header;
-	var $body;
-
-	public function Block($header, $body) {
-		$this->header = $header;
-		$this->body = $body;
-	}
-}
-?>

core/block.php

@@ -0,0 +1,105 @@
+<?php declare(strict_types=1);
+
+/**
+ * Class Block
+ *
+ * A basic chunk of a page.
+ */
+class Block
+{
+    /**
+     * The block's title.
+     *
+     * @var string
+     */
+    public $header;
+
+    /**
+     * The content of the block.
+     *
+     * @var string
+     */
+    public $body;
+
+    /**
+     * Where the block should be placed. The default theme supports
+     * "main" and "left", other themes can add their own areas.
+     *
+     * @var string
+     */
+    public $section;
+
+    /**
+     * How far down the section the block should appear, higher
+     * numbers appear lower. The scale is 0-100 by convention,
+     * though any number will work.
+     *
+     * @var int
+     */
+    public $position;
+
+    /**
+     * A unique ID for the block.
+     *
+     * @var string
+     */
+    public $id;
+
+    /**
+     * Should this block count as content for the sake of
+     * the 404 handler
+     *
+     * @var boolean
+     */
+    public $is_content = true;
+
+    public function __construct(string $header=null, string $body=null, string $section="main", int $position=50, string $id=null)
+    {
+        $this->header = $header;
+        $this->body = $body;
+        $this->section = $section;
+        $this->position = $position;
+
+        if (is_null($id)) {
+            $id = (empty($header) ? md5($body ?? '') : $header) . $section;
+        }
+        $this->id = preg_replace('/[^\w-]/', '', str_replace(' ', '_', $id));
+    }
+
+    /**
+     * Get the HTML for this block.
+     */
+    public function get_html(bool $hidable=false): string
+    {
+        $h = $this->header;
+        $b = $this->body;
+        $i = $this->id;
+        $html = "<section id='$i'>";
+        $h_toggler = $hidable ? " shm-toggler" : "";
+        if (!empty($h)) {
+            $html .= "<h3 data-toggle-sel='#$i' class='$h_toggler'>$h</h3>";
+        }
+        if (!empty($b)) {
+            $html .= "<div class='blockbody'>$b</div>";
+        }
+        $html .= "</section>\n";
+        return $html;
+    }
+}
+
+
+/**
+ * Class NavBlock
+ *
+ * A generic navigation block with a link to the main page.
+ *
+ * Used because "new NavBlock()" is easier than "new Block('Navigation', ..."
+ *
+ */
+class NavBlock extends Block
+{
+    public function __construct()
+    {
+        parent::__construct("Navigation", "<a href='".make_link()."'>Index</a>", "left", 0);
+    }
+}

core/cacheengine.php

@@ -0,0 +1,199 @@
+<?php declare(strict_types=1);
+interface CacheEngine
+{
+    public function get(string $key);
+    public function set(string $key, $val, int $time=0);
+    public function delete(string $key);
+}
+
+class NoCache implements CacheEngine
+{
+    public function get(string $key)
+    {
+        return false;
+    }
+    public function set(string $key, $val, int $time=0)
+    {
+    }
+    public function delete(string $key)
+    {
+    }
+}
+
+class MemcachedCache implements CacheEngine
+{
+    /** @var ?Memcached */
+    public $memcache=null;
+
+    public function __construct(string $args)
+    {
+        $hp = explode(":", $args);
+        $this->memcache = new Memcached;
+        #$this->memcache->setOption(Memcached::OPT_COMPRESSION, False);
+        #$this->memcache->setOption(Memcached::OPT_SERIALIZER, Memcached::SERIALIZER_PHP);
+        #$this->memcache->setOption(Memcached::OPT_PREFIX_KEY, phpversion());
+        $this->memcache->addServer($hp[0], (int)$hp[1]);
+    }
+
+    public function get(string $key)
+    {
+        $key = urlencode($key);
+
+        $val = $this->memcache->get($key);
+        $res = $this->memcache->getResultCode();
+
+        if ($res == Memcached::RES_SUCCESS) {
+            return $val;
+        } elseif ($res == Memcached::RES_NOTFOUND) {
+            return false;
+        } else {
+            error_log("Memcached error during get($key): $res");
+            return false;
+        }
+    }
+
+    public function set(string $key, $val, int $time=0)
+    {
+        $key = urlencode($key);
+
+        $this->memcache->set($key, $val, $time);
+        $res = $this->memcache->getResultCode();
+        if ($res != Memcached::RES_SUCCESS) {
+            error_log("Memcached error during set($key): $res");
+        }
+    }
+
+    public function delete(string $key)
+    {
+        $key = urlencode($key);
+
+        $this->memcache->delete($key);
+        $res = $this->memcache->getResultCode();
+        if ($res != Memcached::RES_SUCCESS && $res != Memcached::RES_NOTFOUND) {
+            error_log("Memcached error during delete($key): $res");
+        }
+    }
+}
+
+class APCCache implements CacheEngine
+{
+    public function __construct(string $args)
+    {
+        // $args is not used, but is passed in when APC cache is created.
+    }
+
+    public function get(string $key)
+    {
+        return apc_fetch($key);
+    }
+
+    public function set(string $key, $val, int $time=0)
+    {
+        apc_store($key, $val, $time);
+    }
+
+    public function delete(string $key)
+    {
+        apc_delete($key);
+    }
+}
+
+class RedisCache implements CacheEngine
+{
+    private $redis=null;
+
+    public function __construct(string $args)
+    {
+        $this->redis = new Redis();
+        $hp = explode(":", $args);
+        $this->redis->pconnect($hp[0], (int)$hp[1]);
+        $this->redis->setOption(Redis::OPT_SERIALIZER, Redis::SERIALIZER_PHP);
+        $this->redis->setOption(Redis::OPT_PREFIX, 'shm:');
+    }
+
+    public function get(string $key)
+    {
+        return $this->redis->get($key);
+    }
+
+    public function set(string $key, $val, int $time=0)
+    {
+        if ($time > 0) {
+            $this->redis->setEx($key, $time, $val);
+        } else {
+            $this->redis->set($key, $val);
+        }
+    }
+
+    public function delete(string $key)
+    {
+        $this->redis->del($key);
+    }
+}
+
+class Cache
+{
+    public $engine;
+    public $hits=0;
+    public $misses=0;
+    public $time=0;
+
+    public function __construct(?string $dsn)
+    {
+        $matches = [];
+        $c = null;
+        if ($dsn && preg_match("#(.*)://(.*)#", $dsn, $matches) && !isset($_GET['DISABLE_CACHE'])) {
+            if ($matches[1] == "memcached") {
+                $c = new MemcachedCache($matches[2]);
+            } elseif ($matches[1] == "apc") {
+                $c = new APCCache($matches[2]);
+            } elseif ($matches[1] == "redis") {
+                $c = new RedisCache($matches[2]);
+            }
+        } else {
+            $c = new NoCache();
+        }
+        $this->engine = $c;
+    }
+
+    public function get(string $key)
+    {
+        global $_tracer;
+        $_tracer->begin("Cache Query", ["key"=>$key]);
+        $val = $this->engine->get($key);
+        if ($val !== false) {
+            $res = "hit";
+            $this->hits++;
+        } else {
+            $res = "miss";
+            $this->misses++;
+        }
+        $_tracer->end(null, ["result"=>$res]);
+        return $val;
+    }
+
+    public function set(string $key, $val, int $time=0)
+    {
+        global $_tracer;
+        $_tracer->begin("Cache Set", ["key"=>$key, "time"=>$time]);
+        $this->engine->set($key, $val, $time);
+        $_tracer->end();
+    }
+
+    public function delete(string $key)
+    {
+        global $_tracer;
+        $_tracer->begin("Cache Delete", ["key"=>$key]);
+        $this->engine->delete($key);
+        $_tracer->end();
+    }
+
+    public function get_hits(): int
+    {
+        return $this->hits;
+    }
+    public function get_misses(): int
+    {
+        return $this->misses;
+    }
+}

core/captcha.php

@@ -0,0 +1,60 @@
+<?php declare(strict_types=1);
+/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *\
+* CAPTCHA abstraction                                                       *
+\* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
+
+use ReCaptcha\ReCaptcha;
+
+function captcha_get_html(): string
+{
+    global $config, $user;
+
+    if (DEBUG && ip_in_range($_SERVER['REMOTE_ADDR'], "127.0.0.0/8")) {
+        return "";
+    }
+
+    $captcha = "";
+    if ($user->is_anonymous() && $config->get_bool("comment_captcha")) {
+        $r_publickey = $config->get_string("api_recaptcha_pubkey");
+        if (!empty($r_publickey)) {
+            $captcha = "
+				<div class=\"g-recaptcha\" data-sitekey=\"{$r_publickey}\"></div>
+				<script type=\"text/javascript\" src=\"https://www.google.com/recaptcha/api.js\"></script>";
+        } else {
+            session_start();
+            $captcha = Securimage::getCaptchaHtml(['securimage_path' => './vendor/dapphp/securimage/']);
+        }
+    }
+    return $captcha;
+}
+
+function captcha_check(): bool
+{
+    global $config, $user;
+
+    if (DEBUG && ip_in_range($_SERVER['REMOTE_ADDR'], "127.0.0.0/8")) {
+        return true;
+    }
+
+    if ($user->is_anonymous() && $config->get_bool("comment_captcha")) {
+        $r_privatekey = $config->get_string('api_recaptcha_privkey');
+        if (!empty($r_privatekey)) {
+            $recaptcha = new ReCaptcha($r_privatekey);
+            $resp = $recaptcha->verify($_POST['g-recaptcha-response'], $_SERVER['REMOTE_ADDR']);
+
+            if (!$resp->isSuccess()) {
+                log_info("core", "Captcha failed (ReCaptcha): " . implode("", $resp->getErrorCodes()));
+                return false;
+            }
+        } else {
+            session_start();
+            $securimg = new Securimage();
+            if ($securimg->check($_POST['captcha_code']) === false) {
+                log_info("core", "Captcha failed (Securimage)");
+                return false;
+            }
+        }
+    }
+
+    return true;
+}

core/config.class.php

@@ -1,128 +0,0 @@
-<?php
-class Config {
-	var $values = array(
-			'image_tlink' => '/thumbs/$id.jpg',
-			'image_ilink' => '/images/$id.$ext',
-	);
-	var $defaults = array(
-			'title' => 'Shimmie', # setup
-			'version' => 'Shimmie2-0.0.9', // internal
-			'db_version' => '2.0.0.9', // this should be managed by upgrade.php
-			'base_href' => './index.php?q=', # setup
-			'data_href' => './', # setup
-			'theme' => 'default', # setup
-			'debug_enabled' => true, # hidden
-			'anon_id' => 0, # general
-			'dir_images' => 'images', # general
-			'dir_thumbs' => 'thumbs', # general
-			'index_width' => 3, # index
-			'index_height' => 4, # index
-			'index_tips' => true,
-			'thumb_width' => 192, # index
-			'thumb_height' => 192, # index
-			'thumb_quality' => 75,  # index
-			'thumb_gd_mem_limit' => '8MB', # upload
-			'view_scale' => false, # view
-			'tags_default' => 'map', # (ignored)
-			'tags_min' => '2', # tags
-			'upload_count' => 3, # upload
-			'upload_size' => '256KB', # upload
-			'upload_anon' => true, # upload
-			'comment_anon' => true, # comment
-			'comment_window' => 5, # comment
-			'comment_limit' => 3, # comment
-			'comment_count' => 5, # comment
-			'popular_count' => 15, # popular
-			'info_link' => 'http://tags.shishnet.org/wiki/$tag', # popular
-			'login_signup_enabled' => true, # user
-			'login_memory' => 7, # user
-			'image_ilink' => '$base/image/$id.$ext', # view
-			'image_slink' => '', # view
-			'image_tlink' => '$base/thumb/$id.jpg', # view
-			'image_tip' => '$tags // $size // $filesize' # view
-	);
-
-	public function Config() {
-		global $database;
-		$this->values = $database->db->GetAssoc("SELECT name, value FROM config");
-	}
-	public function save($name=null) {
-		global $database;
-
-		if(is_null($name)) {
-			foreach($this->values as $name => $value) {
-				// does "or update" work with sqlite / postgres?
-				$database->db->StartTrans();
-				$database->db->Execute("DELETE FROM config WHERE name = ?", array($name));
-				$database->db->Execute("INSERT INTO config VALUES (?, ?)", array($name, $value));
-				$database->db->CommitTrans();
-			}
-		}
-		else {
-			$database->db->StartTrans();
-			$database->db->Execute("DELETE FROM config WHERE name = ?", array($name));
-			$database->db->Execute("INSERT INTO config VALUES (?, ?)", array($name, $this->values[$name]));
-			$database->db->CommitTrans();
-		}
-	}
-
-	public function set_int($name, $value) {
-		$this->values[$name] = parse_shorthand_int($value);
-		$this->save($name);
-	}
-	public function set_string($name, $value) {
-		$this->values[$name] = $value;
-		$this->save($name);
-	}
-	public function set_bool($name, $value) {
-		$this->values[$name] = (($value == 'on' || $value === true) ? 'Y' : 'N');
-		$this->save($name);
-	}
-
-	public function set_int_from_post($name) {
-		if(isset($_POST[$name])) {
-			$this->values[$name] = $_POST[$name];
-			$this->save($name);
-		}
-	}
-	public function set_string_from_post($name) {
-		if(isset($_POST[$name])) {
-			$this->values[$name] = $_POST[$name];
-			$this->save($name);
-		}
-	}
-	public function set_bool_from_post($name) {
-		if(isset($_POST[$name]) && ($_POST[$name] == 'on')) {
-			$this->values[$name] = 'Y';
-		}
-		else {
-			$this->values[$name] = 'N';
-		}
-		$this->save($name);
-	}
-
-	public function get_int($name) {
-		// deprecated -- ints should be stored as ints now
-		return parse_shorthand_int($this->get($name));
-	}
-	public function get_string($name) {
-		return $this->get($name);
-	}
-	public function get_bool($name) {
-		// deprecated -- bools should be stored as Y/N now
-		return ($this->get($name) == 'Y' || $this->get($name) == '1');
-	}
-
-	public function get($name) {
-		if(isset($this->values[$name])) {
-			return $this->values[$name];
-		}
-		else if(isset($this->defaults[$name])) {
-			return $this->defaults[$name];
-		}
-		else {
-			return null;
-		}
-	}
-}
-?>

core/config.php

@@ -0,0 +1,338 @@
+<?php declare(strict_types=1);
+
+/**
+ * Interface Config
+ *
+ * An abstract interface for altering a name:value pair list.
+ */
+interface Config
+{
+    /**
+     * Save the list of name:value pairs to wherever they came from,
+     * so that the next time a page is loaded it will use the new
+     * configuration.
+     */
+    public function save(string $name=null): void;
+
+    //@{ /*--------------------------------- SET ------------------------------------------------------*/
+    /**
+     * Set a configuration option to a new value, regardless of what the value is at the moment.
+     */
+    public function set_int(string $name, ?int $value): void;
+
+    /**
+     * Set a configuration option to a new value, regardless of what the value is at the moment.
+     */
+    public function set_float(string $name, ?float $value): void;
+
+    /**
+     * Set a configuration option to a new value, regardless of what the value is at the moment.
+     */
+    public function set_string(string $name, ?string $value): void;
+
+    /**
+     * Set a configuration option to a new value, regardless of what the value is at the moment.
+     */
+    public function set_bool(string $name, ?bool $value): void;
+
+    /**
+     * Set a configuration option to a new value, regardless of what the value is at the moment.
+     */
+    public function set_array(string $name, array $value): void;
+    //@} /*--------------------------------------------------------------------------------------------*/
+
+    //@{ /*-------------------------------- SET DEFAULT -----------------------------------------------*/
+    /**
+     * Set a configuration option to a new value, if there is no value currently.
+     *
+     * Extensions should generally call these from their InitExtEvent handlers.
+     * This has the advantage that the values will show up in the "advanced" setup
+     * page where they can be modified, while calling get_* with a "default"
+     * parameter won't show up.
+     */
+    public function set_default_int(string $name, int $value): void;
+
+    /**
+     * Set a configuration option to a new value, if there is no value currently.
+     *
+     * Extensions should generally call these from their InitExtEvent handlers.
+     * This has the advantage that the values will show up in the "advanced" setup
+     * page where they can be modified, while calling get_* with a "default"
+     * parameter won't show up.
+     */
+    public function set_default_float(string $name, float $value): void;
+
+    /**
+     * Set a configuration option to a new value, if there is no value currently.
+     *
+     * Extensions should generally call these from their InitExtEvent handlers.
+     * This has the advantage that the values will show up in the "advanced" setup
+     * page where they can be modified, while calling get_* with a "default"
+     * parameter won't show up.
+     */
+    public function set_default_string(string $name, string $value): void;
+
+    /**
+     * Set a configuration option to a new value, if there is no value currently.
+     *
+     * Extensions should generally call these from their InitExtEvent handlers.
+     * This has the advantage that the values will show up in the "advanced" setup
+     * page where they can be modified, while calling get_* with a "default"
+     * parameter won't show up.
+     */
+    public function set_default_bool(string $name, bool $value): void;
+
+    /**
+     * Set a configuration option to a new value, if there is no value currently.
+     *
+     * Extensions should generally call these from their InitExtEvent handlers.
+     * This has the advantage that the values will show up in the "advanced" setup
+     * page where they can be modified, while calling get_* with a "default"
+     * parameter won't show up.
+     */
+    public function set_default_array(string $name, array $value): void;
+    //@} /*--------------------------------------------------------------------------------------------*/
+
+    //@{ /*--------------------------------- GET ------------------------------------------------------*/
+    /**
+     * Pick a value out of the table by name, cast to the appropriate data type.
+     */
+    public function get_int(string $name, ?int $default=null): ?int;
+
+    /**
+     * Pick a value out of the table by name, cast to the appropriate data type.
+     */
+    public function get_float(string $name, ?float $default=null): ?float;
+
+    /**
+     * Pick a value out of the table by name, cast to the appropriate data type.
+     */
+    public function get_string(string $name, ?string $default=null): ?string;
+
+    /**
+     * Pick a value out of the table by name, cast to the appropriate data type.
+     */
+    public function get_bool(string $name, ?bool $default=null): ?bool;
+
+    /**
+     * Pick a value out of the table by name, cast to the appropriate data type.
+     */
+    public function get_array(string $name, ?array $default=[]): ?array;
+    //@} /*--------------------------------------------------------------------------------------------*/
+}
+
+
+/**
+ * Class BaseConfig
+ *
+ * Common methods for manipulating the list, loading and saving is
+ * left to the concrete implementation
+ */
+abstract class BaseConfig implements Config
+{
+    public $values = [];
+
+    public function set_int(string $name, ?int $value): void
+    {
+        $this->values[$name] = is_null($value) ? null : $value;
+        $this->save($name);
+    }
+
+    public function set_float(string $name, ?float $value): void
+    {
+        $this->values[$name] = $value;
+        $this->save($name);
+    }
+
+    public function set_string(string $name, ?string $value): void
+    {
+        $this->values[$name] = $value;
+        $this->save($name);
+    }
+
+    public function set_bool(string $name, ?bool $value): void
+    {
+        $this->values[$name] = $value ? 'Y' : 'N';
+        $this->save($name);
+    }
+
+    public function set_array(string $name, ?array $value): void
+    {
+        if ($value!=null) {
+            $this->values[$name] = implode(",", $value);
+        } else {
+            $this->values[$name] = null;
+        }
+        $this->save($name);
+    }
+
+    public function set_default_int(string $name, int $value): void
+    {
+        if (is_null($this->get($name))) {
+            $this->values[$name] = $value;
+        }
+    }
+
+    public function set_default_float(string $name, float $value): void
+    {
+        if (is_null($this->get($name))) {
+            $this->values[$name] = $value;
+        }
+    }
+
+    public function set_default_string(string $name, string $value): void
+    {
+        if (is_null($this->get($name))) {
+            $this->values[$name] = $value;
+        }
+    }
+
+    public function set_default_bool(string $name, bool $value): void
+    {
+        if (is_null($this->get($name))) {
+            $this->values[$name] = $value ? 'Y' : 'N';
+        }
+    }
+
+    public function set_default_array(string $name, array $value): void
+    {
+        if (is_null($this->get($name))) {
+            $this->values[$name] = implode(",", $value);
+        }
+    }
+
+    public function get_int(string $name, ?int $default=null): ?int
+    {
+        return (int)($this->get($name, $default));
+    }
+
+    public function get_float(string $name, ?float $default=null): ?float
+    {
+        return (float)($this->get($name, $default));
+    }
+
+    public function get_string(string $name, ?string $default=null): ?string
+    {
+        $val = $this->get($name, $default);
+        if (!is_string($val) && !is_null($val)) {
+            throw new SCoreException("$name is not a string: $val");
+        }
+        return $val;
+    }
+
+    public function get_bool(string $name, ?bool $default=null): ?bool
+    {
+        return bool_escape($this->get($name, $default));
+    }
+
+    public function get_array(string $name, ?array $default=[]): ?array
+    {
+        return explode(",", $this->get($name, ""));
+    }
+
+    private function get(string $name, $default=null)
+    {
+        if (isset($this->values[$name])) {
+            return $this->values[$name];
+        } else {
+            return $default;
+        }
+    }
+}
+
+
+/**
+ * Class DatabaseConfig
+ *
+ * Loads the config list from a table in a given database, the table should
+ * be called config and have the schema:
+ *
+ * \code
+ *  CREATE TABLE config(
+ *      name VARCHAR(255) NOT NULL,
+ *      value TEXT
+ *  );
+ * \endcode
+ */
+class DatabaseConfig extends BaseConfig
+{
+    /** @var Database  */
+    private $database = null;
+
+    private $table_name;
+    private $sub_column;
+    private $sub_value;
+
+    public function __construct(
+        Database $database,
+        string $table_name = "config",
+        string $sub_column = null,
+        string $sub_value = null
+    ) {
+        global $cache;
+
+        $this->database = $database;
+        $this->table_name = $table_name;
+        $this->sub_value = $sub_value;
+        $this->sub_column = $sub_column;
+
+        $cache_name = "config";
+        if (!empty($sub_value)) {
+            $cache_name .= "_".$sub_value;
+        }
+
+        $cached = $cache->get($cache_name);
+        if ($cached) {
+            $this->values = $cached;
+        } else {
+            $this->values = [];
+
+            $query = "SELECT name, value FROM {$this->table_name}";
+            $args = [];
+
+            if (!empty($sub_column)&&!empty($sub_value)) {
+                $query .= " WHERE $sub_column = :sub_value";
+                $args["sub_value"] = $sub_value;
+            }
+
+            foreach ($this->database->get_all($query, $args) as $row) {
+                $this->values[$row["name"]] = $row["value"];
+            }
+            $cache->set($cache_name, $this->values);
+        }
+    }
+
+    public function save(string $name=null): void
+    {
+        global $cache;
+
+        if (is_null($name)) {
+            reset($this->values); // rewind the array to the first element
+            foreach ($this->values as $name => $value) {
+                $this->save($name);
+            }
+        } else {
+            $query = "DELETE FROM {$this->table_name} WHERE name = :name";
+            $args = ["name"=>$name];
+            $cols = ["name","value"];
+            $params = [":name",":value"];
+            if (!empty($this->sub_column)&&!empty($this->sub_value)) {
+                $query .= " AND $this->sub_column = :sub_value";
+                $args["sub_value"] = $this->sub_value;
+                $cols[] = $this->sub_column;
+                $params[] = ":sub_value";
+            }
+
+            $this->database->Execute($query, $args);
+
+            $args["value"] =$this->values[$name];
+            $this->database->Execute(
+                "INSERT INTO {$this->table_name} (".join(",", $cols).") VALUES (".join(",", $params).")",
+                $args
+            );
+        }
+        // rather than deleting and having some other request(s) do a thundering
+        // herd of race-conditioned updates, just save the updated version once here
+        $cache->set("config", $this->values);
+    }
+}

core/database.class.php

@@ -1,342 +0,0 @@
-<?php
-require_once "lib/adodb/adodb.inc.php";
-
-class Querylet { // {{{
-	var $sql;
-	var $variables;
-	
-	public function querylet($sql, $variables=array()) {
-		$this->sql = $sql;
-		$this->variables = $variables;
-	}
-
-	public function append($querylet) {
-		$this->sql .= $querylet->sql;
-		$this->variables = array_merge($this->variables, $querylet->variables);
-	}
-
-	public function append_sql($sql) {
-		$this->sql .= $sql;
-	}
-
-	public function add_variable($var) {
-		$this->variables[] = $var;
-	}
-} // }}}
-
-class Database {
-	var $db;
-	var $extensions;
-
-	public function Database() {
-		if(is_readable("config.php")) {
-			require_once "config.php";
-			$this->db = NewADOConnection($database_dsn);
-			$this->db->SetFetchMode(ADODB_FETCH_ASSOC);
-			$this->extensions = $this->db->GetAssoc("SELECT name, version FROM extensions");
-		}
-		else {
-			header("Location: install.php");
-			exit;
-		}
-	}
-
-// misc {{{
-	public function count_pages($tags=array()) {
-		global $config;
-		$images_per_page = $config->get_int('index_width') * $config->get_int('index_height');
-		if(count($tags) == 0) {
-			return ceil($this->db->GetOne("SELECT COUNT(*) FROM images") / $images_per_page);
-		}
-		else {
-			$querylet = $this->build_search_querylet($tags);
-			$result = $this->db->Execute($querylet->sql, $querylet->variables);
-			return ceil($result->RecordCount() / $images_per_page);
-		}
-	}
-// }}}
-// extensions {{{
-	public function set_extension_version($name, $version) {
-		$this->extensions[$name] = $version;
-		$this->db->GetRow("INSERT INTO extensions(name, version) VALUES (?, ?)", array($name, $version));
-	}
-	public function get_extension_version($name) {
-		return (isset($this->extensions[$name]) ? $this->extensions[$name] : -1);
-	}
-// }}}
-// tags {{{
-	public function resolve_alias($tag) {
-		$newtag = $this->db->GetOne("SELECT newtag FROM aliases WHERE oldtag=?", array($tag));
-		if(!empty($newtag)) {
-			return $newtag;
-		} else {
-			return $tag;
-		}
-	}
-
-	public function sanitise($tag) {
-		return preg_replace("/[\s?*]/", "", $tag);
-	}
-
-	private function build_search_querylet($terms) {
-		$tag_search = new Querylet("0");
-		$positive_tag_count = 0;
-		$img_search = new Querylet("");
-
-		foreach($terms as $term) {
-			$negative = false;
-			if((strlen($term) > 0) && ($term[0] == '-')) {
-				$negative = true;
-				$term = substr($term, 1);
-			}
-			
-			$term = $this->resolve_alias($term);
-
-			if(substr($term, 0, 5) == "size=") {
-				$dim = substr($term, 5);
-				$parts = explode('x', $dim);
-				$args = array(int_escape($parts[0]), int_escape($parts[1]));
-				$img_search->append(new Querylet("AND (width = ? AND height = ?)", $args));
-			}
-			else if(substr($term, 0, 5) == "size>") {
-				$dim = substr($term, 5);
-				$parts = explode('x', $dim);
-				$args = array(int_escape($parts[0]), int_escape($parts[1]));
-				$img_search->append(new Querylet("AND (width > ? AND height > ?)", $args));
-			}
-			else if(substr($term, 0, 5) == "size<") {
-				$dim = substr($term, 5);
-				$parts = explode('x', $dim);
-				$args = array(int_escape($parts[0]), int_escape($parts[1]));
-				$img_search->append(new Querylet("AND (width < ? AND height < ?)", $args));
-			}
-			else if(substr($term, 0, 6) == "ratio=") {
-				$dim = substr($term, 6);
-				$parts = explode(':', $dim);
-				$args = array(int_escape($parts[0]), int_escape($parts[1]));
-				$img_search->append(new Querylet("AND (width / height = ? / ?)", $args));
-			}
-			else if(substr($term, 0, 3) == "id<") {
-				$img_search->append(new Querylet("AND (id < ?)", array(int_escape(substr($term, 3)))));
-			}
-			else if(substr($term, 0, 3) == "id>") {
-				$img_search->append(new Querylet("AND (id > ?)", array(int_escape(substr($term, 3)))));
-			}
-			else if(substr($term, 0, 9) == "filesize<") {
-				$img_search->append(new Querylet("AND (filesize < ?)", array(parse_shorthand_int(substr($term, 9)))));
-			}
-			else if(substr($term, 0, 9) == "filesize>") {
-				$img_search->append(new Querylet("AND (filesize > ?)", array(parse_shorthand_int(substr($term, 9)))));
-			}
-			else {
-				$term = str_replace("*", "%", $term);
-				$term = str_replace("?", "_", $term);
-				$sign = $negative ? "-" : "+";
-				if($sign == "+") $positive_tag_count++;
-				$tag_search->append(new Querylet(" $sign (tag LIKE ?)", array($term)));
-			}
-		}
-
-		$database_fails = false; // MySQL 4.0 fails at subqueries
-		if(count($tag_search->variables) == 0 || $database_fails) {
-			$query = new Querylet("SELECT * FROM images ");
-		}
-		else {
-			$subquery = new Querylet("
-				SELECT *, SUM({$tag_search->sql}) AS score
-				FROM images
-				LEFT JOIN tags ON tags.image_id = images.id
-				GROUP BY images.id
-				HAVING score = ?",
-				array_merge(
-					$tag_search->variables,
-					array($positive_tag_count)
-				)
-			);
-			$query = new Querylet("SELECT * FROM ({$subquery->sql}) AS images ", $subquery->variables);
-		}
-
-		if(count($img_search->variables) > 0) {
-			$query->append_sql("WHERE 1=1 ");
-			$query->append($img_search);
-		}
-
-		return $query;
-	}
-
-	private function build_search_querylet_old($tags) { // {{{
-		$querylet = new Querylet("SELECT images.*, SUM(");
-
-		$tnum = 0;
-		foreach($tags as $tag) {
-			if(($tag != "") && ($tag[0] == '-')) continue;
-			$querylet->append_sql($tnum == 0 ? "(" : " OR ");
-			$querylet->append($this->term_to_querylet($tag));
-			$tnum++;
-		}
-		$min_score = $tnum;
-		if($tnum > 0) $querylet->append_sql(")");
-
-		$tnum = 0;
-		foreach($tags as $tag) {
-			if(($tag == "") || ($tag[0] != '-')) continue;
-			$querylet->append_sql($tnum == 0 ? "-(" : " OR ");
-			$querylet->append($this->term_to_querylet(substr($tag, 1)));
-			$tnum++;
-		}
-		if($tnum > 0) $querylet->append_sql(")");
-
-		$querylet->append_sql(") AS score
-			FROM tags
-			LEFT JOIN images ON image_id=images.id
-			GROUP BY images.id
-			HAVING score >= ?
-		");
-		$querylet->add_variable($min_score);
-
-		return $querylet;
-	}
-	
-	private function term_to_querylet($term) {
-		$term = $this->resolve_alias($term);
-
-		if(substr($term, 0, 5) == "size:") {
-			$dim = substr($term, 5);
-			$parts = explode('x', $dim);
-			return new Querylet("(width = ? AND height = ?)", array(int_escape($parts[0]), int_escape($parts[1])));
-		}
-		else if(substr($term, 0, 9) == "size-min:") {
-			$dim = substr($term, 9);
-			$parts = explode('x', $dim);
-			return new Querylet("(width >= ? AND height >= ?)", array(int_escape($parts[0]), int_escape($parts[1])));
-		}
-		else if(substr($term, 0, 9) == "size-max:") {
-			$dim = substr($term, 9);
-			$parts = explode('x', $dim);
-			return new Querylet("(width <= ? AND height <= ?)", array(int_escape($parts[0]), int_escape($parts[1])));
-		}
-		else {
-			$term = str_replace("*", "%", $term);
-			$term = str_replace("?", "_", $term);
-			return new Querylet("(tag LIKE ?)", array($term));
-		}
-	} // }}}
-
-	public function delete_tags_from_image($image_id) {
-		$this->db->Execute("DELETE FROM tags WHERE image_id=?", array($image_id));
-	}
-
-	public function set_tags($image_id, $tags) {
-		$tags = tag_explode($tags);
-
-		$tags = array_map(array($this, 'resolve_alias'), $tags);
-		$tags = array_map(array($this, 'sanitise'), $tags);
-		$tags = array_unique($tags); // remove any duplicate tags
-
-		// delete old
-		$this->delete_tags_from_image($image_id);
-		
-		// insert each new tag
-		foreach($tags as $tag) {
-			$this->db->Execute("INSERT INTO tags(image_id, tag) VALUES(?, ?)", array($image_id, $tag));
-		}
-	}
-// }}}
-// images {{{
-	public function get_images($start, $limit, $tags=array()) {
-		$images = array();
-
-		assert($start >= 0);
-		assert($limit >  0);
-		if($start < 0) $start = 0;
-		if($limit < 1) $limit = 1;
-		
-		if(count($tags) == 0) {
-			$result = $this->db->Execute("SELECT * FROM images ORDER BY id DESC LIMIT ?,?", array($start, $limit));
-		}
-		else {
-			$querylet = $this->build_search_querylet($tags);
-			$querylet->append(new Querylet("ORDER BY images.id DESC LIMIT ?,?", array($start, $limit)));
-			$result = $this->db->Execute($querylet->sql, $querylet->variables);
-		}
-		
-		while(!$result->EOF) {
-			$images[] = new Image($result->fields);
-			$result->MoveNext();
-		}
-		return $images;
-	}
-
-	public function get_next_image($id, $tags=array(), $next=true) {
-		if($next) {
-			$gtlt = "<";
-			$dir = "DESC";
-		}
-		else {
-			$gtlt = ">";
-			$dir = "ASC";
-		}
-
-		if(count($tags) == 0) {
-			$row = $this->db->GetRow("SELECT * FROM images WHERE id $gtlt ? ORDER BY id $dir", array((int)$id));
-		}
-		else {
-			$tags[] = ($next ? "id<$id" : "id>$id");
-			$dir    = ($next ? "DESC"   : "ASC");
-			$querylet = $this->build_search_querylet($tags);
-			$querylet->append_sql("ORDER BY id $dir");
-			$row = $this->db->GetRow($querylet->sql, $querylet->variables);
-		}
-		
-		return ($row ? new Image($row) : null);
-	}
-
-	public function get_prev_image($id, $tags=array()) {
-		return $this->get_next_image($id, $tags, false);
-	}
-
-	public function get_image($id) {
-		$image = null;
-		$row = $this->db->GetRow("SELECT * FROM images WHERE id=?", array($id));
-		return ($row ? new Image($row) : null);
-	}
-
-	public function remove_image($id) {
-		$this->db->Execute("DELETE FROM images WHERE id=?", array($id));
-	}
-// }}}
-// users {{{
-	var $SELECT_USER = "SELECT *,time_to_sec(timediff(now(), joindate))/(60*60*24) AS days_old FROM users ";
-	
-	public function get_user($a=false, $b=false) {
-		if($b == false) {
-			return $this->get_user_by_id($a);
-		}
-		else {
-			return $this->get_user_by_name_and_hash($a, $b);
-		}
-	}
-
-	public function get_user_session($name, $session) {
-		$row = $this->db->GetRow("{$this->SELECT_USER} WHERE name LIKE ? AND md5(concat(pass, ?)) = ?",
-				array($name, $_SERVER['REMOTE_ADDR'], $session));
-		return $row ? new User($row) : null;
-	}
-
-	public function get_user_by_id($id) {
-		$row = $this->db->GetRow("{$this->SELECT_USER} WHERE id=?", array($id));
-		return $row ? new User($row) : null;
-	}
-	
-	public function get_user_by_name($name) {
-		$row = $this->db->GetRow("{$this->SELECT_USER} WHERE name=?", array($name));
-		return $row ? new User($row) : null;
-	}
-
-	public function get_user_by_name_and_hash($name, $hash) {
-		$row = $this->db->GetRow("{$this->SELECT_USER} WHERE name LIKE ? AND pass = ?", array($name, $hash));
-		return $row ? new User($row) : null;
-	}
-// }}}
-}
-?>

core/database.php

@@ -0,0 +1,339 @@
+<?php declare(strict_types=1);
+use FFSPHP\PDO;
+
+abstract class DatabaseDriver
+{
+    public const MYSQL = "mysql";
+    public const PGSQL = "pgsql";
+    public const SQLITE = "sqlite";
+}
+
+/**
+ * A class for controlled database access
+ */
+class Database
+{
+    /** @var string */
+    private $dsn;
+
+    /**
+     * The PDO database connection object, for anyone who wants direct access.
+     * @var null|PDO
+     */
+    private $db = null;
+
+    /**
+     * @var float
+     */
+    public $dbtime = 0.0;
+
+    /**
+     * Meta info about the database engine.
+     * @var DBEngine|null
+     */
+    private $engine = null;
+
+    /**
+     * A boolean flag to track if we already have an active transaction.
+     * (ie: True if beginTransaction() already called)
+     *
+     * @var bool
+     */
+    public $transaction = false;
+
+    /**
+     * How many queries this DB object has run
+     */
+    public $query_count = 0;
+
+    public function __construct(string $dsn)
+    {
+        $this->dsn = $dsn;
+    }
+
+    private function connect_db(): void
+    {
+        $this->db = new PDO($this->dsn, [
+            PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
+        ]);
+
+        $this->connect_engine();
+        $this->engine->init($this->db);
+
+        $this->begin_transaction();
+    }
+
+    private function connect_engine(): void
+    {
+        if (preg_match("/^([^:]*)/", $this->dsn, $matches)) {
+            $db_proto=$matches[1];
+        } else {
+            throw new SCoreException("Can't figure out database engine");
+        }
+
+        if ($db_proto === DatabaseDriver::MYSQL) {
+            $this->engine = new MySQL();
+        } elseif ($db_proto === DatabaseDriver::PGSQL) {
+            $this->engine = new PostgreSQL();
+        } elseif ($db_proto === DatabaseDriver::SQLITE) {
+            $this->engine = new SQLite();
+        } else {
+            die_nicely(
+                'Unknown PDO driver: '.$db_proto,
+                "Please check that this is a valid driver, installing the PHP modules if needed"
+            );
+        }
+    }
+
+    public function begin_transaction(): void
+    {
+        if ($this->transaction === false) {
+            $this->db->beginTransaction();
+            $this->transaction = true;
+        }
+    }
+
+    public function is_transaction_open(): bool
+    {
+        return !is_null($this->db) && $this->transaction === true;
+    }
+
+    public function commit(): bool
+    {
+        if ($this->is_transaction_open()) {
+            $this->transaction = false;
+            return $this->db->commit();
+        } else {
+            throw new SCoreException("Unable to call commit() as there is no transaction currently open.");
+        }
+    }
+
+    public function rollback(): bool
+    {
+        if ($this->is_transaction_open()) {
+            $this->transaction = false;
+            return $this->db->rollback();
+        } else {
+            throw new SCoreException("Unable to call rollback() as there is no transaction currently open.");
+        }
+    }
+
+    public function scoreql_to_sql(string $input): string
+    {
+        if (is_null($this->engine)) {
+            $this->connect_engine();
+        }
+        return $this->engine->scoreql_to_sql($input);
+    }
+
+    public function scoresql_value_prepare($input)
+    {
+        if (is_null($this->engine)) {
+            $this->connect_engine();
+        }
+        if ($input===true) {
+            return $this->engine->BOOL_Y;
+        } elseif ($input===false) {
+            return $this->engine->BOOL_N;
+        }
+        return $input;
+    }
+
+    public function get_driver_name(): string
+    {
+        if (is_null($this->engine)) {
+            $this->connect_engine();
+        }
+        return $this->engine->name;
+    }
+
+    public function get_version(): string
+    {
+        return $this->engine->get_version($this->db);
+    }
+
+    private function count_time(string $method, float $start, string $query, ?array $args): void
+    {
+        global $_tracer, $tracer_enabled;
+        $dur = microtime(true) - $start;
+        if ($tracer_enabled) {
+            $query = trim(preg_replace('/^[\t ]+/m', '', $query));  // trim leading whitespace
+            $_tracer->complete($start * 1000000, $dur * 1000000, "DB Query", ["query"=>$query, "args"=>$args, "method"=>$method]);
+        }
+        $this->query_count++;
+        $this->dbtime += $dur;
+    }
+
+    public function set_timeout(int $time): void
+    {
+        $this->engine->set_timeout($this->db, $time);
+    }
+
+    public function execute(string $query, array $args = []): PDOStatement
+    {
+        try {
+            if (is_null($this->db)) {
+                $this->connect_db();
+            }
+            return $this->db->execute(
+                "-- " . str_replace("%2F", "/", urlencode($_GET['q'] ?? '')). "\n" .
+                $query,
+                $args
+            );
+        } catch (PDOException $pdoe) {
+            throw new SCoreException($pdoe->getMessage(), $query);
+        }
+    }
+
+    /**
+     * Execute an SQL query and return a 2D array.
+     */
+    public function get_all(string $query, array $args = []): array
+    {
+        $_start = microtime(true);
+        $data = $this->execute($query, $args)->fetchAll();
+        $this->count_time("get_all", $_start, $query, $args);
+        return $data;
+    }
+
+    /**
+     * Execute an SQL query and return a iterable object for use with generators.
+     */
+    public function get_all_iterable(string $query, array $args = []): PDOStatement
+    {
+        $_start = microtime(true);
+        $data = $this->execute($query, $args);
+        $this->count_time("get_all_iterable", $_start, $query, $args);
+        return $data;
+    }
+
+    /**
+     * Execute an SQL query and return a single row.
+     */
+    public function get_row(string $query, array $args = []): ?array
+    {
+        $_start = microtime(true);
+        $row = $this->execute($query, $args)->fetch();
+        $this->count_time("get_row", $_start, $query, $args);
+        return $row ? $row : null;
+    }
+
+    /**
+     * Execute an SQL query and return the first column of each row.
+     */
+    public function get_col(string $query, array $args = []): array
+    {
+        $_start = microtime(true);
+        $res = $this->execute($query, $args)->fetchAll(PDO::FETCH_COLUMN);
+        $this->count_time("get_col", $_start, $query, $args);
+        return $res;
+    }
+
+    /**
+     * Execute an SQL query and return the first column of each row as a single iterable object.
+     */
+    public function get_col_iterable(string $query, array $args = []): Generator
+    {
+        $_start = microtime(true);
+        $stmt = $this->execute($query, $args);
+        $this->count_time("get_col_iterable", $_start, $query, $args);
+        foreach ($stmt as $row) {
+            yield $row[0];
+        }
+    }
+
+    /**
+     * Execute an SQL query and return the the first column => the second column.
+     */
+    public function get_pairs(string $query, array $args = []): array
+    {
+        $_start = microtime(true);
+        $res = $this->execute($query, $args)->fetchAll(PDO::FETCH_KEY_PAIR);
+        $this->count_time("get_pairs", $_start, $query, $args);
+        return $res;
+    }
+
+    /**
+     * Execute an SQL query and return a single value, or null.
+     */
+    public function get_one(string $query, array $args = [])
+    {
+        $_start = microtime(true);
+        $row = $this->execute($query, $args)->fetch();
+        $this->count_time("get_one", $_start, $query, $args);
+        return $row ? $row[0] : null;
+    }
+
+    /**
+     * Execute an SQL query and returns a bool indicating if any data was returned
+     */
+    public function exists(string $query, array $args = []): bool
+    {
+        $_start = microtime(true);
+        $row = $this->execute($query, $args)->fetch();
+        $this->count_time("exists", $_start, $query, $args);
+        if ($row==null) {
+            return false;
+        }
+        return true;
+    }
+
+    /**
+     * Get the ID of the last inserted row.
+     */
+    public function get_last_insert_id(string $seq): int
+    {
+        if ($this->engine->name == DatabaseDriver::PGSQL) {
+            $id = $this->db->lastInsertId($seq);
+        } else {
+            $id = $this->db->lastInsertId();
+        }
+        assert(is_numeric($id));
+        return (int)$id;
+    }
+
+    /**
+     * Create a table from pseudo-SQL.
+     */
+    public function create_table(string $name, string $data): void
+    {
+        if (is_null($this->engine)) {
+            $this->connect_engine();
+        }
+        $data = trim($data, ", \t\n\r\0\x0B");  // mysql doesn't like trailing commas
+        $this->execute($this->engine->create_table_sql($name, $data));
+    }
+
+    /**
+     * Returns the number of tables present in the current database.
+     *
+     * @throws SCoreException
+     */
+    public function count_tables(): int
+    {
+        if (is_null($this->db) || is_null($this->engine)) {
+            $this->connect_db();
+        }
+
+        if ($this->engine->name === DatabaseDriver::MYSQL) {
+            return count(
+                $this->get_all("SHOW TABLES")
+            );
+        } elseif ($this->engine->name === DatabaseDriver::PGSQL) {
+            return count(
+                $this->get_all("SELECT table_name FROM information_schema.tables WHERE table_schema = 'public'")
+            );
+        } elseif ($this->engine->name === DatabaseDriver::SQLITE) {
+            return count(
+                $this->get_all("SELECT name FROM sqlite_master WHERE type = 'table'")
+            );
+        } else {
+            throw new SCoreException("Can't count tables for database type {$this->engine->name}");
+        }
+    }
+
+    public function raw_db(): PDO
+    {
+        return $this->db;
+    }
+}

core/dbengine.php

@@ -0,0 +1,236 @@
+<?php declare(strict_types=1);
+abstract class SCORE
+{
+    const AIPK      = "SCORE_AIPK";
+    const INET      = "SCORE_INET";
+    const BOOL_Y    = "SCORE_BOOL_Y";
+    const BOOL_N    = "SCORE_BOOL_N";
+    const BOOL      = "SCORE_BOOL";
+}
+
+abstract class DBEngine
+{
+    /** @var null|string */
+    public $name = null;
+
+    public $BOOL_Y = null;
+    public $BOOL_N = null;
+
+    public function init(PDO $db)
+    {
+    }
+
+    public function scoreql_to_sql(string $scoreql): string
+    {
+        return $scoreql;
+    }
+
+    public function create_table_sql(string $name, string $data): string
+    {
+        return 'CREATE TABLE '.$name.' ('.$data.')';
+    }
+
+    abstract public function set_timeout(PDO $db, int $time);
+
+    abstract public function get_version(PDO $db): string;
+}
+
+class MySQL extends DBEngine
+{
+    /** @var string */
+    public $name = DatabaseDriver::MYSQL;
+
+    public $BOOL_Y = 'Y';
+    public $BOOL_N = 'N';
+
+    public function init(PDO $db)
+    {
+        $db->exec("SET NAMES utf8;");
+    }
+
+    public function scoreql_to_sql(string $data): string
+    {
+        $data = str_replace(SCORE::AIPK, "INTEGER PRIMARY KEY auto_increment", $data);
+        $data = str_replace(SCORE::INET, "VARCHAR(45)", $data);
+        $data = str_replace(SCORE::BOOL_Y, "'$this->BOOL_Y'", $data);
+        $data = str_replace(SCORE::BOOL_N, "'$this->BOOL_N'", $data);
+        $data = str_replace(SCORE::BOOL, "ENUM('Y', 'N')", $data);
+        return $data;
+    }
+
+    public function create_table_sql(string $name, string $data): string
+    {
+        $data = $this->scoreql_to_sql($data);
+        $ctes = "ENGINE=InnoDB DEFAULT CHARSET='utf8'";
+        return 'CREATE TABLE '.$name.' ('.$data.') '.$ctes;
+    }
+
+    public function set_timeout(PDO $db, int $time): void
+    {
+        // These only apply to read-only queries, which appears to be the best we can to mysql-wise
+        // $db->exec("SET SESSION MAX_EXECUTION_TIME=".$time.";");
+    }
+
+    public function get_version(PDO $db): string
+    {
+        return $db->query('select version()')->fetch()[0];
+    }
+}
+
+class PostgreSQL extends DBEngine
+{
+    /** @var string */
+    public $name = DatabaseDriver::PGSQL;
+
+    public $BOOL_Y = "true";
+    public $BOOL_N = "false";
+
+    public function init(PDO $db)
+    {
+        if (array_key_exists('REMOTE_ADDR', $_SERVER)) {
+            $db->exec("SET application_name TO 'shimmie [{$_SERVER['REMOTE_ADDR']}]';");
+        } else {
+            $db->exec("SET application_name TO 'shimmie [local]';");
+        }
+        if (defined("DATABASE_TIMEOUT")) {
+            $this->set_timeout($db, DATABASE_TIMEOUT);
+        }
+    }
+
+    public function scoreql_to_sql(string $data): string
+    {
+        $data = str_replace(SCORE::AIPK, "INTEGER NOT NULL PRIMARY KEY GENERATED ALWAYS AS IDENTITY", $data);
+        $data = str_replace(SCORE::INET, "INET", $data);
+        $data = str_replace(SCORE::BOOL_Y, "true", $data);
+        $data = str_replace(SCORE::BOOL_N, "false", $data);
+        $data = str_replace(SCORE::BOOL, "BOOL", $data);
+        return $data;
+    }
+
+    public function create_table_sql(string $name, string $data): string
+    {
+        $data = $this->scoreql_to_sql($data);
+        return "CREATE TABLE $name ($data)";
+    }
+
+    public function set_timeout(PDO $db, int $time): void
+    {
+        $db->exec("SET statement_timeout TO ".$time.";");
+    }
+
+    public function get_version(PDO $db): string
+    {
+        return $db->query('select version()')->fetch()[0];
+    }
+}
+
+// shimmie functions for export to sqlite
+function _unix_timestamp($date)
+{
+    return strtotime($date);
+}
+function _now()
+{
+    return date("Y-m-d H:i:s");
+}
+function _floor($a)
+{
+    return floor($a);
+}
+function _log($a, $b=null)
+{
+    if (is_null($b)) {
+        return log($a);
+    } else {
+        return log($a, $b);
+    }
+}
+function _isnull($a)
+{
+    return is_null($a);
+}
+function _md5($a)
+{
+    return md5($a);
+}
+function _concat($a, $b)
+{
+    return $a . $b;
+}
+function _lower($a)
+{
+    return strtolower($a);
+}
+function _rand()
+{
+    return rand();
+}
+function _ln($n)
+{
+    return log($n);
+}
+
+class SQLite extends DBEngine
+{
+    /** @var string  */
+    public $name = DatabaseDriver::SQLITE;
+
+    public $BOOL_Y = 'Y';
+    public $BOOL_N = 'N';
+
+
+    public function init(PDO $db)
+    {
+        ini_set('sqlite.assoc_case', '0');
+        $db->exec("PRAGMA foreign_keys = ON;");
+        $db->sqliteCreateFunction('UNIX_TIMESTAMP', '_unix_timestamp', 1);
+        $db->sqliteCreateFunction('now', '_now', 0);
+        $db->sqliteCreateFunction('floor', '_floor', 1);
+        $db->sqliteCreateFunction('log', '_log');
+        $db->sqliteCreateFunction('isnull', '_isnull', 1);
+        $db->sqliteCreateFunction('md5', '_md5', 1);
+        $db->sqliteCreateFunction('concat', '_concat', 2);
+        $db->sqliteCreateFunction('lower', '_lower', 1);
+        $db->sqliteCreateFunction('rand', '_rand', 0);
+        $db->sqliteCreateFunction('ln', '_ln', 1);
+    }
+
+    public function scoreql_to_sql(string $data): string
+    {
+        $data = str_replace(SCORE::AIPK, "INTEGER PRIMARY KEY", $data);
+        $data = str_replace(SCORE::INET, "VARCHAR(45)", $data);
+        $data = str_replace(SCORE::BOOL_Y, "'$this->BOOL_Y'", $data);
+        $data = str_replace(SCORE::BOOL_N, "'$this->BOOL_N'", $data);
+        $data = str_replace(SCORE::BOOL, "CHAR(1)", $data);
+        return $data;
+    }
+
+    public function create_table_sql(string $name, string $data): string
+    {
+        $data = $this->scoreql_to_sql($data);
+        $cols = [];
+        $extras = "";
+        foreach (explode(",", $data) as $bit) {
+            $matches = [];
+            if (preg_match("/(UNIQUE)? ?INDEX\s*\((.*)\)/", $bit, $matches)) {
+                $uni = $matches[1];
+                $col = $matches[2];
+                $extras .= "CREATE $uni INDEX {$name}_{$col} ON {$name}({$col});";
+            } else {
+                $cols[] = $bit;
+            }
+        }
+        $cols_redone = implode(", ", $cols);
+        return "CREATE TABLE $name ($cols_redone); $extras";
+    }
+
+    public function set_timeout(PDO $db, int $time): void
+    {
+        // There doesn't seem to be such a thing for SQLite, so it does nothing
+    }
+
+    public function get_version(PDO $db): string
+    {
+        return $db->query('select sqlite_version()')->fetch()[0];
+    }
+}

core/event.class.php

@@ -1,8 +0,0 @@
-<?php
-/*
- * Event:
- * generic parent class
- */
-class Event {
-}
-?>

core/event.php

@@ -0,0 +1,344 @@
+<?php declare(strict_types=1);
+/**
+ * Generic parent class for all events.
+ *
+ * An event is anything that can be passed around via send_event($blah)
+ */
+abstract class Event
+{
+    public $stop_processing = false;
+
+    public function __construct()
+    {
+    }
+
+    public function __toString()
+    {
+        return var_export($this, true);
+    }
+}
+
+
+/**
+ * A wake-up call for extensions. Upon recieving an InitExtEvent an extension
+ * should check that it's database tables are there and install them if not,
+ * and set any defaults with Config::set_default_int() and such.
+ *
+ * This event is sent before $user is set to anything
+ */
+class InitExtEvent extends Event
+{
+}
+
+
+/**
+ * A signal that a page has been requested.
+ *
+ * User requests /view/42 -> an event is generated with $args = array("view",
+ * "42"); when an event handler asks $event->page_matches("view"), it returns
+ * true and ignores the matched part, such that $event->count_args() = 1 and
+ * $event->get_arg(0) = "42"
+ */
+class PageRequestEvent extends Event
+{
+    /**
+     * @var array
+     */
+    public $args;
+
+    /**
+     * @var int
+     */
+    public $arg_count;
+
+    /**
+     * @var int
+     */
+    public $part_count;
+
+    public function __construct(string $path)
+    {
+        parent::__construct();
+        global $config;
+
+        // trim starting slashes
+        $path = ltrim($path, "/");
+
+        // if path is not specified, use the default front page
+        if (empty($path)) {   /* empty is faster than strlen */
+            $path = $config->get_string(SetupConfig::FRONT_PAGE);
+        }
+
+        // break the path into parts
+        $args = explode('/', $path);
+
+        $this->args = $args;
+        $this->arg_count = count($args);
+    }
+
+    /**
+     * Test if the requested path matches a given pattern.
+     *
+     * If it matches, store the remaining path elements in $args
+     */
+    public function page_matches(string $name): bool
+    {
+        $parts = explode("/", $name);
+        $this->part_count = count($parts);
+
+        if ($this->part_count > $this->arg_count) {
+            return false;
+        }
+
+        for ($i=0; $i<$this->part_count; $i++) {
+            if ($parts[$i] != $this->args[$i]) {
+                return false;
+            }
+        }
+
+        return true;
+    }
+
+    /**
+     * Get the n th argument of the page request (if it exists.)
+     */
+    public function get_arg(int $n): string
+    {
+        $offset = $this->part_count + $n;
+        if ($offset >= 0 && $offset < $this->arg_count) {
+            return $this->args[$offset];
+        } else {
+            $nm1 = $this->arg_count - 1;
+            throw new SCoreException("Requested an invalid page argument {$offset} / {$nm1}");
+        }
+    }
+
+    /**
+     * If page arg $n is set, then treat that as a 1-indexed page number
+     * and return a 0-indexed page number less than $max; else return 0
+     */
+    public function try_page_num(int $n, ?int $max=null): int
+    {
+        if ($this->count_args() > $n) {
+            $i = $this->get_arg($n);
+            if (is_numeric($i) && int_escape($i) > 0) {
+                return page_number($i, $max);
+            } else {
+                return 0;
+            }
+        } else {
+            return 0;
+        }
+    }
+
+    /**
+     * Returns the number of arguments the page request has.
+     */
+    public function count_args(): int
+    {
+        return $this->arg_count - $this->part_count;
+    }
+
+    /*
+     * Many things use these functions
+     */
+
+    public function get_search_terms(): array
+    {
+        $search_terms = [];
+        if ($this->count_args() === 2) {
+            $search_terms = Tag::explode(Tag::decaret($this->get_arg(0)));
+        }
+        return $search_terms;
+    }
+
+    public function get_page_number(): int
+    {
+        $page_number = 1;
+        if ($this->count_args() === 1) {
+            $page_number = int_escape($this->get_arg(0));
+        } elseif ($this->count_args() === 2) {
+            $page_number = int_escape($this->get_arg(1));
+        }
+        if ($page_number === 0) {
+            $page_number = 1;
+        } // invalid -> 0
+        return $page_number;
+    }
+
+    public function get_page_size(): int
+    {
+        global $config;
+        return $config->get_int(IndexConfig::IMAGES);
+    }
+}
+
+
+/**
+ * Sent when index.php is called from the command line
+ */
+class CommandEvent extends Event
+{
+    /**
+     * @var string
+     */
+    public $cmd = "help";
+
+    /**
+     * @var array
+     */
+    public $args = [];
+
+    /**
+     * #param string[] $args
+     */
+    public function __construct(array $args)
+    {
+        parent::__construct();
+        global $user;
+
+        $opts = [];
+        $log_level = SCORE_LOG_WARNING;
+        $arg_count = count($args);
+
+        for ($i=1; $i<$arg_count; $i++) {
+            switch ($args[$i]) {
+                case '-u':
+                    $user = User::by_name($args[++$i]);
+                    if (is_null($user)) {
+                        die("Unknown user");
+                    } else {
+                        send_event(new UserLoginEvent($user));
+                    }
+                    break;
+                case '-q':
+                    $log_level += 10;
+                    break;
+                case '-v':
+                    $log_level -= 10;
+                    break;
+                default:
+                    $opts[] = $args[$i];
+                    break;
+            }
+        }
+
+        if (!defined("CLI_LOG_LEVEL")) {
+            define("CLI_LOG_LEVEL", $log_level);
+        }
+
+        if (count($opts) > 0) {
+            $this->cmd = $opts[0];
+            $this->args = array_slice($opts, 1);
+        } else {
+            print "\n";
+            print "Usage: php {$args[0]} [flags] [command]\n";
+            print "\n";
+            print "Flags:\n";
+            print "\t-u [username]\n";
+            print "\t\tLog in as the specified user\n";
+            print "\t-q / -v\n";
+            print "\t\tBe quieter / more verbose\n";
+            print "\t\tScale is debug - info - warning - error - critical\n";
+            print "\t\tDefault is to show warnings and above\n";
+            print "\n";
+            print "Currently known commands:\n";
+        }
+    }
+}
+
+
+/**
+ * A signal that some text needs formatting, the event carries
+ * both the text and the result
+ */
+class TextFormattingEvent extends Event
+{
+    /**
+     * For reference
+     *
+     * @var string
+     */
+    public $original;
+
+    /**
+     * with formatting applied
+     *
+     * @var string
+     */
+    public $formatted;
+
+    /**
+     * with formatting removed
+     *
+     * @var string
+     */
+    public $stripped;
+
+    public function __construct(string $text)
+    {
+        parent::__construct();
+        // We need to escape before formatting, instead of at display time,
+        // because formatters will add their own HTML tags into the mix and
+        // we don't want to escape those.
+        $h_text = html_escape(trim($text));
+        $this->original  = $h_text;
+        $this->formatted = $h_text;
+        $this->stripped  = $h_text;
+    }
+}
+
+
+/**
+ * A signal that something needs logging
+ */
+class LogEvent extends Event
+{
+    /**
+     * a category, normally the extension name
+     *
+     * @var string
+     */
+    public $section;
+
+    /**
+     * See python...
+     *
+     * @var int
+     */
+    public $priority = 0;
+
+    /**
+     * Free text to be logged
+     *
+     * @var string
+     */
+    public $message;
+
+    /**
+     * The time that the event was created
+     *
+     * @var int
+     */
+    public $time;
+
+    /**
+     * Extra data to be held separate
+     *
+     * @var array
+     */
+    public $args;
+
+    public function __construct(string $section, int $priority, string $message)
+    {
+        parent::__construct();
+        $this->section = $section;
+        $this->priority = $priority;
+        $this->message = $message;
+        $this->time = time();
+    }
+}
+
+class DatabaseUpgradeEvent extends Event
+{
+}

core/events/configsave.event.php

@@ -1,14 +0,0 @@
-<?php
-/*
- * ConfigSaveEvent:
- * Sent when the setup screen's 'set' button has been
- * activated; new config options are in $_POST
- */
-class ConfigSaveEvent extends Event {
-	var $config;
-	
-	public function ConfigSaveEvent($config) {
-		$this->config = $config;
-	}
-}
-?>

core/events/displayingimage.event.php

@@ -1,21 +0,0 @@
-<?php
-/*
- * DisplayingImageEvent:
- *   $image
- *
- * Sent when an image is ready to display. Extensions who
- * wish to appear on the "view" page should listen for this,
- * which only appears when an image actually exists.
- */
-class DisplayingImageEvent extends Event {
-	var $image;
-
-	public function DisplayingImageEvent($image) {
-		$this->image = $image;
-	}
-
-	public function get_image() {
-		return $this->image;
-	}
-}
-?>

core/events/imagedeletion.event.php

@@ -1,17 +0,0 @@
-<?php
-/*
- * ImageDeletionEvent:
- *   $image_id
- *
- * An image is being deleted. Used by things like tags
- * and comments handlers to clean out related rows in
- * their tables
- */
-class ImageDeletionEvent extends Event {
-	var $image;
-
-	public function ImageDeletionEvent($image) {
-		$this->image = $image;
-	}
-}
-?>

core/events/initext.event.php

@@ -1,10 +0,0 @@
-<?php
-/*
- * InitExtEvent:
- * Get extensions to load themselves
- */
-class InitExtEvent extends Event {
-	public function InitExtEvent() {
-	}
-}
-?>

core/events/pagerequest.event.php

@@ -1,31 +0,0 @@
-<?php
-/*
- * PageRequestEvent:
- *   $page
- *   $args
- *   get_arg(int)
- *   count_args()
- *	
- * User requests /view/42 -> an event is generated with
- * $page="view" and $args=array("42");
- *
- * Used for initial page generation triggers
- */
-class PageRequestEvent extends Event {
-	var $page;
-	var $args;
-
-	public function PageRequestEvent($page, $args) {
-		$this->page = $page;
-		$this->args = $args;
-	}
-
-	public function get_arg($n) {
-		return isset($this->args[$n]) ? $this->args[$n] : null;
-	}
-
-	public function count_args() {
-		return isset($this->args) ? count($this->args) : 0;
-	}
-}
-?>

core/events/tagset.event.php

@@ -1,17 +0,0 @@
-<?php
-/*
- * TagSetEvent:
- *   $image_id
- *   $tags
- *
- */
-class TagSetEvent extends Event {
-	var $image_id;
-	var $tags;
-
-	public function TagSetEvent($image_id, $tags) {
-		$this->image_id = $image_id;
-		$this->tags = $tags;
-	}
-}
-?>

core/events/uploadingimage.event.php

@@ -1,15 +0,0 @@
-<?php
-/*
- * UploadingImageEvent:
- *   $image_id
- *
- * An image is being uploaded.
- */
-class UploadingImageEvent extends Event {
-	var $image;
-
-	public function UploadingImageEvent($image) {
-		$this->image = $image;
-	}
-}
-?>

core/exceptions.php

@@ -0,0 +1,83 @@
+<?php declare(strict_types=1);
+
+/**
+ * Class SCoreException
+ *
+ * A base exception to be caught by the upper levels.
+ */
+class SCoreException extends RuntimeException
+{
+    /** @var string|null */
+    public $query;
+
+    /** @var string */
+    public $error;
+
+    public function __construct(string $msg, ?string $query=null)
+    {
+        parent::__construct($msg);
+        $this->error = $msg;
+        $this->query = $query;
+    }
+}
+
+class InstallerException extends RuntimeException
+{
+    /** @var string */
+    public $title;
+
+    /** @var string */
+    public $body;
+
+    /** @var int */
+    public $code;
+
+    public function __construct(string $title, string $body, int $code)
+    {
+        parent::__construct($body);
+        $this->title = $title;
+        $this->body = $body;
+        $this->code = $code;
+    }
+}
+
+/**
+ * Class PermissionDeniedException
+ *
+ * A fairly common, generic exception.
+ */
+class PermissionDeniedException extends SCoreException
+{
+}
+
+/**
+ * Class ImageDoesNotExist
+ *
+ * This exception is used when an Image cannot be found by ID.
+ *
+ * Example: Image::by_id(-1) returns null
+ */
+class ImageDoesNotExist extends SCoreException
+{
+}
+
+/*
+ * For validate_input()
+ */
+class InvalidInput extends SCoreException
+{
+}
+
+/*
+ * This is used by the image resizing code when there is not enough memory to perform a resize.
+ */
+class InsufficientMemoryException extends SCoreException
+{
+}
+
+/*
+ * This is used by the image resizing code when there is an error while resizing
+ */
+class ImageResizeException extends SCoreException
+{
+}

core/ext/admin.ext.php

@@ -1,77 +0,0 @@
-<?php
-/* AdminBuildingEvent {{{
- *
- * Sent when the admin page is ready to be added to
- */
-class AdminBuildingEvent extends Event {
-	public function AdminBuildingEvent() {
-	}
-}
-// }}}
-class AdminPage extends Extension {
-// event handler {{{
-	public function receive_event($event) {
-		if(is_a($event, 'PageRequestEvent') && ($event->page == "admin")) {
-			global $user;
-			if(!$user->is_admin()) {
-				global $page;
-				$page->set_title("Error");
-				$page->set_heading("Error");
-				$page->add_side_block(new NavBlock(), 0);
-				$page->add_main_block(new Block("Permission Denied", "This page is for admins only"), 0);
-			}
-			else {
-				if($event->get_arg(0) == "delete_image") {
-					// FIXME: missing lots of else {complain}
-					if(isset($_POST['image_id'])) {
-						global $database;
-						$image = $database->get_image($_POST['image_id']);
-						if($image) {
-							send_event(new ImageDeletionEvent($image));
-							global $page;
-							$page->set_mode("redirect");
-							$page->set_redirect(make_link("index"));
-						}
-					}
-				}
-				else {
-					send_event(new AdminBuildingEvent());
-				}
-			}
-		}
-
-		if(is_a($event, 'DisplayingImageEvent')) {
-			global $user;
-			if($user->is_admin()) {
-				global $page;
-				$page->add_side_block(new Block("Admin", $this->build_del_block($event->image->id)));
-			}
-		}
-
-		if(is_a($event, 'AdminBuildingEvent')) {
-			$this->build_page();
-		}
-	}
-// }}}
-// block HTML {{{
-	private function build_del_block($image_id) {
-		$i_image_id = int_escape($image_id);
-		return "
-			<form action='".make_link("admin/delete_image")."' method='POST'>
-				<input type='hidden' name='image_id' value='$i_image_id'>
-				<input type='submit' value='Delete'>
-			</form>
-		";
-	}
-// }}}
-// admin page HTML {{{
-	private function build_page() {
-		global $page;
-		$page->set_title("Admin Tools");
-		$page->set_heading("Admin Tools");
-		$page->add_side_block(new NavBlock(), 0);
-	}
-// }}}
-}
-add_event_listener(new AdminPage());
-?>

core/ext/image.ext.php

@@ -1,285 +0,0 @@
-<?php
-/*
- * A class to handle adding / getting / removing image
- * files from the disk
- */
-class ImageIO extends Extension {
-// event handling {{{
-	public function receive_event($event) {
-		if(is_a($event, 'PageRequestEvent') && ($event->page == "image")) {
-			$this->send_file($event->get_arg(0), "image");
-		}
-		if(is_a($event, 'PageRequestEvent') && ($event->page == "thumb")) {
-			$this->send_file($event->get_arg(0), "thumb");
-		}
-
-		if(is_a($event, 'UploadingImageEvent')) {
-			$this->add_image($event->image);
-		}
-
-		if(is_a($event, 'ImageDeletionEvent')) {
-			$this->remove_image($event->image);
-		}
-		
-		if(is_a($event, 'SetupBuildingEvent')) {
-			$thumbers = array();
-			$thumbers['Built-in GD'] = "gd";
-			$thumbers['ImageMagick'] = "convert";
-
-			$sb = new SetupBlock("Thumbnailing");
-			$sb->add_label("Engine: ");
-			$sb->add_choice_option("thumb_engine", $thumbers);
-
-			$sb->add_label("<br>Size ");
-			$sb->add_int_option("thumb_width");
-			$sb->add_label(" x ");
-			$sb->add_int_option("thumb_height");
-			$sb->add_label(" px at ");
-			$sb->add_int_option("thumb_quality");
-			$sb->add_label(" % quality ");
-
-			$sb->add_label("<br>Max GD memory use: ");
-			$sb->add_shorthand_int_option("thumb_gd_mem_limit");
-			
-			$event->panel->add_main_block($sb);
-		}
-		if(is_a($event, 'ConfigSaveEvent')) {
-			$event->config->set_string("thumb_engine", $_POST['thumb_engine']);
-			$event->config->set_int("thumb_width", $_POST['thumb_width']);
-			$event->config->set_int("thumb_height", $_POST['thumb_height']);
-			$event->config->set_int("thumb_quality", $_POST['thumb_quality']);
-			$event->config->set_int("thumb_gd_mem_limit", $_POST['thumb_gd_mem_limit']);
-		}
-	}
-// }}}
-// add image {{{
-	private function is_dupe($hash) {
-		global $database;
-		return $database->db->GetRow("SELECT * FROM images WHERE hash=?", array($hash));
-	}
-
-	private function read_file($fname) {
-		$fp = fopen($fname, "r");
-		if(!$fp) return false;
-
-		$data = fread($fp, filesize($fname));
-		fclose($fp);
-
-		return $data;
-	}
-
-	private function make_thumb($inname, $outname) {
-		global $config;
-		
-		$ok = false;
-		
-		switch($config->get_string("thumb_engine")) {
-			default:
-			case 'gd':
-				$ok = $this->make_thumb_gd($inname, $outname);
-				break;
-			case 'convert':
-				$ok = $this->make_thumb_convert($inname, $outname);
-				break;
-		}
-
-		return $ok;
-	}
-
-// IM thumber {{{
-	private function make_thumb_convert($inname, $outname) {
-		global $config;
-
-		$w = $config->get_int("thumb_width");
-		$h = $config->get_int("thumb_height");
-		$q = $config->get_int("thumb_quality");
-
-		exec("convert $inname -geometry {$w}x{$h} -quality {$q} $outname");
-
-		return true;
-	}
-// }}}
-// GD thumber {{{
-	private function make_thumb_gd($inname, $outname) {
-		global $config;
-		$thumb = $this->get_thumb($inname);
-		return imagejpeg($thumb, $outname, $config->get_int('thumb_quality'));
-	}
-
-	private function get_memory_limit() {
-		global $config;
-
-		// thumbnail generation requires lots of memory
-		$default_limit = 8*1024*1024;
-		$shimmie_limit = parse_shorthand_int($config->get_int("thumb_gd_mem_limit"));
-		if($shimmie_limit < 3*1024*1024) {
-			// we aren't going to fit, override
-			$shimmie_limit = $default_limit;
-		}
-		
-		ini_set("memory_limit", $shimmie_limit);
-		$memory = parse_shorthand_int(ini_get("memory_limit"));
-
-		// changing of memory limit is disabled / failed
-		if($memory == -1) {
-			$memory = $default_limit; 
-		}
-
-		return $memory;
-	}
-
-	private function get_thumb($tmpname) {
-		global $config;
-
-		$info = getimagesize($tmpname);
-		$width = $info[0];
-		$height = $info[1];
-
-		$max_width  = $config->get_int('thumb_width');
-		$max_height = $config->get_int('thumb_height');
-
-		$memory_use = (filesize($tmpname)*2) + ($width*$height*4) + (4*1024*1024);
-		$memory_limit = $this->get_memory_limit();
-		
-		if($memory_use > $memory_limit) {
-			$thumb = imagecreatetruecolor($max_width, min($max_height, 64));
-			$white = imagecolorallocate($thumb, 255, 255, 255);
-			$black = imagecolorallocate($thumb, 0,   0,   0);
-			imagefill($thumb, 0, 0, $white);
-			imagestring($thumb, 5, 10, 24, "Image Too Large :(", $black);
-			return $thumb;
-		}
-		else {
-			$image = imagecreatefromstring($this->read_file($tmpname));
-
-			$xscale = ($max_height / $height);
-			$yscale = ($max_width / $width);
-			$scale = ($xscale < $yscale) ? $xscale : $yscale;
-
-			if($scale >= 1) {
-				$thumb = $image;
-			}
-			else {
-				$thumb = imagecreatetruecolor($width*$scale, $height*$scale);
-				imagecopyresampled(
-						$thumb, $image, 0, 0, 0, 0,
-						$width*$scale, $height*$scale, $width, $height
-						);
-			}
-			return $thumb;
-		}
-	}
-// }}}
-
-	private function add_image($image) {
-		global $page;
-		global $user;
-		global $database;
-		global $config;
-
-		/*
-		 * Check for an existing image
-		 */
-		if($row = $this->is_dupe($image->hash)) {
-			$iid = $row['id'];
-			$page->add_main_block(new Block(
-					"Error uploading {$image->filename}",
-					"Image <a href='".make_link("post/view/$iid")."'>$iid</a> ".
-					"already has hash {$image->hash}"));
-			return false;
-		}
-
-		// actually insert the info
-		$database->db->Execute(
-				"INSERT INTO images(owner_id, owner_ip, filename, filesize, hash, ext, width, height, posted) ".
-				"VALUES (?, ?, ?, ?, ?, ?, ?, ?, now())",
-				array($user->id, $_SERVER['REMOTE_ADDR'], $image->filename, $image->filesize,
-						$image->hash, $image->ext, $image->width, $image->height));
-		$image->id = $database->db->Insert_ID();
-
-		/*
-		 * If no errors: move the file from the temporary upload
-		 * area to the main file store, create a thumbnail, and
-		 * insert the image info into the database
-		 */
-		if(!copy($image->temp_filename, $image->get_image_filename())) {
-			$page->add_main_block(new Block("Error uploading {$image->filename}",
-					"The image couldn't be moved from the temporary area to the
-					main data store -- is the web server allowed to write to '".
-					($image->get_image_filename())."'?"));
-			send_event(new ImageDeletionEvent($image->id));
-			return false;
-		}
-		chmod($image->get_image_filename(), 0644);
-
-		if(!$this->make_thumb($image->get_image_filename(), $image->get_thumb_filename())) {
-			$page->add_main_block(new Block("Error uploading {$image->filename}",
-					"The image thumbnail couldn't be generated -- is the web
-					server allowed to write to '".($image->get_thumb_filename())."'?"));
-			send_event(new ImageDeletionEvent($image->id));
-			return false;
-		}
-		chmod($image->get_thumb_filename(), 0644);
-
-		send_event(new TagSetEvent($image->id, $image->get_tag_array()));
-
-		return true;
-	}
-// }}}
-// fetch image {{{
-	private function send_file($image_id, $type) {
-		global $database;
-		$image = $database->get_image($image_id);
-
-		global $page;
-		if(!is_null($image)) {
-			$page->set_mode("data");
-			if($type == "thumb") {
-				$page->set_type("image/jpeg");
-				$file = $image->get_thumb_filename();
-			}
-			else {
-				$page->set_type($image->get_mime_type());
-				$file = $image->get_image_filename();
-			}
-		
-			$page->set_data(file_get_contents($file));
-
-			if(isset($_SERVER["HTTP_IF_MODIFIED_SINCE"])) {
-				$if_modified_since = preg_replace('/;.*$/', '', $_SERVER["HTTP_IF_MODIFIED_SINCE"]);
-			}
-			else {
-				$if_modified_since = "";
-			}
-			$gmdate_mod = gmdate('D, d M Y H:i:s', filemtime($file)) . ' GMT';
-
-			// FIXME: should be $page->blah
-			if($if_modified_since == $gmdate_mod) {
-				header("HTTP/1.0 304 Not Modified");
-			}
-			else {
-				header("Last-Modified: $gmdate_mod");
-				header("Expires: Fri, 2 Sep 2101 12:42:42 GMT"); // War was beginning
-			}
-		}
-		else {
-			$page->set_title("Not Found");
-			$page->set_heading("Not Found");
-			$page->add_side_block(new Block("Navigation", "<a href='".index."'>Index</a>"), 0);
-			$page->add_main_block(new Block("Image not in database",
-					"The requested image was not found in the database"));
-		}
-	}
-// }}}
-// delete image {{{
-	private function remove_image($image) {
-		global $database;
-		$database->remove_image($image->id);
-		
-		unlink($image->get_image_filename());
-		unlink($image->get_thumb_filename());
-	}
-// }}}
-}
-add_event_listener(new ImageIO());
-?>

core/ext/index.ext.php

@@ -1,147 +0,0 @@
-<?php
-
-class Index extends Extension {
-// event handling {{{
-	public function receive_event($event) {
-		if(is_a($event, 'PageRequestEvent') && ($event->page == "index")) {
-			if($event->get_arg(0) == 'rss') {
-				$this->do_rss();
-			}
-			else {
-				$search_terms = array();
-				$page_number = 1;
-
-				if($event->count_args() > 0) {
-					$page_number = int_escape($event->get_arg(0));
-				}
-
-				if(isset($_GET['search'])) {
-					$search_terms = explode(' ', $_GET['search']);
-					$query = "search=".html_escape($_GET['search']);
-				}
-				else {
-					$query = null;
-				}
-
-				global $page;
-				global $config;
-				global $database;
-
-				$total_pages = $database->count_pages($search_terms);
-				$count = $config->get_int('index_width') * $config->get_int('index_height');
-				$images = $database->get_images(($page_number-1)*$count, $count, $search_terms);
-
-				if(count($search_terms) == 0) {
-					$page_title = $config->get_string('title');
-				}
-				else {
-					$page_title = html_escape($_GET['search']);
-					/*
-					$page_title = "";
-					foreach($search_terms as $term) {
-						$h_term = html_escape($term);
-						$page_title .= "<a href='".make_link("post/list", "search=$h_term")."'>$h_term</a>";
-					}
-					*/
-					$page->set_subheading("Page $page_number / $total_pages");
-				}
-				if($page_number > 1 || count($search_terms) > 0) {
-					// $page_title .= " / $page_number";
-				}
-				
-				$page->set_title($page_title);
-				$page->set_heading($page_title);
-				$page->add_side_block(new Block("Navigation", $this->build_navigation($page_number, $total_pages, $search_terms)), 0);
-				$page->add_main_block(new Block("Images", $this->build_table($images, $query)), 10);
-				$page->add_main_block(new Paginator("index", $query, $page_number, $total_pages), 90);
-			}
-		}
-
-		if(is_a($event, 'SetupBuildingEvent')) {
-			$sb = new SetupBlock("Index Options");
-			
-			$sb->add_label("Index table size ");
-			$sb->add_int_option("index_width");
-			$sb->add_label(" x ");
-			$sb->add_int_option("index_height");
-			$sb->add_label(" images");
-
-			$sb->add_label("<br>Image tooltip ");
-			$sb->add_text_option("image_tip");
-
-			$event->panel->add_main_block($sb, 20);
-		}
-		if(is_a($event, 'ConfigSaveEvent')) {
-			$event->config->set_int("index_width", $_POST['index_width']);
-			$event->config->set_int("index_height", $_POST['index_height']);
-			$event->config->set_string("image_tip", $_POST['image_tip']);
-		}
-	}
-// }}}
-// HTML generation {{{
-	private function build_navigation($page_number, $total_pages, $search_terms) {
-		$prev = $page_number - 1;
-		$next = $page_number + 1;
-
-		$h_tags = html_escape(implode("%20", $search_terms));
-		$query = empty($h_tags) ? null : "search=$h_tags";
-
-		
-		$h_prev = ($page_number <= 1) ? "Prev" : "<a href='".make_link("index/$prev", $query)."'>Prev</a>";
-		$h_index = "<a href='".make_link("index")."'>Index</a>";
-		$h_next = ($page_number >= $total_pages) ? "Next" : "<a href='".make_link("index/$next", $query)."'>Next</a>";
-
-		$h_search_string = count($search_terms) == 0 ? "Search" : html_escape(implode(" ", $search_terms));
-		$h_search_link = make_link("index");
-		$h_search = "
-			<p><form action='$h_search_link' method='GET'>
-				<input id='search_input' name='search' type='text'
-						value='$h_search_string' autocomplete='off' />
-				<input type='submit' value='Find' style='display: none;' />
-			</form>
-			<div id='search_completions'></div>";
-
-		return "$h_prev | $h_index | $h_next<br>$h_search";
-	}
-
-	private function build_table($images, $query) {
-		global $config;
-
-		$width = $config->get_int('index_width');
-		$height = $config->get_int('index_height');
-
-		$table = "<table>\n";
-		for($i=0; $i<$height; $i++) {
-			$table .= "<tr>\n";
-			for($j=0; $j<$width; $j++) {
-				$image = isset($images[$i*$width+$j]) ? $images[$i*$width+$j] : null;
-				if(!is_null($image)) {
-					$table .= $this->build_thumb($image, $query);
-				}
-				else {
-					$table .= "\t<td>&nbsp;</td>\n";
-				}
-			}
-			$table .= "</tr>\n";
-		}
-		$table .= "</table>\n";
-
-		return $table;
-	}
-
-	private function build_thumb($image, $query=null) {
-		global $config;
-		$h_view_link = make_link("post/view/{$image->id}", $query);
-		$h_tip = html_escape($image->get_tooltip());
-		$h_thumb_link = $image->get_thumb_link();
-		return "<td><a href='$h_view_link'><img title='$h_tip' alt='$h_tip' src='$h_thumb_link'></a></td>\n";
-	}
-// }}}
-// rss {{{
-	private function do_rss() {
-		// TODO: this function
-	}
-// }}}
-}
-add_event_listener(new Index());
-?>

core/ext/setup.ext.php

@@ -1,216 +0,0 @@
-<?php
-
-/* SetupBuildingEvent {{{
- *
- * Sent when the setup page is ready to be added to
- */
-class SetupBuildingEvent extends Event {
-	var $panel;
-
-	public function SetupBuildingEvent($panel) {
-		$this->panel = $panel;
-	}
-
-	public function get_panel() {
-		return $this->panel;
-	}
-}
-// }}}
-/* SetupPanel {{{
- *
- */
-class SetupPanel extends Page {
-}
-// }}}
-/* SetupBlock {{{
- *
- */
-class SetupBlock extends Block {
-	var $header;
-	var $body;
-
-	public function SetupBlock($title) {
-		$this->header = $title;
-	}
-
-	public function add_label($text) {
-		$this->body .= $text;
-	}
-	public function add_text_option($name) {
-		global $config;
-		$val = $config->get_string($name);
-		$this->body .= "<input type='text' name='$name' value='$val'>\n";
-	}
-	public function add_longtext_option($name) {
-		global $config;
-		$val = $config->get_string($name);
-		$this->body .= "<textarea rows='5' cols='40' name='$name'>$val</textarea>\n";
-		$this->body .= "<!--<br><br><br><br>-->\n"; // setup page auto-layout counts <br> tags
-	}
-	public function add_bool_option($name) {
-		global $config;
-		$checked = $config->get_bool($name) ? " checked" : "";
-		$this->body .= "<input type='checkbox' name='$name'$checked>\n";
-	}
-	public function add_hidden_option($name) {
-		global $config;
-		$val = $config->get_string($name);
-		$this->body .= "<input type='hidden' name='$name' value='$val'>";
-	}
-	public function add_int_option($name) {
-		global $config;
-		$val = $config->get_string($name);
-		$this->body .= "<input type='text' name='$name' value='$val' size='4' style='text-align: center;'>\n";
-	}
-	public function add_shorthand_int_option($name) {
-		global $config;
-		$val = to_shorthand_int($config->get_string($name));
-		$this->body .= "<input type='text' name='$name' value='$val' size='6' style='text-align: center;'>\n";
-	}
-	public function add_choice_option($name, $options) {
-		global $config;
-		$current = $config->get_string($name);
-		
-		$html = "<select name='$name'>";
-		foreach($options as $optname => $optval) {
-			if($optval == $current) $selected=" selected";
-			else $selected="";
-			$html .= "<option value='$optval'$selected>$optname</option>\n";
-		}
-		$html .= "</select>";
-
-		$this->body .= $html;
-	}
-}
-// }}}
-
-class Setup extends Extension {
-// event handling {{{
-	public function receive_event($event) {
-		if(is_a($event, 'PageRequestEvent') && ($event->page == "setup")) {
-			global $user;
-			if(!$user->is_admin()) {
-				global $page;
-				$page->set_title("Error");
-				$page->set_heading("Error");
-				$page->add_side_block(new NavBlock(), 0);
-				$page->add_main_block(new Block("Permission Denied", "This page is for admins only"), 0);
-			}
-			else {
-				if($event->get_arg(0) == "save") {
-					global $config;
-					send_event(new ConfigSaveEvent($config));
-					$config->save();
-					
-					global $page;
-					$page->set_mode("redirect");
-					$page->set_redirect(make_link("setup"));
-				}
-				else {
-					$panel = new SetupPanel();
-					send_event(new SetupBuildingEvent($panel));
-					$this->build_page($panel);
-				}
-			}
-		}
-
-		if(is_a($event, 'SetupBuildingEvent')) {
-			$themes = array();
-			foreach(glob("themes/*") as $theme_dirname) {
-				$name = str_replace("themes/", "", $theme_dirname);
-				$themes[ucfirst($name)] = $name;
-			}
-
-			$sb = new SetupBlock("General");
-			$sb->add_label("Site title: ");
-			$sb->add_text_option("title");
-			$sb->add_label("<br>Base URL: ");
-			$sb->add_text_option("base_href");
-			$sb->add_label("<br>Data URL: ");
-			$sb->add_text_option("data_href");
-			$sb->add_label("<br>Contact URL: ");
-			$sb->add_text_option("contact_link");
-			$sb->add_label("<br>Theme: ");
-			$sb->add_choice_option("theme", $themes);
-			// $sb->add_label("<br>Anonymous ID: ");
-			// $sb->add_int_option("anon_id", 0, 100000);
-			$sb->add_hidden_option("anon_id");
-			$event->panel->add_main_block($sb, 0);
-		}
-		if(is_a($event, 'ConfigSaveEvent')) {
-			$event->config->set_string("title", $_POST['title']);
-			$event->config->set_string("base_href", $_POST['base_href']);
-			$event->config->set_string("data_href", $_POST['data_href']);
-			$event->config->set_string("contact_link", $_POST['contact_link']);
-			$event->config->set_string("theme", $_POST['theme']);
-			$event->config->set_int("anon_id", $_POST['anon_id']);
-		}
-	}
-// }}}
-// HTML building {{{
-	private function build_page($panel) {
-		$setupblock_html1 = "";
-		$setupblock_html2 = "";
-
-		ksort($panel->mainblocks);
-
-		/*
-		$flip = true;
-		foreach($panel->mainblocks as $block) {
-			if(is_a($block, 'SetupBlock')) {
-				if($flip) $setupblock_html1 .= $this->sb_to_html($block);
-				else $setupblock_html2 .= $this->sb_to_html($block);
-				$flip = !$flip;
-			}
-		}
-		*/
-
-		/*
-		 * Try and keep the two columns even; count the line breaks in
-		 * each an calculate where a block would work best
-		 */
-		$len1 = 0;
-		$len2 = 0;
-		foreach($panel->mainblocks as $block) {
-			if(is_a($block, 'SetupBlock')) {
-				$html = $this->sb_to_html($block);
-				$len = count(explode("<br>", $html));
-				if($len1 <= $len2) {
-					$setupblock_html1 .= $this->sb_to_html($block);
-					$len1 += $len;
-				}
-				else {
-					$setupblock_html2 .= $this->sb_to_html($block);
-					$len2 += $len;
-				}
-			}
-		}
-
-		$table = "
-			<form action='".make_link("setup/save")."' method='POST'><table>
-			<tr><td>$setupblock_html1</td><td>$setupblock_html2</td></tr>
-			<tr><td colspan='2'><input type='submit' value='Save Settings'></td></tr>
-			</table></form>
-			";
-
-		global $page;
-		$page->set_title("Shimmie Setup");
-		$page->set_heading("Shimmie Setup");
-		$page->add_side_block(new Block("Navigation", $this->build_navigation()), 0);
-		$page->add_main_block(new Block("Setup", $table));
-	}
-
-	private function build_navigation() {
-		return "
-			<a href='".make_link("index")."'>Index</a>
-			<br><a href='http://trac.shishnet.org/shimmie/wiki/Settings'>Help</a>
-		";
-	}
-
-	private function sb_to_html($block) {
-		return "<div class='setupblock'><b>{$block->header}</b><br>{$block->body}</div>\n";
-	}
-// }}}
-}
-add_event_listener(new Setup());
-?>

core/ext/tag_edit.ext.php

@@ -1,97 +0,0 @@
-<?php
-
-class TagEdit extends Extension {
-// event handling {{{
-	public function receive_event($event) {
-		if(is_a($event, 'PageRequestEvent') && ($event->page == "tags")) {
-			global $page;
-			if($event->get_arg(0) == "set") {
-				global $database;
-				$i_image_id = int_escape($_POST['image_id']);
-				$query = $_POST['query'];
-				$database->set_tags($i_image_id, $_POST['tags']);
-				$page->set_mode("redirect");
-				$page->set_redirect(make_link("post/view/$i_image_id", $query));
-			}
-			else if($event->get_arg(0) == "replace") {
-				global $user;
-				if($user->is_admin() && isset($_POST['search']) && isset($_POST['replace'])) {
-					global $page;
-					$this->mass_tag_edit($_POST['search'], $_POST['replace']);
-					$page->set_mode("redirect");
-					$page->set_redirect(make_link("admin"));
-				}
-			}
-		}
-
-		if(is_a($event, 'DisplayingImageEvent')) {
-			global $page;
-			$page->add_main_block(new Block(null, $this->build_tag_editor($event->image)), 5);
-		}
-
-		if(is_a($event, 'TagSetEvent')) {
-			global $database;
-			$database->set_tags($event->image_id, $event->tags);
-		}
-
-		if(is_a($event, 'ImageDeletionEvent')) {
-			global $database;
-			$database->delete_tags_from_image($event->image->id);
-		}
-
-		if(is_a($event, 'AdminBuildingEvent')) {
-			global $page;
-			$page->add_main_block(new Block("Mass Tag Edit", $this->build_mass_tag_edit()));
-		}
-
-		// When an alias is added, oldtag becomes inaccessable
-		if(is_a($event, 'AddAliasEvent')) {
-			$this->mass_tag_edit($event->oldtag, $event->newtag);
-		}
-	}
-// }}}
-// edit {{{
-	private function mass_tag_edit($search, $replace) {
-		// FIXME: deal with collisions
-		global $database;
-		$database->db->Execute("UPDATE tags SET tag=? WHERE tag=?", Array($replace, $search));
-	}
-// }}}
-// HTML {{{
-	private function build_tag_editor($image) {
-		global $database;
-		
-		if(isset($_GET['search'])) {
-			$h_query = "search=".html_escape($_GET['search']);
-		}
-		else {
-			$h_query = "";
-		}
-
-		$h_tags = html_escape($image->get_tag_list());
-		$i_image_id = int_escape($image->id);
-
-		return "
-		<p><form action='".make_link("tags/set")."' method='POST'>
-			<input type='hidden' name='image_id' value='$i_image_id'>
-			<input type='hidden' name='query' value='$h_query'>
-			<input type='text' size='50' name='tags' value='$h_tags'>
-			<input type='submit' value='Set'>
-		</form>
-		";
-	}
-	private function build_mass_tag_edit() {
-		return "
-		<form action='".make_link("tags/replace")."' method='POST'>
-			<table border='1' style='width: 200px;'>
-				<tr><td>Search</td><td><input type='text' name='search'></tr>
-				<tr><td>Replace</td><td><input type='text' name='replace'></td></tr>
-				<tr><td colspan='2'><input type='submit' value='Replace'></td></tr>
-			</table>
-		</form>
-		";
-	}
-// }}}
-}
-add_event_listener(new TagEdit());
-?>

core/ext/upload.ext.php

@@ -1,131 +0,0 @@
-<?php
-
-class Upload extends Extension {
-// event handling {{{
-	public function receive_event($event) {
-		global $page;
-		if(is_a($event, 'PageRequestEvent') && ($event->page == "index")) {
-			if($this->can_upload()) {
-				$page->add_side_block(new Block("Upload", $this->build_upload_block()), 20);
-			}
-		}
-		if(is_a($event, 'PageRequestEvent') && ($event->page == "upload")) {
-			if($this->can_upload()) {
-				global $config;
-				global $page;
-
-				$ok = true;
-				foreach($_FILES as $file) {
-					$ok = $ok & $this->try_upload($file);
-				}
-
-				$this->show_result($ok);
-			}
-			else {
-				$page->set_title("Upload Denied");
-				$page->set_heading("Upload Denied");
-				$page->add_side_block(new NavBlock());
-				$page->add_main_block(new Block("Error", "Anonymous posting is disabled"));
-			}
-		}
-
-		if(is_a($event, 'SetupBuildingEvent')) {
-			$sb = new SetupBlock("Upload");
-			$sb->add_label("Max Uploads: ");
-			$sb->add_int_option("upload_count");
-			$sb->add_label("<br>Max size per file: ");
-			$sb->add_shorthand_int_option("upload_size");
-			$sb->add_label("<br>Allow anonymous upoads: ");
-			$sb->add_bool_option("upload_anon");
-			$event->panel->add_main_block($sb, 10);
-		}
-		if(is_a($event, 'ConfigSaveEvent')) {
-			$event->config->set_int("upload_count", $_POST['upload_count']);
-			$event->config->set_int("upload_size", $_POST['upload_size']);
-			$event->config->set_bool("upload_anon", $_POST['upload_anon']);
-		}
-	}
-// }}}
-// do things {{{
-	private function can_upload() {
-		global $config, $user;
-		return $config->get_bool("upload_anon") || ($user->id != $config->get_int("anon_id"));
-	}
-
-	private function try_upload($file) {
-		global $page;
-		global $config;
-
-		$ok = false;
-		
-		if(!file_exists($file['tmp_name'])) {
-			// this happens normally with blank file boxes
-		}
-		else if(filesize($file['tmp_name']) > $config->get_int('upload_size')) {
-			$page->add_main_block(new Block("Error with ".html_escape($file['name']),
-				"File too large (".filesize($file['tmp_name'])." &gt; ".
-				($config->get_int('upload_size')).")"));
-		}
-		else if(!($info = getimagesize($file['tmp_name']))) {
-			$page->add_main_block(new Block("Error with ".html_escape($file['name']),
-				"PHP doesn't recognise this as an image file"));
-		}
-		else {
-			$image = new Image($file['tmp_name'], $file['name'], $_POST['tags']);
-		
-			if($image->is_ok()) {
-				send_event(new UploadingImageEvent($image));
-				$ok = true;
-			}
-			else {
-				$page->add_main_block(new Block("Error with ".html_escape($file['name']),
-					"Something is not right!"));
-			}
-		}
-
-		return $ok;
-	}
-
-	private function show_result($ok) {
-		global $page;
-
-		if($ok) {
-			$page->set_mode("redirect");
-			$page->set_redirect(make_link("index"));
-		}
-		else {
-			$page->set_title("Upload Status");
-			$page->set_heading("Upload Status");
-			$page->add_side_block(new NavBlock());
-			$page->add_main_block(new Block("OK?",
-					"If there are no errors here, things should be OK \\o/"));
-		}
-	}
-// }}}
-// HTML {{{
-	private function build_upload_block() {
-		global $config;
-
-		$upload_list = "";
-		for($i=0; $i<$config->get_int('upload_count'); $i++) {
-			if($i == 0) $style = ""; // "style='display:visible'";
-			else $style = "style='display:none'";
-			$upload_list .= "<input accept='image/jpeg,image/png,image/gif' size='10' ".
-				"id='data$i' name='data$i' $style onchange=\"showUp('data".($i+1)."')\" type='file'>\n";
-		}
-		$max_size = $config->get_int('upload_size');
-		$max_kb = (int)($max_size / 1024);
-		// <input type='hidden' name='max_file_size' value='$max_size' />
-		return "
-			<form enctype='multipart/form-data' action='".make_link("upload")."' method='POST'>
-				$upload_list
-				<input id='tagBox' name='tags' type='text' value='tagme' autocomplete='off'>
-				<input type='submit' value='Post'>
-			</form>
-			<div id='upload_completions' style='clear: both;'><small>(Max file size is {$max_kb}KB)</small></div>
-		";
-	}
-// }}}
-}
-add_event_listener(new Upload());
-?>

core/ext/user.ext.php

@@ -1,401 +0,0 @@
-<?php
-
-class UserPage extends Extension {
-// event handling {{{
-	public function receive_event($event) {
-		if(is_a($event, 'PageRequestEvent') && ($event->page == "user")) {
-			global $page;
-			global $user;
-			global $database;
-			global $config;
-
-			if($event->get_arg(0) == "login") {
-				if(isset($_POST['user']) && isset($_POST['pass'])) {
-					$this->login();
-				}
-				else {
-					$page->set_title("Login");
-					$page->set_heading("Login");
-					$page->add_side_block(new NavBlock());
-					$page->add_main_block(new Block("Login There",
-						"There should be a login box to the left"));
-				}
-			}
-			else if($event->get_arg(0) == "logout") {
-				setcookie("shm_session", "", time()+60*60*24*$config->get_int('login_memory'), "/");
-				$page->set_mode("redirect");
-				$page->set_redirect(make_link("index"));
-			}
-			else if($event->get_arg(0) == "changepass") {
-				$this->change_password_wrapper();
-			}
-			else if($event->get_arg(0) == "create") {
-				$this->create_user_wrapper();
-			}
-			else if($event->get_arg(0) == "set_more") {
-				$this->set_more_wrapper();
-			}
-			else { // view
-				$duser = ($event->count_args() == 0) ? $user : $database->get_user_by_name($event->get_arg(0));
-				$this->build_user_page($duser);
-			}
-		}
-
-		// user info is shown on all pages
-		if(is_a($event, 'PageRequestEvent')) {
-			global $user;
-			global $page;
-
-			if($user->is_anonymous()) {
-				$page->add_side_block(new Block("Login", $this->build_login_block()), 90);
-			}
-			else {
-				$page->add_side_block(new Block("User Links", $this->build_links_block()), 90);
-			}
-		}
-		
-		if(is_a($event, 'SetupBuildingEvent')) {
-			$sb = new SetupBlock("User Options");
-			$sb->add_label("Login memory: ");
-			$sb->add_int_option("login_memory");
-			$sb->add_label(" days");
-			$sb->add_label("<br>Allow new signups: ");
-			$sb->add_bool_option("login_signup_enabled");
-			$sb->add_label("<br>Terms &amp; Conditions:<br>");
-			$sb->add_longtext_option("login_tac");
-			$event->panel->add_main_block($sb);
-		}
-		if(is_a($event, 'ConfigSaveEvent')) {
-			$event->config->set_int("login_memory", $_POST['login_memory']);
-			$event->config->set_bool("login_signup_enabled", $_POST['login_signup_enabled']);
-			$event->config->set_string("login_tac", $_POST['login_tac']);
-		}
-	}
-// }}}
-// Things done *with* the user {{{
-	private function login()  {
-		global $page;
-		global $database;
-		global $config;
-		global $user;
-
-		$name = $_POST['user'];
-		$pass = $_POST['pass'];
-		$addr = $_SERVER['REMOTE_ADDR'];
-		$hash = md5( strtolower($name) . $pass );
-
-		$duser = $database->get_user($name, $hash);
-		if(!is_null($duser)) {
-			$user = $duser;
-
-			setcookie(
-					"shm_user", $name,
-					time()+60*60*24*365, "/"
-					);
-			setcookie(
-					"shm_session", md5($hash.$addr),
-					time()+60*60*24*$config->get_int('login_memory'), "/"
-					);
-
-			$page->set_mode("redirect");
-			$page->set_redirect(make_link("user"));
-		}
-		else {
-			$page->set_title("Permission Denied");
-			$page->set_heading("Permission Denied");
-			$page->add_side_block(new NavBlock(), 0);
-			$page->add_main_block(new Block("Error", "No user with those details was found"));
-		}
-	}
-
-	private function create_user_wrapper() {
-		global $page;
-		global $database;
-		global $config;
-
-		if(!$config->get_bool("login_signup_enabled")) {
-			$page->set_title("Signups Disabled");
-			$page->set_heading("Signups Disabled");
-			$page->add_side_block(new NavBlock());
-			$page->add_main_block(new Block("Signups Disabled",
-				"The board admin has disabled the ability to create new accounts~"));
-		}
-		else if(isset($_POST['name']) && isset($_POST['pass1']) && isset($_POST['pass2'])) {
-			$name = trim($_POST['name']);
-			$pass1 = $_POST['pass1'];
-			$pass2 = $_POST['pass2'];
-
-			$page->set_title("Error");
-			$page->set_heading("Error");
-			$page->add_side_block(new NavBlock());
-			if(strlen($name) < 1) {
-				$page->add_main_block(new Block("Error", "Username must be at least 1 character"));
-			}
-			else if($pass1 != $pass2) {
-				$page->add_main_block(new Block("Error", "Passwords don't match"));
-			}
-			else if($database->db->GetRow("SELECT * FROM users WHERE name = ?", array($name))) {
-				$page->add_main_block(new Block("Error", "That username is already taken"));
-			}
-			else {
-				$addr = $_SERVER['REMOTE_ADDR'];
-				$hash = md5( strtolower($name) . $pass1 );
-				$email = isset($_POST['email']) ? $_POST['email'] : null;
-
-				// FIXME: send_event()
-				$database->db->Execute(
-						"INSERT INTO users (name, pass, joindate, email) VALUES (?, ?, now(), ?)",
-						array($name, $hash, $email));
-
-				setcookie("shm_user", $name,
-						time()+60*60*24*365, '/');
-				setcookie("shm_session", md5($hash.$addr),
-						time()+60*60*24*$config->get_int('login_memory'), '/');
-				$page->set_mode("redirect");
-				$page->set_redirect(make_link("user"));
-			}
-		}
-		else {
-			$page->set_title("Create Account");
-			$page->set_heading("Create Account");
-			$page->add_side_block(new NavBlock());
-			$page->add_main_block(new Block("Signup", $this->build_signup_form()));
-		}
-	}
-//}}} 
-// Things do ne *to* the user {{{
-	private function change_password_wrapper() {
-		global $user;
-		global $page;
-		global $database;
-		
-		$page->set_title("Error");
-		$page->set_heading("Error");
-		$page->add_side_block(new NavBlock());
-		if($user->is_anonymous()) {
-			$page->add_main_block(new Block("Error", "You aren't logged in"));
-		}
-		else if(isset($_POST['id']) && isset($_POST['name']) &&
-				isset($_POST['pass1']) && isset($_POST['pass2'])) {
-			$name = $_POST['name'];
-			$id = $_POST['id'];
-			$pass1 = $_POST['pass1'];
-			$pass2 = $_POST['pass2'];
-
-			if((!$user->is_admin()) && ($name != $user->name)) {
-				$page->add_main_block(new Block("Error",
-						"You need to be an admin to change other people's passwords"));
-			}
-			else if($pass1 != $pass2) {
-				$page->add_main_block(new Block("Error", "Passwords don't match"));
-			}
-			else {
-				global $config;
-				$addr = $_SERVER['REMOTE_ADDR'];
-				$hash = md5( strtolower($name) . $pass1 );
-
-				// FIXME: send_event()
-				// FIXME: $duser->set_pass();
-				$database->db->Execute(
-						"UPDATE users SET pass = ? WHERE id = ?",
-						array($hash, $id));
-
-				if($id == $user->id) {
-					setcookie("shm_user", $name,
-							time()+60*60*24*365, '/');
-					setcookie("shm_session", md5($hash.$addr),
-							time()+60*60*24*$config->get_int('login_memory'), '/');
-					$page->set_mode("redirect");
-					$page->set_redirect(make_link("user"));
-				}
-				else {
-					$page->set_mode("redirect");
-					$page->set_redirect(make_link("user/{$user->name}"));
-				}
-			}
-		}
-	}
-
-	private function set_more_wrapper() {
-		global $page;
-		global $user;
-		global $database;
-		
-		$page->set_title("Error");
-		$page->set_heading("Error");
-		$page->add_side_block(new NavBlock());
-		if(!$user->is_admin()) {
-			$page->add_main_block(new Block("Not Admin", "Only admins can edit accounts"));
-		}
-		else if(!isset($_POST['id']) || !is_numeric($_POST['id'])) {
-			$page->add_main_block(new Block("No ID Specified",
-					"You need to specify the account number to edit"));
-		}
-		else {
-			$admin = (isset($_POST['admin']) && ($_POST['admin'] == "on"));
-			$enabled = (isset($_POST['enabled']) && ($_POST['enabled'] == "on"));
-			
-			$duser = $database->get_user_by_id($_POST['id']);
-			$duser->set_admin($admin);
-			$duser->set_enabled($enabled);
-
-			$page->set_mode("redirect");
-			if($duser->id == $user->id) {
-				$page->set_redirect(make_link("user"));
-			}
-			else {
-				$page->set_redirect(make_link("user/{$duser->name}"));
-			}
-		}
-	}
-// }}}
-// HTML building {{{
-	private function build_signup_form() {
-		global $config;
-		$tac = $config->get_string("login_tac");
-
-		if(empty($tac)) {
-			$html = "";
-		}
-		else {
-			$html = "<p>$tac</p>";
-		}
-		$html .= "
-		<form action='".make_link("user/create")."' method='POST'>
-			<table style='width: 300px;' border='1'>
-				<tr><td>Name</td><td><input type='text' name='name'></td></tr>
-				<tr><td>Password</td><td><input type='password' name='pass1'></td></tr>
-				<tr><td>Repeat Password</td><td><input type='password' name='pass2'></td></tr>
-				<tr><td>Email (Optional)</td><td><input type='text' name='email'></td></tr>
-				<tr><td colspan='2'><input type='Submit' value='Create Account'></td></tr>
-			</table>
-		</form>
-		";
-		return $html;
-	}
-
-	private function build_user_page($duser) {
-		global $page;
-		global $user;
-		if(!is_null($duser)) {
-			$page->set_title("{$duser->name}'s Page");
-			$page->set_heading("{$duser->name}'s Page");
-			$page->add_side_block(new NavBlock(), 0);
-			$page->add_main_block(new Block("Stats", $this->build_stats($duser)));
-
-			if(!$user->is_anonymous()) {
-				if($user->id == $duser->id || $user->is_admin()) {
-					$page->add_main_block(new Block("Options", $this->build_options($duser)));
-				}
-				if($user->is_admin()) {
-					$page->add_main_block(new Block("More Options", $this->build_more_options($duser)));
-				}
-			}
-		}
-		else {
-			$page->set_title("No Such User");
-			$page->set_heading("No Such User");
-			$page->add_side_block(new NavBlock(), 0);
-			$page->add_main_block(new Block("No User By That ID",
-						"If you typed the ID by hand, try again; if you came from a link on this ".
-						"site, it might be bug report time..."));
-		}
-	}
-
-	private function build_stats($duser) {
-		global $database;
-		global $config;
-
-		$i_days_old = int_escape($duser->get_days_old());
-		$h_join_date = html_escape($duser->join_date);
-		$i_image_count = int_escape($duser->get_image_count());
-		$i_comment_count = int_escape($duser->get_comment_count());
-
-		$i_days_old2 = ($i_days_old == 0) ? 1 : $i_days_old;
-
-		$h_image_rate = sprintf("%3.1f", ($i_image_count / $i_days_old2));
-		$h_comment_rate = sprintf("%3.1f", ($i_comment_count / $i_days_old2));
-
-		return "
-			Join date: $h_join_date ($i_days_old days old)
-			<br>Images uploaded: $i_image_count ($h_image_rate / day)
-			<br>Comments made: $i_comment_count ($h_comment_rate / day)
-			";
-	}
-
-	private function build_options($duser) {
-		global $database;
-		global $config;
-
-		$html = "";
-		$html .= "
-		<form action='".make_link("user/changepass")."' method='POST'>
-			<input type='hidden' name='name' value='{$duser->name}'>
-			<input type='hidden' name='id' value='{$duser->id}'>
-			<table style='width: 300px;' border='1'>
-				<tr><td colspan='2'>Change Password</td></tr>
-				<tr><td>Password</td><td><input type='password' name='pass1'></td></tr>
-				<tr><td>Repeat Password</td><td><input type='password' name='pass2'></td></tr>
-				<tr><td colspan='2'><input type='Submit' value='Change Password'></td></tr>
-			</table>
-		</form>
-		";
-		return $html;
-	}
-
-	private function build_more_options($duser) {
-		global $database;
-		global $config;
-
-		$i_user_id = int_escape($duser->id);
-		$h_is_admin = $duser->is_admin() ? " checked" : "";
-		$h_is_enabled = $duser->is_enabled() ? " checked" : "";
-
-		$html = "
-			<form action='".make_link("user/set_more")."' method='POST'>
-			<input type='hidden' name='id' value='$i_user_id'>
-			Admin: <input name='admin' type='checkbox'$h_is_admin>
-			<br>Enabled: <input name='enabled' type='checkbox'$h_is_enabled>
-			<p><input type='submit' value='Set'>
-			</form>
-			";
-		return $html;
-	}
-
-	private function build_links_block() {
-		global $user;
-
-		$h_name = html_escape($user->name);
-		$html = "Logged in as $h_name";
-		if($user->is_admin()) {
-			$html .= "<br/><a href='".make_link("setup")."'>Board Config</a>";
-			$html .= "<br/><a href='".make_link("admin")."'>Admin</a>";
-		}
-		$html .= "<br/><a href='".make_link("user")."'>User Config</a>";
-		$html .= "<br/><a href='".make_link("user/logout")."'>Log Out</a>";
-		return $html;
-	}
-
-	private function build_login_block() {
-		global $config;
-		$html = "
-			<form action='".make_link("user/login")."' method='POST'>
-			<table border='1' summary='Login Form'>
-			<tr><td width='70'>Name</td><td width='70'><input type='text' name='user'></td></tr>
-			<tr><td>Password</td><td><input type='password' name='pass'></td></tr>
-			<tr><td colspan='2'><input type='submit' name='gobu' value='Log In'></td></tr>
-			</table>
-			</form>
-		";
-		if($config->get_bool("login_signup_enabled")) {
-			$html .= "<small><a href='".make_link("user/create")."'>Create Account</a></small>";
-		}
-		else {
-			$html .= "<small>Account creation disabled</small>";
-		}
-		return $html;
-	}
-// }}}
-}
-add_event_listener(new UserPage());
-?>

core/ext/view.ext.php

@@ -1,124 +0,0 @@
-<?php
-
-class ViewImage extends Extension {
-// event handling {{{
-	public function receive_event($event) {
-		if(is_a($event, 'PageRequestEvent') && ($event->page == "post") && ($event->get_arg(0) == "view")) {
-			$image_id = int_escape($event->get_arg(1));
-			
-			global $database;
-			$image = $database->get_image($image_id);
-
-			if(!is_null($image)) {
-				send_event(new DisplayingImageEvent($image));
-			}
-			else {
-				global $page;
-				$page->set_title("Image not found");
-				$page->set_heading("Image not found");
-				$page->add_side_block(new NavBlock(), 0);
-				$page->add_main_block(new Block("Image not found",
-					"No image in the database has the ID #$image_id"), 0);
-			}
-		}
-
-		if(is_a($event, 'DisplayingImageEvent')) {
-			$image = $event->get_image();
-			
-			global $page;
-			$page->set_title("Image {$image->id}: ".$image->get_tag_list());
-			$page->set_heading($image->get_tag_list());
-			$page->add_side_block(new Block("Navigation", $this->build_navigation($image->id)), 0);
-			$page->add_main_block(new Block("Image", $this->build_image_view($image)), 0);
-			$page->add_main_block(new Block(null, $this->build_info($image)), 10);
-		}
-
-		if(is_a($event, 'SetupBuildingEvent')) {
-			$sb = new SetupBlock("View Options");
-			$sb->add_label("Long link ");
-			$sb->add_text_option("image_ilink");
-			$sb->add_label("<br>Short link ");
-			$sb->add_text_option("image_slink");
-			$sb->add_label("<br>Thumbnail link ");
-			$sb->add_text_option("image_tlink");
-			//$sb->add_label("<br>Zoom by default");
-			//$sb->add_bool_option("view_scale");
-			$event->panel->add_main_block($sb, 30);
-		}
-		if(is_a($event, 'ConfigSaveEvent')) {
-			$event->config->set_string("image_ilink", $_POST['image_ilink']);
-			$event->config->set_string("image_slink", $_POST['image_slink']);
-			$event->config->set_string("image_tlink", $_POST['image_tlink']);
-			//$event->config->set_bool("view_scale", $_POST['view_scale']);
-		}
-	}
-// }}}
-// HTML {{{
-	var $pin = null;
-
-	private function build_pin($image_id) {
-		if(!is_null($this->pin)) {
-			return $this->pin;
-		}
-
-		global $database;
-
-		// $next_img = $database->db->GetOne("SELECT id FROM images WHERE id < ? ORDER BY id DESC", array($image_id));
-		// $prev_img = $database->db->GetOne("SELECT id FROM images WHERE id > ? ORDER BY id ASC ", array($image_id));
-		if(isset($_GET['search'])) {
-			$search_terms = explode(' ', $_GET['search']);
-			$query = "search=".html_escape($_GET['search']);
-		}
-		else {
-			$search_terms = array();
-			$query = null;
-		}
-		
-		$next = $database->get_next_image($image_id, $search_terms);
-		$prev = $database->get_prev_image($image_id, $search_terms);
-
-		$h_prev = (!is_null($prev) ? "<a href='".make_link("post/view/{$prev->id}", $query)."'>Prev</a>" : "Prev");
-		$h_index = "<a href='".make_link("index")."'>Index</a>";
-		$h_next = (!is_null($next) ? "<a href='".make_link("post/view/{$next->id}", $query)."'>Next</a>" : "Next");
-
-		$this->pin = "$h_prev | $h_index | $h_next";
-		return $this->pin;
-	}
-
-	private function build_navigation($image_id) {
-		$h_pin = $this->build_pin($image_id);
-		$h_search = "
-			<p><form action='".make_link("index")."' method='GET'>
-				<input id='search_input' name='search' type='text'
-						value='Search' autocomplete='off'>
-				<input type='submit' value='Find' style='display: none;'>
-			</form>
-			<div id='search_completions'></div>";
-
-		return "$h_pin<br>$h_search";
-	}
-
-	private function build_image_view($image) {
-		$ilink = $image->get_image_link();
-		return "<img id='main_image' src='$ilink'>";
-	}
-
-	private function build_info($image) {
-		$owner = $image->get_owner();
-		$h_owner = html_escape($owner->name);
-		$i_owner_id = int_escape($owner->id);
-
-		$html = "";
-		if(strlen($image->get_short_link()) > 0) {
-			$slink = $image->get_short_link();
-			$html .= "<p>Link: <input size='50' type='text' value='$slink'>";
-		}
-		$html .= "<p>Uploaded by <a href='".make_link("user/$h_owner")."'>$h_owner</a>";
-		$html .= "<p>".$this->build_pin($image->id);
-		
-		return $html;
-	}
-// }}}
-}
-add_event_listener(new ViewImage());
-?>

core/extension.class.php

@@ -1,5 +0,0 @@
-<?php
-class Extension {
-	public function receive_event($event) {}
-}
-?>

core/extension.php

@@ -0,0 +1,446 @@
+<?php declare(strict_types=1);
+/**
+ * Class Extension
+ *
+ * send_event(BlahEvent()) -> onBlah($event)
+ *
+ * Also loads the theme object into $this->theme if available
+ *
+ * The original concept came from Artanis's Extension extension
+ * --> https://github.com/Artanis/simple-extension/tree/master
+ * Then re-implemented by Shish after he broke the forum and couldn't
+ * find the thread where the original was posted >_<
+ */
+abstract class Extension
+{
+    /** @var string */
+    public $key;
+
+    /** @var Themelet */
+    protected $theme;
+
+    /** @var ExtensionInfo */
+    public $info;
+
+    private static $enabled_extensions = [];
+
+    public function __construct($class = null)
+    {
+        $class = $class ?? get_called_class();
+        $this->theme = $this->get_theme_object($class);
+        $this->info = ExtensionInfo::get_for_extension_class($class);
+        if ($this->info===null) {
+            throw new ScoreException("Info class not found for extension $class");
+        }
+        $this->key = $this->info->key;
+    }
+
+    /**
+     * Find the theme object for a given extension.
+     */
+    private function get_theme_object(string $base): ?Themelet
+    {
+        $custom = 'Custom'.$base.'Theme';
+        $normal = $base.'Theme';
+
+        if (class_exists($custom)) {
+            return new $custom();
+        } elseif (class_exists($normal)) {
+            return new $normal();
+        } else {
+            return null;
+        }
+    }
+
+    /**
+     * Override this to change the priority of the extension,
+     * lower numbered ones will receive events first.
+     */
+    public function get_priority(): int
+    {
+        return 50;
+    }
+
+    public static function determine_enabled_extensions()
+    {
+        self::$enabled_extensions = [];
+        foreach (array_merge(
+            ExtensionInfo::get_core_extensions(),
+            explode(",", EXTRA_EXTS)
+        ) as $key) {
+            $ext = ExtensionInfo::get_by_key($key);
+            if ($ext===null || !$ext->is_supported()) {
+                continue;
+            }
+            // FIXME: error if one of our dependencies isn't supported
+            self::$enabled_extensions[] = $ext->key;
+            if (!empty($ext->dependencies)) {
+                foreach ($ext->dependencies as $dep) {
+                    self::$enabled_extensions[] = $dep;
+                }
+            }
+        }
+    }
+
+    public static function is_enabled(string $key): ?bool
+    {
+        return in_array($key, self::$enabled_extensions);
+    }
+
+    public static function get_enabled_extensions(): array
+    {
+        return self::$enabled_extensions;
+    }
+    public static function get_enabled_extensions_as_string(): string
+    {
+        return implode(",", self::$enabled_extensions);
+    }
+
+    protected function get_version(string $name): int
+    {
+        global $config;
+        return $config->get_int($name, 0);
+    }
+
+    protected function set_version(string $name, int $ver)
+    {
+        global $config;
+        $config->set_int($name, $ver);
+        log_info("upgrade", "Set version for $name to $ver");
+    }
+}
+
+abstract class ExtensionInfo
+{
+    // Every credit you get costs us RAM. It stops now.
+    public const SHISH_NAME = "Shish";
+    public const SHISH_EMAIL = "webmaster@shishnet.org";
+    public const SHIMMIE_URL = "https://code.shishnet.org/shimmie2/";
+    public const SHISH_AUTHOR = [self::SHISH_NAME=>self::SHISH_EMAIL];
+
+    public const LICENSE_GPLV2 = "GPLv2";
+    public const LICENSE_MIT = "MIT";
+    public const LICENSE_WTFPL = "WTFPL";
+
+    public const VISIBLE_ADMIN = "admin";
+    public const VISIBLE_HIDDEN = "hidden";
+    private const VALID_VISIBILITY = [self::VISIBLE_ADMIN, self::VISIBLE_HIDDEN];
+
+    public $key;
+
+    public $core = false;
+
+    public $beta = false;
+
+    public $name;
+    public $authors = [];
+    public $link;
+    public $license;
+    public $version;
+    public $dependencies = [];
+    public $visibility;
+    public $description;
+    public $documentation;
+
+    /** @var array which DBs this ext supports (blank for 'all') */
+    public $db_support = [];
+
+    /** @var bool */
+    private $supported = null;
+
+    /** @var string */
+    private $support_info = null;
+
+    public function is_supported(): bool
+    {
+        if ($this->supported===null) {
+            $this->check_support();
+        }
+        return $this->supported;
+    }
+
+    public function get_support_info(): string
+    {
+        if ($this->supported===null) {
+            $this->check_support();
+        }
+        return $this->support_info;
+    }
+
+    private static $all_info_by_key = [];
+    private static $all_info_by_class = [];
+    private static $core_extensions = [];
+
+    protected function __construct()
+    {
+        assert(!empty($this->key), "key field is required");
+        assert(!empty($this->name), "name field is required for extension $this->key");
+        assert(empty($this->visibility) || in_array($this->visibility, self::VALID_VISIBILITY), "Invalid visibility for extension $this->key");
+        assert(is_array($this->db_support), "db_support has to be an array for extension $this->key");
+        assert(is_array($this->authors), "authors has to be an array for extension $this->key");
+        assert(is_array($this->dependencies), "dependencies has to be an array for extension $this->key");
+    }
+
+    public function is_enabled(): bool
+    {
+        return Extension::is_enabled($this->key);
+    }
+
+    private function check_support()
+    {
+        global $database;
+        $this->support_info  = "";
+        if (!empty($this->db_support) && !in_array($database->get_driver_name(), $this->db_support)) {
+            $this->support_info .= "Database not supported. ";
+        }
+        // Additional checks here as needed
+
+        $this->supported = empty($this->support_info);
+    }
+
+    public static function get_all(): array
+    {
+        return array_values(self::$all_info_by_key);
+    }
+
+    public static function get_all_keys(): array
+    {
+        return array_keys(self::$all_info_by_key);
+    }
+
+    public static function get_core_extensions(): array
+    {
+        return self::$core_extensions;
+    }
+
+    public static function get_by_key(string $key): ?ExtensionInfo
+    {
+        if (array_key_exists($key, self::$all_info_by_key)) {
+            return self::$all_info_by_key[$key];
+        } else {
+            return null;
+        }
+    }
+
+    public static function get_for_extension_class(string $base): ?ExtensionInfo
+    {
+        $normal = $base.'Info';
+
+        if (array_key_exists($normal, self::$all_info_by_class)) {
+            return self::$all_info_by_class[$normal];
+        } else {
+            return null;
+        }
+    }
+
+    public static function load_all_extension_info()
+    {
+        foreach (getSubclassesOf("ExtensionInfo") as $class) {
+            $extension_info = new $class();
+            if (array_key_exists($extension_info->key, self::$all_info_by_key)) {
+                throw new ScoreException("Extension Info $class with key $extension_info->key has already been loaded");
+            }
+
+            self::$all_info_by_key[$extension_info->key] = $extension_info;
+            self::$all_info_by_class[$class] = $extension_info;
+            if ($extension_info->core===true) {
+                self::$core_extensions[] = $extension_info->key;
+            }
+        }
+    }
+}
+
+/**
+ * Class FormatterExtension
+ *
+ * Several extensions have this in common, make a common API.
+ */
+abstract class FormatterExtension extends Extension
+{
+    public function onTextFormatting(TextFormattingEvent $event)
+    {
+        $event->formatted = $this->format($event->formatted);
+        $event->stripped  = $this->strip($event->stripped);
+    }
+
+    abstract public function format(string $text): string;
+    abstract public function strip(string $text): string;
+}
+
+/**
+ * Class DataHandlerExtension
+ *
+ * This too is a common class of extension with many methods in common,
+ * so we have a base class to extend from.
+ */
+abstract class DataHandlerExtension extends Extension
+{
+    protected $SUPPORTED_MIME = [];
+
+    protected function move_upload_to_archive(DataUploadEvent $event)
+    {
+        $target = warehouse_path(Image::IMAGE_DIR, $event->hash);
+        if (!@copy($event->tmpname, $target)) {
+            $errors = error_get_last();
+            throw new UploadException(
+                "Failed to copy file from uploads ({$event->tmpname}) to archive ($target): ".
+                "{$errors['type']} / {$errors['message']}"
+            );
+        }
+    }
+
+    public function onDataUpload(DataUploadEvent $event)
+    {
+        $supported_ext = $this->supported_ext($event->type);
+        $check_contents = $this->check_contents($event->tmpname);
+        if ($supported_ext && $check_contents) {
+            $this->move_upload_to_archive($event);
+            send_event(new ThumbnailGenerationEvent($event->hash, $event->type));
+
+            /* Check if we are replacing an image */
+            if (!is_null($event->replace_id)) {
+                /* hax: This seems like such a dirty way to do this.. */
+
+                /* Check to make sure the image exists. */
+                $existing = Image::by_id($event->replace_id);
+
+                if (is_null($existing)) {
+                    throw new UploadException("Image to replace does not exist!");
+                }
+                if ($existing->hash === $event->metadata['hash']) {
+                    throw new UploadException("The uploaded image is the same as the one to replace.");
+                }
+
+                // even more hax..
+                $event->metadata['tags'] = $existing->get_tag_list();
+                $image = $this->create_image_from_data(warehouse_path(Image::IMAGE_DIR, $event->metadata['hash']), $event->metadata);
+                if (is_null($image)) {
+                    throw new UploadException("Data handler failed to create image object from data");
+                }
+                if (empty($image->ext)) {
+                    throw new UploadException("Unable to determine extension for ". $event->tmpname);
+                }
+                try {
+                    send_event(new MediaCheckPropertiesEvent($image));
+                } catch (MediaException $e) {
+                    throw new UploadException("Unable to scan media properties: ".$e->getMessage());
+                }
+
+                send_event(new ImageReplaceEvent($event->replace_id, $image));
+                $event->image_id = $event->replace_id;
+            } else {
+                $image = $this->create_image_from_data(warehouse_path(Image::IMAGE_DIR, $event->hash), $event->metadata);
+                if (is_null($image)) {
+                    throw new UploadException("Data handler failed to create image object from data");
+                }
+                if (empty($image->ext)) {
+                    throw new UploadException("Unable to determine extension for ". $event->tmpname);
+                }
+                try {
+                    send_event(new MediaCheckPropertiesEvent($image));
+                } catch (MediaException $e) {
+                    throw new UploadException("Unable to scan media properties: ".$e->getMessage());
+                }
+
+                $iae = send_event(new ImageAdditionEvent($image));
+                $event->image_id = $iae->image->id;
+                $event->merged = $iae->merged;
+
+                // Rating Stuff.
+                if (!empty($event->metadata['rating'])) {
+                    $rating = $event->metadata['rating'];
+                    send_event(new RatingSetEvent($image, $rating));
+                }
+
+                // Locked Stuff.
+                if (!empty($event->metadata['locked'])) {
+                    $locked = $event->metadata['locked'];
+                    send_event(new LockSetEvent($image, !empty($locked)));
+                }
+            }
+        } elseif ($supported_ext && !$check_contents) {
+            // We DO support this extension - but the file looks corrupt
+            throw new UploadException("Invalid or corrupted file");
+        }
+    }
+
+    public function onThumbnailGeneration(ThumbnailGenerationEvent $event)
+    {
+        $result = false;
+        if ($this->supported_ext($event->type)) {
+            if ($event->force) {
+                $result = $this->create_thumb($event->hash, $event->type);
+            } else {
+                $outname = warehouse_path(Image::THUMBNAIL_DIR, $event->hash);
+                if (file_exists($outname)) {
+                    return;
+                }
+                $result = $this->create_thumb($event->hash, $event->type);
+            }
+        }
+        if ($result) {
+            $event->generated = true;
+        }
+    }
+
+    public function onDisplayingImage(DisplayingImageEvent $event)
+    {
+        global $page;
+        if ($this->supported_ext($event->image->ext)) {
+            /** @noinspection PhpPossiblePolymorphicInvocationInspection */
+            $this->theme->display_image($page, $event->image);
+        }
+    }
+
+    public function onMediaCheckProperties(MediaCheckPropertiesEvent $event)
+    {
+        if ($this->supported_ext($event->ext)) {
+            $this->media_check_properties($event);
+        }
+    }
+
+    protected function create_image_from_data(string $filename, array $metadata): Image
+    {
+        global $config;
+
+        $image = new Image();
+
+        $image->filesize = $metadata['size'];
+        $image->hash = $metadata['hash'];
+        $image->filename = (($pos = strpos($metadata['filename'], '?')) !== false) ? substr($metadata['filename'], 0, $pos) : $metadata['filename'];
+        if ($config->get_bool("upload_use_mime")) {
+            $image->ext = get_extension_for_file($filename);
+        }
+        if (empty($image->ext)) {
+            $image->ext = (($pos = strpos($metadata['extension'], '?')) !== false) ? substr($metadata['extension'], 0, $pos) : $metadata['extension'];
+        }
+
+        $image->tag_array = is_array($metadata['tags']) ? $metadata['tags'] : Tag::explode($metadata['tags']);
+        $image->source = $metadata['source'];
+
+        return $image;
+    }
+
+    abstract protected function media_check_properties(MediaCheckPropertiesEvent $event): void;
+    abstract protected function check_contents(string $tmpname): bool;
+    abstract protected function create_thumb(string $hash, string $type): bool;
+
+    protected function supported_ext(string $ext): bool
+    {
+        return in_array(get_mime_for_extension($ext), $this->SUPPORTED_MIME);
+    }
+
+    public static function get_all_supported_exts(): array
+    {
+        $arr = [];
+        foreach (getSubclassesOf("DataHandlerExtension") as $handler) {
+            $handler = (new $handler());
+
+            foreach ($handler->SUPPORTED_MIME as $mime) {
+                $arr = array_merge($arr, get_all_extension_for_mime($mime));
+            }
+        }
+        $arr = array_unique($arr);
+        return $arr;
+    }
+}

core/filetypes.php

@@ -0,0 +1,448 @@
+<?php
+/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *\
+* MIME types and extension information and resolvers                        *
+\* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
+
+const EXTENSION_ANI = 'ani';
+const EXTENSION_ASC = 'asc';
+const EXTENSION_ASF = 'asf';
+const EXTENSION_AVI = 'avi';
+const EXTENSION_BMP = 'bmp';
+const EXTENSION_BZIP = 'bz';
+const EXTENSION_BZIP2 = 'bz2';
+const EXTENSION_CBR = 'cbr';
+const EXTENSION_CBZ = 'cbz';
+const EXTENSION_CBT = 'cbt';
+const EXTENSION_CBA = 'cbA';
+const EXTENSION_CB7 = 'cb7';
+const EXTENSION_CSS = 'css';
+const EXTENSION_CSV = 'csv';
+const EXTENSION_CUR = 'cur';
+const EXTENSION_FLASH = 'swf';
+const EXTENSION_FLASH_VIDEO = 'flv';
+const EXTENSION_GIF = 'gif';
+const EXTENSION_GZIP = 'gz';
+const EXTENSION_HTML = 'html';
+const EXTENSION_HTM = 'htm';
+const EXTENSION_ICO = 'ico';
+const EXTENSION_JFIF = 'jfif';
+const EXTENSION_JFI = 'jfi';
+const EXTENSION_JPEG = 'jpeg';
+const EXTENSION_JPG = 'jpg';
+const EXTENSION_JS = 'js';
+const EXTENSION_JSON = 'json';
+const EXTENSION_MKV = 'mkv';
+const EXTENSION_MP3 = 'mp3';
+const EXTENSION_MP4 = 'mp4';
+const EXTENSION_M4V = 'm4v';
+const EXTENSION_M4A = 'm4a';
+const EXTENSION_MPEG = 'mpeg';
+const EXTENSION_MPG = 'mpg';
+const EXTENSION_OGG = 'ogg';
+const EXTENSION_OGG_VIDEO = 'ogv';
+const EXTENSION_OGG_AUDIO = 'oga';
+const EXTENSION_PDF = 'pdf';
+const EXTENSION_PHP = 'php';
+const EXTENSION_PHP5 = 'php5';
+const EXTENSION_PNG = 'png';
+const EXTENSION_PSD = 'psd';
+const EXTENSION_MOV = 'mov';
+const EXTENSION_RSS = 'rss';
+const EXTENSION_SVG = 'svg';
+const EXTENSION_TAR = 'tar';
+const EXTENSION_TEXT = 'txt';
+const EXTENSION_TIFF = 'tiff';
+const EXTENSION_TIF = 'tif';
+const EXTENSION_WAV = 'wav';
+const EXTENSION_WEBM = 'webm';
+const EXTENSION_WEBP = 'webp';
+const EXTENSION_WMA = 'wma';
+const EXTENSION_WMV = 'wmv';
+const EXTENSION_XML = 'xml';
+const EXTENSION_XSL = 'xsl';
+const EXTENSION_ZIP = 'zip';
+
+
+// Couldn't find a mimetype for ani, so made one up based on it being a riff container
+const MIME_TYPE_ANI = 'application/riff+ani';
+const MIME_TYPE_ASF = 'video/x-ms-asf';
+const MIME_TYPE_AVI = 'video/x-msvideo';
+// Went with mime types from http://fileformats.archiveteam.org/wiki/Comic_Book_Archive
+const MIME_TYPE_COMIC_ZIP = 'application/vnd.comicbook+zip';
+const MIME_TYPE_COMIC_RAR = 'application/vnd.comicbook-rar';
+const MIME_TYPE_BMP = 'image/x-ms-bmp';
+const MIME_TYPE_BZIP = 'application/x-bzip';
+const MIME_TYPE_BZIP2 = 'application/x-bzip2';
+const MIME_TYPE_CSS = 'text/css';
+const MIME_TYPE_CSV = 'text/csv';
+const MIME_TYPE_FLASH = 'application/x-shockwave-flash';
+const MIME_TYPE_FLASH_VIDEO = 'video/x-flv';
+const MIME_TYPE_GIF = 'image/gif';
+const MIME_TYPE_GZIP = 'application/x-gzip';
+const MIME_TYPE_HTML = 'text/html';
+const MIME_TYPE_ICO = 'image/x-icon';
+const MIME_TYPE_JPEG = 'image/jpeg';
+const MIME_TYPE_JS = 'text/javascript';
+const MIME_TYPE_JSON = 'application/json';
+const MIME_TYPE_MKV = 'video/x-matroska';
+const MIME_TYPE_MP3 = 'audio/mpeg';
+const MIME_TYPE_MP4_AUDIO = 'audio/mp4';
+const MIME_TYPE_MP4_VIDEO = 'video/mp4';
+const MIME_TYPE_MPEG = 'video/mpeg';
+const MIME_TYPE_OCTET_STREAM = 'application/octet-stream';
+const MIME_TYPE_OGG = 'application/ogg';
+const MIME_TYPE_OGG_VIDEO = 'video/ogg';
+const MIME_TYPE_OGG_AUDIO = 'audio/ogg';
+const MIME_TYPE_PDF = 'application/pdf';
+const MIME_TYPE_PHP = 'text/x-php';
+const MIME_TYPE_PNG = 'image/png';
+const MIME_TYPE_PSD = 'image/vnd.adobe.photoshop';
+const MIME_TYPE_QUICKTIME = 'video/quicktime';
+const MIME_TYPE_RSS = 'application/rss+xml';
+const MIME_TYPE_SVG = 'image/svg+xml';
+const MIME_TYPE_TAR = 'application/x-tar';
+const MIME_TYPE_TEXT = 'text/plain';
+const MIME_TYPE_TIFF = 'image/tiff';
+const MIME_TYPE_WAV = 'audio/x-wav';
+const MIME_TYPE_WEBM = 'video/webm';
+const MIME_TYPE_WEBP = 'image/webp';
+const MIME_TYPE_WIN_BITMAP = 'image/x-win-bitmap';
+const MIME_TYPE_XML = 'text/xml';
+const MIME_TYPE_XML_APPLICATION = 'application/xml';
+const MIME_TYPE_XSL = 'application/xsl+xml';
+const MIME_TYPE_ZIP = 'application/zip';
+
+const MIME_TYPE_MAP_NAME = 'name';
+const MIME_TYPE_MAP_EXT = 'ext';
+const MIME_TYPE_MAP_MIME = 'mime';
+
+// Mime type map. Each entry in the MIME_TYPE_ARRAY represents a kind of file, identified by the "correct" mimetype as the key.
+// The value for each entry is a map of twokeys, ext and mime.
+// ext's value is an array of all of the extensions that the file type can use, with the "correct" one being first.
+// mime's value is an array of all mime types that the file type is known to use, with the current "correct" one being first.
+
+const MIME_TYPE_MAP = [
+    MIME_TYPE_ANI => [
+        MIME_TYPE_MAP_NAME => "ANI Cursor",
+        MIME_TYPE_MAP_EXT => [EXTENSION_ANI],
+        MIME_TYPE_MAP_MIME => [MIME_TYPE_ANI],
+    ],
+    MIME_TYPE_AVI => [
+        MIME_TYPE_MAP_NAME => "AVI",
+        MIME_TYPE_MAP_EXT => [EXTENSION_AVI],
+        MIME_TYPE_MAP_MIME => [MIME_TYPE_AVI,'video/avi','video/msvideo'],
+    ],
+    MIME_TYPE_ASF => [
+        MIME_TYPE_MAP_NAME => "ASF/WMV",
+        MIME_TYPE_MAP_EXT => [EXTENSION_ASF,EXTENSION_WMA,EXTENSION_WMV],
+        MIME_TYPE_MAP_MIME => [MIME_TYPE_ASF,'audio/x-ms-wma','video/x-ms-wmv'],
+    ],
+    MIME_TYPE_BMP => [
+        MIME_TYPE_MAP_NAME => "BMP",
+        MIME_TYPE_MAP_EXT => [EXTENSION_BMP],
+        MIME_TYPE_MAP_MIME => [MIME_TYPE_BMP],
+    ],
+    MIME_TYPE_BZIP => [
+        MIME_TYPE_MAP_NAME => "BZIP",
+        MIME_TYPE_MAP_EXT => [EXTENSION_BZIP],
+        MIME_TYPE_MAP_MIME => [MIME_TYPE_BZIP],
+    ],
+    MIME_TYPE_BZIP2 => [
+        MIME_TYPE_MAP_NAME => "BZIP2",
+        MIME_TYPE_MAP_EXT => [EXTENSION_BZIP2],
+        MIME_TYPE_MAP_MIME => [MIME_TYPE_BZIP2],
+    ],
+    MIME_TYPE_COMIC_ZIP => [
+        MIME_TYPE_MAP_NAME => "CBZ",
+        MIME_TYPE_MAP_EXT => [EXTENSION_CBZ],
+        MIME_TYPE_MAP_MIME => [MIME_TYPE_COMIC_ZIP],
+    ],
+    MIME_TYPE_CSS => [
+        MIME_TYPE_MAP_NAME => "Cascading Style Sheet",
+        MIME_TYPE_MAP_EXT => [EXTENSION_CSS],
+        MIME_TYPE_MAP_MIME => [MIME_TYPE_CSS],
+    ],
+    MIME_TYPE_CSV => [
+        MIME_TYPE_MAP_NAME => "CSV",
+        MIME_TYPE_MAP_EXT => [EXTENSION_CSV],
+        MIME_TYPE_MAP_MIME => [MIME_TYPE_CSV],
+    ],
+    MIME_TYPE_FLASH => [
+        MIME_TYPE_MAP_NAME => "Flash",
+        MIME_TYPE_MAP_EXT => [EXTENSION_FLASH],
+        MIME_TYPE_MAP_MIME => [MIME_TYPE_FLASH],
+    ],
+    MIME_TYPE_FLASH_VIDEO => [
+        MIME_TYPE_MAP_NAME => "Flash Video",
+        MIME_TYPE_MAP_EXT => [EXTENSION_FLASH_VIDEO],
+        MIME_TYPE_MAP_MIME => [MIME_TYPE_FLASH_VIDEO,'video/flv'],
+    ],
+    MIME_TYPE_GIF => [
+        MIME_TYPE_MAP_NAME => "GIF",
+        MIME_TYPE_MAP_EXT => [EXTENSION_GIF],
+        MIME_TYPE_MAP_MIME => [MIME_TYPE_GIF],
+    ],
+    MIME_TYPE_GZIP => [
+        MIME_TYPE_MAP_NAME => "GZIP",
+        MIME_TYPE_MAP_EXT => [EXTENSION_GZIP],
+        MIME_TYPE_MAP_MIME => [MIME_TYPE_TAR],
+    ],
+    MIME_TYPE_HTML => [
+        MIME_TYPE_MAP_NAME => "HTML",
+        MIME_TYPE_MAP_EXT => [EXTENSION_HTM, EXTENSION_HTML],
+        MIME_TYPE_MAP_MIME => [MIME_TYPE_HTML],
+    ],
+    MIME_TYPE_ICO => [
+        MIME_TYPE_MAP_NAME => "Icon",
+        MIME_TYPE_MAP_EXT => [EXTENSION_ICO, EXTENSION_CUR],
+        MIME_TYPE_MAP_MIME => [MIME_TYPE_ICO, MIME_TYPE_WIN_BITMAP],
+    ],
+    MIME_TYPE_JPEG => [
+        MIME_TYPE_MAP_NAME => "JPEG",
+        MIME_TYPE_MAP_EXT => [EXTENSION_JPG, EXTENSION_JPEG, EXTENSION_JFIF, EXTENSION_JFI],
+        MIME_TYPE_MAP_MIME => [MIME_TYPE_JPEG],
+    ],
+    MIME_TYPE_JS => [
+        MIME_TYPE_MAP_NAME => "JavaScript",
+        MIME_TYPE_MAP_EXT => [EXTENSION_JS],
+        MIME_TYPE_MAP_MIME => [MIME_TYPE_JS],
+    ],
+    MIME_TYPE_JSON => [
+        MIME_TYPE_MAP_NAME => "JSON",
+        MIME_TYPE_MAP_EXT => [EXTENSION_JSON],
+        MIME_TYPE_MAP_MIME => [MIME_TYPE_JSON],
+    ],
+    MIME_TYPE_MKV => [
+        MIME_TYPE_MAP_NAME => "Matroska",
+        MIME_TYPE_MAP_EXT => [EXTENSION_MKV],
+        MIME_TYPE_MAP_MIME => [MIME_TYPE_MKV],
+    ],
+    MIME_TYPE_MP3 => [
+        MIME_TYPE_MAP_NAME => "MP3",
+        MIME_TYPE_MAP_EXT => [EXTENSION_MP3],
+        MIME_TYPE_MAP_MIME => [MIME_TYPE_MP3],
+    ],
+    MIME_TYPE_MP4_AUDIO => [
+        MIME_TYPE_MAP_NAME => "MP4 Audio",
+        MIME_TYPE_MAP_EXT => [EXTENSION_M4A],
+        MIME_TYPE_MAP_MIME => [MIME_TYPE_MP4_AUDIO,"audio/m4a"],
+    ],
+    MIME_TYPE_MP4_VIDEO => [
+        MIME_TYPE_MAP_NAME => "MP4 Video",
+        MIME_TYPE_MAP_EXT => [EXTENSION_MP4,EXTENSION_M4V],
+        MIME_TYPE_MAP_MIME => [MIME_TYPE_MP4_VIDEO,'video/x-m4v'],
+    ],
+    MIME_TYPE_MPEG => [
+        MIME_TYPE_MAP_NAME => "MPEG",
+        MIME_TYPE_MAP_EXT => [EXTENSION_MPG,EXTENSION_MPEG],
+        MIME_TYPE_MAP_MIME => [MIME_TYPE_MPEG],
+    ],
+    MIME_TYPE_PDF => [
+        MIME_TYPE_MAP_NAME => "PDF",
+        MIME_TYPE_MAP_EXT => [EXTENSION_PDF],
+        MIME_TYPE_MAP_MIME => [MIME_TYPE_PDF],
+    ],
+    MIME_TYPE_PHP => [
+        MIME_TYPE_MAP_NAME => "PHP",
+        MIME_TYPE_MAP_EXT => [EXTENSION_PHP,EXTENSION_PHP5],
+        MIME_TYPE_MAP_MIME => [MIME_TYPE_PHP],
+    ],
+    MIME_TYPE_PNG => [
+        MIME_TYPE_MAP_NAME => "PNG",
+        MIME_TYPE_MAP_EXT => [EXTENSION_PNG],
+        MIME_TYPE_MAP_MIME => [MIME_TYPE_PNG],
+    ],
+    MIME_TYPE_PSD => [
+        MIME_TYPE_MAP_NAME => "PSD",
+        MIME_TYPE_MAP_EXT => [EXTENSION_PSD],
+        MIME_TYPE_MAP_MIME => [MIME_TYPE_PSD],
+    ],
+    MIME_TYPE_OGG_AUDIO => [
+        MIME_TYPE_MAP_NAME => "Ogg Vorbis",
+        MIME_TYPE_MAP_EXT => [EXTENSION_OGG_AUDIO,EXTENSION_OGG],
+        MIME_TYPE_MAP_MIME => [MIME_TYPE_OGG_AUDIO,MIME_TYPE_OGG],
+    ],
+    MIME_TYPE_OGG_VIDEO => [
+        MIME_TYPE_MAP_NAME => "Ogg Theora",
+        MIME_TYPE_MAP_EXT => [EXTENSION_OGG_VIDEO],
+        MIME_TYPE_MAP_MIME => [MIME_TYPE_OGG_VIDEO],
+    ],
+    MIME_TYPE_QUICKTIME => [
+        MIME_TYPE_MAP_NAME => "Quicktime",
+        MIME_TYPE_MAP_EXT => [EXTENSION_MOV],
+        MIME_TYPE_MAP_MIME => [MIME_TYPE_QUICKTIME],
+    ],
+    MIME_TYPE_RSS => [
+        MIME_TYPE_MAP_NAME => "RSS",
+        MIME_TYPE_MAP_EXT => [EXTENSION_RSS],
+        MIME_TYPE_MAP_MIME => [MIME_TYPE_RSS],
+    ],
+    MIME_TYPE_SVG => [
+        MIME_TYPE_MAP_NAME => "SVG",
+        MIME_TYPE_MAP_EXT => [EXTENSION_SVG],
+        MIME_TYPE_MAP_MIME => [MIME_TYPE_SVG],
+    ],
+    MIME_TYPE_TAR => [
+        MIME_TYPE_MAP_NAME => "TAR",
+        MIME_TYPE_MAP_EXT => [EXTENSION_TAR],
+        MIME_TYPE_MAP_MIME => [MIME_TYPE_TAR],
+    ],
+    MIME_TYPE_TEXT => [
+        MIME_TYPE_MAP_NAME => "Text",
+        MIME_TYPE_MAP_EXT => [EXTENSION_TEXT, EXTENSION_ASC],
+        MIME_TYPE_MAP_MIME => [MIME_TYPE_TEXT],
+    ],
+    MIME_TYPE_TIFF => [
+        MIME_TYPE_MAP_NAME => "TIFF",
+        MIME_TYPE_MAP_EXT => [EXTENSION_TIF,EXTENSION_TIFF],
+        MIME_TYPE_MAP_MIME => [MIME_TYPE_TIFF],
+    ],
+    MIME_TYPE_WAV => [
+        MIME_TYPE_MAP_NAME => "Wave",
+        MIME_TYPE_MAP_EXT => [EXTENSION_WAV],
+        MIME_TYPE_MAP_MIME => [MIME_TYPE_WAV],
+    ],
+    MIME_TYPE_WEBM => [
+        MIME_TYPE_MAP_NAME => "WebM",
+        MIME_TYPE_MAP_EXT => [EXTENSION_WEBM],
+        MIME_TYPE_MAP_MIME => [MIME_TYPE_WEBM],
+    ],
+    MIME_TYPE_WEBP => [
+        MIME_TYPE_MAP_NAME => "WebP",
+        MIME_TYPE_MAP_EXT => [EXTENSION_WEBP],
+        MIME_TYPE_MAP_MIME => [MIME_TYPE_WEBP],
+    ],
+    MIME_TYPE_XML => [
+        MIME_TYPE_MAP_NAME => "XML",
+        MIME_TYPE_MAP_EXT => [EXTENSION_XML],
+        MIME_TYPE_MAP_MIME => [MIME_TYPE_XML,MIME_TYPE_XML_APPLICATION],
+    ],
+    MIME_TYPE_XSL => [
+        MIME_TYPE_MAP_NAME => "XSL",
+        MIME_TYPE_MAP_EXT => [EXTENSION_XSL],
+        MIME_TYPE_MAP_MIME => [MIME_TYPE_XSL],
+    ],
+    MIME_TYPE_ZIP => [
+        MIME_TYPE_MAP_NAME => "ZIP",
+        MIME_TYPE_MAP_EXT => [EXTENSION_ZIP],
+        MIME_TYPE_MAP_MIME => [MIME_TYPE_ZIP],
+    ],
+];
+
+/**
+ * Returns the mimetype that matches the provided extension.
+ */
+function get_mime_for_extension(string $ext): ?string
+{
+    $ext = strtolower($ext);
+
+    foreach (MIME_TYPE_MAP as $key=>$value) {
+        if (in_array($ext, $value[MIME_TYPE_MAP_EXT])) {
+            return $key;
+        }
+    }
+    return null;
+}
+
+/**
+ * Returns the mimetype for the specified file, trying file inspection methods before falling back on extension-based detection.
+ * @param String $file
+ * @param String $ext The files extension, for if the current filename somehow lacks the extension
+ * @return String The extension that was found.
+ */
+function get_mime(string $file, string $ext=""): string
+{
+    if (!file_exists($file)) {
+        throw new SCoreException("File not found: ".$file);
+    }
+
+    $type = false;
+
+    if (extension_loaded('fileinfo')) {
+        $finfo = finfo_open(FILEINFO_MIME_TYPE);
+        try {
+            $type = finfo_file($finfo, $file);
+        } finally {
+            finfo_close($finfo);
+        }
+    } elseif (function_exists('mime_content_type')) {
+        // If anyone is still using mime_content_type()
+        $type = trim(mime_content_type($file));
+    }
+
+    if ($type===false || empty($type)) {
+        // Checking by extension is our last resort
+        if ($ext==null||strlen($ext) == 0) {
+            $ext = pathinfo($file, PATHINFO_EXTENSION);
+        }
+
+        $type = get_mime_for_extension($ext);
+    }
+
+    if ($type !== false && strlen($type) > 0) {
+        return $type;
+    }
+
+    return MIME_TYPE_OCTET_STREAM;
+}
+
+/**
+ * Returns the file extension associated with the specified mimetype.
+ */
+function get_extension(?string $mime_type): ?string
+{
+    if (empty($mime_type)) {
+        return null;
+    }
+
+    if ($mime_type==MIME_TYPE_OCTET_STREAM) {
+        return null;
+    }
+
+    foreach (MIME_TYPE_MAP as $key=>$value) {
+        if (in_array($mime_type, $value[MIME_TYPE_MAP_MIME])) {
+            return $value[MIME_TYPE_MAP_EXT][0];
+        }
+    }
+    return null;
+}
+
+/**
+ * Returns all of the file extensions associated with the specified mimetype.
+ */
+function get_all_extension_for_mime(?string $mime_type): array
+{
+    $output = [];
+    if (empty($mime_type)) {
+        return $output;
+    }
+
+    foreach (MIME_TYPE_MAP as $key=>$value) {
+        if (in_array($mime_type, $value[MIME_TYPE_MAP_MIME])) {
+            $output = array_merge($output, $value[MIME_TYPE_MAP_EXT]);
+        }
+    }
+    return $output;
+}
+
+/**
+ * Gets an the extension defined in MIME_TYPE_MAP for a file.
+ *
+ * @param String $file_path
+ * @return String The extension that was found, or null if one can not be found.
+ */
+function get_extension_for_file(String $file_path): ?String
+{
+    $mime = get_mime($file_path);
+    if (!empty($mime)) {
+        if ($mime==MIME_TYPE_OCTET_STREAM) {
+            return null;
+        } else {
+            $ext = get_extension($mime);
+        }
+        if (!empty($ext)) {
+            return $ext;
+        }
+    }
+    return null;
+}

core/image.class.php

@@ -1,162 +0,0 @@
-<?php
-
-class Image {
-	var $id = null;
-	var $height, $width;
-	var $hash, $filesize;
-	var $filename, $ext;
-
-	public function Image($a=false, $b=false, $c=false) {
-		if($b == false && $c == false) {
-			$this->create_from_row($a);
-		}
-		else {
-			$this->create_from_data($a, $b, $c);
-		}
-	}
-
-	private function create_from_row($row) {
-		$this->id       = $row['id'];
-		$this->owner_id = $row['owner_id'];
-		$this->filename = $row['filename'];
-		$this->filesize = $row['filesize'];
-		$this->hash     = $row['hash'];
-		$this->ext      = $row['ext'];
-		$this->width    = $row['width'];
-		$this->height   = $row['height'];
-	}
-
-	private function mime_to_ext($mime) {
-		switch($mime) {
-			default:
-			case 'image/jpeg': return "jpg"; break;
-			case 'image/png': return "png"; break;
-			case 'image/gif': return "gif"; break;
-		}
-	}
-
-	private function create_from_data($tmp, $filename, $tags) {
-		global $config;
-
-		$this->ok = false;
-		$info = "";
-
-		if(!file_exists($tmp)) return;
-		if(filesize($tmp) > $config->get_int('upload_size')) return;
-		if(!($info = getimagesize($tmp))) return;
-
-		$this->width = $info[0];
-		$this->height = $info[1];
-		$this->mime_type = $info['mime'];
-		$this->filename = str_replace("/", "_", $filename); // is this even possible?
-		$this->filesize = filesize($tmp);
-		$this->ext = $this->mime_to_ext($info['mime']);
-		$this->hash = md5_file($tmp);
-		$this->temp_filename = $tmp;
-		
-		$this->tag_array = tag_explode($tags);
-
-		$this->ok = true;
-	}
-
-	public function is_ok() {
-		return $this->ok;
-	}
-
-	public function get_owner() {
-		global $database;
-		return $database->get_user($this->owner_id);
-	}
-
-	public function get_tag_array() {
-		if(!isset($this->tag_array)) {
-			global $database;
-			$this->tag_array = Array();
-			$row = $database->db->Execute("SELECT * FROM tags WHERE image_id=?", array($this->id));
-			while(!$row->EOF) {
-				$this->tag_array[] = $row->fields['tag'];
-				$row->MoveNext();
-			}
-		}
-		return $this->tag_array;
-	}
-
-	public function get_tag_list() {
-		return implode(' ', $this->get_tag_array());
-	}
-
-	public function get_image_link() {
-		global $config;
-		return $this->parse_link_template($config->get_string('image_ilink'), $this);
-	}
-
-	public function get_short_link() {
-		global $config;
-		return $this->parse_link_template($config->get_string('image_slink'), $this);
-	}
-
-	public function get_thumb_link() {
-		global $config;
-		return $this->parse_link_template($config->get_string('image_tlink'), $this);
-	}
-
-	public function get_tooltip() {
-		global $config;
-		return $this->parse_link_template($config->get_string('image_tip'), $this);
-	}
-
-	public function get_image_filename() {
-		global $config;
-		$hash = $this->hash;
-		$ab = substr($hash, 0, 2);
-		$ext = $this->ext;
-		return "images/$ab/$hash";
-	}
-
-	public function get_thumb_filename() {
-		global $config;
-		$hash = $this->hash;
-		$ab = substr($hash, 0, 2);
-		return "thumbs/$ab/$hash";
-	}
-
-	public function get_filename() {
-		return $this->filename;
-	}
-	
-	public function get_mime_type() {
-		return "image/".($this->ext);
-	}
-
-	public function get_ext() {
-		return $this->ext;
-	}
-
-	private function parse_link_template($tmpl, $img) {
-		global $config;
-
-		// don't bother hitting the database if it won't be used...
-		$safe_tags = "";
-		if(strpos($tmpl, '$tags') !== false) { // * stabs dynamically typed languages with a rusty spoon *
-			$safe_tags = preg_replace(
-					"/[^a-zA-Z0-9_\- ]/",
-					"", $img->get_tag_list());
-		}
-
-		$base_href = $config->get_string('base_href');
-		$fname = $img->get_filename();
-		$base_fname = strpos($fname, '.') ? substr($fname, 0, strrpos($fname, '.')) : $fname;
-
-		$tmpl = str_replace('$id',   $img->id,   $tmpl);
-		$tmpl = str_replace('$hash', $img->hash, $tmpl);
-		$tmpl = str_replace('$tags', $safe_tags, $tmpl);
-		$tmpl = str_replace('$base', $base_href, $tmpl);
-		$tmpl = str_replace('$ext',  $img->ext,  $tmpl);
-		$tmpl = str_replace('$size', "{$img->width}x{$img->height}", $tmpl);
-		$tmpl = str_replace('$filesize', to_shorthand_int($img->filesize), $tmpl);
-		$tmpl = str_replace('$filename', $base_fname, $tmpl);
-
-		return $tmpl;
-	}
-}
-?>

core/imageboard/event.php

@@ -0,0 +1,149 @@
+<?php declare(strict_types=1);
+
+/**
+ * An image is being added to the database.
+ */
+class ImageAdditionEvent extends Event
+{
+    /** @var User */
+    public $user;
+
+    /** @var Image */
+    public $image;
+
+    public $merged = false;
+
+    /**
+     * Inserts a new image into the database with its associated
+     * information. Also calls TagSetEvent to set the tags for
+     * this new image.
+     */
+    public function __construct(Image $image)
+    {
+        parent::__construct();
+        $this->image = $image;
+    }
+}
+
+class ImageAdditionException extends SCoreException
+{
+}
+
+/**
+ * An image is being deleted.
+ */
+class ImageDeletionEvent extends Event
+{
+    /** @var Image */
+    public $image;
+
+    /** @var bool */
+    public $force = false;
+
+    /**
+     * Deletes an image.
+     *
+     * Used by things like tags and comments handlers to
+     * clean out related rows in their tables.
+     */
+    public function __construct(Image $image, bool $force = false)
+    {
+        parent::__construct();
+        $this->image = $image;
+        $this->force = $force;
+    }
+}
+
+/**
+ * An image is being replaced.
+ */
+class ImageReplaceEvent extends Event
+{
+    /** @var int */
+    public $id;
+    /** @var Image */
+    public $image;
+
+    /**
+     * Replaces an image.
+     *
+     * Updates an existing ID in the database to use a new image
+     * file, leaving the tags and such unchanged. Also removes
+     * the old image file and thumbnail from the disk.
+     */
+    public function __construct(int $id, Image $image)
+    {
+        parent::__construct();
+        $this->id = $id;
+        $this->image = $image;
+    }
+}
+
+class ImageReplaceException extends SCoreException
+{
+}
+
+/**
+ * Request a thumbnail be made for an image object.
+ */
+class ThumbnailGenerationEvent extends Event
+{
+    /** @var string */
+    public $hash;
+    /** @var string */
+    public $type;
+    /** @var bool */
+    public $force;
+
+    /** @var bool */
+    public $generated;
+
+    /**
+     * Request a thumbnail be made for an image object
+     */
+    public function __construct(string $hash, string $type, bool $force=false)
+    {
+        parent::__construct();
+        $this->hash = $hash;
+        $this->type = $type;
+        $this->force = $force;
+        $this->generated = false;
+    }
+}
+
+
+/*
+ * ParseLinkTemplateEvent:
+ *   $link     -- the formatted text (with each element URL Escape'd)
+ *   $text     -- the formatted text (not escaped)
+ *   $original -- the formatting string, for reference
+ *   $image    -- the image who's link is being parsed
+ */
+class ParseLinkTemplateEvent extends Event
+{
+    /** @var string */
+    public $link;
+    /** @var string */
+    public $text;
+    /** @var string */
+    public $original;
+    /** @var Image */
+    public $image;
+
+    public function __construct(string $link, Image $image)
+    {
+        parent::__construct();
+        $this->link = $link;
+        $this->text = $link;
+        $this->original = $link;
+        $this->image = $image;
+    }
+
+    public function replace(string $needle, ?string $replace): void
+    {
+        if (!is_null($replace)) {
+            $this->link = str_replace($needle, url_escape($replace), $this->link);
+            $this->text = str_replace($needle, $replace, $this->text);
+        }
+    }
+}

core/imageboard/misc.php

@@ -0,0 +1,186 @@
+<?php declare(strict_types=1);
+/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *\
+* Misc functions                                                            *
+\* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
+
+/**
+ * Add a directory full of images
+ *
+ * @param string $base
+ * @return array
+ */
+function add_dir(string $base): array
+{
+    $results = [];
+
+    foreach (list_files($base) as $full_path) {
+        $short_path = str_replace($base, "", $full_path);
+        $filename = basename($full_path);
+
+        $tags = path_to_tags($short_path);
+        $result = "$short_path (".str_replace(" ", ", ", $tags).")... ";
+        try {
+            add_image($full_path, $filename, $tags);
+            $result .= "ok";
+        } catch (UploadException $ex) {
+            $result .= "failed: ".$ex->getMessage();
+        }
+        $results[] = $result;
+    }
+
+    return $results;
+}
+
+/**
+ * Sends a DataUploadEvent for a file.
+ *
+ * @param string $tmpname
+ * @param string $filename
+ * @param string $tags
+ * @throws UploadException
+ */
+function add_image(string $tmpname, string $filename, string $tags): int
+{
+    assert(file_exists($tmpname));
+
+    $pathinfo = pathinfo($filename);
+    $metadata = [];
+    $metadata['filename'] = $pathinfo['basename'];
+    if (array_key_exists('extension', $pathinfo)) {
+        $metadata['extension'] = $pathinfo['extension'];
+    }
+
+    $metadata['tags'] = Tag::explode($tags);
+    $metadata['source'] = null;
+
+    $due = new DataUploadEvent($tmpname, $metadata);
+    send_event($due);
+
+    return $due->image_id;
+}
+
+/**
+ * Given a full size pair of dimensions, return a pair scaled down to fit
+ * into the configured thumbnail square, with ratio intact.
+ * Optionally uses the High-DPI scaling setting to adjust the final resolution.
+ *
+ * @param int $orig_width
+ * @param int $orig_height
+ * @param bool $use_dpi_scaling Enables the High-DPI scaling.
+ * @return array
+ */
+function get_thumbnail_size(int $orig_width, int $orig_height, bool $use_dpi_scaling = false): array
+{
+    global $config;
+
+    $fit = $config->get_string(ImageConfig::THUMB_FIT);
+
+    if (in_array($fit, [Media::RESIZE_TYPE_FILL, Media::RESIZE_TYPE_STRETCH, Media::RESIZE_TYPE_FIT_BLUR])) {
+        return [$config->get_int(ImageConfig::THUMB_WIDTH), $config->get_int(ImageConfig::THUMB_HEIGHT)];
+    }
+
+    if ($orig_width === 0) {
+        $orig_width = 192;
+    }
+    if ($orig_height === 0) {
+        $orig_height = 192;
+    }
+
+    if ($orig_width > $orig_height * 5) {
+        $orig_width = $orig_height * 5;
+    }
+    if ($orig_height > $orig_width * 5) {
+        $orig_height = $orig_width * 5;
+    }
+
+
+    if ($use_dpi_scaling) {
+        list($max_width, $max_height) = get_thumbnail_max_size_scaled();
+    } else {
+        $max_width = $config->get_int(ImageConfig::THUMB_WIDTH);
+        $max_height = $config->get_int(ImageConfig::THUMB_HEIGHT);
+    }
+
+    $output = get_scaled_by_aspect_ratio($orig_width, $orig_height, $max_width, $max_height);
+
+    if ($output[2] > 1 && $config->get_bool('thumb_upscale')) {
+        return [(int)$orig_width, (int)$orig_height];
+    } else {
+        return $output;
+    }
+}
+
+function get_scaled_by_aspect_ratio(int $original_width, int $original_height, int $max_width, int $max_height) : array
+{
+    $xscale = ($max_width/ $original_width);
+    $yscale = ($max_height/ $original_height);
+
+    $scale = ($yscale < $xscale) ? $yscale : $xscale ;
+
+    return [(int)($original_width*$scale), (int)($original_height*$scale), $scale];
+}
+
+/**
+ * Fetches the thumbnails height and width settings and applies the High-DPI scaling setting before returning the dimensions.
+ *
+ * @return array [width, height]
+ */
+function get_thumbnail_max_size_scaled(): array
+{
+    global $config;
+
+    $scaling = $config->get_int(ImageConfig::THUMB_SCALING);
+    $max_width  = $config->get_int(ImageConfig::THUMB_WIDTH) * ($scaling/100);
+    $max_height = $config->get_int(ImageConfig::THUMB_HEIGHT) * ($scaling/100);
+    return [$max_width, $max_height];
+}
+
+
+function create_image_thumb(string $hash, string $type, string $engine = null)
+{
+    global $config;
+
+    $inname = warehouse_path(Image::IMAGE_DIR, $hash);
+    $outname = warehouse_path(Image::THUMBNAIL_DIR, $hash);
+    $tsize = get_thumbnail_max_size_scaled();
+    create_scaled_image(
+        $inname,
+        $outname,
+        $tsize,
+        $type,
+        $engine,
+        $config->get_string(ImageConfig::THUMB_FIT)
+    );
+}
+
+
+
+function create_scaled_image(string $inname, string $outname, array $tsize, string $type, ?string $engine = null, ?string $resize_type = null)
+{
+    global $config;
+    if (empty($engine)) {
+        $engine = $config->get_string(ImageConfig::THUMB_ENGINE);
+    }
+    if (empty($resize_type)) {
+        $resize_type = $config->get_string(ImageConfig::THUMB_FIT);
+    }
+
+    $output_format = $config->get_string(ImageConfig::THUMB_TYPE);
+    if ($output_format==EXTENSION_WEBP) {
+        $output_format = Media::WEBP_LOSSY;
+    }
+
+    send_event(new MediaResizeEvent(
+        $engine,
+        $inname,
+        $type,
+        $outname,
+        $tsize[0],
+        $tsize[1],
+        $resize_type,
+        $output_format,
+        $config->get_int(ImageConfig::THUMB_QUALITY),
+        true,
+        true
+    ));
+}

core/imageboard/search.php

@@ -0,0 +1,58 @@
+<?php declare(strict_types=1);
+class Querylet
+{
+    /** @var string */
+    public $sql;
+    /** @var array */
+    public $variables;
+
+    public function __construct(string $sql, array $variables=[])
+    {
+        $this->sql = $sql;
+        $this->variables = $variables;
+    }
+
+    public function append(Querylet $querylet): void
+    {
+        $this->sql .= $querylet->sql;
+        $this->variables = array_merge($this->variables, $querylet->variables);
+    }
+
+    public function append_sql(string $sql): void
+    {
+        $this->sql .= $sql;
+    }
+
+    public function add_variable($var): void
+    {
+        $this->variables[] = $var;
+    }
+}
+
+class TagCondition
+{
+    /** @var string  */
+    public $tag;
+    /** @var bool  */
+    public $positive;
+
+    public function __construct(string $tag, bool $positive)
+    {
+        $this->tag = $tag;
+        $this->positive = $positive;
+    }
+}
+
+class ImgCondition
+{
+    /** @var Querylet */
+    public $qlet;
+    /** @var bool */
+    public $positive;
+
+    public function __construct(Querylet $qlet, bool $positive)
+    {
+        $this->qlet = $qlet;
+        $this->positive = $positive;
+    }
+}

core/imageboard/tag.php

@@ -0,0 +1,218 @@
+<?php declare(strict_types=1);
+/**
+ * Class Tag
+ *
+ * A class for organising the tag related functions.
+ *
+ * All the methods are static, one should never actually use a tag object.
+ *
+ */
+class Tag
+{
+    public static function implode(array $tags): string
+    {
+        sort($tags);
+        $tags = implode(' ', $tags);
+
+        return $tags;
+    }
+
+    /**
+     * Turn a human-supplied string into a valid tag array.
+     *
+     * #return string[]
+     */
+    public static function explode(string $tags, bool $tagme=true): array
+    {
+        global $database;
+
+        $tags = explode(' ', trim($tags));
+
+        /* sanitise by removing invisible / dodgy characters */
+        $tag_array = self::sanitize_array($tags);
+
+        /* if user supplied a blank string, add "tagme" */
+        if (count($tag_array) === 0 && $tagme) {
+            $tag_array = ["tagme"];
+        }
+
+        /* resolve aliases */
+        $new = [];
+        $i = 0;
+        $tag_count = count($tag_array);
+        while ($i<$tag_count) {
+            $tag = $tag_array[$i];
+            $negative = '';
+            if (!empty($tag) && ($tag[0] == '-')) {
+                $negative = '-';
+                $tag = substr($tag, 1);
+            }
+
+            $newtags = $database->get_one(
+                "
+					SELECT newtag
+					FROM aliases
+					WHERE LOWER(oldtag)=LOWER(:tag)
+				",
+                ["tag"=>$tag]
+            );
+            if (empty($newtags)) {
+                //tag has no alias, use old tag
+                $aliases = [$tag];
+            } else {
+                $aliases = explode(" ", $newtags); // Tag::explode($newtags); - recursion can be infinite
+            }
+
+            foreach ($aliases as $alias) {
+                if (!in_array($alias, $new)) {
+                    if ($tag == $alias) {
+                        $new[] = $negative.$alias;
+                    } elseif (!in_array($alias, $tag_array)) {
+                        $tag_array[] = $negative.$alias;
+                        $tag_count++;
+                    }
+                }
+            }
+            $i++;
+        }
+
+        /* remove any duplicate tags */
+        $tag_array = array_iunique($new);
+
+        /* tidy up */
+        sort($tag_array);
+
+        return $tag_array;
+    }
+
+    public static function sanitize(string $tag): string
+    {
+        $tag = preg_replace("/\s/", "", $tag);                # whitespace
+        $tag = preg_replace('/\x20[\x0e\x0f]/', '', $tag);   # unicode RTL
+        $tag = preg_replace("/\.+/", ".", $tag);              # strings of dots?
+        $tag = preg_replace("/^(\.+[\/\\\\])+/", "", $tag);   # trailing slashes?
+        $tag = trim($tag, ", \t\n\r\0\x0B");
+
+        if ($tag == ".") {
+            $tag = "";
+        }  // hard-code one bad case...
+
+        if (mb_strlen($tag, 'UTF-8') > 255) {
+            throw new ScoreException("The tag below is longer than 255 characters, please use a shorter tag.\n$tag\n");
+        }
+        return $tag;
+    }
+
+    public static function compare(array $tags1, array $tags2): bool
+    {
+        if (count($tags1)!==count($tags2)) {
+            return false;
+        }
+
+        $tags1 = array_map("strtolower", $tags1);
+        $tags2 = array_map("strtolower", $tags2);
+        natcasesort($tags1);
+        natcasesort($tags2);
+
+        for ($i = 0; $i < count($tags1); $i++) {
+            if ($tags1[$i]!==$tags2[$i]) {
+                return false;
+            }
+        }
+        return true;
+    }
+
+    public static function get_diff_tags(array $source, array $remove): array
+    {
+        $before = array_map('strtolower', $source);
+        $remove = array_map('strtolower', $remove);
+        $after = [];
+        foreach ($before as $tag) {
+            if (!in_array($tag, $remove)) {
+                $after[] = $tag;
+            }
+        }
+        return $after;
+    }
+
+    public static function sanitize_array(array $tags): array
+    {
+        global $page;
+        $tag_array = [];
+        foreach ($tags as $tag) {
+            try {
+                $tag = Tag::sanitize($tag);
+            } catch (Exception $e) {
+                $page->flash($e->getMessage());
+                continue;
+            }
+
+            if (!empty($tag)) {
+                $tag_array[] = $tag;
+            }
+        }
+        return $tag_array;
+    }
+
+    public static function sqlify(string $term): string
+    {
+        global $database;
+        if ($database->get_driver_name() === DatabaseDriver::SQLITE) {
+            $term = str_replace('\\', '\\\\', $term);
+        }
+        $term = str_replace('_', '\_', $term);
+        $term = str_replace('%', '\%', $term);
+        $term = str_replace('*', '%', $term);
+        // $term = str_replace("?", "_", $term);
+        return $term;
+    }
+
+    /**
+     * Kind of like urlencode, but using a custom scheme so that
+     * tags always fit neatly between slashes in a URL. Use this
+     * when you want to put an arbitrary tag into a URL.
+     */
+    public static function caret(string $input): string
+    {
+        $to_caret = [
+            "^" => "^",
+            "/" => "s",
+            "\\" => "b",
+            "?" => "q",
+            "&" => "a",
+            "." => "d",
+        ];
+
+        foreach ($to_caret as $from => $to) {
+            $input = str_replace($from, '^' . $to, $input);
+        }
+        return $input;
+    }
+
+    /**
+     * Use this when you want to get a tag out of a URL
+     */
+    public static function decaret(string $str): string
+    {
+        $from_caret = [
+            "^" => "^",
+            "s" => "/",
+            "b" => "\\",
+            "q" => "?",
+            "a" => "&",
+            "d" => ".",
+        ];
+
+        $out = "";
+        $length = strlen($str);
+        for ($i=0; $i<$length; $i++) {
+            if ($str[$i] == "^") {
+                $i++;
+                $out .= $from_caret[$str[$i]] ?? '';
+            } else {
+                $out .= $str[$i];
+            }
+        }
+        return $out;
+    }
+}

core/install.php

@@ -0,0 +1,326 @@
+<?php
+/**
+ * Shimmie Installer
+ *
+ * @package    Shimmie
+ * @copyright  Copyright (c) 2007-2015, Shish et al.
+ * @author     Shish [webmaster at shishnet.org], jgen [jeffgenovy at gmail.com]
+ * @link       https://code.shishnet.org/shimmie2/
+ * @license    https://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
+ *
+ * Initialise the database, check that folder
+ * permissions are set properly.
+ *
+ * This file should be independent of the database
+ * and other such things that aren't ready yet
+ */
+
+function install()
+{
+    date_default_timezone_set('UTC');
+
+    if (is_readable("data/config/shimmie.conf.php")) {
+        die_nicely(
+            "Shimmie is already installed.",
+            "data/config/shimmie.conf.php exists, how did you get here?"
+        );
+    }
+
+    // Pull in necessary files
+    require_once "vendor/autoload.php";
+    global $_tracer;
+    $_tracer = new EventTracer();
+
+    require_once "core/exceptions.php";
+    require_once "core/cacheengine.php";
+    require_once "core/dbengine.php";
+    require_once "core/database.php";
+    require_once "core/util.php";
+
+    $dsn = get_dsn();
+    if ($dsn) {
+        do_install($dsn);
+    } else {
+        ask_questions();
+    }
+}
+
+function get_dsn()
+{
+    if (getenv("INSTALL_DSN")) {
+        $dsn = getenv("INSTALL_DSN");
+        ;
+    } elseif (@$_POST["database_type"] == DatabaseDriver::SQLITE) {
+        /** @noinspection PhpUnhandledExceptionInspection */
+        $id = bin2hex(random_bytes(5));
+        $dsn = "sqlite:data/shimmie.{$id}.sqlite";
+    } elseif (isset($_POST['database_type']) && isset($_POST['database_host']) && isset($_POST['database_user']) && isset($_POST['database_name'])) {
+        $dsn = "{$_POST['database_type']}:user={$_POST['database_user']};password={$_POST['database_password']};host={$_POST['database_host']};dbname={$_POST['database_name']}";
+    } else {
+        $dsn = null;
+    }
+    return $dsn;
+}
+
+function do_install($dsn)
+{
+    try {
+        create_dirs();
+        create_tables(new Database($dsn));
+        write_config($dsn);
+    } catch (InstallerException $e) {
+        die_nicely($e->title, $e->body, $e->code);
+    }
+}
+
+function ask_questions()
+{
+    $warnings = [];
+    $errors = [];
+
+    if (check_gd_version() == 0 && check_im_version() == 0) {
+        $errors[] = "
+			No thumbnailers could be found - install the imagemagick
+			tools (or the PHP-GD library, if imagemagick is unavailable).
+		";
+    } elseif (check_im_version() == 0) {
+        $warnings[] = "
+			The 'convert' command (from the imagemagick package)
+			could not be found - PHP-GD can be used instead, but
+			the size of thumbnails will be limited.
+		";
+    }
+
+    if (!function_exists('mb_strlen')) {
+        $errors[] = "
+			The mbstring PHP extension is missing - multibyte languages
+			(eg non-english languages) may not work right.
+		";
+    }
+
+    $drivers = PDO::getAvailableDrivers();
+    if (
+        !in_array(DatabaseDriver::MYSQL, $drivers) &&
+        !in_array(DatabaseDriver::PGSQL, $drivers) &&
+        !in_array(DatabaseDriver::SQLITE, $drivers)
+    ) {
+        $errors[] = "
+			No database connection library could be found; shimmie needs
+			PDO with either Postgres, MySQL, or SQLite drivers
+		";
+    }
+
+    $db_m = in_array(DatabaseDriver::MYSQL, $drivers)  ? '<option value="'. DatabaseDriver::MYSQL .'">MySQL</option>' : "";
+    $db_p = in_array(DatabaseDriver::PGSQL, $drivers)  ? '<option value="'. DatabaseDriver::PGSQL .'">PostgreSQL</option>' : "";
+    $db_s = in_array(DatabaseDriver::SQLITE, $drivers) ? '<option value="'. DatabaseDriver::SQLITE .'">SQLite</option>' : "";
+
+    $warn_msg = $warnings ? "<h3>Warnings</h3>".implode("\n<p>", $warnings) : "";
+    $err_msg = $errors ? "<h3>Errors</h3>".implode("\n<p>", $errors) : "";
+
+    die_nicely(
+        "Install Options",
+        <<<EOD
+    $warn_msg
+    $err_msg
+
+    <form action="index.php" method="POST">
+		<table class='form' style="margin: 1em auto;">
+			<tr>
+				<th>Type:</th>
+				<td><select name="database_type" id="database_type" onchange="update_qs();">
+					$db_m
+					$db_p
+					$db_s
+				</select></td>
+			</tr>
+			<tr class="dbconf mysql pgsql">
+				<th>Host:</th>
+				<td><input type="text" name="database_host" size="40" value="localhost"></td>
+			</tr>
+			<tr class="dbconf mysql pgsql">
+				<th>Username:</th>
+				<td><input type="text" name="database_user" size="40"></td>
+			</tr>
+			<tr class="dbconf mysql pgsql">
+				<th>Password:</th>
+				<td><input type="password" name="database_password" size="40"></td>
+			</tr>
+			<tr class="dbconf mysql pgsql">
+				<th>DB&nbsp;Name:</th>
+				<td><input type="text" name="database_name" size="40" value="shimmie"></td>
+			</tr>
+			<tr><td colspan="2"><input type="submit" value="Go!"></td></tr>
+		</table>
+        <script>
+        document.addEventListener('DOMContentLoaded', update_qs);
+        function q(n) {
+            return document.querySelectorAll(n);
+        }
+        function update_qs() {
+            Array.prototype.forEach.call(q('.dbconf'), function(el, i){
+                el.style.display = 'none';
+            });
+            let seldb = q("#database_type")[0].value || "none";
+            Array.prototype.forEach.call(q('.'+seldb), function(el, i){
+                el.style.display = null;
+            });
+        }
+        </script>
+    </form>
+
+    <h3>Help</h3>
+    <p class="dbconf mysql pgsql">
+        Please make sure the database you have chosen exists and is empty.<br>
+        The username provided must have access to create tables within the database.
+    </p>
+    <p class="dbconf sqlite">
+        For SQLite the database name will be a filename on disk, relative to
+        where shimmie was installed.
+    </p>
+    <p class="dbconf none">
+        Drivers can generally be downloaded with your OS package manager;
+        for Debian / Ubuntu you want php-pgsql, php-mysql, or php-sqlite.
+    </p>
+EOD
+    );
+}
+
+
+function create_dirs()
+{
+    $data_exists = file_exists("data") || mkdir("data");
+    $data_writable = $data_exists && (is_writable("data") || chmod("data", 0755));
+
+    if (!$data_exists || !$data_writable) {
+        throw new InstallerException(
+            "Directory Permissions Error:",
+            "<p>Shimmie needs to have a 'data' folder in its directory, writable by the PHP user.</p>
+			<p>If you see this error, if probably means the folder is owned by you, and it needs to be writable by the web server.</p>
+			<p>PHP reports that it is currently running as user: ".get_current_user()." (". getmyuid() .")</p>
+			<p>Once you have created this folder and / or changed the ownership of the shimmie folder, hit 'refresh' to continue.</p>",
+            7
+        );
+    }
+}
+
+function create_tables(Database $db)
+{
+    try {
+        if ($db->count_tables() > 0) {
+            throw new InstallerException(
+                "Warning: The Database schema is not empty!",
+                "<p>Please ensure that the database you are installing Shimmie with is empty before continuing.</p>
+				<p>Once you have emptied the database of any tables, please hit 'refresh' to continue.</p>",
+                2
+            );
+        }
+
+        $db->create_table("aliases", "
+			oldtag VARCHAR(128) NOT NULL,
+			newtag VARCHAR(128) NOT NULL,
+			PRIMARY KEY (oldtag)
+		");
+        $db->execute("CREATE INDEX aliases_newtag_idx ON aliases(newtag)", []);
+
+        $db->create_table("config", "
+			name VARCHAR(128) NOT NULL,
+			value TEXT,
+			PRIMARY KEY (name)
+		");
+        $db->create_table("users", "
+			id SCORE_AIPK,
+			name VARCHAR(32) UNIQUE NOT NULL,
+			pass VARCHAR(250),
+			joindate TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
+			class VARCHAR(32) NOT NULL DEFAULT 'user',
+			email VARCHAR(128)
+		");
+        $db->execute("CREATE INDEX users_name_idx ON users(name)", []);
+
+        $db->execute("INSERT INTO users(name, pass, joindate, class) VALUES(:name, :pass, now(), :class)", ["name" => 'Anonymous', "pass" => null, "class" => 'anonymous']);
+        $db->execute("INSERT INTO config(name, value) VALUES(:name, :value)", ["name" => 'anon_id', "value" => $db->get_last_insert_id('users_id_seq')]);
+
+        if (check_im_version() > 0) {
+            $db->execute("INSERT INTO config(name, value) VALUES(:name, :value)", ["name" => 'thumb_engine', "value" => 'convert']);
+        }
+
+        $db->create_table("images", "
+			id SCORE_AIPK,
+			owner_id INTEGER NOT NULL,
+			owner_ip SCORE_INET NOT NULL,
+			filename VARCHAR(64) NOT NULL,
+			filesize INTEGER NOT NULL,
+			hash CHAR(32) UNIQUE NOT NULL,
+			ext CHAR(4) NOT NULL,
+			source VARCHAR(255),
+			width INTEGER NOT NULL,
+			height INTEGER NOT NULL,
+			posted TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
+			locked SCORE_BOOL NOT NULL DEFAULT SCORE_BOOL_N,
+			FOREIGN KEY (owner_id) REFERENCES users(id) ON DELETE RESTRICT
+		");
+        $db->execute("CREATE INDEX images_owner_id_idx ON images(owner_id)", []);
+        $db->execute("CREATE INDEX images_width_idx ON images(width)", []);
+        $db->execute("CREATE INDEX images_height_idx ON images(height)", []);
+        $db->execute("CREATE INDEX images_hash_idx ON images(hash)", []);
+
+        $db->create_table("tags", "
+			id SCORE_AIPK,
+			tag VARCHAR(64) UNIQUE NOT NULL,
+			count INTEGER NOT NULL DEFAULT 0
+		");
+        $db->execute("CREATE INDEX tags_tag_idx ON tags(tag)", []);
+
+        $db->create_table("image_tags", "
+			image_id INTEGER NOT NULL,
+			tag_id INTEGER NOT NULL,
+			UNIQUE(image_id, tag_id),
+			FOREIGN KEY (image_id) REFERENCES images(id) ON DELETE CASCADE,
+			FOREIGN KEY (tag_id) REFERENCES tags(id) ON DELETE CASCADE
+		");
+        $db->execute("CREATE INDEX images_tags_image_id_idx ON image_tags(image_id)", []);
+        $db->execute("CREATE INDEX images_tags_tag_id_idx ON image_tags(tag_id)", []);
+
+        $db->execute("INSERT INTO config(name, value) VALUES('db_version', 11)");
+        $db->commit();
+    } catch (PDOException $e) {
+        throw new InstallerException(
+            "PDO Error:",
+            "<p>An error occurred while trying to create the database tables necessary for Shimmie.</p>
+		    <p>Please check and ensure that the database configuration options are all correct.</p>
+		    <p>{$e->getMessage()}</p>",
+            3
+        );
+    }
+}
+
+function write_config($dsn)
+{
+    $file_content = "<" . "?php\ndefine('DATABASE_DSN', '$dsn');\n";
+
+    if (!file_exists("data/config")) {
+        mkdir("data/config", 0755, true);
+    }
+
+    if (file_put_contents("data/config/shimmie.conf.php", $file_content, LOCK_EX)) {
+        header("Location: index.php?flash=Installation%20complete");
+        die_nicely(
+            "Installation Successful",
+            "<p>If you aren't redirected, <a href=\"index.php\">click here to Continue</a>."
+        );
+    } else {
+        $h_file_content = htmlentities($file_content);
+        throw new InstallerException(
+            "File Permissions Error:",
+            "The web server isn't allowed to write to the config file; please copy
+			the text below, save it as 'data/config/shimmie.conf.php', and upload it into the shimmie
+			folder manually. Make sure that when you save it, there is no whitespace
+			before the \"&lt;?php\".
+
+			<p><textarea cols='80' rows='2'>$h_file_content</textarea>
+
+			<p>Once done, <a href='index.php'>click here to Continue</a>.",
+            0
+        );
+    }
+}

core/logging.php

@@ -0,0 +1,82 @@
+<?php declare(strict_types=1);
+/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *\
+* Logging convenience                                                       *
+\* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
+
+define("SCORE_LOG_CRITICAL", 50);
+define("SCORE_LOG_ERROR", 40);
+define("SCORE_LOG_WARNING", 30);
+define("SCORE_LOG_INFO", 20);
+define("SCORE_LOG_DEBUG", 10);
+define("SCORE_LOG_NOTSET", 0);
+
+const LOGGING_LEVEL_NAMES = [
+    SCORE_LOG_NOTSET=>"Not Set",
+    SCORE_LOG_DEBUG=>"Debug",
+    SCORE_LOG_INFO=>"Info",
+    SCORE_LOG_WARNING=>"Warning",
+    SCORE_LOG_ERROR=>"Error",
+    SCORE_LOG_CRITICAL=>"Critical",
+];
+
+/**
+ * A shorthand way to send a LogEvent
+ *
+ * When parsing a user request, a flash message should give info to the user
+ * When taking action, a log event should be stored by the server
+ * Quite often, both of these happen at once, hence log_*() having $flash
+ */
+function log_msg(string $section, int $priority, string $message, ?string $flash=null)
+{
+    global $page;
+    send_event(new LogEvent($section, $priority, $message));
+    $threshold = defined("CLI_LOG_LEVEL") ? CLI_LOG_LEVEL : 0;
+
+    if ((PHP_SAPI === 'cli' || PHP_SAPI === 'phpdbg') && ($priority >= $threshold)) {
+        print date("c")." $section: $message\n";
+        ob_flush();
+    }
+    if (!is_null($flash)) {
+        $page->flash($flash);
+    }
+}
+
+// More shorthand ways of logging
+function log_debug(string $section, string $message, ?string $flash=null)
+{
+    log_msg($section, SCORE_LOG_DEBUG, $message, $flash);
+}
+function log_info(string $section, string $message, ?string $flash=null)
+{
+    log_msg($section, SCORE_LOG_INFO, $message, $flash);
+}
+function log_warning(string $section, string $message, ?string $flash=null)
+{
+    log_msg($section, SCORE_LOG_WARNING, $message, $flash);
+}
+function log_error(string $section, string $message, ?string $flash=null)
+{
+    log_msg($section, SCORE_LOG_ERROR, $message, $flash);
+}
+function log_critical(string $section, string $message, ?string $flash=null)
+{
+    log_msg($section, SCORE_LOG_CRITICAL, $message, $flash);
+}
+
+
+/**
+ * Get a unique ID for this request, useful for grouping log messages.
+ */
+function get_request_id(): string
+{
+    static $request_id = null;
+    if (!$request_id) {
+        // not completely trustworthy, as a user can spoof this
+        if (@$_SERVER['HTTP_X_VARNISH']) {
+            $request_id = $_SERVER['HTTP_X_VARNISH'];
+        } else {
+            $request_id = "P" . uniqid();
+        }
+    }
+    return $request_id;
+}

core/navblock.class.php

@@ -1,11 +0,0 @@
-<?php
-class NavBlock {
-	var $header;
-	var $body;
-
-	public function NavBlock() {
-		$this->header = "Navigation";
-		$this->body = "<a href='".make_link("index")."'>Index</a>";
-	}
-}
-?>

core/page.class.php

@@ -1,95 +0,0 @@
-<?php
-class Page {
-	var $mode = "page";
-	var $type = "text/html";
-
-	public function set_mode($mode) {
-		$this->mode = $mode;
-	}
-	
-	public function set_type($type) {
-		$this->type = $type;
-	}
-
-	
-	// ==============================================
-
-	// data
-	var $data = "";
-
-	public function set_data($data) {
-		$this->data = $data;
-	}
-
-
-	// ==============================================
-
-	// redirect
-	var $redirect = "";
-
-	public function set_redirect($redirect) {
-		$this->redirect = $redirect;
-	}
-
-
-	// ==============================================
-
-	// page
-	var $title = "";
-	var $heading = "";
-	var $subheading = "";
-	var $quicknav = "";
-	var $sideblocks = array();
-	var $mainblocks = array();
-
-	public function set_title($title) {
-		$this->title = $title;
-	}
-
-	public function set_heading($heading) {
-		$this->heading = $heading;
-	}
-
-	public function set_subheading($subheading) {
-		$this->subheading = $subheading;
-	}
-
-	public function add_side_block($block, $position=50) {
-		while(isset($this->sideblocks[$position])) $position++;
-		$this->sideblocks[$position] = $block;
-	}
-
-	public function add_main_block($block, $position=50) {
-		while(isset($this->mainblocks[$position])) $position++;
-		$this->mainblocks[$position] = $block;
-	}
-
-	// ==============================================
-	
-	public function display() {
-		global $config;
-
-		header("Content-type: {$this->type}");
-
-		switch($this->mode) {
-			case "page":
-				header("Cache-control: no-cache");
-				ksort($this->sideblocks);
-				ksort($this->mainblocks);
-				$theme = $config->get_string("theme");
-				require_once "themes/$theme/default.php";
-				break;
-			case "data":
-				print $this->data;
-				break;
-			case "redirect":
-				header("Location: {$this->redirect}");
-				print "You should be redirected to <a href='{$this->redirect}'>{$this->redirect}</a>";
-				break;
-			default:
-				print "Invalid page mode";
-				break;
-		}
-	}
-}
-?>

core/paginator.class.php

@@ -1,50 +0,0 @@
-<?php
-
-class Paginator extends Block {
-	var $header = null;
-	var $body = "";
-
-	public function Paginator($page, $query, $page_number, $total_pages) {
-		$this->body = $this->build_paginator($page_number, $total_pages, $page, $query);
-	}
-
-	private function gen_page_link($base_url, $query, $page, $name) {
-		$link = make_link("$base_url/$page", $query);
-	    return "<a href='$link'>$name</a>";
-	}
-	
-	private function gen_page_link_block($base_url, $query, $page, $current_page, $name) {
-		$paginator = "";
-	    if($page == $current_page) $paginator .= "<b>";
-	    $paginator .= $this->gen_page_link($base_url, $query, $page, $name);
-	    if($page == $current_page) $paginator .= "</b>";
-	    return $paginator;
-	}
-					
-	private function build_paginator($current_page, $total_pages, $base_url, $query) {
-		$next = $current_page + 1;
-		$prev = $current_page - 1;
-		$rand = rand(1, $total_pages);
-
-		$at_start = ($current_page <= 1 || $total_pages <= 1);
-		$at_end = ($current_page >= $total_pages);
-
-		$first_html  = $at_start ? "First" : $this->gen_page_link($base_url, $query, 1,            "First");
-		$prev_html   = $at_start ? "Prev"  : $this->gen_page_link($base_url, $query, $prev,        "Prev");
-		$random_html =                       $this->gen_page_link($base_url, $query, $rand,        "Random");
-		$next_html   = $at_end   ? "Next"  : $this->gen_page_link($base_url, $query, $next,        "Next");
-		$last_html   = $at_end   ? "Last"  : $this->gen_page_link($base_url, $query, $total_pages, "Last");
-
-		$start = $current_page-5 > 1 ? $current_page-5 : 1;
-		$end = $start+10 < $total_pages ? $start+10 : $total_pages;
-
-		$pages = array();
-		foreach(range($start, $end) as $i) {
-			$pages[] = $this->gen_page_link_block($base_url, $query, $i, $current_page, $i);
-		}
-		$pages_html = implode(" | ", $pages);
-
-		return "<p>$first_html | $prev_html | $random_html | $next_html | $last_html".
-				"<br>&lt;&lt; $pages_html &gt;&gt;</p>";
-	}
-}

core/permissions.php

@@ -0,0 +1,106 @@
+<?php declare(strict_types=1);
+
+// action_object_attribute
+// action = create / view / edit / delete
+// object = image / user / tag / setting
+abstract class Permissions
+{
+    public const CHANGE_SETTING = "change_setting";  # modify web-level settings, eg the config table
+    public const OVERRIDE_CONFIG = "override_config"; # modify sys-level settings, eg shimmie.conf.php
+    public const BIG_SEARCH = "big_search";      # search for more than 3 tags at once (speed mode only)
+
+    public const MANAGE_EXTENSION_LIST = "manage_extension_list";
+    public const MANAGE_ALIAS_LIST = "manage_alias_list";
+    public const MANAGE_AUTO_TAG = "manage_auto_tag";
+    public const MASS_TAG_EDIT = "mass_tag_edit";
+
+    public const VIEW_IP = "view_ip";         # view IP addresses associated with things
+    public const BAN_IP = "ban_ip";
+
+    public const CREATE_USER = "create_user";
+    public const CREATE_OTHER_USER = "create_other_user";
+    public const EDIT_USER_NAME = "edit_user_name";
+    public const EDIT_USER_PASSWORD = "edit_user_password";
+    public const EDIT_USER_INFO = "edit_user_info";  # email address, etc
+    public const EDIT_USER_CLASS = "edit_user_class";
+    public const DELETE_USER = "delete_user";
+
+    public const CREATE_COMMENT = "create_comment";
+    public const DELETE_COMMENT = "delete_comment";
+    public const BYPASS_COMMENT_CHECKS = "bypass_comment_checks";  # spam etc
+
+    public const REPLACE_IMAGE = "replace_image";
+    public const CREATE_IMAGE = "create_image";
+    public const EDIT_IMAGE_TAG = "edit_image_tag";
+    public const EDIT_IMAGE_SOURCE = "edit_image_source";
+    public const EDIT_IMAGE_OWNER = "edit_image_owner";
+    public const EDIT_IMAGE_LOCK = "edit_image_lock";
+    public const EDIT_IMAGE_TITLE = "edit_image_title";
+    public const EDIT_IMAGE_RELATIONSHIPS = "edit_image_relationships";
+    public const EDIT_IMAGE_ARTIST = "edit_image_artist";
+    public const BULK_EDIT_IMAGE_TAG = "bulk_edit_image_tag";
+    public const BULK_EDIT_IMAGE_SOURCE = "bulk_edit_image_source";
+    public const DELETE_IMAGE = "delete_image";
+
+    public const BAN_IMAGE = "ban_image";
+
+    public const VIEW_EVENTLOG = "view_eventlog";
+    public const IGNORE_DOWNTIME = "ignore_downtime";
+    public const VIEW_REGISTRATIONS = "view_registrations";
+
+    public const CREATE_IMAGE_REPORT = "create_image_report";
+    public const VIEW_IMAGE_REPORT = "view_image_report";  # deal with reported images
+
+    public const WIKI_ADMIN = "wiki_admin";
+    public const EDIT_WIKI_PAGE = "edit_wiki_page";
+    public const DELETE_WIKI_PAGE = "delete_wiki_page";
+
+    public const MANAGE_BLOCKS = "manage_blocks";
+
+    public const MANAGE_ADMINTOOLS = "manage_admintools";
+
+    public const SEND_PM = "send_pm";
+    public const READ_PM = "read_pm";
+    public const VIEW_OTHER_PMS = "view_other_pms";
+    public const EDIT_FEATURE = "edit_feature";
+    public const BULK_EDIT_VOTE = "bulk_edit_vote";
+    public const EDIT_OTHER_VOTE = "edit_other_vote";
+    public const VIEW_SYSINTO = "view_sysinfo";
+
+    public const HELLBANNED = "hellbanned";
+    public const VIEW_HELLBANNED = "view_hellbanned";
+
+    public const PROTECTED = "protected";          # only admins can modify protected users (stops a moderator changing an admin's password)
+
+    public const EDIT_IMAGE_RATING = "edit_image_rating";
+    public const BULK_EDIT_IMAGE_RATING = "bulk_edit_image_rating";
+
+    public const VIEW_TRASH = "view_trash";
+
+    public const PERFORM_BULK_ACTIONS = "perform_bulk_actions";
+
+    public const BULK_ADD = "bulk_add";
+    public const EDIT_FILES = "edit_files";
+    public const EDIT_TAG_CATEGORIES = "edit_tag_categories";
+    public const RESCAN_MEDIA = "rescan_media";
+    public const SEE_IMAGE_VIEW_COUNTS = "see_image_view_counts";
+
+    public const EDIT_FAVOURITES = "edit_favourites";
+
+    public const ARTISTS_ADMIN = "artists_admin";
+    public const BLOTTER_ADMIN = "blotter_admin";
+    public const FORUM_ADMIN = "forum_admin";
+    public const NOTES_ADMIN = "notes_admin";
+    public const POOLS_ADMIN = "pools_admin";
+    public const TIPS_ADMIN = "tips_admin";
+    public const CRON_ADMIN = "cron_admin";
+    public const APPROVE_IMAGE = "approve_image";
+    public const APPROVE_COMMENT = "approve_comment";
+
+    public const SET_PRIVATE_IMAGE = "set_private_image";
+    public const SET_OTHERS_PRIVATE_IMAGES = "set_others_private_images";
+
+    public const BULK_IMPORT = "bulk_import";
+    public const BULK_EXPORT = "bulk_export";
+    public const BULK_DOWNLOAD = "bulk_download";
+}

core/polyfills.php

@@ -0,0 +1,777 @@
+<?php declare(strict_types=1);
+/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *\
+* Things which should be in the core API                                    *
+\* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
+
+require_once "filetypes.php";
+
+
+/**
+ * Return the unique elements of an array, case insensitively
+ */
+function array_iunique(array $array): array
+{
+    $ok = [];
+    foreach ($array as $element) {
+        $found = false;
+        foreach ($ok as $existing) {
+            if (strtolower($element) == strtolower($existing)) {
+                $found = true;
+                break;
+            }
+        }
+        if (!$found) {
+            $ok[] = $element;
+        }
+    }
+    return $ok;
+}
+
+/**
+ * Figure out if an IP is in a specified range
+ *
+ * from https://uk.php.net/network
+ */
+function ip_in_range(string $IP, string $CIDR): bool
+{
+    list($net, $mask) = explode("/", $CIDR);
+
+    $ip_net = ip2long($net);
+    $ip_mask = ~((1 << (32 - $mask)) - 1);
+
+    $ip_ip = ip2long($IP);
+
+    $ip_ip_net = $ip_ip & $ip_mask;
+
+    return ($ip_ip_net == $ip_net);
+}
+
+/**
+ * Delete an entire file heirachy
+ *
+ * from a patch by Christian Walde; only intended for use in the
+ * "extension manager" extension, but it seems to fit better here
+ */
+function deltree(string $f): void
+{
+    //Because Windows (I know, bad excuse)
+    if (PHP_OS === 'WINNT') {
+        $real = realpath($f);
+        $path = realpath('./').'\\'.str_replace('/', '\\', $f);
+        if ($path != $real) {
+            rmdir($path);
+        } else {
+            foreach (glob($f.'/*') as $sf) {
+                if (is_dir($sf) && !is_link($sf)) {
+                    deltree($sf);
+                } else {
+                    unlink($sf);
+                }
+            }
+            rmdir($f);
+        }
+    } else {
+        if (is_link($f)) {
+            unlink($f);
+        } elseif (is_dir($f)) {
+            foreach (glob($f.'/*') as $sf) {
+                if (is_dir($sf) && !is_link($sf)) {
+                    deltree($sf);
+                } else {
+                    unlink($sf);
+                }
+            }
+            rmdir($f);
+        }
+    }
+}
+
+/**
+ * Copy an entire file hierarchy
+ *
+ * from a comment on https://uk.php.net/copy
+ */
+function full_copy(string $source, string $target): void
+{
+    if (is_dir($source)) {
+        @mkdir($target);
+
+        $d = dir($source);
+
+        while (false !== ($entry = $d->read())) {
+            if ($entry == '.' || $entry == '..') {
+                continue;
+            }
+
+            $Entry = $source . '/' . $entry;
+            if (is_dir($Entry)) {
+                full_copy($Entry, $target . '/' . $entry);
+                continue;
+            }
+            copy($Entry, $target . '/' . $entry);
+        }
+        $d->close();
+    } else {
+        copy($source, $target);
+    }
+}
+
+/**
+ * Return a list of all the regular files in a directory and subdirectories
+ */
+function list_files(string $base, string $_sub_dir=""): array
+{
+    assert(is_dir($base));
+
+    $file_list = [];
+
+    $files = [];
+    $dir = opendir("$base/$_sub_dir");
+    while ($f = readdir($dir)) {
+        $files[] = $f;
+    }
+    closedir($dir);
+    sort($files);
+
+    foreach ($files as $filename) {
+        $full_path = "$base/$_sub_dir/$filename";
+
+        if (!is_link($full_path) && is_dir($full_path)) {
+            if (!($filename == "." || $filename == "..")) {
+                //subdirectory found
+                $file_list = array_merge(
+                    $file_list,
+                    list_files($base, "$_sub_dir/$filename")
+                );
+            }
+        } else {
+            $full_path = str_replace("//", "/", $full_path);
+            $file_list[] = $full_path;
+        }
+    }
+
+    return $file_list;
+}
+
+function flush_output(): void
+{
+    if (!defined("UNITTEST")) {
+        @ob_flush();
+    }
+    flush();
+}
+
+function stream_file(string $file, int $start, int $end): void
+{
+    $fp = fopen($file, 'r');
+    try {
+        set_time_limit(0);
+        fseek($fp, $start);
+        $buffer = 1024 * 1024;
+        while (!feof($fp) && ($p = ftell($fp)) <= $end) {
+            if ($p + $buffer > $end) {
+                $buffer = $end - $p + 1;
+            }
+            echo fread($fp, $buffer);
+            flush_output();
+
+            // After flush, we can tell if the client browser has disconnected.
+            // This means we can start sending a large file, and if we detect they disappeared
+            // then we can just stop and not waste any more resources or bandwidth.
+            if (connection_status() != 0) {
+                break;
+            }
+        }
+    } finally {
+        fclose($fp);
+    }
+}
+
+if (!function_exists('http_parse_headers')) { #http://www.php.net/manual/en/function.http-parse-headers.php#112917
+
+    /**
+     * #return string[]
+     */
+    function http_parse_headers(string $raw_headers): array
+    {
+        $headers = []; // $headers = [];
+
+        foreach (explode("\n", $raw_headers) as $i => $h) {
+            $h = explode(':', $h, 2);
+
+            if (isset($h[1])) {
+                if (!isset($headers[$h[0]])) {
+                    $headers[$h[0]] = trim($h[1]);
+                } elseif (is_array($headers[$h[0]])) {
+                    $tmp = array_merge($headers[$h[0]], [trim($h[1])]);
+                    $headers[$h[0]] = $tmp;
+                } else {
+                    $tmp = array_merge([$headers[$h[0]]], [trim($h[1])]);
+                    $headers[$h[0]] = $tmp;
+                }
+            }
+        }
+        return $headers;
+    }
+}
+
+/**
+ * HTTP Headers can sometimes be lowercase which will cause issues.
+ * In cases like these, we need to make sure to check for them if the camelcase version does not exist.
+ */
+function findHeader(array $headers, string $name): ?string
+{
+    if (!is_array($headers)) {
+        return null;
+    }
+
+    $header = null;
+
+    if (array_key_exists($name, $headers)) {
+        $header = $headers[$name];
+    } else {
+        $headers = array_change_key_case($headers); // convert all to lower case.
+        $lc_name = strtolower($name);
+
+        if (array_key_exists($lc_name, $headers)) {
+            $header = $headers[$lc_name];
+        }
+    }
+
+    return $header;
+}
+
+if (!function_exists('mb_strlen')) {
+    // TODO: we should warn the admin that they are missing multibyte support
+    function mb_strlen($str, $encoding)
+    {
+        return strlen($str);
+    }
+    function mb_internal_encoding($encoding)
+    {
+    }
+    function mb_strtolower($str)
+    {
+        return strtolower($str);
+    }
+}
+
+/** @noinspection PhpUnhandledExceptionInspection */
+function getSubclassesOf(string $parent)
+{
+    $result = [];
+    foreach (get_declared_classes() as $class) {
+        $rclass = new ReflectionClass($class);
+        if (!$rclass->isAbstract() && is_subclass_of($class, $parent)) {
+            $result[] = $class;
+        }
+    }
+    return $result;
+}
+
+/**
+ * Like glob, with support for matching very long patterns with braces.
+ */
+function zglob(string $pattern): array
+{
+    $results = [];
+    if (preg_match('/(.*)\{(.*)\}(.*)/', $pattern, $matches)) {
+        $braced = explode(",", $matches[2]);
+        foreach ($braced as $b) {
+            $sub_pattern = $matches[1].$b.$matches[3];
+            $results = array_merge($results, zglob($sub_pattern));
+        }
+        return $results;
+    } else {
+        $r = glob($pattern);
+        if ($r) {
+            return $r;
+        } else {
+            return [];
+        }
+    }
+}
+
+/**
+ * Figure out the path to the shimmie install directory.
+ *
+ * eg if shimmie is visible at https://foo.com/gallery, this
+ * function should return /gallery
+ *
+ * PHP really, really sucks.
+ */
+function get_base_href(): string
+{
+    if (defined("BASE_HREF") && !empty(BASE_HREF)) {
+        return BASE_HREF;
+    }
+    $possible_vars = ['SCRIPT_NAME', 'PHP_SELF', 'PATH_INFO', 'ORIG_PATH_INFO'];
+    $ok_var = null;
+    foreach ($possible_vars as $var) {
+        if (isset($_SERVER[$var]) && substr($_SERVER[$var], -4) === '.php') {
+            $ok_var = $_SERVER[$var];
+            break;
+        }
+    }
+    assert(!empty($ok_var));
+    $dir = dirname($ok_var);
+    $dir = str_replace("\\", "/", $dir);
+    $dir = str_replace("//", "/", $dir);
+    $dir = rtrim($dir, "/");
+    return $dir;
+}
+
+/**
+ * The opposite of the standard library's parse_url
+ */
+function unparse_url($parsed_url)
+{
+    $scheme   = isset($parsed_url['scheme']) ? $parsed_url['scheme'] . '://' : '';
+    $host     = isset($parsed_url['host']) ? $parsed_url['host'] : '';
+    $port     = isset($parsed_url['port']) ? ':' . $parsed_url['port'] : '';
+    $user     = isset($parsed_url['user']) ? $parsed_url['user'] : '';
+    $pass     = isset($parsed_url['pass']) ? ':' . $parsed_url['pass']  : '';
+    $pass     = ($user || $pass) ? "$pass@" : '';
+    $path     = isset($parsed_url['path']) ? $parsed_url['path'] : '';
+    $query    = !empty($parsed_url['query']) ? '?' . $parsed_url['query'] : '';
+    $fragment = !empty($parsed_url['fragment']) ? '#' . $parsed_url['fragment'] : '';
+    return "$scheme$user$pass$host$port$path$query$fragment";
+}
+
+function startsWith(string $haystack, string $needle): bool
+{
+    $length = strlen($needle);
+    return (substr($haystack, 0, $length) === $needle);
+}
+
+function endsWith(string $haystack, string $needle): bool
+{
+    $length = strlen($needle);
+    $start  = $length * -1; //negative
+    return (substr($haystack, $start) === $needle);
+}
+
+/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *\
+* Input / Output Sanitising                                                 *
+\* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
+
+/**
+ * Make some data safe for printing into HTML
+ */
+function html_escape(?string $input): string
+{
+    if (is_null($input)) {
+        return "";
+    }
+    return htmlentities($input, ENT_QUOTES, "UTF-8");
+}
+
+/**
+ * Unescape data that was made safe for printing into HTML
+ */
+function html_unescape(string $input): string
+{
+    return html_entity_decode($input, ENT_QUOTES, "UTF-8");
+}
+
+/**
+ * Make sure some data is safe to be used in integer context
+ */
+function int_escape(?string $input): int
+{
+    /*
+     Side note, Casting to an integer is FASTER than using intval.
+     http://hakre.wordpress.com/2010/05/13/php-casting-vs-intval/
+    */
+    if (is_null($input)) {
+        return 0;
+    }
+    return (int)$input;
+}
+
+/**
+ * Make sure some data is safe to be used in URL context
+ */
+function url_escape(?string $input): string
+{
+    if (is_null($input)) {
+        return "";
+    }
+    $input = rawurlencode($input);
+    return $input;
+}
+
+/**
+ * Turn all manner of HTML / INI / JS / DB booleans into a PHP one
+ */
+function bool_escape($input): bool
+{
+    /*
+     Sometimes, I don't like PHP -- this, is one of those times...
+      "a boolean FALSE is not considered a valid boolean value by this function."
+     Yay for Got'chas!
+     https://php.net/manual/en/filter.filters.validate.php
+    */
+    if (is_bool($input)) {
+        return $input;
+    } elseif (is_int($input)) {
+        return ($input === 1);
+    } else {
+        $value = filter_var($input, FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE);
+        if (!is_null($value)) {
+            return $value;
+        } else {
+            $input = strtolower(trim($input));
+            return (
+                $input === "y" ||
+                $input === "yes" ||
+                $input === "t" ||
+                $input === "true" ||
+                $input === "on" ||
+                $input === "1"
+            );
+        }
+    }
+}
+
+/**
+ * Some functions require a callback function for escaping,
+ * but we might not want to alter the data
+ */
+function no_escape(string $input): string
+{
+    return $input;
+}
+
+/**
+ * Given a 1-indexed numeric-ish thing, return a zero-indexed
+ * number between 0 and $max
+ */
+function page_number(string $input, ?int $max=null): int
+{
+    if (!is_numeric($input)) {
+        $pageNumber = 0;
+    } elseif ($input <= 0) {
+        $pageNumber = 0;
+    } elseif (!is_null($max) && $input >= $max) {
+        $pageNumber = $max - 1;
+    } else {
+        $pageNumber = $input - 1;
+    }
+    return $pageNumber;
+}
+
+function clamp(?int $val, ?int $min=null, ?int $max=null): int
+{
+    if (!is_numeric($val) || (!is_null($min) && $val < $min)) {
+        $val = $min;
+    }
+    if (!is_null($max) && $val > $max) {
+        $val = $max;
+    }
+    if (!is_null($min) && !is_null($max)) {
+        assert($val >= $min && $val <= $max, "$min <= $val <= $max");
+    }
+    return $val;
+}
+
+function xml_tag(string $name, array $attrs=[], array $children=[]): string
+{
+    $xml = "<$name ";
+    foreach ($attrs as $k => $v) {
+        $xv = str_replace('&#039;', '&apos;', htmlspecialchars((string)$v, ENT_QUOTES));
+        $xml .= "$k=\"$xv\" ";
+    }
+    if (count($children) > 0) {
+        $xml .= ">\n";
+        foreach ($children as $child) {
+            $xml .= xml_tag($child);
+        }
+        $xml .= "</$name>\n";
+    } else {
+        $xml .= "/>\n";
+    }
+    return $xml;
+}
+
+/**
+ * Original PHP code by Chirp Internet: www.chirp.com.au
+ * Please acknowledge use of this code by including this header.
+ */
+function truncate(string $string, int $limit, string $break=" ", string $pad="..."): string
+{
+    // return with no change if string is shorter than $limit
+    if (strlen($string) <= $limit) {
+        return $string;
+    }
+
+    // is $break present between $limit and the end of the string?
+    if (false !== ($breakpoint = strpos($string, $break, $limit))) {
+        if ($breakpoint < strlen($string) - 1) {
+            $string = substr($string, 0, $breakpoint) . $pad;
+        }
+    }
+
+    return $string;
+}
+
+/**
+ * Turn a human readable filesize into an integer, eg 1KB -> 1024
+ */
+function parse_shorthand_int(string $limit): int
+{
+    if (preg_match('/^([\d\.]+)([tgmk])?b?$/i', (string)$limit, $m)) {
+        $value = $m[1];
+        if (isset($m[2])) {
+            switch (strtolower($m[2])) {
+                /** @noinspection PhpMissingBreakStatementInspection */
+                case 't': $value *= 1024;  // fall through
+                /** @noinspection PhpMissingBreakStatementInspection */
+                // no break
+                case 'g': $value *= 1024;  // fall through
+                /** @noinspection PhpMissingBreakStatementInspection */
+                // no break
+                case 'm': $value *= 1024;  // fall through
+                /** @noinspection PhpMissingBreakStatementInspection */
+                // no break
+                case 'k': $value *= 1024; break;
+                default: $value = -1;
+            }
+        }
+        return (int)$value;
+    } else {
+        return -1;
+    }
+}
+
+/**
+ * Turn an integer into a human readable filesize, eg 1024 -> 1KB
+ */
+function to_shorthand_int(int $int): string
+{
+    assert($int >= 0);
+
+    if ($int >= pow(1024, 4)) {
+        return sprintf("%.1fTB", $int / pow(1024, 4));
+    } elseif ($int >= pow(1024, 3)) {
+        return sprintf("%.1fGB", $int / pow(1024, 3));
+    } elseif ($int >= pow(1024, 2)) {
+        return sprintf("%.1fMB", $int / pow(1024, 2));
+    } elseif ($int >= 1024) {
+        return sprintf("%.1fKB", $int / 1024);
+    } else {
+        return (string)$int;
+    }
+}
+
+const TIME_UNITS = ["s"=>60,"m"=>60,"h"=>24,"d"=>365,"y"=>PHP_INT_MAX];
+function format_milliseconds(int $input): string
+{
+    $output = "";
+
+    $remainder = floor($input / 1000);
+
+    foreach (TIME_UNITS as $unit=>$conversion) {
+        $count = $remainder % $conversion;
+        $remainder = floor($remainder / $conversion);
+        if ($count==0&&$remainder<1) {
+            break;
+        }
+        $output = "$count".$unit." ".$output;
+    }
+
+    return trim($output);
+}
+
+/**
+ * Turn a date into a time, a date, an "X minutes ago...", etc
+ */
+function autodate(string $date, bool $html=true): string
+{
+    $cpu = date('c', strtotime($date));
+    $hum = date('F j, Y; H:i', strtotime($date));
+    return ($html ? "<time datetime='$cpu'>$hum</time>" : $hum);
+}
+
+/**
+ * Check if a given string is a valid date-time. ( Format: yyyy-mm-dd hh:mm:ss )
+ */
+function isValidDateTime(string $dateTime): bool
+{
+    if (preg_match("/^(\d{4})-(\d{2})-(\d{2}) ([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9])$/", $dateTime, $matches)) {
+        if (checkdate((int)$matches[2], (int)$matches[3], (int)$matches[1])) {
+            return true;
+        }
+    }
+
+    return false;
+}
+
+/**
+ * Check if a given string is a valid date. ( Format: yyyy-mm-dd )
+ */
+function isValidDate(string $date): bool
+{
+    if (preg_match("/^(\d{4})-(\d{2})-(\d{2})$/", $date, $matches)) {
+        // checkdate wants (month, day, year)
+        if (checkdate((int)$matches[2], (int)$matches[3], (int)$matches[1])) {
+            return true;
+        }
+    }
+
+    return false;
+}
+
+function validate_input(array $inputs): array
+{
+    $outputs = [];
+
+    foreach ($inputs as $key => $validations) {
+        $flags = explode(',', $validations);
+
+        if (in_array('bool', $flags) && !isset($_POST[$key])) {
+            $_POST[$key] = 'off';
+        }
+
+        if (in_array('optional', $flags)) {
+            if (!isset($_POST[$key]) || trim($_POST[$key]) == "") {
+                $outputs[$key] = null;
+                continue;
+            }
+        }
+        if (!isset($_POST[$key]) || trim($_POST[$key]) == "") {
+            throw new InvalidInput("Input '$key' not set");
+        }
+
+        $value = trim($_POST[$key]);
+
+        if (in_array('user_id', $flags)) {
+            $id = int_escape($value);
+            if (in_array('exists', $flags)) {
+                if (is_null(User::by_id($id))) {
+                    throw new InvalidInput("User #$id does not exist");
+                }
+            }
+            $outputs[$key] = $id;
+        } elseif (in_array('user_name', $flags)) {
+            if (strlen($value) < 1) {
+                throw new InvalidInput("Username must be at least 1 character");
+            } elseif (!preg_match('/^[a-zA-Z0-9-_]+$/', $value)) {
+                throw new InvalidInput(
+                    "Username contains invalid characters. Allowed characters are ".
+                    "letters, numbers, dash, and underscore"
+                );
+            }
+            $outputs[$key] = $value;
+        } elseif (in_array('user_class', $flags)) {
+            global $_shm_user_classes;
+            if (!array_key_exists($value, $_shm_user_classes)) {
+                throw new InvalidInput("Invalid user class: ".html_escape($value));
+            }
+            $outputs[$key] = $value;
+        } elseif (in_array('email', $flags)) {
+            $outputs[$key] = trim($value);
+        } elseif (in_array('password', $flags)) {
+            $outputs[$key] = $value;
+        } elseif (in_array('int', $flags)) {
+            $value = trim($value);
+            if (empty($value) || !is_numeric($value)) {
+                throw new InvalidInput("Invalid int: ".html_escape($value));
+            }
+            $outputs[$key] = (int)$value;
+        } elseif (in_array('bool', $flags)) {
+            $outputs[$key] = bool_escape($value);
+        } elseif (in_array('date', $flags)) {
+            $outputs[$key] = date("Y-m-d H:i:s", strtotime(trim($value)));
+        } elseif (in_array('string', $flags)) {
+            if (in_array('trim', $flags)) {
+                $value = trim($value);
+            }
+            if (in_array('lower', $flags)) {
+                $value = strtolower($value);
+            }
+            if (in_array('not-empty', $flags)) {
+                throw new InvalidInput("$key must not be blank");
+            }
+            if (in_array('nullify', $flags)) {
+                if (empty($value)) {
+                    $value = null;
+                }
+            }
+            $outputs[$key] = $value;
+        } else {
+            throw new InvalidInput("Unknown validation '$validations'");
+        }
+    }
+
+    return $outputs;
+}
+
+/**
+ * Translates all possible directory separators to the appropriate one for the current system,
+ * and removes any duplicate separators.
+ */
+function sanitize_path(string $path): string
+{
+    return preg_replace('|[\\\\/]+|S', DIRECTORY_SEPARATOR, $path);
+}
+
+/**
+ * Combines all path segments specified, ensuring no duplicate separators occur,
+ * as well as converting all possible separators to the one appropriate for the current system.
+ */
+function join_path(string ...$paths): string
+{
+    $output = "";
+    foreach ($paths as $path) {
+        if (empty($path)) {
+            continue;
+        }
+        $path = sanitize_path($path);
+        if (empty($output)) {
+            $output = $path;
+        } else {
+            $output = rtrim($output, DIRECTORY_SEPARATOR);
+            $path = ltrim($path, DIRECTORY_SEPARATOR);
+            $output .= DIRECTORY_SEPARATOR . $path;
+        }
+    }
+    return $output;
+}
+
+/**
+ * Perform callback on each item returned by an iterator.
+ */
+function iterator_map(callable $callback, iterator $iter): Generator
+{
+    foreach ($iter as $i) {
+        yield call_user_func($callback, $i);
+    }
+}
+
+/**
+ * Perform callback on each item returned by an iterator and combine the result into an array.
+ */
+function iterator_map_to_array(callable $callback, iterator $iter): array
+{
+    return iterator_to_array(iterator_map($callback, $iter));
+}
+
+function stringer($s)
+{
+    if (is_array($s)) {
+        if (isset($s[0])) {
+            return "[" . implode(", ", array_map("stringer", $s)) . "]";
+        } else {
+            $pairs = [];
+            foreach ($s as $k=>$v) {
+                $pairs[] = "\"$k\"=>" . stringer($v);
+            }
+            return "[" . implode(", ", $pairs) . "]";
+        }
+    }
+    if (is_string($s)) {
+        return "\"$s\"";  // FIXME: handle escaping quotes
+    }
+    return (string)$s;
+}

core/sanitize_php.php

@@ -0,0 +1,63 @@
+<?php declare(strict_types=1);
+/*
+ * A small number of PHP-sanity things (eg don't silently ignore errors) to
+ * be included right at the very start of index.php and tests/bootstrap.php
+ */
+
+$min_php = "7.3";
+if (version_compare(phpversion(), $min_php, ">=") === false) {
+    print "
+Shimmie does not support versions of PHP lower than $min_php
+(PHP reports that it is version ".phpversion().").
+If your web host is running an older version, they are dangerously out of
+date and you should plan on moving elsewhere.
+";
+    exit;
+}
+
+# ini_set('zend.assertions', '1');  // generate assertions
+ini_set('assert.exception', '1');  // throw exceptions when failed
+set_error_handler(function ($errNo, $errStr) {
+    // Should we turn ALL notices into errors? PHP allows a lot of
+    // terrible things to happen by default...
+    if (strpos($errStr, 'Use of undefined constant ') === 0) {
+        throw new Exception("PHP Error#$errNo: $errStr");
+    } else {
+        return false;
+    }
+});
+
+ob_start();
+
+if (PHP_SAPI === 'cli' || PHP_SAPI == 'phpdbg') {
+    if (isset($_SERVER['REMOTE_ADDR'])) {
+        die("CLI with remote addr? Confused, not taking the risk.");
+    }
+    $_SERVER['REMOTE_ADDR'] = "0.0.0.0";
+    $_SERVER['HTTP_HOST'] = "<cli command>";
+}
+
+function die_nicely($title, $body, $code=0)
+{
+    print("<!DOCTYPE html>
+<html lang='en'>
+	<head>
+		<title>Shimmie</title>
+		<link rel=\"shortcut icon\" href=\"ext/static_files/static/favicon.ico\">
+		<link rel=\"stylesheet\" href=\"ext/static_files/style.css\" type=\"text/css\">
+	</head>
+	<body>
+		<div id=\"installer\">
+		    <h1>Shimmie</h1>
+		    <h3>$title</h3>
+			<div class=\"container\">
+			    $body
+			</div>
+		</div>
+    </body>
+</html>");
+    if ($code != 0) {
+        http_response_code(500);
+    }
+    exit($code);
+}

core/send_event.php

@@ -0,0 +1,128 @@
+<?php declare(strict_types=1);
+/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *\
+* Event API                                                                 *
+\* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
+
+/** @private */
+global $_shm_event_listeners;
+$_shm_event_listeners = [];
+
+function _load_event_listeners(): void
+{
+    global $_shm_event_listeners;
+
+    $cache_path = data_path("cache/shm_event_listeners.php");
+    if (SPEED_HAX && file_exists($cache_path)) {
+        require_once($cache_path);
+    } else {
+        _set_event_listeners();
+
+        if (SPEED_HAX) {
+            _dump_event_listeners($_shm_event_listeners, $cache_path);
+        }
+    }
+}
+
+function _clear_cached_event_listeners(): void
+{
+    if (file_exists(data_path("cache/shm_event_listeners.php"))) {
+        unlink(data_path("cache/shm_event_listeners.php"));
+    }
+}
+
+function _set_event_listeners(): void
+{
+    global $_shm_event_listeners;
+    $_shm_event_listeners = [];
+
+    foreach (getSubclassesOf("Extension") as $class) {
+        /** @var Extension $extension */
+        $extension = new $class();
+
+        // skip extensions which don't support our current database
+        if (!$extension->info->is_supported()) {
+            continue;
+        }
+
+        foreach (get_class_methods($extension) as $method) {
+            if (substr($method, 0, 2) == "on") {
+                $event = substr($method, 2) . "Event";
+                $pos = $extension->get_priority() * 100;
+                while (isset($_shm_event_listeners[$event][$pos])) {
+                    $pos += 1;
+                }
+                $_shm_event_listeners[$event][$pos] = $extension;
+            }
+        }
+    }
+}
+
+function _dump_event_listeners(array $event_listeners, string $path): void
+{
+    $p = "<"."?php\n";
+
+    foreach (getSubclassesOf("Extension") as $class) {
+        $p .= "\$$class = new $class(); ";
+    }
+
+    $p .= "\$_shm_event_listeners = array(\n";
+    foreach ($event_listeners as $event => $listeners) {
+        $p .= "\t'$event' => array(\n";
+        foreach ($listeners as $id => $listener) {
+            $p .= "\t\t$id => \$".get_class($listener).",\n";
+        }
+        $p .= "\t),\n";
+    }
+    $p .= ");\n";
+
+    file_put_contents($path, $p);
+}
+
+
+/** @private */
+global $_shm_event_count;
+$_shm_event_count = 0;
+
+/**
+ * Send an event to all registered Extensions.
+ */
+function send_event(Event $event): Event
+{
+    global $tracer_enabled;
+
+    global $_shm_event_listeners, $_shm_event_count, $_tracer;
+    if (!isset($_shm_event_listeners[get_class($event)])) {
+        return $event;
+    }
+    $method_name = "on".str_replace("Event", "", get_class($event));
+
+    // send_event() is performance sensitive, and with the number
+    // of times tracer gets called the time starts to add up
+    if ($tracer_enabled) {
+        $_tracer->begin(get_class($event));
+    }
+    // SHIT: https://bugs.php.net/bug.php?id=35106
+    $my_event_listeners = $_shm_event_listeners[get_class($event)];
+    ksort($my_event_listeners);
+
+    foreach ($my_event_listeners as $listener) {
+        if ($tracer_enabled) {
+            $_tracer->begin(get_class($listener));
+        }
+        if (method_exists($listener, $method_name)) {
+            $listener->$method_name($event);
+        }
+        if ($tracer_enabled) {
+            $_tracer->end();
+        }
+        if ($event->stop_processing===true) {
+            break;
+        }
+    }
+    $_shm_event_count++;
+    if ($tracer_enabled) {
+        $_tracer->end();
+    }
+
+    return $event;
+}

core/sys_config.php

@@ -0,0 +1,34 @@
+<?php declare(strict_types=1);
+/**
+ * For any values that aren't defined in data/config/*.php,
+ * Shimmie will set the values to their defaults
+ *
+ * All of these can be over-ridden by placing a 'define' in
+ * data/config/shimmie.conf.php
+ *
+ * Do NOT change them in this file. These are the defaults only!
+ *
+ * Example:
+ *  define("SPEED_HAX", true);
+ */
+
+function _d(string $name, $value): void
+{
+    if (!defined($name)) {
+        define($name, $value);
+    }
+}
+$_g = file_exists(".git") ? '+' : '';
+_d("DATABASE_DSN", null);    // string   PDO database connection details
+_d("DATABASE_TIMEOUT", 10000);// int     Time to wait for each statement to complete
+_d("CACHE_DSN", null);       // string   cache connection details
+_d("DEBUG", false);          // boolean  print various debugging details
+_d("COOKIE_PREFIX", 'shm');  // string   if you run multiple galleries with non-shared logins, give them different prefixes
+_d("SPEED_HAX", false);      // boolean  do some questionable things in the name of performance
+_d("WH_SPLITS", 1);          // int      how many levels of subfolders to put in the warehouse
+_d("VERSION", "2.8.4$_g");   // string   shimmie version
+_d("TIMEZONE", null);        // string   timezone
+_d("EXTRA_EXTS", "");        // string   optional extra extensions
+_d("BASE_HREF", null);       // string   force a specific base URL (default is auto-detect)
+_d("TRACE_FILE", null);      // string   file to log performance data into
+_d("TRACE_THRESHOLD", 0.0);  // float    log pages which take more time than this many seconds

core/tests/basepage.test.php

@@ -0,0 +1,51 @@
+<?php declare(strict_types=1);
+
+use PHPUnit\Framework\TestCase;
+
+require_once "core/basepage.php";
+
+class BasePageTest extends TestCase
+{
+    public function test_page()
+    {
+        $page = new BasePage();
+        $page->set_mode(PageMode::PAGE);
+        ob_start();
+        $page->display();
+        ob_end_clean();
+        $this->assertTrue(true);  // doesn't crash
+    }
+
+    public function test_file()
+    {
+        $page = new BasePage();
+        $page->set_mode(PageMode::FILE);
+        $page->set_file("tests/pbx_screenshot.jpg");
+        ob_start();
+        $page->display();
+        ob_end_clean();
+        $this->assertTrue(true);  // doesn't crash
+    }
+
+    public function test_data()
+    {
+        $page = new BasePage();
+        $page->set_mode(PageMode::DATA);
+        $page->set_data("hello world");
+        ob_start();
+        $page->display();
+        ob_end_clean();
+        $this->assertTrue(true);  // doesn't crash
+    }
+
+    public function test_redirect()
+    {
+        $page = new BasePage();
+        $page->set_mode(PageMode::REDIRECT);
+        $page->set_redirect("/new/page");
+        ob_start();
+        $page->display();
+        ob_end_clean();
+        $this->assertTrue(true);  // doesn't crash
+    }
+}

core/tests/block.test.php

@@ -0,0 +1,17 @@
+<?php declare(strict_types=1);
+
+use PHPUnit\Framework\TestCase;
+
+require_once "core/block.php";
+
+class BlockTest extends TestCase
+{
+    public function test_basic()
+    {
+        $b = new Block("head", "body");
+        $this->assertEquals(
+            "<section id='headmain'><h3 data-toggle-sel='#headmain' class=''>head</h3><div class='blockbody'>body</div></section>\n",
+            $b->get_html()
+        );
+    }
+}

core/tests/init.test.php

@@ -0,0 +1,18 @@
+<?php declare(strict_types=1);
+
+use PHPUnit\Framework\TestCase;
+
+class TestInit extends TestCase
+{
+    public function testInitExt()
+    {
+        send_event(new InitExtEvent());
+        $this->assertTrue(true);
+    }
+
+    public function testDatabaseUpgrade()
+    {
+        send_event(new DatabaseUpgradeEvent());
+        $this->assertTrue(true);
+    }
+}

core/tests/polyfills.test.php

@@ -0,0 +1,223 @@
+<?php declare(strict_types=1);
+
+use PHPUnit\Framework\TestCase;
+
+require_once "core/polyfills.php";
+
+class PolyfillsTest extends TestCase
+{
+    public function test_html_escape()
+    {
+        $this->assertEquals(
+            html_escape("Foo & <waffles>"),
+            "Foo &amp; &lt;waffles&gt;"
+        );
+
+        $this->assertEquals(
+            html_unescape("Foo &amp; &lt;waffles&gt;"),
+            "Foo & <waffles>"
+        );
+
+        $x = "Foo &amp; &lt;waffles&gt;";
+        $this->assertEquals(html_escape(html_unescape($x)), $x);
+    }
+
+    public function test_int_escape()
+    {
+        $this->assertEquals(int_escape(""), 0);
+        $this->assertEquals(int_escape("1"), 1);
+        $this->assertEquals(int_escape("-1"), -1);
+        $this->assertEquals(int_escape("-1.5"), -1);
+        $this->assertEquals(int_escape(null), 0);
+    }
+
+    public function test_url_escape()
+    {
+        $this->assertEquals(url_escape("^\o/^"), "%5E%5Co%2F%5E");
+        $this->assertEquals(url_escape(null), "");
+    }
+
+    public function test_bool_escape()
+    {
+        $this->assertTrue(bool_escape(true));
+        $this->assertFalse(bool_escape(false));
+
+        $this->assertTrue(bool_escape("true"));
+        $this->assertFalse(bool_escape("false"));
+
+        $this->assertTrue(bool_escape("t"));
+        $this->assertFalse(bool_escape("f"));
+
+        $this->assertTrue(bool_escape("T"));
+        $this->assertFalse(bool_escape("F"));
+
+        $this->assertTrue(bool_escape("yes"));
+        $this->assertFalse(bool_escape("no"));
+
+        $this->assertTrue(bool_escape("Yes"));
+        $this->assertFalse(bool_escape("No"));
+
+        $this->assertTrue(bool_escape("on"));
+        $this->assertFalse(bool_escape("off"));
+
+        $this->assertTrue(bool_escape(1));
+        $this->assertFalse(bool_escape(0));
+
+        $this->assertTrue(bool_escape("1"));
+        $this->assertFalse(bool_escape("0"));
+    }
+
+    public function test_clamp()
+    {
+        $this->assertEquals(clamp(0, 5, 10), 5);
+        $this->assertEquals(clamp(5, 5, 10), 5);
+        $this->assertEquals(clamp(7, 5, 10), 7);
+        $this->assertEquals(clamp(10, 5, 10), 10);
+        $this->assertEquals(clamp(15, 5, 10), 10);
+    }
+
+    public function test_xml_tag()
+    {
+        $this->assertEquals(
+            "<test foo=\"bar\" >\n<cake />\n</test>\n",
+            xml_tag("test", ["foo"=>"bar"], ["cake"])
+        );
+    }
+
+    public function test_truncate()
+    {
+        $this->assertEquals(truncate("test words", 10), "test words");
+        $this->assertEquals(truncate("test...", 9), "test...");
+        $this->assertEquals(truncate("test...", 6), "test...");
+        $this->assertEquals(truncate("te...", 2), "te...");
+    }
+
+    public function test_to_shorthand_int()
+    {
+        $this->assertEquals(to_shorthand_int(1231231231), "1.1GB");
+        $this->assertEquals(to_shorthand_int(2), "2");
+    }
+
+    public function test_parse_shorthand_int()
+    {
+        $this->assertEquals(parse_shorthand_int("foo"), -1);
+        $this->assertEquals(parse_shorthand_int("32M"), 33554432);
+        $this->assertEquals(parse_shorthand_int("43.4KB"), 44441);
+        $this->assertEquals(parse_shorthand_int("1231231231"), 1231231231);
+    }
+
+    public function test_format_milliseconds()
+    {
+        $this->assertEquals("", format_milliseconds(5));
+        $this->assertEquals("5s", format_milliseconds(5000));
+        $this->assertEquals("1y 213d 16h 53m 20s", format_milliseconds(50000000000));
+    }
+
+    public function test_autodate()
+    {
+        $this->assertEquals(
+            "<time datetime='2012-06-23T16:14:22+00:00'>June 23, 2012; 16:14</time>",
+            autodate("2012-06-23 16:14:22")
+        );
+    }
+
+    public function test_validate_input()
+    {
+        $_POST = [
+            "foo" => " bar ",
+            "to_null" => "  ",
+            "num" => "42",
+        ];
+        $this->assertEquals(
+            ["foo"=>"bar"],
+            validate_input(["foo"=>"string,trim,lower"])
+        );
+        //$this->assertEquals(
+        //    ["to_null"=>null],
+        //    validate_input(["to_null"=>"string,trim,nullify"])
+        //);
+        $this->assertEquals(
+            ["num"=>42],
+            validate_input(["num"=>"int"])
+        );
+    }
+
+    public function test_sanitize_path()
+    {
+        $this->assertEquals(
+            "one",
+            sanitize_path("one")
+        );
+
+        $this->assertEquals(
+            "one".DIRECTORY_SEPARATOR."two",
+            sanitize_path("one\\two")
+        );
+
+        $this->assertEquals(
+            "one".DIRECTORY_SEPARATOR."two",
+            sanitize_path("one/two")
+        );
+
+        $this->assertEquals(
+            "one".DIRECTORY_SEPARATOR."two",
+            sanitize_path("one\\\\two")
+        );
+
+        $this->assertEquals(
+            "one".DIRECTORY_SEPARATOR."two",
+            sanitize_path("one//two")
+        );
+
+        $this->assertEquals(
+            "one".DIRECTORY_SEPARATOR."two",
+            sanitize_path("one\\\\\\two")
+        );
+
+        $this->assertEquals(
+            "one".DIRECTORY_SEPARATOR."two",
+            sanitize_path("one///two")
+        );
+
+        $this->assertEquals(
+            DIRECTORY_SEPARATOR."one".DIRECTORY_SEPARATOR."two".DIRECTORY_SEPARATOR,
+            sanitize_path("\\/one/\\/\\/two\\/")
+        );
+    }
+
+    public function test_join_path()
+    {
+        $this->assertEquals(
+            "one",
+            join_path("one")
+        );
+
+        $this->assertEquals(
+            "one".DIRECTORY_SEPARATOR."two",
+            join_path("one", "two")
+        );
+
+        $this->assertEquals(
+            "one".DIRECTORY_SEPARATOR."two".DIRECTORY_SEPARATOR."three",
+            join_path("one", "two", "three")
+        );
+
+        $this->assertEquals(
+            "one".DIRECTORY_SEPARATOR."two".DIRECTORY_SEPARATOR."three",
+            join_path("one/two", "three")
+        );
+
+        $this->assertEquals(
+            DIRECTORY_SEPARATOR."one".DIRECTORY_SEPARATOR."two".DIRECTORY_SEPARATOR."three".DIRECTORY_SEPARATOR,
+            join_path("\\/////\\\\one/\///"."\\//two\/\\//\\//", "//\/\\\/three/\\/\/")
+        );
+    }
+
+    public function test_stringer()
+    {
+        $this->assertEquals(
+            '["foo"=>"bar", "baz"=>[1, 2, 3], "qux"=>["a"=>"b"]]',
+            stringer(["foo"=>"bar", "baz"=>[1,2,3], "qux"=>["a"=>"b"]])
+        );
+    }
+}

core/tests/tag.test.php

@@ -0,0 +1,22 @@
+<?php declare(strict_types=1);
+
+use PHPUnit\Framework\TestCase;
+
+require_once "core/imageboard/tag.php";
+
+class TagTest extends TestCase
+{
+    public function test_caret()
+    {
+        $this->assertEquals("foo", Tag::decaret("foo"));
+        $this->assertEquals("foo?", Tag::decaret("foo^q"));
+        $this->assertEquals("a^b/c\\d?e&f", Tag::decaret("a^^b^sc^bd^qe^af"));
+    }
+
+    public function test_decaret()
+    {
+        $this->assertEquals("foo", Tag::caret("foo"));
+        $this->assertEquals("foo^q", Tag::caret("foo?"));
+        $this->assertEquals("a^^b^sc^bd^qe^af", Tag::caret("a^b/c\\d?e&f"));
+    }
+}

core/tests/urls.test.php

@@ -0,0 +1,101 @@
+<?php declare(strict_types=1);
+
+use PHPUnit\Framework\TestCase;
+
+require_once "core/urls.php";
+
+class UrlsTest extends TestCase
+{
+    public function test_make_link()
+    {
+        // basic
+        $this->assertEquals(
+            "/test/foo",
+            make_link("foo")
+        );
+
+        // remove leading slash from path
+        $this->assertEquals(
+            "/test/foo",
+            make_link("/foo")
+        );
+
+        // query
+        $this->assertEquals(
+            "/test/foo?a=1&b=2",
+            make_link("foo", "a=1&b=2")
+        );
+
+        // hash
+        $this->assertEquals(
+            "/test/foo#cake",
+            make_link("foo", null, "cake")
+        );
+
+        // query + hash
+        $this->assertEquals(
+            "/test/foo?a=1&b=2#cake",
+            make_link("foo", "a=1&b=2", "cake")
+        );
+    }
+
+    public function test_make_http()
+    {
+        // relative to shimmie install
+        $this->assertEquals(
+            "http://<cli command>/test/foo",
+            make_http("foo")
+        );
+
+        // relative to web server
+        $this->assertEquals(
+            "http://<cli command>/foo",
+            make_http("/foo")
+        );
+
+        // absolute
+        $this->assertEquals(
+            "https://foo.com",
+            make_http("https://foo.com")
+        );
+    }
+
+    public function test_modify_url()
+    {
+        $this->assertEquals(
+            "/foo/bar?a=3&b=2",
+            modify_url("/foo/bar?a=1&b=2", ["a"=>"3"])
+        );
+
+        $this->assertEquals(
+            "https://blah.com/foo/bar?b=2",
+            modify_url("https://blah.com/foo/bar?a=1&b=2", ["a"=>null])
+        );
+
+        $this->assertEquals(
+            "/foo/bar",
+            modify_url("/foo/bar?a=1&b=2", ["a"=>null, "b"=>null])
+        );
+    }
+
+    public function test_referer_or()
+    {
+        unset($_SERVER['HTTP_REFERER']);
+        $this->assertEquals(
+            "foo",
+            referer_or("foo")
+        );
+
+        $_SERVER['HTTP_REFERER'] = "cake";
+        $this->assertEquals(
+            "cake",
+            referer_or("foo")
+        );
+
+        $_SERVER['HTTP_REFERER'] = "cake";
+        $this->assertEquals(
+            "foo",
+            referer_or("foo", ["cake"])
+        );
+    }
+}

core/tests/util.test.php

@@ -0,0 +1,86 @@
+<?php declare(strict_types=1);
+
+use PHPUnit\Framework\TestCase;
+
+require_once "core/util.php";
+
+class UtilTest extends TestCase
+{
+    public function test_warehouse_path()
+    {
+        $hash = "7ac19c10d6859415";
+
+        $this->assertEquals(
+            join_path(DATA_DIR, "base", $hash),
+            warehouse_path("base", $hash, false, 0)
+        );
+
+        $this->assertEquals(
+            join_path(DATA_DIR, "base", "7a", $hash),
+            warehouse_path("base", $hash, false, 1)
+        );
+
+        $this->assertEquals(
+            join_path(DATA_DIR, "base", "7a", "c1", $hash),
+            warehouse_path("base", $hash, false, 2)
+        );
+
+        $this->assertEquals(
+            join_path(DATA_DIR, "base", "7a", "c1", "9c", $hash),
+            warehouse_path("base", $hash, false, 3)
+        );
+
+        $this->assertEquals(
+            join_path(DATA_DIR, "base", "7a", "c1", "9c", "10", $hash),
+            warehouse_path("base", $hash, false, 4)
+        );
+
+        $this->assertEquals(
+            join_path(DATA_DIR, "base", "7a", "c1", "9c", "10", "d6", $hash),
+            warehouse_path("base", $hash, false, 5)
+        );
+
+        $this->assertEquals(
+            join_path(DATA_DIR, "base", "7a", "c1", "9c", "10", "d6", "85", $hash),
+            warehouse_path("base", $hash, false, 6)
+        );
+
+        $this->assertEquals(
+            join_path(DATA_DIR, "base", "7a", "c1", "9c", "10", "d6", "85", "94", $hash),
+            warehouse_path("base", $hash, false, 7)
+        );
+
+        $this->assertEquals(
+            join_path(DATA_DIR, "base", "7a", "c1", "9c", "10", "d6", "85", "94", "15", $hash),
+            warehouse_path("base", $hash, false, 8)
+        );
+
+        $this->assertEquals(
+            join_path(DATA_DIR, "base", "7a", "c1", "9c", "10", "d6", "85", "94", "15", $hash),
+            warehouse_path("base", $hash, false, 9)
+        );
+
+        $this->assertEquals(
+            join_path(DATA_DIR, "base", "7a", "c1", "9c", "10", "d6", "85", "94", "15", $hash),
+            warehouse_path("base", $hash, false, 10)
+        );
+    }
+
+    public function test_load_balance_url()
+    {
+        $hash = "7ac19c10d6859415";
+        $ext = "jpg";
+
+        // pseudo-randomly select one of the image servers, balanced in given ratio
+        $this->assertEquals(
+            "https://baz.mycdn.com/7ac19c10d6859415.jpg",
+            load_balance_url("https://{foo=10,bar=5,baz=5}.mycdn.com/$hash.$ext", $hash)
+        );
+
+        // N'th and N+1'th results should be different
+        $this->assertNotEquals(
+            load_balance_url("https://{foo=10,bar=5,baz=5}.mycdn.com/$hash.$ext", $hash, 0),
+            load_balance_url("https://{foo=10,bar=5,baz=5}.mycdn.com/$hash.$ext", $hash, 1)
+        );
+    }
+}

core/urls.php

@@ -0,0 +1,114 @@
+<?php declare(strict_types=1);
+
+class Link
+{
+    public $page;
+    public $query;
+
+    public function __construct(?string $page=null, ?string $query=null)
+    {
+        $this->page = $page;
+        $this->query = $query;
+    }
+
+    public function make_link(): string
+    {
+        return make_link($this->page, $this->query);
+    }
+}
+
+/**
+ * Figure out the correct way to link to a page, taking into account
+ * things like the nice URLs setting.
+ *
+ * eg make_link("post/list") becomes "/v2/index.php?q=post/list"
+ */
+function make_link(?string $page=null, ?string $query=null, ?string $fragment=null): string
+{
+    global $config;
+
+    if (is_null($page)) {
+        $page = $config->get_string(SetupConfig::MAIN_PAGE);
+    }
+    $page = trim($page, "/");
+
+    $parts = [];
+    $install_dir = get_base_href();
+    if (SPEED_HAX || $config->get_bool('nice_urls', false)) {
+        $parts['path'] = "$install_dir/$page";
+    } else {
+        $parts['path'] = "$install_dir/index.php";
+        $query = empty($query) ? "q=$page" : "q=$page&$query";
+    }
+    $parts['query'] = $query;  // http_build_query($query);
+    $parts['fragment'] = $fragment;  // http_build_query($hash);
+
+    return unparse_url($parts);
+}
+
+
+/**
+ * Take the current URL and modify some parameters
+ */
+function modify_current_url(array $changes): string
+{
+    return modify_url($_SERVER['REQUEST_URI'], $changes);
+}
+
+function modify_url(string $url, array $changes): string
+{
+    $parts = parse_url($url);
+
+    $params = [];
+    if (isset($parts['query'])) {
+        parse_str($parts['query'], $params);
+    }
+    foreach ($changes as $k => $v) {
+        if (is_null($v) and isset($params[$k])) {
+            unset($params[$k]);
+        }
+        $params[$k] = $v;
+    }
+    $parts['query'] = http_build_query($params);
+
+    return unparse_url($parts);
+}
+
+/**
+ * Turn a relative link into an absolute one, including hostname
+ */
+function make_http(string $link): string
+{
+    if (strpos($link, "://") > 0) {
+        return $link;
+    }
+
+    if (strlen($link) > 0 && $link[0] != '/') {
+        $link = get_base_href() . '/' . $link;
+    }
+
+    $protocol = is_https_enabled() ? "https://" : "http://";
+    $link = $protocol . $_SERVER["HTTP_HOST"] . $link;
+    $link = str_replace("/./", "/", $link);
+
+    return $link;
+}
+
+/**
+ * If HTTP_REFERER is set, and not blacklisted, then return it
+ * Else return a default $dest
+ */
+function referer_or(string $dest, ?array $blacklist=null): string
+{
+    if (empty($_SERVER['HTTP_REFERER'])) {
+        return $dest;
+    }
+    if ($blacklist) {
+        foreach ($blacklist as $b) {
+            if (strstr($_SERVER['HTTP_REFERER'], $b)) {
+                return $dest;
+            }
+        }
+    }
+    return $_SERVER['HTTP_REFERER'];
+}

core/user.class.php

@@ -1,64 +0,0 @@
-<?php
-class User {
-	var $id;
-	var $name;
-	var $email;
-	var $join_date;
-	var $days_old;
-	var $enabled;
-	var $admin;
-	
-	public function User($row) {
-		$this->id = int_escape($row['id']);
-		$this->name = $row['name'];
-		$this->email = $row['email'];
-		$this->join_date = $row['joindate'];
-		$this->days_old = $row['days_old'];
-		$this->enabled = ($row['enabled'] == 'Y');
-		$this->admin = ($row['admin'] == 'Y');
-	}
-
-	public function is_anonymous() {
-		global $config;
-		return ($this->id == $config->get_int('anon_id'));
-	}
-
-	public function is_enabled() {
-		return $this->enabled;
-	}
-
-	public function set_enabled($enabled) {
-		global $database;
-		
-		$yn = $enabled ? 'Y' : 'N';
-		$database->db->Execute("UPDATE users SET enabled=? WHERE id=?",
-				array($yn, $this->id));
-	}
-
-	public function is_admin() {
-		return $this->admin;
-	}
-
-	public function set_admin($admin) {
-		global $database;
-
-		$yn = $admin ? 'Y' : 'N';
-		$database->db->Execute("UPDATE users SET admin=? WHERE id=?",
-				array($yn, $this->id));
-	}
-
-	public function get_days_old() {
-		return $this->days_old;
-	}
-
-	public function get_image_count() {
-		global $database;
-		return $database->db->GetOne("SELECT COUNT(*) AS count FROM images WHERE owner_id=?", $this->id);
-	}
-	
-	public function get_comment_count() {
-		global $database;
-		return $database->db->GetOne("SELECT COUNT(*) AS count FROM comments WHERE owner_id=?", $this->id);
-	}
-}
-?>

core/user.php

@@ -0,0 +1,262 @@
+<?php declare(strict_types=1);
+
+function _new_user(array $row): User
+{
+    return new User($row);
+}
+
+
+/**
+ * Class User
+ *
+ * An object representing a row in the "users" table.
+ *
+ * The currently logged in user will always be accessible via the global variable $user.
+ */
+class User
+{
+    /** @var int */
+    public $id;
+
+    /** @var string */
+    public $name;
+
+    /** @var string */
+    public $email;
+
+    public $join_date;
+
+    /** @var string */
+    public $passhash;
+
+    /** @var UserClass */
+    public $class;
+
+    /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
+    * Initialisation                                               *
+    *                                                              *
+    * User objects shouldn't be created directly, they should be   *
+    * fetched from the database like so:                           *
+    *                                                              *
+    *    $user = User::by_name("bob");                             *
+    * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
+
+    /**
+     * One will very rarely construct a user directly, more common
+     * would be to use User::by_id, User::by_session, etc.
+     *
+     * @throws SCoreException
+     */
+    public function __construct(array $row)
+    {
+        global $_shm_user_classes;
+
+        $this->id = int_escape((string)$row['id']);
+        $this->name = $row['name'];
+        $this->email = $row['email'];
+        $this->join_date = $row['joindate'];
+        $this->passhash = $row['pass'];
+
+        if (array_key_exists($row["class"], $_shm_user_classes)) {
+            $this->class = $_shm_user_classes[$row["class"]];
+        } else {
+            throw new SCoreException("User '{$this->name}' has invalid class '{$row["class"]}'");
+        }
+    }
+
+    public static function by_session(string $name, string $session): ?User
+    {
+        global $cache, $config, $database;
+        $row = $cache->get("user-session:$name-$session");
+        if (!$row) {
+            if ($database->get_driver_name() === DatabaseDriver::MYSQL) {
+                $query = "SELECT * FROM users WHERE name = :name AND md5(concat(pass, :ip)) = :sess";
+            } else {
+                $query = "SELECT * FROM users WHERE name = :name AND md5(pass || :ip) = :sess";
+            }
+            $row = $database->get_row($query, ["name"=>$name, "ip"=>get_session_ip($config), "sess"=>$session]);
+            $cache->set("user-session:$name-$session", $row, 600);
+        }
+        return is_null($row) ? null : new User($row);
+    }
+
+    public static function by_id(int $id): ?User
+    {
+        global $cache, $database;
+        if ($id === 1) {
+            $cached = $cache->get('user-id:'.$id);
+            if ($cached) {
+                return new User($cached);
+            }
+        }
+        $row = $database->get_row("SELECT * FROM users WHERE id = :id", ["id"=>$id]);
+        if ($id === 1) {
+            $cache->set('user-id:'.$id, $row, 600);
+        }
+        return is_null($row) ? null : new User($row);
+    }
+
+    public static function by_name(string $name): ?User
+    {
+        global $database;
+        $row = $database->get_row("SELECT * FROM users WHERE LOWER(name) = LOWER(:name)", ["name"=>$name]);
+        return is_null($row) ? null : new User($row);
+    }
+
+    public static function name_to_id(string $name): int
+    {
+        $u = User::by_name($name);
+        if (is_null($u)) {
+            throw new ScoreException("Can't find any user named $name");
+        } else {
+            return $u->id;
+        }
+    }
+
+    public static function by_name_and_pass(string $name, string $pass): ?User
+    {
+        $my_user = User::by_name($name);
+
+        // If user tried to log in as "foo bar" and failed, try "foo_bar"
+        if (!$my_user && strpos($name, " ") !== false) {
+            $my_user = User::by_name(str_replace(" ", "_", $name));
+        }
+
+        if ($my_user) {
+            if ($my_user->passhash == md5(strtolower($name) . $pass)) {
+                log_info("core-user", "Migrating from md5 to bcrypt for $name");
+                $my_user->set_password($pass);
+            }
+            if (password_verify($pass, $my_user->passhash)) {
+                log_info("core-user", "Logged in as $name ({$my_user->class->name})");
+                return $my_user;
+            } else {
+                log_warning("core-user", "Failed to log in as $name (Invalid password)");
+            }
+        } else {
+            log_warning("core-user", "Failed to log in as $name (Invalid username)");
+        }
+        return null;
+    }
+
+
+    /* useful user object functions start here */
+
+    public function can(string $ability): bool
+    {
+        return $this->class->can($ability);
+    }
+
+
+    public function is_anonymous(): bool
+    {
+        global $config;
+        return ($this->id === $config->get_int('anon_id'));
+    }
+
+    public function is_logged_in(): bool
+    {
+        global $config;
+        return ($this->id !== $config->get_int('anon_id'));
+    }
+
+    public function set_class(string $class): void
+    {
+        global $database;
+        $database->Execute("UPDATE users SET class=:class WHERE id=:id", ["class"=>$class, "id"=>$this->id]);
+        log_info("core-user", 'Set class for '.$this->name.' to '.$class);
+    }
+
+    public function set_name(string $name): void
+    {
+        global $database;
+        if (User::by_name($name)) {
+            throw new ScoreException("Desired username is already in use");
+        }
+        $old_name = $this->name;
+        $this->name = $name;
+        $database->Execute("UPDATE users SET name=:name WHERE id=:id", ["name"=>$this->name, "id"=>$this->id]);
+        log_info("core-user", "Changed username for {$old_name} to {$this->name}");
+    }
+
+    public function set_password(string $password): void
+    {
+        global $database;
+        $hash = password_hash($password, PASSWORD_BCRYPT);
+        if (is_string($hash)) {
+            $this->passhash = $hash;
+            $database->Execute("UPDATE users SET pass=:hash WHERE id=:id", ["hash"=>$this->passhash, "id"=>$this->id]);
+            log_info("core-user", 'Set password for '.$this->name);
+        } else {
+            throw new SCoreException("Failed to hash password");
+        }
+    }
+
+    public function set_email(string $address): void
+    {
+        global $database;
+        $database->Execute("UPDATE users SET email=:email WHERE id=:id", ["email"=>$address, "id"=>$this->id]);
+        log_info("core-user", 'Set email for '.$this->name);
+    }
+
+    /**
+     * Get a snippet of HTML which will render the user's avatar, be that
+     * a local file, a remote file, a gravatar, a something else, etc.
+     */
+    public function get_avatar_html(): string
+    {
+        // FIXME: configurable
+        global $config;
+        if ($config->get_string("avatar_host") === "gravatar") {
+            if (!empty($this->email)) {
+                $hash = md5(strtolower($this->email));
+                $s = $config->get_string("avatar_gravatar_size");
+                $d = urlencode($config->get_string("avatar_gravatar_default"));
+                $r = $config->get_string("avatar_gravatar_rating");
+                $cb = date("Y-m-d");
+                return "<img alt='avatar' class=\"avatar gravatar\" src=\"https://www.gravatar.com/avatar/$hash.jpg?s=$s&d=$d&r=$r&cacheBreak=$cb\">";
+            }
+        }
+        return "";
+    }
+
+    /**
+     * Get an auth token to be used in POST forms
+     *
+     * password = secret, avoid storing directly
+     * passhash = bcrypt(password), so someone who gets to the database can't get passwords
+     * sesskey  = md5(passhash . IP), so if it gets sniffed it can't be used from another IP,
+     *            and it can't be used to get the passhash to generate new sesskeys
+     * authtok  = md5(sesskey, salt), presented to the user in web forms, to make sure that
+     *            the form was generated within the session. Salted and re-hashed so that
+     *            reading a web page from the user's cache doesn't give access to the session key
+     */
+    public function get_auth_token(): string
+    {
+        global $config;
+        $salt = DATABASE_DSN;
+        $addr = get_session_ip($config);
+        return md5(md5($this->passhash . $addr) . "salty-csrf-" . $salt);
+    }
+
+    public function get_auth_html(): string
+    {
+        $at = $this->get_auth_token();
+        return '<input type="hidden" name="auth_token" value="'.$at.'">';
+    }
+
+    public function check_auth_token(): bool
+    {
+        if (defined("UNITTEST")) {
+            return true;
+        }
+        return (isset($_POST["auth_token"]) && $_POST["auth_token"] == $this->get_auth_token());
+    }
+
+    public function ensure_authed(): void
+    {
+        if (!$this->check_auth_token()) {
+            die("Invalid auth token");
+        }
+    }
+}

core/userclass.php

@@ -0,0 +1,211 @@
+<?php declare(strict_types=1);
+/**
+ * @global UserClass[] $_shm_user_classes
+ */
+global $_shm_user_classes;
+$_shm_user_classes = [];
+
+/**
+ * Class UserClass
+ */
+class UserClass
+{
+
+    /**
+     * @var ?string
+     */
+    public $name = null;
+
+    /**
+     * @var ?UserClass
+     */
+    public $parent = null;
+
+    /**
+     * @var array
+     */
+    public $abilities = [];
+
+    public function __construct(string $name, string $parent = null, array $abilities = [])
+    {
+        global $_shm_user_classes;
+
+        $this->name = $name;
+        $this->abilities = $abilities;
+
+        if (!is_null($parent)) {
+            $this->parent = $_shm_user_classes[$parent];
+        }
+
+        $_shm_user_classes[$name] = $this;
+    }
+
+    /**
+     * Determine if this class of user can perform an action or has ability.
+     *
+     * @throws SCoreException
+     */
+    public function can(string $ability): bool
+    {
+        if (array_key_exists($ability, $this->abilities)) {
+            return $this->abilities[$ability];
+        } elseif (!is_null($this->parent)) {
+            return $this->parent->can($ability);
+        } else {
+            global $_shm_user_classes;
+            $min_dist = 9999;
+            $min_ability = null;
+            foreach ($_shm_user_classes['base']->abilities as $a => $cando) {
+                $v = levenshtein($ability, $a);
+                if ($v < $min_dist) {
+                    $min_dist = $v;
+                    $min_ability = $a;
+                }
+            }
+            throw new SCoreException("Unknown ability '$ability'. Did the developer mean '$min_ability'?");
+        }
+    }
+}
+
+$_all_false = [];
+foreach ((new ReflectionClass('Permissions'))->getConstants() as $k => $v) {
+    $_all_false[$v] = false;
+}
+new UserClass("base", null, $_all_false);
+unset($_all_false);
+
+// Ghost users can't do anything
+new UserClass("ghost", "base", [
+]);
+
+// Anonymous users can't do anything by default, but
+// the admin might grant them some permissions
+new UserClass("anonymous", "base", [
+    Permissions::CREATE_USER => true,
+]);
+
+new UserClass("user", "base", [
+    Permissions::BIG_SEARCH => true,
+    Permissions::CREATE_IMAGE => true,
+    Permissions::CREATE_COMMENT => true,
+    Permissions::EDIT_IMAGE_TAG => true,
+    Permissions::EDIT_IMAGE_SOURCE => true,
+    Permissions::EDIT_IMAGE_TITLE => true,
+    Permissions::EDIT_IMAGE_RELATIONSHIPS => true,
+    Permissions::EDIT_IMAGE_ARTIST => true,
+    Permissions::CREATE_IMAGE_REPORT => true,
+    Permissions::EDIT_IMAGE_RATING => true,
+    Permissions::EDIT_FAVOURITES => true,
+    Permissions::SEND_PM => true,
+    Permissions::READ_PM => true,
+    Permissions::SET_PRIVATE_IMAGE => true,
+    Permissions::BULK_DOWNLOAD => true,
+]);
+
+new UserClass("hellbanned", "user", [
+    Permissions::HELLBANNED => true,
+]);
+
+new UserClass("admin", "base", [
+    Permissions::CHANGE_SETTING => true,
+    Permissions::OVERRIDE_CONFIG => true,
+    Permissions::BIG_SEARCH => true,
+
+    Permissions::MANAGE_EXTENSION_LIST => true,
+    Permissions::MANAGE_ALIAS_LIST => true,
+    Permissions::MANAGE_AUTO_TAG => true,
+    Permissions::MASS_TAG_EDIT => true,
+
+    Permissions::VIEW_IP => true,
+    Permissions::BAN_IP => true,
+
+    Permissions::CREATE_USER => true,
+    Permissions::CREATE_OTHER_USER => true,
+    Permissions::EDIT_USER_NAME => true,
+    Permissions::EDIT_USER_PASSWORD => true,
+    Permissions::EDIT_USER_INFO => true,
+    Permissions::EDIT_USER_CLASS => true,
+    Permissions::DELETE_USER => true,
+
+    Permissions::CREATE_COMMENT => true,
+    Permissions::DELETE_COMMENT => true,
+    Permissions::BYPASS_COMMENT_CHECKS => true,
+
+    Permissions::REPLACE_IMAGE => true,
+    Permissions::CREATE_IMAGE => true,
+    Permissions::EDIT_IMAGE_TAG => true,
+    Permissions::EDIT_IMAGE_SOURCE => true,
+    Permissions::EDIT_IMAGE_OWNER => true,
+    Permissions::EDIT_IMAGE_LOCK => true,
+    Permissions::EDIT_IMAGE_TITLE => true,
+    Permissions::EDIT_IMAGE_RELATIONSHIPS => true,
+    Permissions::EDIT_IMAGE_ARTIST => true,
+    Permissions::BULK_EDIT_IMAGE_TAG => true,
+    Permissions::BULK_EDIT_IMAGE_SOURCE => true,
+    Permissions::DELETE_IMAGE => true,
+
+    Permissions::BAN_IMAGE => true,
+
+    Permissions::VIEW_EVENTLOG => true,
+    Permissions::IGNORE_DOWNTIME => true,
+    Permissions::VIEW_REGISTRATIONS => true,
+
+    Permissions::CREATE_IMAGE_REPORT => true,
+    Permissions::VIEW_IMAGE_REPORT => true,
+
+    Permissions::WIKI_ADMIN => true,
+    Permissions::EDIT_WIKI_PAGE => true,
+    Permissions::DELETE_WIKI_PAGE => true,
+
+    Permissions::MANAGE_BLOCKS => true,
+
+    Permissions::MANAGE_ADMINTOOLS => true,
+
+    Permissions::SEND_PM => true,
+    Permissions::READ_PM => true,
+    Permissions::VIEW_OTHER_PMS => true, # hm
+    Permissions::EDIT_FEATURE => true,
+    Permissions::BULK_EDIT_VOTE => true,
+    Permissions::EDIT_OTHER_VOTE => true,
+    Permissions::VIEW_SYSINTO => true,
+
+    Permissions::HELLBANNED => false,
+    Permissions::VIEW_HELLBANNED => true,
+
+    Permissions::PROTECTED => true,
+
+    Permissions::EDIT_IMAGE_RATING => true,
+    Permissions::BULK_EDIT_IMAGE_RATING => true,
+
+    Permissions::VIEW_TRASH => true,
+
+    Permissions::PERFORM_BULK_ACTIONS => true,
+
+    Permissions::BULK_ADD => true,
+    Permissions::EDIT_FILES => true,
+    Permissions::EDIT_TAG_CATEGORIES => true,
+    Permissions::RESCAN_MEDIA => true,
+    Permissions::SEE_IMAGE_VIEW_COUNTS => true,
+
+    Permissions::EDIT_FAVOURITES => true,
+
+    Permissions::ARTISTS_ADMIN => true,
+    Permissions::BLOTTER_ADMIN => true,
+    Permissions::FORUM_ADMIN => true,
+    Permissions::NOTES_ADMIN => true,
+    Permissions::POOLS_ADMIN => true,
+    Permissions::TIPS_ADMIN => true,
+    Permissions::CRON_ADMIN => true,
+
+    Permissions::APPROVE_IMAGE => true,
+    Permissions::APPROVE_COMMENT => true,
+
+    Permissions::BULK_IMPORT =>true,
+    Permissions::BULK_EXPORT =>true,
+    Permissions::BULK_DOWNLOAD => true,
+
+    Permissions::SET_PRIVATE_IMAGE => true,
+    Permissions::SET_OTHERS_PRIVATE_IMAGES => true,
+]);
+
+@include_once "data/config/user-classes.conf.php";

core/util.inc.php

@@ -1,197 +0,0 @@
-<?php
-function html_escape($input) {
-	return htmlentities($input);
-}
-
-function int_escape($input) {
-	return (int)$input;
-}
-
-function sql_escape($input) {
-	global $database;
-	return $database->db->Quote($input);
-}
-
-function make_link($page, $query=null) {
-	global $config;
-	$base = $config->get_string('base_href');
-
-	if(is_null($query)) {
-		return "$base/$page";
-	}
-	else {
-		if(strpos($base, "?")) {
-			return "$base/$page&$query";
-		}
-		else {
-			return "$base/$page?$query";
-		}
-	}
-}
-
-function parse_shorthand_int($limit) {
-	if(is_numeric($limit)) {
-		return (int)$limit;
-	}
-
-	if(preg_match('/^([\d\.]+)([gmk])?b?$/i', "$limit", $m)) {
-		$value = $m[1];
-		if (isset($m[2])) {
-			switch(strtolower($m[2])) {
-				case 'g': $value *= 1024;  # fallthrough
-				case 'm': $value *= 1024;  # fallthrough
-				case 'k': $value *= 1024; break;
-				default: $value = -1;
-			}
-		}
-		return (int)$value;
-	} else {
-		return -1;
-	}
-}
-
-function to_shorthand_int($int) {
-	if($int >= pow(1024, 3)) {
-		return sprintf("%.1fGB", $int / pow(1024, 3));
-	}
-	else if($int >= pow(1024, 2)) {
-		return sprintf("%.1fMB", $int / pow(1024, 2));
-	}
-	else if($int >= 1024) {
-		return sprintf("%.1fKB", $int / 1024);
-	}
-	else {
-		return "$int";
-	}
-}
-
-function bbcode2html($text) {
-	$text = trim($text);
-	$text = html_escape($text);
-#	$text = preg_replace("/\[b\](.*?)\[\/b\]/s", "<b>\\1</b>", $text);
-#	$text = preg_replace("/\[i\](.*?)\[\/i\]/s", "<i>\\1</i>", $text);
-#	$text = preg_replace("/\[u\](.*?)\[\/u\]/s", "<u>\\1</u>", $text);
-	$text = str_replace("\n", "\n<br>", $text);
-	return $text;
-}
-
-function tag_explode($tags) {
-	if(is_string($tags)) {
-		$tags = explode(' ', $tags);
-	}
-	else if(is_array($tags)) {
-		// do nothing
-	}
-	else {
-		die("tag_explode only takes strings or arrays");
-	}
-
-	$tags = array_map("trim", $tags);
-
-	foreach($tags as $tag) {
-		if(is_string($tag) && strlen($tag) > 0) {
-			$tag_array[] = $tag;
-		}
-	}
-
-	if(count($tag_array) == 0) {
-		$tag_array = array("tagme");
-	}
-
-	return $tag_array;
-}
-
-
-
-
-
-# $db is the connection object
-function CountExecs($db, $sql, $inputarray) {
-	global $_execs;
-#	$fp = fopen("sql.log", "a");
-#	fwrite($fp, preg_replace('/\s+/msi', ' ', $sql)."\n");
-#	fclose($fp);
-	if (!is_array($inputarray)) $_execs++;
-	# handle 2-dimensional input arrays
-	else if (is_array(reset($inputarray))) $_execs += sizeof($inputarray);
-	else $_execs++;
-	# in PHP4.4 and PHP5, we need to return a value by reference
-	$null = null; return $null;
-}
-
-
-// internal things
-
-$_event_listeners = array();
-
-function add_event_listener($block, $pos=50) {
-	global $_event_listeners;
-	while(isset($_event_listeners[$pos])) {
-		$pos++;
-	}
-	$_event_listeners[$pos] = $block;
-}
-
-function send_event($event) {
-	global $_event_listeners;
-	foreach($_event_listeners as $listener) {
-		$listener->receive_event($event);
-	}
-}
-
-
-function _get_query_parts() {
-	if(isset($_GET["q"])) {
-		$path = $_GET["q"];
-	}
-	else if(isset($_SERVER["PATH_INFO"])) {
-		$path = $_SERVER["PATH_INFO"];
-	}
-	else {
-		$path = "index/1";
-	}
-	
-	while(strlen($path) > 0 && $path[0] == '/') {
-		$path = substr($path, 1);
-	}
-
-	return split('/', $path);
-}
-function get_page_request() {
-	$args = _get_query_parts();
-
-	if(count($args) == 0) {
-		$page = "index";
-		$args = array();
-	}
-	else if(count($args) == 1) {
-		$page = (strlen($args[0]) > 0 ? $args[0] : "index");
-		$args = array();
-	}
-	else {
-		$page = $args[0];
-		$args = array_slice($args, 1);
-	}
-	
-	return new PageRequestEvent($page, $args);
-}
-
-function get_user() {
-	global $database;
-	global $config;
-	
-	$user = null;
-	if(isset($_COOKIE["shm_user"]) && isset($_COOKIE["shm_session"])) {
-	    $tmp_user = $database->get_user_session($_COOKIE["shm_user"], $_COOKIE["shm_session"]);
-		if(!is_null($tmp_user) && $tmp_user->is_enabled()) {
-			$user = $tmp_user;
-		}
-		
-	}
-	if(is_null($user)) {
-		$user = $database->get_user($config->get_int("anon_id"));
-	}
-	return $user;
-}
-
-?>

core/util.php

@@ -0,0 +1,799 @@
+<?php declare(strict_types=1);
+use function MicroHTML\emptyHTML;
+use function MicroHTML\rawHTML;
+use function MicroHTML\FORM;
+use function MicroHTML\INPUT;
+use function MicroHTML\DIV;
+use function MicroHTML\PRE;
+use function MicroHTML\P;
+use function MicroHTML\TABLE;
+use function MicroHTML\THEAD;
+use function MicroHTML\TFOOT;
+use function MicroHTML\TR;
+use function MicroHTML\TH;
+use function MicroHTML\TD;
+
+/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *\
+* Misc                                                                      *
+\* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
+
+const DATA_DIR = "data";
+
+
+function mtimefile(string $file): string
+{
+    $data_href = get_base_href();
+    $mtime = filemtime($file);
+    return "$data_href/$file?$mtime";
+}
+
+function get_theme(): string
+{
+    global $config;
+    $theme = $config->get_string(SetupConfig::THEME, "default");
+    if (!file_exists("themes/$theme")) {
+        $theme = "default";
+    }
+    return $theme;
+}
+
+function contact_link(): ?string
+{
+    global $config;
+    $text = $config->get_string('contact_link');
+    if (is_null($text)) {
+        return null;
+    }
+
+    if (
+        startsWith($text, "http:") ||
+        startsWith($text, "https:") ||
+        startsWith($text, "mailto:")
+    ) {
+        return $text;
+    }
+
+    if (strpos($text, "@")) {
+        return "mailto:$text";
+    }
+
+    if (strpos($text, "/")) {
+        return "http://$text";
+    }
+
+    return $text;
+}
+
+/**
+ * Check if HTTPS is enabled for the server.
+ */
+function is_https_enabled(): bool
+{
+    return (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off');
+}
+
+/**
+ * Compare two Block objects, used to sort them before being displayed
+ */
+function blockcmp(Block $a, Block $b): int
+{
+    if ($a->position == $b->position) {
+        return 0;
+    } else {
+        return ($a->position > $b->position) ? 1 : -1;
+    }
+}
+
+/**
+ * Figure out PHP's internal memory limit
+ */
+function get_memory_limit(): int
+{
+    global $config;
+
+    // thumbnail generation requires lots of memory
+    $default_limit = 8*1024*1024;	// 8 MB of memory is PHP's default.
+    $shimmie_limit = $config->get_int(MediaConfig::MEM_LIMIT);
+
+    if ($shimmie_limit < 3*1024*1024) {
+        // we aren't going to fit, override
+        $shimmie_limit = $default_limit;
+    }
+
+    /*
+    Get PHP's configured memory limit.
+    Note that this is set to -1 for NO memory limit.
+
+    https://ca2.php.net/manual/en/ini.core.php#ini.memory-limit
+    */
+    $memory = parse_shorthand_int(ini_get("memory_limit"));
+
+    if ($memory == -1) {
+        // No memory limit.
+        // Return the larger of the set limits.
+        return max($shimmie_limit, $default_limit);
+    } else {
+        // PHP has a memory limit set.
+        if ($shimmie_limit > $memory) {
+            // Shimmie wants more memory than what PHP is currently set for.
+
+            // Attempt to set PHP's memory limit.
+            if (ini_set("memory_limit", "$shimmie_limit") === false) {
+                /*  We can't change PHP's limit, oh well, return whatever its currently set to */
+                return $memory;
+            }
+            $memory = parse_shorthand_int(ini_get("memory_limit"));
+        }
+
+        // PHP's memory limit is more than Shimmie needs.
+        return $memory; // return the current setting
+    }
+}
+
+/**
+ * Check if PHP has the GD library installed
+ */
+function check_gd_version(): int
+{
+    $gdversion = 0;
+
+    if (function_exists('gd_info')) {
+        $gd_info = gd_info();
+        if (substr_count($gd_info['GD Version'], '2.')) {
+            $gdversion = 2;
+        } elseif (substr_count($gd_info['GD Version'], '1.')) {
+            $gdversion = 1;
+        }
+    }
+
+    return $gdversion;
+}
+
+/**
+ * Check whether ImageMagick's `convert` command
+ * is installed and working
+ */
+function check_im_version(): int
+{
+    $convert_check = exec("convert");
+
+    return (empty($convert_check) ? 0 : 1);
+}
+
+/**
+ * Get the currently active IP, masked to make it not change when the last
+ * octet or two change, for use in session cookies and such
+ */
+function get_session_ip(Config $config): string
+{
+    $mask = $config->get_string("session_hash_mask", "255.255.0.0");
+    $addr = $_SERVER['REMOTE_ADDR'];
+    $addr = inet_ntop(inet_pton($addr) & inet_pton($mask));
+    return $addr;
+}
+
+
+/**
+ * A shorthand way to send a TextFormattingEvent and get the results.
+ */
+function format_text(string $string): string
+{
+    $tfe = send_event(new TextFormattingEvent($string));
+    return $tfe->formatted;
+}
+
+/**
+ * Generates the path to a file under the data folder based on the file's hash.
+ * This process creates subfolders based on octet pairs from the file's hash.
+ * The calculated folder follows this pattern data/$base/octet_pairs/$hash
+ * @param string $base
+ * @param string $hash
+ * @param bool $create
+ * @param int $splits The number of octet pairs to split the hash into. Caps out at strlen($hash)/2.
+ * @return string
+ */
+function warehouse_path(string $base, string $hash, bool $create=true, int $splits = WH_SPLITS): string
+{
+    $dirs =[DATA_DIR, $base];
+    $splits = min($splits, strlen($hash) / 2);
+    for ($i = 0; $i < $splits; $i++) {
+        $dirs[] = substr($hash, $i * 2, 2);
+    }
+    $dirs[] = $hash;
+
+    $pa = join_path(...$dirs);
+
+    if ($create && !file_exists(dirname($pa))) {
+        mkdir(dirname($pa), 0755, true);
+    }
+    return $pa;
+}
+
+/**
+ * Determines the path to the specified file in the data folder.
+ */
+function data_path(string $filename, bool $create = true): string
+{
+    $filename = join_path("data", $filename);
+    if ($create&&!file_exists(dirname($filename))) {
+        mkdir(dirname($filename), 0755, true);
+    }
+    return $filename;
+}
+
+function load_balance_url(string $tmpl, string $hash, int $n=0): string
+{
+    static $flexihashes = [];
+    $matches = [];
+    if (preg_match("/(.*){(.*)}(.*)/", $tmpl, $matches)) {
+        $pre = $matches[1];
+        $opts = $matches[2];
+        $post = $matches[3];
+
+        if (isset($flexihashes[$opts])) {
+            $flexihash = $flexihashes[$opts];
+        } else {
+            $flexihash = new Flexihash\Flexihash();
+            foreach (explode(",", $opts) as $opt) {
+                $parts = explode("=", $opt);
+                $parts_count = count($parts);
+                $opt_val = "";
+                $opt_weight = 0;
+                if ($parts_count === 2) {
+                    $opt_val = $parts[0];
+                    $opt_weight = $parts[1];
+                } elseif ($parts_count === 1) {
+                    $opt_val = $parts[0];
+                    $opt_weight = 1;
+                }
+                $flexihash->addTarget($opt_val, $opt_weight);
+            }
+            $flexihashes[$opts] = $flexihash;
+        }
+
+        // $choice = $flexihash->lookup($pre.$post);
+        $choices = $flexihash->lookupList($hash, $n + 1);  // hash doesn't change
+        $choice = $choices[$n];
+        $tmpl = $pre . $choice . $post;
+    }
+    return $tmpl;
+}
+
+function transload(string $url, string $mfile): ?array
+{
+    global $config;
+
+    if ($config->get_string("transload_engine") === "curl" && function_exists("curl_init")) {
+        $ch = curl_init($url);
+        $fp = fopen($mfile, "w");
+
+        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
+        curl_setopt($ch, CURLOPT_VERBOSE, 1);
+        curl_setopt($ch, CURLOPT_HEADER, 1);
+        curl_setopt($ch, CURLOPT_REFERER, $url);
+        curl_setopt($ch, CURLOPT_USERAGENT, "Shimmie-".VERSION);
+        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
+
+        $response = curl_exec($ch);
+        if ($response === false) {
+            log_warning("core-util", "Failed to transload $url");
+            throw new SCoreException("Failed to fetch $url");
+        }
+
+        $header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
+        $headers = http_parse_headers(implode("\n", preg_split('/\R/', rtrim(substr($response, 0, $header_size)))));
+        $body = substr($response, $header_size);
+
+        curl_close($ch);
+        fwrite($fp, $body);
+        fclose($fp);
+
+        return $headers;
+    }
+
+    if ($config->get_string("transload_engine") === "wget") {
+        $s_url = escapeshellarg($url);
+        $s_mfile = escapeshellarg($mfile);
+        system("wget --no-check-certificate $s_url --output-document=$s_mfile");
+
+        return file_exists($mfile) ? ["ok"=>"true"] : null;
+    }
+
+    if ($config->get_string("transload_engine") === "fopen") {
+        $fp_in = @fopen($url, "r");
+        $fp_out = fopen($mfile, "w");
+        if (!$fp_in || !$fp_out) {
+            return null;
+        }
+        $length = 0;
+        while (!feof($fp_in) && $length <= $config->get_int('upload_size')) {
+            $data = fread($fp_in, 8192);
+            $length += strlen($data);
+            fwrite($fp_out, $data);
+        }
+        fclose($fp_in);
+        fclose($fp_out);
+
+        $headers = http_parse_headers(implode("\n", $http_response_header));
+
+        return $headers;
+    }
+
+    return null;
+}
+
+function path_to_tags(string $path): string
+{
+    $matches = [];
+    $tags = [];
+    if (preg_match("/\d+ - (.+)\.([a-zA-Z0-9]+)/", basename($path), $matches)) {
+        $tags = explode(" ", $matches[1]);
+    }
+
+    $path = dirname($path);
+    $path = str_replace(";", ":", $path);
+    $path = str_replace("__", " ", $path);
+
+
+    $category = "";
+    foreach (explode("/", $path) as $dir) {
+        $category_to_inherit = "";
+        foreach (explode(" ", $dir) as $tag) {
+            $tag = trim($tag);
+            if ($tag=="") {
+                continue;
+            }
+            if (substr_compare($tag, ":", -1) === 0) {
+                // This indicates a tag that ends in a colon,
+                // which is for inheriting to tags on the subfolder
+                $category_to_inherit = $tag;
+            } else {
+                if ($category!=""&&strpos($tag, ":") === false) {
+                    // This indicates that category inheritance is active,
+                    // and we've encountered a tag that does not specify a category.
+                    // So we attach the inherited category to the tag.
+                    $tag = $category.$tag;
+                }
+                $tags[] = $tag;
+            }
+        }
+        // Category inheritance only works on the immediate subfolder,
+        // so we hold a category until the next iteration, and then set
+        // it back to an empty string after that iteration
+        $category = $category_to_inherit;
+    }
+
+    return implode(" ", $tags);
+}
+
+
+function join_url(string $base, string ...$paths)
+{
+    $output = $base;
+    foreach ($paths as $path) {
+        $output = rtrim($output, "/");
+        $path = ltrim($path, "/");
+        $output .= "/".$path;
+    }
+    return $output;
+}
+
+function get_dir_contents(string $dir): array
+{
+    assert(!empty($dir));
+
+    if (!is_dir($dir)) {
+        return [];
+    }
+    return array_diff(
+        scandir(
+            $dir
+        ),
+        ['..', '.']
+    );
+}
+
+function remove_empty_dirs(string $dir): bool
+{
+    assert(!empty($dir));
+
+    $result = true;
+
+    if (!is_dir($dir)) {
+        return false;
+    }
+
+    $items = array_diff(
+        scandir(
+            $dir
+        ),
+        ['..', '.']
+    );
+    foreach ($items as $item) {
+        $path = join_path($dir, $item);
+        if (is_dir($path)) {
+            $result = $result && remove_empty_dirs($path);
+        } else {
+            $result = false;
+        }
+    }
+    if ($result===true) {
+        $result = $result && rmdir($dir);
+    }
+    return $result;
+}
+
+
+function get_files_recursively(string $dir): array
+{
+    assert(!empty($dir));
+
+    if (!is_dir($dir)) {
+        return [];
+    }
+
+    $things = array_diff(
+        scandir(
+            $dir
+        ),
+        ['..', '.']
+    );
+
+    $output = [];
+
+
+    foreach ($things as $thing) {
+        $path = join_path($dir, $thing);
+        if (is_file($path)) {
+            $output[] = $path;
+        } else {
+            $output = array_merge($output, get_files_recursively($path));
+        }
+    }
+
+    return $output;
+}
+
+/**
+ * Returns amount of files & total size of dir.
+ */
+function scan_dir(string $path): array
+{
+    $bytestotal = 0;
+    $nbfiles = 0;
+
+    $ite = new RecursiveDirectoryIterator(
+        $path,
+        FilesystemIterator::KEY_AS_PATHNAME |
+        FilesystemIterator::CURRENT_AS_FILEINFO |
+        FilesystemIterator::SKIP_DOTS
+    );
+    foreach (new RecursiveIteratorIterator($ite) as $filename => $cur) {
+        try {
+            $filesize = $cur->getSize();
+            $bytestotal += $filesize;
+            $nbfiles++;
+        } catch (RuntimeException $e) {
+            // This usually just means that the file got eaten by the import
+            continue;
+        }
+    }
+
+    $size_mb = $bytestotal / 1048576; // to mb
+    $size_mb = number_format($size_mb, 2, '.', '');
+    return ['path' => $path, 'total_files' => $nbfiles, 'total_mb' => $size_mb];
+}
+
+
+/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *\
+* Debugging functions                                                       *
+\* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
+
+// SHIT by default this returns the time as a string. And it's not even a
+// string representation of a number, it's two numbers separated by a space.
+// What the fuck were the PHP developers smoking.
+$_shm_load_start = microtime(true);
+
+/**
+ * Collects some debug information (execution time, memory usage, queries, etc)
+ * and formats it to stick in the footer of the page.
+ */
+function get_debug_info(): string
+{
+    global $cache, $config, $_shm_event_count, $database, $_shm_load_start;
+
+    $i_mem = sprintf("%5.2f", ((memory_get_peak_usage(true)+512)/1024)/1024);
+
+    if ($config->get_string("commit_hash", "unknown") == "unknown") {
+        $commit = "";
+    } else {
+        $commit = " (".$config->get_string("commit_hash").")";
+    }
+    $time = sprintf("%.2f", microtime(true) - $_shm_load_start);
+    $dbtime = sprintf("%.2f", $database->dbtime);
+    $i_files = count(get_included_files());
+    $hits = $cache->get_hits();
+    $miss = $cache->get_misses();
+
+    $debug = "<br>Took $time seconds (db:$dbtime) and {$i_mem}MB of RAM";
+    $debug .= "; Used $i_files files and {$database->query_count} queries";
+    $debug .= "; Sent $_shm_event_count events";
+    $debug .= "; $hits cache hits and $miss misses";
+    $debug .= "; Shimmie version ". VERSION . $commit;
+
+    return $debug;
+}
+
+
+/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *\
+* Request initialisation stuff                                              *
+\* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
+
+/** @privatesection
+ * @noinspection PhpIncludeInspection
+ */
+
+function require_all(array $files): void
+{
+    foreach ($files as $filename) {
+        require_once $filename;
+    }
+}
+
+function _load_core_files()
+{
+    require_all(array_merge(
+        zglob("core/*.php"),
+        zglob("core/imageboard/*.php"),
+        zglob("ext/*/info.php")
+    ));
+}
+
+function _load_theme_files()
+{
+    require_all(_get_themelet_files(get_theme()));
+}
+
+function _set_up_shimmie_environment(): void
+{
+    global $tracer_enabled;
+
+    if (file_exists("images") && !file_exists("data/images")) {
+        die_nicely("Upgrade error", "As of Shimmie 2.7 images and thumbs should be moved to data/images and data/thumbs");
+    }
+
+    if (TIMEZONE) {
+        date_default_timezone_set(TIMEZONE);
+    }
+
+    if (DEBUG) {
+        error_reporting(E_ALL);
+    }
+
+    // The trace system has a certain amount of memory consumption every time it is used,
+    // so to prevent running out of memory during complex operations code that uses it should
+    // check if tracer output is enabled before making use of it.
+    $tracer_enabled = constant('TRACE_FILE')!==null;
+}
+
+
+function _get_themelet_files(string $_theme): array
+{
+    $base_themelets = [];
+    $base_themelets[] = 'themes/'.$_theme.'/page.class.php';
+    $base_themelets[] = 'themes/'.$_theme.'/themelet.class.php';
+
+    $ext_themelets = zglob("ext/{".Extension::get_enabled_extensions_as_string()."}/theme.php");
+    $custom_themelets = zglob('themes/'.$_theme.'/{'.Extension::get_enabled_extensions_as_string().'}.theme.php');
+
+    return array_merge($base_themelets, $ext_themelets, $custom_themelets);
+}
+
+
+/**
+ * Used to display fatal errors to the web user.
+ * @noinspection PhpPossiblePolymorphicInvocationInspection
+ */
+function _fatal_error(Exception $e): void
+{
+    $version = VERSION;
+    $message = $e->getMessage();
+    $phpver = phpversion();
+    $query = is_subclass_of($e, "SCoreException") ? $e->query : null;
+
+    //$hash = exec("git rev-parse HEAD");
+    //$h_hash = $hash ? "<p><b>Hash:</b> $hash" : "";
+    //'.$h_hash.'
+
+    if (PHP_SAPI === 'cli' || PHP_SAPI == 'phpdbg') {
+        print("Trace: ");
+        $t = array_reverse($e->getTrace());
+        foreach ($t as $n => $f) {
+            $c = $f['class'] ?? '';
+            $t = $f['type'] ?? '';
+            $a = implode(", ", array_map("stringer", $f['args']));
+            print("$n: {$f['file']}({$f['line']}): {$c}{$t}{$f['function']}({$a})\n");
+        }
+
+        print("Message: $message\n");
+
+        if ($query) {
+            print("Query:   {$query}\n");
+        }
+
+        print("Version: $version (on $phpver)\n");
+    } else {
+        $q = $query ? "" : "<p><b>Query:</b> " . html_escape($query);
+        header("HTTP/1.0 500 Internal Error");
+        echo '
+<!doctype html>
+<html lang="en">
+	<head>
+		<title>Internal error - SCore-'.$version.'</title>
+	</head>
+	<body>
+		<h1>Internal Error</h1>
+		<p><b>Message:</b> '.html_escape($message).'
+		'.$q.'
+		<p><b>Version:</b> '.$version.' (on '.$phpver.')
+        <p><b>Stack Trace:</b></p><pre>'.$e->getTraceAsString().'</pre>
+	</body>
+</html>
+';
+    }
+}
+
+function _get_user(): User
+{
+    global $config, $page;
+    $my_user = null;
+    if ($page->get_cookie("user") && $page->get_cookie("session")) {
+        $tmp_user = User::by_session($page->get_cookie("user"), $page->get_cookie("session"));
+        if (!is_null($tmp_user)) {
+            $my_user = $tmp_user;
+        }
+    }
+    if (is_null($my_user)) {
+        $my_user = User::by_id($config->get_int("anon_id", 0));
+    }
+    assert(!is_null($my_user));
+
+    return $my_user;
+}
+
+function _get_query(): string
+{
+    return (@$_POST["q"]?:@$_GET["q"])?:"/";
+}
+
+
+/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *\
+* HTML Generation                                                           *
+\* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
+
+/**
+ * Give a HTML string which shows an IP (if the user is allowed to see IPs),
+ * and a link to ban that IP (if the user is allowed to ban IPs)
+ *
+ * FIXME: also check that IP ban ext is installed
+ */
+function show_ip(string $ip, string $ban_reason): string
+{
+    global $user;
+    $u_reason = url_escape($ban_reason);
+    $u_end = url_escape("+1 week");
+    $ban = $user->can(Permissions::BAN_IP) ? ", <a href='".make_link("ip_ban/list", "c_ip=$ip&c_reason=$u_reason&c_expires=$u_end", "create")."'>Ban</a>" : "";
+    $ip = $user->can(Permissions::VIEW_IP) ? $ip.$ban : "";
+    return $ip;
+}
+
+/**
+ * Make a form tag with relevant auth token and stuff
+ */
+function make_form(string $target, string $method="POST", bool $multipart=false, string $form_id="", string $onsubmit=""): string
+{
+    global $user;
+    if ($method == "GET") {
+        $link = html_escape($target);
+        $target = make_link($target);
+        $extra_inputs = "<input type='hidden' name='q' value='$link'>";
+    } else {
+        $extra_inputs = $user->get_auth_html();
+    }
+
+    $extra = empty($form_id) ? '' : 'id="'. $form_id .'"';
+    if ($multipart) {
+        $extra .= " enctype='multipart/form-data'";
+    }
+    if ($onsubmit) {
+        $extra .= ' onsubmit="'.$onsubmit.'"';
+    }
+    return '<form action="'.$target.'" method="'.$method.'" '.$extra.'>'.$extra_inputs;
+}
+
+function SHM_FORM(string $target, string $method="POST", bool $multipart=false, string $form_id="", string $onsubmit="")
+{
+    global $user;
+
+    $attrs = [
+        "action"=>make_link($target),
+        "method"=>$method
+    ];
+
+    if ($form_id) {
+        $attrs["id"] = $form_id;
+    }
+    if ($multipart) {
+        $attrs["enctype"] = 'multipart/form-data';
+    }
+    if ($onsubmit) {
+        $attrs["onsubmit"] = $onsubmit;
+    }
+    return FORM(
+        $attrs,
+        INPUT(["type"=>"hidden", "name"=>"q", "value"=>$target]),
+        $method == "GET" ? "" : rawHTML($user->get_auth_html())
+    );
+}
+
+function SHM_SIMPLE_FORM($target, ...$children)
+{
+    $form = SHM_FORM($target);
+    $form->appendChild(emptyHTML(...$children));
+    return $form;
+}
+
+function SHM_SUBMIT(string $text)
+{
+    return INPUT(["type"=>"submit", "value"=>$text]);
+}
+
+function SHM_COMMAND_EXAMPLE(string $ex, string $desc)
+{
+    return DIV(
+        ["class"=>"command_example"],
+        PRE($ex),
+        P($desc)
+    );
+}
+
+function SHM_USER_FORM(User $duser, string $target, string $title, $body, $foot)
+{
+    if (is_string($foot)) {
+        $foot = TFOOT(TR(TD(["colspan"=>"2"], INPUT(["type"=>"submit", "value"=>$foot]))));
+    }
+    return SHM_SIMPLE_FORM(
+        $target,
+        P(
+            INPUT(["type"=>'hidden', "name"=>'id', "value"=>$duser->id]),
+            TABLE(
+                ["class"=>"form"],
+                THEAD(TR(TH(["colspan"=>"2"], $title))),
+                $body,
+                $foot
+            )
+        )
+    );
+}
+
+const BYTE_DENOMINATIONS = ['B', 'KB', 'MB', 'GB', 'TB', 'PB', 'EB', 'ZB', 'YB'];
+function human_filesize(int $bytes, $decimals = 2)
+{
+    $factor = floor((strlen(strval($bytes)) - 1) / 3);
+    return sprintf("%.{$decimals}f", $bytes / pow(1024, $factor)) . @BYTE_DENOMINATIONS[$factor];
+}
+
+/*
+ * Generates a unique key for the website to prevent unauthorized access.
+ */
+function generate_key(int $length = 20)
+{
+    $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
+    $randomString = '';
+
+    for ($i = 0; $i < $length; $i++) {
+        $randomString .= $characters [rand(0, strlen($characters) - 1)];
+    }
+
+    return $randomString;
+}

ext/admin/info.php

@@ -0,0 +1,23 @@
+<?php declare(strict_types=1);
+
+class AdminPageInfo extends ExtensionInfo
+{
+    public const KEY = "admin";
+
+    public $key = self::KEY;
+    public $name = "Admin Controls";
+    public $url = self::SHIMMIE_URL;
+    public $authors = self::SHISH_AUTHOR;
+    public $license = self::LICENSE_GPLV2;
+    public $description = "Various things to make admins' lives easier";
+    public $documentation =
+"Various moderate-level tools for admins; for advanced, obscure, and possibly dangerous tools see the shimmie2-utils script set
+  <p>Lowercase all tags:
+  <br>Set all tags to lowercase for consistency
+  <p>Recount tag use:
+  <br>If the counts of images per tag get messed up somehow, this will reset them, and remove any unused tags
+  <p>Database dump:
+  <br>Download the contents of the database in plain text format, useful for backups.
+  <p>Image dump:
+  <br>Download all the images as a .zip file (Requires ZipArchive)";
+}

ext/admin/main.php

@@ -0,0 +1,194 @@
+<?php /** @noinspection PhpUnusedPrivateMethodInspection */
+declare(strict_types=1);
+
+/**
+ * Sent when the admin page is ready to be added to
+ */
+class AdminBuildingEvent extends Event
+{
+    /** @var Page */
+    public $page;
+
+    public function __construct(Page $page)
+    {
+        parent::__construct();
+        $this->page = $page;
+    }
+}
+
+class AdminActionEvent extends Event
+{
+    /** @var string */
+    public $action;
+    /** @var bool */
+    public $redirect = true;
+
+    public function __construct(string $action)
+    {
+        parent::__construct();
+        $this->action = $action;
+    }
+}
+
+class AdminPage extends Extension
+{
+    /** @var AdminPageTheme */
+    protected $theme;
+
+    public function onPageRequest(PageRequestEvent $event)
+    {
+        global $page, $user;
+
+        if ($event->page_matches("admin")) {
+            if (!$user->can(Permissions::MANAGE_ADMINTOOLS)) {
+                $this->theme->display_permission_denied();
+            } else {
+                if ($event->count_args() == 0) {
+                    send_event(new AdminBuildingEvent($page));
+                } else {
+                    $action = $event->get_arg(0);
+                    $aae = new AdminActionEvent($action);
+
+                    if ($user->check_auth_token()) {
+                        log_info("admin", "Util: $action");
+                        set_time_limit(0);
+                        send_event($aae);
+                    }
+
+                    if ($aae->redirect) {
+                        $page->set_mode(PageMode::REDIRECT);
+                        $page->set_redirect(make_link("admin"));
+                    }
+                }
+            }
+        }
+    }
+
+    public function onCommand(CommandEvent $event)
+    {
+        if ($event->cmd == "help") {
+            print "\tget-page <query string>\n";
+            print "\t\teg 'get-page post/list'\n\n";
+            print "\tpost-page <query string> <urlencoded params>\n";
+            print "\t\teg 'post-page ip_ban/delete id=1'\n\n";
+            print "\tget-token\n";
+            print "\t\tget a CSRF auth token\n\n";
+            print "\tregen-thumb <id / hash>\n";
+            print "\t\tregenerate a thumbnail\n\n";
+            print "\tcache [get|set|del] [key] <value>\n";
+            print "\t\teg 'cache get config'\n\n";
+        }
+        if ($event->cmd == "get-page") {
+            global $page;
+            if (isset($event->args[1])) {
+                parse_str($event->args[1], $_GET);
+            }
+            send_event(new PageRequestEvent($event->args[0]));
+            $page->display();
+        }
+        if ($event->cmd == "post-page") {
+            global $page;
+            $_SERVER['REQUEST_METHOD'] = "POST";
+            if (isset($event->args[1])) {
+                parse_str($event->args[1], $_POST);
+            }
+            send_event(new PageRequestEvent($event->args[0]));
+            $page->display();
+        }
+        if ($event->cmd == "get-token") {
+            global $user;
+            print($user->get_auth_token());
+        }
+        if ($event->cmd == "regen-thumb") {
+            $uid = $event->args[0];
+            $image = Image::by_id_or_hash($uid);
+            if ($image) {
+                send_event(new ThumbnailGenerationEvent($image->hash, $image->ext, true));
+            } else {
+                print("No post with ID '$uid'\n");
+            }
+        }
+        if ($event->cmd == "cache") {
+            global $cache;
+            $cmd = $event->args[0];
+            $key = $event->args[1];
+            switch ($cmd) {
+                case "get":
+                    var_dump($cache->get($key));
+                    break;
+                case "set":
+                    $cache->set($key, $event->args[2], 60);
+                    break;
+                case "del":
+                    $cache->delete($key);
+                    break;
+            }
+        }
+    }
+
+    public function onAdminBuilding(AdminBuildingEvent $event)
+    {
+        $this->theme->display_page();
+        $this->theme->display_form();
+    }
+
+    public function onPageSubNavBuilding(PageSubNavBuildingEvent $event)
+    {
+        global $user;
+        if ($event->parent==="system") {
+            if ($user->can(Permissions::MANAGE_ADMINTOOLS)) {
+                $event->add_nav_link("admin", new Link('admin'), "Board Admin");
+            }
+        }
+    }
+
+    public function onUserBlockBuilding(UserBlockBuildingEvent $event)
+    {
+        global $user;
+        if ($user->can(Permissions::MANAGE_ADMINTOOLS)) {
+            $event->add_link("Board Admin", make_link("admin"));
+        }
+    }
+
+    public function onAdminAction(AdminActionEvent $event)
+    {
+        $action = $event->action;
+        if (method_exists($this, $action)) {
+            $event->redirect = $this->$action();
+        }
+    }
+
+    private function set_tag_case()
+    {
+        global $database;
+        $database->execute(
+            "UPDATE tags SET tag=:tag1 WHERE LOWER(tag) = LOWER(:tag2)",
+            ["tag1" => $_POST['tag'], "tag2" => $_POST['tag']]
+        );
+        log_info("admin", "Fixed the case of {$_POST['tag']}", "Fixed case");
+        return true;
+    }
+
+    private function lowercase_all_tags()
+    {
+        global $database;
+        $database->execute("UPDATE tags SET tag=lower(tag)");
+        log_warning("admin", "Set all tags to lowercase", "Set all tags to lowercase");
+        return true;
+    }
+
+    private function recount_tag_use()
+    {
+        global $database;
+        $database->Execute("
+			UPDATE tags
+			SET count = COALESCE(
+				(SELECT COUNT(image_id) FROM image_tags WHERE tag_id=tags.id GROUP BY tag_id),
+				0
+			)
+		");
+        $database->Execute("DELETE FROM tags WHERE count=0");
+        log_warning("admin", "Re-counted tags", "Re-counted tags");
+        return true;
+    }
+}

ext/admin/style.css

@@ -0,0 +1,18 @@
+.admin {
+	padding: 4px;
+	border-radius: 4px;
+	background: green;
+	margin: 6px;
+	width: 200px;
+	display: inline-block;
+}
+.admin.protected {
+	background: red;
+}
+.admin INPUT[type="submit"] {
+	width: 100%;
+}
+.admin.protected INPUT[type="submit"] {
+	width: 90%;
+}
+

ext/admin/test.php

@@ -0,0 +1,89 @@
+<?php declare(strict_types=1);
+class AdminPageTest extends ShimmiePHPUnitTestCase
+{
+    public function testAuth()
+    {
+        send_event(new UserLoginEvent(User::by_name(self::$anon_name)));
+        $page = $this->get_page('admin');
+        $this->assertEquals(403, $page->code);
+        $this->assertEquals("Permission Denied", $page->title);
+
+        send_event(new UserLoginEvent(User::by_name(self::$user_name)));
+        $page = $this->get_page('admin');
+        $this->assertEquals(403, $page->code);
+        $this->assertEquals("Permission Denied", $page->title);
+
+        send_event(new UserLoginEvent(User::by_name(self::$admin_name)));
+        $page = $this->get_page('admin');
+        $this->assertEquals(200, $page->code);
+        $this->assertEquals("Admin Tools", $page->title);
+    }
+
+    public function testLowercaseAndSetCase()
+    {
+        // Create a problem
+        $ts = time(); // we need a tag that hasn't been used before
+        send_event(new UserLoginEvent(User::by_name(self::$admin_name)));
+        $image_id_1 = $this->post_image("tests/pbx_screenshot.jpg", "TeStCase$ts");
+
+        // Validate problem
+        $page = $this->get_page("post/view/$image_id_1");
+        $this->assertEquals("Image $image_id_1: TeStCase$ts", $page->title);
+
+        // Fix
+        send_event(new AdminActionEvent('lowercase_all_tags'));
+
+        // Validate fix
+        $this->get_page("post/view/$image_id_1");
+        $this->assert_title("Image $image_id_1: testcase$ts");
+
+        // Change
+        $_POST["tag"] = "TestCase$ts";
+        send_event(new AdminActionEvent('set_tag_case'));
+
+        // Validate change
+        $this->get_page("post/view/$image_id_1");
+        $this->assert_title("Image $image_id_1: TestCase$ts");
+    }
+
+    # FIXME: make sure the admin tools actually work
+    public function testRecount()
+    {
+        global $database;
+
+        // Create a problem
+        $ts = time(); // we need a tag that hasn't been used before
+        send_event(new UserLoginEvent(User::by_name(self::$admin_name)));
+        $database->execute(
+            "INSERT INTO tags(tag, count) VALUES(:tag, :count)",
+            ["tag"=>"tes$ts", "count"=>42]
+        );
+
+        // Fix
+        send_event(new AdminActionEvent('recount_tag_use'));
+
+        // Validate fix
+        $this->assertEquals(
+            0,
+            $database->get_one(
+                "SELECT count FROM tags WHERE tag = :tag",
+                ["tag"=>"tes$ts"]
+            )
+        );
+    }
+
+    public function testCommands()
+    {
+        send_event(new UserLoginEvent(User::by_name(self::$admin_name)));
+        ob_start();
+        send_event(new CommandEvent(["index.php", "help"]));
+        send_event(new CommandEvent(["index.php", "get-page", "post/list"]));
+        send_event(new CommandEvent(["index.php", "post-page", "post/list", "foo=bar"]));
+        send_event(new CommandEvent(["index.php", "get-token"]));
+        send_event(new CommandEvent(["index.php", "regen-thumb", "42"]));
+        ob_end_clean();
+
+        // don't crash
+        $this->assertTrue(true);
+    }
+}

ext/admin/theme.php

@@ -0,0 +1,54 @@
+<?php declare(strict_types=1);
+use function MicroHTML\INPUT;
+
+class AdminPageTheme extends Themelet
+{
+    /*
+     * Show the basics of a page, for other extensions to add to
+     */
+    public function display_page()
+    {
+        global $page;
+
+        $page->set_title("Admin Tools");
+        $page->set_heading("Admin Tools");
+        $page->add_block(new NavBlock());
+    }
+
+    protected function button(string $name, string $action, bool $protected=false): string
+    {
+        $c_protected = $protected ? " protected" : "";
+        $html = make_form(make_link("admin/$action"), "POST", false, "admin$c_protected");
+        if ($protected) {
+            $html .= "<input type='submit' id='$action' value='$name' disabled='disabled'>";
+            $html .= "<input type='checkbox' onclick='$(\"#$action\").attr(\"disabled\", !$(this).is(\":checked\"))'>";
+        } else {
+            $html .= "<input type='submit' id='$action' value='$name'>";
+        }
+        $html .= "</form>\n";
+        return $html;
+    }
+
+    /*
+     * Show a form which links to admin_utils with POST[action] set to one of:
+     *  'lowercase all tags'
+     *  'recount tag use'
+     *  etc
+     */
+    public function display_form()
+    {
+        global $page;
+
+        $html = "";
+        $html .= $this->button("All tags to lowercase", "lowercase_all_tags", true);
+        $html .= $this->button("Recount tag use", "recount_tag_use", false);
+        $page->add_block(new Block("Misc Admin Tools", $html));
+
+        $html = (string)SHM_SIMPLE_FORM(
+            "admin/set_tag_case",
+            INPUT(["type"=>'text', "name"=>'tag', "placeholder"=>'Enter tag with correct case', "class"=>'autocomplete_tags', "autocomplete"=>'off']),
+            SHM_SUBMIT('Set Tag Case'),
+        );
+        $page->add_block(new Block("Set Tag Case", $html));
+    }
+}

ext/alias_editor.ext.php

@@ -1,91 +0,0 @@
-<?php
-
-class AddAliasEvent extends Event {
-	var $oldtag;
-	var $newtag;
-
-	public function AddAliasEvent($oldtag, $newtag) {
-		$this->oldtag = $oldtag;
-		$this->newtag = $newtag;
-	}
-}
-
-class AliasEditor extends Extension {
-// event handler {{{
-	public function receive_event($event) {
-		if(is_a($event, 'PageRequestEvent') && ($event->page == "alias")) {
-			global $user;
-			if($user->is_admin()) {
-				if($event->get_arg(0) == "add") {
-					if(isset($_POST['oldtag']) && isset($_POST['newtag'])) {
-						send_event(new AddAliasEvent($_POST['oldtag'], $_POST['newtag']));
-					}
-				}
-				else if($event->get_arg(0) == "remove") {
-					if(isset($_POST['oldtag'])) {
-						global $database;
-						$database->db->Execute("DELETE FROM aliases WHERE oldtag=?", array($_POST['oldtag']));
-
-						global $page;
-						$page->set_mode("redirect");
-						$page->set_redirect(make_link("admin"));
-					}
-				}
-			}
-		}
-
-		if(is_a($event, 'AdminBuildingEvent')) {
-			global $page;
-			$page->add_main_block(new Block("Edit Aliases", $this->build_aliases()));
-		}
-
-		if(is_a($event, 'AddAliasEvent')) {
-			global $database;
-			$database->db->Execute("INSERT INTO aliases(oldtag, newtag) VALUES(?, ?)", array($event->oldtag, $event->newtag));
-
-			global $page;
-			$page->set_mode("redirect");
-			$page->set_redirect(make_link("admin"));
-		}
-	}
-// }}}
-// admin page HTML {{{
-	private function build_aliases() {
-		global $database;
-		$h_aliases = "";
-		$aliases = $database->db->GetAssoc("SELECT oldtag, newtag FROM aliases");
-		foreach($aliases as $old => $new) {
-			$h_old = html_escape($old);
-			$h_new = html_escape($new);
-			$h_aliases .= "
-				<tr>
-					<td>$h_old</td>
-					<td>$h_new</td>
-					<td>
-						<form action='".make_link("alias/remove")."' method='POST'>
-							<input type='hidden' name='oldtag' value='$h_old'>
-							<input type='submit' value='Remove'>
-						</form>
-					</td>
-				</tr>
-			";
-		}
-		$html = "
-			<table border='1'>
-				<thead><td>From</td><td>To</td><td>Action</td></thead>
-				$h_aliases
-				<tr>
-					<form action='".make_link("alias/add")."' method='POST'>
-						<td><input type='text' name='oldtag'></td>
-						<td><input type='text' name='newtag'></td>
-						<td><input type='submit' value='Add'></td>
-					</form>
-				</tr>
-			</table>
-		";
-		return $html;
-	}
-// }}}
-}
-add_event_listener(new AliasEditor());
-?>

ext/alias_editor/info.php

@@ -0,0 +1,15 @@
+<?php declare(strict_types=1);
+
+class AliasEditorInfo extends ExtensionInfo
+{
+    public const KEY = "alias_editor";
+
+    public $key = self::KEY;
+    public $name = "Alias Editor";
+    public $url = self::SHIMMIE_URL;
+    public $authors = self::SHISH_AUTHOR;
+    public $license = self::LICENSE_GPLV2;
+    public $description = "Edit the alias list";
+    public $documentation = 'The list is visible at <a href="$site/alias/list">/alias/list</a>; only site admins can edit it, other people can view and download it';
+    public $core = true;
+}

ext/alias_editor/main.php

@@ -0,0 +1,209 @@
+<?php declare(strict_types=1);
+
+use MicroCRUD\ActionColumn;
+use MicroCRUD\TextColumn;
+use MicroCRUD\Table;
+
+class AliasTable extends Table
+{
+    public function __construct(\FFSPHP\PDO $db)
+    {
+        parent::__construct($db);
+        $this->table = "aliases";
+        $this->base_query = "SELECT * FROM aliases";
+        $this->primary_key = "oldtag";
+        $this->size = 100;
+        $this->limit = 1000000;
+        $this->set_columns([
+            new TextColumn("oldtag", "Old Tag"),
+            new TextColumn("newtag", "New Tag"),
+            new ActionColumn("oldtag"),
+        ]);
+        $this->order_by = ["oldtag"];
+        $this->table_attrs = ["class" => "zebra"];
+    }
+}
+
+class AddAliasEvent extends Event
+{
+    /** @var string  */
+    public $oldtag;
+    /** @var string  */
+    public $newtag;
+
+    public function __construct(string $oldtag, string $newtag)
+    {
+        parent::__construct();
+        $this->oldtag = trim($oldtag);
+        $this->newtag = trim($newtag);
+    }
+}
+
+class DeleteAliasEvent extends Event
+{
+    public $oldtag;
+
+    public function __construct(string $oldtag)
+    {
+        parent::__construct();
+        $this->oldtag = $oldtag;
+    }
+}
+
+class AddAliasException extends SCoreException
+{
+}
+
+class AliasEditor extends Extension
+{
+    /** @var AliasEditorTheme */
+    protected $theme;
+
+    public function onPageRequest(PageRequestEvent $event)
+    {
+        global $config, $database, $page, $user;
+
+        if ($event->page_matches("alias")) {
+            if ($event->get_arg(0) == "add") {
+                if ($user->can(Permissions::MANAGE_ALIAS_LIST)) {
+                    $user->ensure_authed();
+                    $input = validate_input(["c_oldtag"=>"string", "c_newtag"=>"string"]);
+                    try {
+                        send_event(new AddAliasEvent($input['c_oldtag'], $input['c_newtag']));
+                        $page->set_mode(PageMode::REDIRECT);
+                        $page->set_redirect(make_link("alias/list"));
+                    } catch (AddAliasException $ex) {
+                        $this->theme->display_error(500, "Error adding alias", $ex->getMessage());
+                    }
+                }
+            } elseif ($event->get_arg(0) == "remove") {
+                if ($user->can(Permissions::MANAGE_ALIAS_LIST)) {
+                    $user->ensure_authed();
+                    $input = validate_input(["d_oldtag"=>"string"]);
+                    send_event(new DeleteAliasEvent($input['d_oldtag']));
+                    $page->set_mode(PageMode::REDIRECT);
+                    $page->set_redirect(make_link("alias/list"));
+                }
+            } elseif ($event->get_arg(0) == "list") {
+                $t = new AliasTable($database->raw_db());
+                $t->token = $user->get_auth_token();
+                $t->inputs = $_GET;
+                $t->size = $config->get_int('alias_items_per_page', 30);
+                if ($user->can(Permissions::MANAGE_ALIAS_LIST)) {
+                    $t->create_url = make_link("alias/add");
+                    $t->delete_url = make_link("alias/remove");
+                }
+                $this->theme->display_aliases($t->table($t->query()), $t->paginator());
+            } elseif ($event->get_arg(0) == "export") {
+                $page->set_mode(PageMode::DATA);
+                $page->set_type(MIME_TYPE_CSV);
+                $page->set_filename("aliases.csv");
+                $page->set_data($this->get_alias_csv($database));
+            } elseif ($event->get_arg(0) == "import") {
+                if ($user->can(Permissions::MANAGE_ALIAS_LIST)) {
+                    if (count($_FILES) > 0) {
+                        $tmp = $_FILES['alias_file']['tmp_name'];
+                        $contents = file_get_contents($tmp);
+                        $this->add_alias_csv($database, $contents);
+                        log_info("alias_editor", "Imported aliases from file", "Imported aliases"); # FIXME: how many?
+                        $page->set_mode(PageMode::REDIRECT);
+                        $page->set_redirect(make_link("alias/list"));
+                    } else {
+                        $this->theme->display_error(400, "No File Specified", "You have to upload a file");
+                    }
+                } else {
+                    $this->theme->display_error(401, "Admins Only", "Only admins can edit the alias list");
+                }
+            }
+        }
+    }
+
+    public function onAddAlias(AddAliasEvent $event)
+    {
+        global $database;
+
+        $row = $database->get_row(
+            "SELECT * FROM aliases WHERE lower(oldtag)=lower(:oldtag)",
+            ["oldtag"=>$event->oldtag]
+        );
+        if ($row) {
+            throw new AddAliasException("{$row['oldtag']} is already an alias for {$row['newtag']}");
+        }
+
+        $row = $database->get_row(
+            "SELECT * FROM aliases WHERE lower(oldtag)=lower(:newtag)",
+            ["newtag" => $event->newtag]
+        );
+        if ($row) {
+            throw new AddAliasException("{$row['oldtag']} is itself an alias for {$row['newtag']}");
+        }
+
+        $database->execute(
+            "INSERT INTO aliases(oldtag, newtag) VALUES(:oldtag, :newtag)",
+            ["oldtag" => $event->oldtag, "newtag" => $event->newtag]
+        );
+        log_info("alias_editor", "Added alias for {$event->oldtag} -> {$event->newtag}", "Added alias");
+    }
+
+    public function onDeleteAlias(DeleteAliasEvent $event)
+    {
+        global $database;
+        $database->execute("DELETE FROM aliases WHERE oldtag=:oldtag", ["oldtag" => $event->oldtag]);
+        log_info("alias_editor", "Deleted alias for {$event->oldtag}", "Deleted alias");
+    }
+
+    public function onPageSubNavBuilding(PageSubNavBuildingEvent $event)
+    {
+        if ($event->parent=="tags") {
+            $event->add_nav_link("aliases", new Link('alias/list'), "Aliases", NavLink::is_active(["alias"]));
+        }
+    }
+
+    public function onUserBlockBuilding(UserBlockBuildingEvent $event)
+    {
+        global $user;
+        if ($user->can(Permissions::MANAGE_ALIAS_LIST)) {
+            $event->add_link("Alias Editor", make_link("alias/list"));
+        }
+    }
+
+    private function get_alias_csv(Database $database): string
+    {
+        $csv = "";
+        $aliases = $database->get_pairs("SELECT oldtag, newtag FROM aliases ORDER BY newtag");
+        foreach ($aliases as $old => $new) {
+            $csv .= "\"$old\",\"$new\"\n";
+        }
+        return $csv;
+    }
+
+    private function add_alias_csv(Database $database, string $csv): int
+    {
+        $csv = str_replace("\r", "\n", $csv);
+        $i = 0;
+        foreach (explode("\n", $csv) as $line) {
+            $parts = str_getcsv($line);
+            if (count($parts) == 2) {
+                try {
+                    send_event(new AddAliasEvent($parts[0], $parts[1]));
+                    $i++;
+                } catch (AddAliasException $ex) {
+                    $this->theme->display_error(500, "Error adding alias", $ex->getMessage());
+                }
+            }
+        }
+        return $i;
+    }
+
+    /**
+     * Get the priority for this extension.
+     *
+     * Add alias *after* mass tag editing, else the MTE will
+     * search for the images and be redirected to the alias,
+     * missing out the images tagged with the old tag.
+     */
+    public function get_priority(): int
+    {
+        return 60;
+    }
+}

ext/alias_editor/test.php

@@ -0,0 +1,85 @@
+<?php declare(strict_types=1);
+class AliasEditorTest extends ShimmiePHPUnitTestCase
+{
+    public function testAliasList()
+    {
+        $this->get_page('alias/list');
+        $this->assert_response(200);
+        $this->assert_title("Alias List");
+    }
+
+    public function testAliasListReadOnly()
+    {
+        $this->log_in_as_user();
+        $this->get_page('alias/list');
+        $this->assert_title("Alias List");
+        $this->assert_no_text("Add");
+
+        $this->log_out();
+        $this->get_page('alias/list');
+        $this->assert_title("Alias List");
+        $this->assert_no_text("Add");
+    }
+
+    public function testAliasOneToOne()
+    {
+        $this->log_in_as_admin();
+
+        $this->get_page("alias/export/aliases.csv");
+        $this->assert_no_text("test1");
+
+        send_event(new AddAliasEvent("test1", "test2"));
+        $this->get_page('alias/list');
+        $this->assert_text("test1");
+        $this->get_page("alias/export/aliases.csv");
+        $this->assert_text('"test1","test2"');
+
+        $image_id = $this->post_image("tests/pbx_screenshot.jpg", "test1");
+        $this->get_page("post/view/$image_id"); # check that the tag has been replaced
+        $this->assert_title("Image $image_id: test2");
+        $this->get_page("post/list/test1/1"); # searching for an alias should find the master tag
+        $this->assert_response(302);
+        $this->get_page("post/list/test2/1"); # check that searching for the main tag still works
+        $this->assert_response(302);
+        $this->delete_image($image_id);
+
+        send_event(new DeleteAliasEvent("test1"));
+        $this->get_page('alias/list');
+        $this->assert_title("Alias List");
+        $this->assert_no_text("test1");
+    }
+
+    public function testAliasOneToMany()
+    {
+        $this->log_in_as_admin();
+
+        $this->get_page("alias/export/aliases.csv");
+        $this->assert_no_text("multi");
+
+        send_event(new AddAliasEvent("onetag", "multi tag"));
+        $this->get_page('alias/list');
+        $this->assert_text("multi");
+        $this->assert_text("tag");
+        $this->get_page("alias/export/aliases.csv");
+        $this->assert_text('"onetag","multi tag"');
+
+        $image_id_1 = $this->post_image("tests/pbx_screenshot.jpg", "onetag");
+        $image_id_2 = $this->post_image("tests/bedroom_workshop.jpg", "onetag");
+        $this->get_page("post/list/onetag/1"); # searching for an aliased tag should find its aliases
+        $this->assert_title("multi tag");
+        $this->assert_no_text("No Images Found");
+        $this->get_page("post/list/multi/1");
+        $this->assert_title("multi");
+        $this->assert_no_text("No Images Found");
+        $this->get_page("post/list/multi tag/1");
+        $this->assert_title("multi tag");
+        $this->assert_no_text("No Images Found");
+        $this->delete_image($image_id_1);
+        $this->delete_image($image_id_2);
+
+        send_event(new DeleteAliasEvent("onetag"));
+        $this->get_page('alias/list');
+        $this->assert_title("Alias List");
+        $this->assert_no_text("test1");
+    }
+}

ext/alias_editor/theme.php

@@ -0,0 +1,36 @@
+<?php declare(strict_types=1);
+
+class AliasEditorTheme extends Themelet
+{
+    /**
+     * Show a page of aliases.
+     *
+     * Note: $can_manage = whether things like "add new alias" should be shown
+     */
+    public function display_aliases($table, $paginator): void
+    {
+        global $page, $user;
+
+        $can_manage = $user->can(Permissions::MANAGE_ALIAS_LIST);
+        $html = "
+            $table
+            $paginator
+			<p><a href='".make_link("alias/export/aliases.csv")."' download='aliases.csv'>Download as CSV</a></p>
+		";
+
+        $bulk_html = "
+			".make_form(make_link("alias/import"), 'post', true)."
+				<input type='file' name='alias_file'>
+				<input type='submit' value='Upload List'>
+			</form>
+		";
+
+        $page->set_title("Alias List");
+        $page->set_heading("Alias List");
+        $page->add_block(new NavBlock());
+        $page->add_block(new Block("Aliases", $html));
+        if ($can_manage) {
+            $page->add_block(new Block("Bulk Upload", $bulk_html, "main", 51));
+        }
+    }
+}

ext/approval/info.php

@@ -0,0 +1,12 @@
+<?php declare(strict_types=1);
+
+class ApprovalInfo extends ExtensionInfo
+{
+    public const KEY = "approval";
+
+    public $key = self::KEY;
+    public $name = "Approval";
+    public $authors = ["Matthew Barbour"=>"matthew@darkholme.net"];
+    public $license = self::LICENSE_WTFPL;
+    public $description = "Adds an approval step to the upload/import process.";
+}

ext/approval/main.php

@@ -0,0 +1,255 @@
+<?php declare(strict_types=1);
+
+abstract class ApprovalConfig
+{
+    const VERSION = "ext_approval_version";
+    const IMAGES = "approve_images";
+    const COMMENTS = "approve_comments";
+}
+
+class Approval extends Extension
+{
+    /** @var ApprovalTheme */
+    protected $theme;
+
+    public function onInitExt(InitExtEvent $event)
+    {
+        global $config;
+
+        $config->set_default_bool(ApprovalConfig::IMAGES, false);
+        $config->set_default_bool(ApprovalConfig::COMMENTS, false);
+
+        Image::$bool_props[] = "approved";
+    }
+
+    public function onPageRequest(PageRequestEvent $event)
+    {
+        global $page, $user;
+
+        if ($event->page_matches("approve_image") && $user->can(Permissions::APPROVE_IMAGE)) {
+            // Try to get the image ID
+            $image_id = int_escape($event->get_arg(0));
+            if (empty($image_id)) {
+                $image_id = isset($_POST['image_id']) ? $_POST['image_id'] : null;
+            }
+            if (empty($image_id)) {
+                throw new SCoreException("Can not approve image: No valid Image ID given.");
+            }
+
+            self::approve_image($image_id);
+            $page->set_mode(PageMode::REDIRECT);
+            $page->set_redirect(make_link("post/view/" . $image_id));
+        }
+
+        if ($event->page_matches("disapprove_image") && $user->can(Permissions::APPROVE_IMAGE)) {
+            // Try to get the image ID
+            $image_id = int_escape($event->get_arg(0));
+            if (empty($image_id)) {
+                $image_id = isset($_POST['image_id']) ? $_POST['image_id'] : null;
+            }
+            if (empty($image_id)) {
+                throw new SCoreException("Can not disapprove image: No valid Image ID given.");
+            }
+
+            self::disapprove_image($image_id);
+            $page->set_mode(PageMode::REDIRECT);
+            $page->set_redirect(make_link("post/view/".$image_id));
+        }
+    }
+
+    public function onSetupBuilding(SetupBuildingEvent $event)
+    {
+        $this->theme->display_admin_block($event);
+    }
+
+    public function onAdminBuilding(AdminBuildingEvent $event)
+    {
+        $this->theme->display_admin_form();
+    }
+
+    public function onAdminAction(AdminActionEvent $event)
+    {
+        global $database, $user;
+
+        $action = $event->action;
+        $event->redirect = true;
+        if ($action==="approval") {
+            $approval_action = $_POST["approval_action"];
+            switch ($approval_action) {
+                case "approve_all":
+                    $database->set_timeout(300000); // These updates can take a little bit
+                    $database->execute(
+                        "UPDATE images SET approved = :true, approved_by_id = :approved_by_id WHERE approved = :false",
+                        ["approved_by_id"=>$user->id, "true"=>true, "false"=>false]
+                    );
+                    break;
+                case "disapprove_all":
+                    $database->set_timeout(300000); // These updates can take a little bit
+                    $database->execute(
+                        "UPDATE images SET approved = :false, approved_by_id = NULL WHERE approved = :true",
+                        ["true"=>true, "false"=>false]
+                    );
+                    break;
+                default:
+
+                    break;
+            }
+        }
+    }
+
+    public function onDisplayingImage(DisplayingImageEvent $event)
+    {
+        global $user, $page, $config;
+
+        if ($config->get_bool(ApprovalConfig::IMAGES) && $event->image->approved===false && !$user->can(Permissions::APPROVE_IMAGE)) {
+            $page->set_mode(PageMode::REDIRECT);
+            $page->set_redirect(make_link("post/list"));
+        }
+    }
+
+    public function onPageSubNavBuilding(PageSubNavBuildingEvent $event)
+    {
+        global $user;
+        if ($event->parent=="posts") {
+            if ($user->can(Permissions::APPROVE_IMAGE)) {
+                $event->add_nav_link("posts_unapproved", new Link('/post/list/approved%3Ano/1'), "Pending Approval", null, 60);
+            }
+        }
+    }
+
+
+    const SEARCH_REGEXP = "/^approved:(yes|no)/";
+    public function onSearchTermParse(SearchTermParseEvent $event)
+    {
+        global $user, $database, $config;
+
+        if ($config->get_bool(ApprovalConfig::IMAGES)) {
+            $matches = [];
+
+            if (is_null($event->term) && $this->no_approval_query($event->context)) {
+                $event->add_querylet(new Querylet($database->scoreql_to_sql("approved = SCORE_BOOL_Y ")));
+            }
+
+            if (is_null($event->term)) {
+                return;
+            }
+            if (preg_match(self::SEARCH_REGEXP, strtolower($event->term), $matches)) {
+                if ($user->can(Permissions::APPROVE_IMAGE) && $matches[1] == "no") {
+                    $event->add_querylet(new Querylet($database->scoreql_to_sql("approved = SCORE_BOOL_N ")));
+                } else {
+                    $event->add_querylet(new Querylet($database->scoreql_to_sql("approved = SCORE_BOOL_Y ")));
+                }
+            }
+        }
+    }
+
+    public function onHelpPageBuilding(HelpPageBuildingEvent $event)
+    {
+        global $user, $config;
+        if ($event->key===HelpPages::SEARCH) {
+            if ($user->can(Permissions::APPROVE_IMAGE) &&  $config->get_bool(ApprovalConfig::IMAGES)) {
+                $block = new Block();
+                $block->header = "Approval";
+                $block->body = $this->theme->get_help_html();
+                $event->add_block($block);
+            }
+        }
+    }
+
+
+    private function no_approval_query(array $context): bool
+    {
+        foreach ($context as $term) {
+            if (preg_match(self::SEARCH_REGEXP, $term)) {
+                return false;
+            }
+        }
+        return true;
+    }
+
+    public static function approve_image($image_id)
+    {
+        global $database, $user;
+
+        $database->execute(
+            "UPDATE images SET approved = :true, approved_by_id = :approved_by_id WHERE id = :id AND approved = :false",
+            ["approved_by_id"=>$user->id, "id"=>$image_id, "true"=>true, "false"=>false]
+        );
+    }
+
+    public static function disapprove_image($image_id)
+    {
+        global $database;
+
+        $database->execute(
+            "UPDATE images SET approved = :false, approved_by_id = NULL WHERE id = :id AND approved = :true",
+            ["id"=>$image_id, "true"=>true, "false"=>false]
+        );
+    }
+
+    public function onImageAdminBlockBuilding(ImageAdminBlockBuildingEvent $event)
+    {
+        global $user, $config;
+        if ($user->can(Permissions::APPROVE_IMAGE) && $config->get_bool(ApprovalConfig::IMAGES)) {
+            $event->add_part($this->theme->get_image_admin_html($event->image));
+        }
+    }
+
+    public function onBulkActionBlockBuilding(BulkActionBlockBuildingEvent $event)
+    {
+        global $user, $config;
+
+        if ($user->can(Permissions::APPROVE_IMAGE)&& $config->get_bool(ApprovalConfig::IMAGES)) {
+            if (in_array("approved:no", $event->search_terms)) {
+                $event->add_action("bulk_approve_image", "Approve", "a");
+            } else {
+                $event->add_action("bulk_disapprove_image", "Disapprove");
+            }
+        }
+    }
+
+    public function onBulkAction(BulkActionEvent $event)
+    {
+        global $page, $user;
+
+        switch ($event->action) {
+            case "bulk_approve_image":
+                if ($user->can(Permissions::APPROVE_IMAGE)) {
+                    $total = 0;
+                    foreach ($event->items as $image) {
+                        self::approve_image($image->id);
+                        $total++;
+                    }
+                    $page->flash("Approved $total items");
+                }
+                break;
+            case "bulk_disapprove_image":
+                if ($user->can(Permissions::APPROVE_IMAGE)) {
+                    $total = 0;
+                    foreach ($event->items as $image) {
+                        self::disapprove_image($image->id);
+                        $total++;
+                    }
+                    $page->flash("Disapproved $total items");
+                }
+                break;
+        }
+    }
+
+    public function onDatabaseUpgrade(DatabaseUpgradeEvent $event)
+    {
+        global $database;
+
+        if ($this->get_version(ApprovalConfig::VERSION) < 1) {
+            $database->execute($database->scoreql_to_sql(
+                "ALTER TABLE images ADD COLUMN approved SCORE_BOOL NOT NULL DEFAULT SCORE_BOOL_N"
+            ));
+            $database->execute(
+                "ALTER TABLE images ADD COLUMN approved_by_id INTEGER NULL"
+            );
+
+            $database->execute("CREATE INDEX images_approved_idx ON images(approved)");
+            $this->set_version(ApprovalConfig::VERSION, 1);
+        }
+    }
+}

ext/approval/theme.php

@@ -0,0 +1,61 @@
+<?php declare(strict_types=1);
+use function MicroHTML\BR;
+use function MicroHTML\BUTTON;
+use function MicroHTML\INPUT;
+
+class ApprovalTheme extends Themelet
+{
+    public function get_image_admin_html(Image $image)
+    {
+        if ($image->approved===true) {
+            $html = SHM_SIMPLE_FORM(
+                'disapprove_image/'.$image->id,
+                INPUT(["type"=>'hidden', "name"=>'image_id', "value"=>$image->id]),
+                SHM_SUBMIT("Disapprove")
+            );
+        } else {
+            $html = SHM_SIMPLE_FORM(
+                'approve_image/'.$image->id,
+                INPUT(["type"=>'hidden', "name"=>'image_id', "value"=>$image->id]),
+                SHM_SUBMIT("Approve")
+            );
+        }
+
+        return (string)$html;
+    }
+
+
+    public function get_help_html()
+    {
+        return '<p>Search for images that are approved/not approved.</p>
+        <div class="command_example">
+        <pre>approved:yes</pre>
+        <p>Returns images that have been approved.</p>
+        </div>
+        <div class="command_example">
+        <pre>approved:no</pre>
+        <p>Returns images that have not been approved.</p>
+        </div>
+        ';
+    }
+
+    public function display_admin_block(SetupBuildingEvent $event)
+    {
+        $sb = new SetupBlock("Approval");
+        $sb->add_bool_option(ApprovalConfig::IMAGES, "Images: ");
+        $event->panel->add_block($sb);
+    }
+
+    public function display_admin_form()
+    {
+        global $page;
+
+        $html = (string)SHM_SIMPLE_FORM(
+            "admin/approval",
+            BUTTON(["name"=>'approval_action', "value"=>'approve_all'], "Approve All Images"),
+            BR(),
+            BUTTON(["name"=>'approval_action', "value"=>'disapprove_all'], "Disapprove All Images"),
+        );
+        $page->add_block(new Block("Approval", $html));
+    }
+}

ext/artists/info.php

@@ -0,0 +1,14 @@
+<?php declare(strict_types=1);
+
+class ArtistsInfo extends ExtensionInfo
+{
+    public const KEY = "artists";
+
+    public $key = self::KEY;
+    public $name = "Artists System";
+    public $url = self::SHIMMIE_URL;
+    public $authors = ["Sein Kraft"=>"mail@seinkraft.info","Alpha"=>"alpha@furries.com.ar"];
+    public $license = self::LICENSE_GPLV2;
+    public $description = "Simple artists extension";
+    public $beta = true;
+}

ext/artists/test.php

@@ -0,0 +1,15 @@
+<?php declare(strict_types=1);
+class ArtistsTest extends ShimmiePHPUnitTestCase
+{
+    public function testSearch()
+    {
+        global $user;
+        $this->log_in_as_user();
+        $image_id = $this->post_image("tests/pbx_screenshot.jpg", "pbx computer screenshot");
+        $image = Image::by_id($image_id);
+
+        send_event(new AuthorSetEvent($image, $user, "bob"));
+
+        $this->assert_search_results(["author=bob"], [$image_id]);
+    }
+}

ext/artists/theme.php

@@ -0,0 +1,558 @@
+<?php declare(strict_types=1);
+class ArtistsTheme extends Themelet
+{
+    public function get_author_editor_html(string $author): string
+    {
+        $h_author = html_escape($author);
+        return "
+			<tr>
+				<th>Author</th>
+				<td>
+					<span class='view'>$h_author</span>
+					<input class='edit' type='text' name='tag_edit__author' value='$h_author'>
+				</td>
+			</tr>
+		";
+    }
+
+    public function sidebar_options(string $mode, ?int $artistID=null, $is_admin=false): void
+    {
+        global $page, $user;
+
+        $html = "";
+
+        if ($mode == "neutral") {
+            $html = "<form method='post' action='".make_link("artist/new_artist")."'>
+						".$user->get_auth_html()."
+						<input type='submit' name='edit' id='edit' value='New Artist'/>
+					</form>";
+        }
+        
+        if ($mode == "editor") {
+            $html = "<form method='post' action='".make_link("artist/new_artist")."'>
+						".$user->get_auth_html()."
+						<input type='submit' name='edit' value='New Artist'/>
+					</form>
+					
+					<form method='post' action='".make_link("artist/edit_artist")."'>
+						".$user->get_auth_html()."
+						<input type='submit' name='edit' value='Edit Artist'/>
+						<input type='hidden' name='artist_id' value='".$artistID."'>
+					</form>";
+                    
+            if ($is_admin) {
+                $html .= "<form method='post' action='".make_link("artist/nuke_artist")."'>
+							".$user->get_auth_html()."
+							<input type='submit' name='edit' value='Delete Artist'/>
+							<input type='hidden' name='artist_id' value='".$artistID."'>
+						</form>";
+            }
+            
+            $html .= "<form method='post' action='".make_link("artist/add_alias")."'>
+							".$user->get_auth_html()."
+							<input type='submit' name='edit' value='Add Alias'/>
+							<input type='hidden' name='artist_id' value='".$artistID."'>
+						</form>
+						
+						<form method='post' action='".make_link("artist/add_member")."'>
+							".$user->get_auth_html()."
+							<input type='submit' name='edit' value='Add Member'/>
+							<input type='hidden' name='artist_id' value='".$artistID."'>
+						</form>
+						
+						<form method='post' action='".make_link("artist/add_url")."'>
+							".$user->get_auth_html()."
+							<input type='submit' name='edit' value='Add Url'/>
+							<input type='hidden' name='artist_id' value='".$artistID."'>
+						</form>";
+        }
+
+        if ($html) {
+            $page->add_block(new Block("Manage Artists", $html, "left", 10));
+        }
+    }
+
+    public function show_artist_editor($artist, $aliases, $members, $urls)
+    {
+        global $user;
+
+        $artistName = $artist['name'];
+        $artistNotes = $artist['notes'];
+        $artistID = $artist['id'];
+
+        // aliases
+        $aliasesString = "";
+        $aliasesIDsString = "";
+        foreach ($aliases as $alias) {
+            $aliasesString .= $alias["alias_name"]." ";
+            $aliasesIDsString .= $alias["alias_id"]." ";
+        }
+        $aliasesString = rtrim($aliasesString);
+        $aliasesIDsString = rtrim($aliasesIDsString);
+
+        // members
+        $membersString = "";
+        $membersIDsString = "";
+        foreach ($members as $member) {
+            $membersString .= $member["name"]." ";
+            $membersIDsString .= $member["id"]." ";
+        }
+        $membersString = rtrim($membersString);
+        $membersIDsString = rtrim($membersIDsString);
+
+        // urls
+        $urlsString = "";
+        $urlsIDsString = "";
+        foreach ($urls as $url) {
+            $urlsString .= $url["url"]."\n";
+            $urlsIDsString .= $url["id"]." ";
+        }
+        $urlsString = substr($urlsString, 0, strlen($urlsString) -1);
+        $urlsIDsString = rtrim($urlsIDsString);
+
+        $html = '
+			<form method="POST" action="'.make_link("artist/edited/".$artist['id']).'">
+				'.$user->get_auth_html().'
+				<table>
+					<tr><td>Name:</td><td><input type="text" name="name" value="'.$artistName.'" />
+										  <input type="hidden" name="id" value="'.$artistID.'" /></td></tr>
+					<tr><td>Alias:</td><td><input type="text" name="aliases" value="'.$aliasesString.'" />
+										   <input type="hidden" name="aliasesIDs" value="'.$aliasesIDsString.'" /></td></tr>
+					<tr><td>Members:</td><td><input type="text" name="members" value="'.$membersString.'" />
+											 <input type="hidden" name="membersIDs" value="'.$membersIDsString.'" /></td></tr>
+					<tr><td>URLs:</td><td><textarea name="urls">'.$urlsString.'</textarea>
+										  <input type="hidden" name="urlsIDs" value="'.$urlsIDsString.'" /></td></tr>
+					<tr><td>Notes:</td><td><textarea name="notes">'.$artistNotes.'</textarea></td></tr>
+					<tr><td colspan="2"><input type="submit" value="Submit" /></td></tr>
+				</table>
+			</form>
+		';
+
+        global $page;
+        $page->add_block(new Block("Edit artist", $html, "main", 10));
+    }
+    
+    public function new_artist_composer()
+    {
+        global $page, $user;
+
+        $html = "<form action=".make_link("artist/create")." method='POST'>
+			".$user->get_auth_html()."
+			<table>
+				<tr><td>Name:</td><td><input type='text' name='name' /></td></tr>
+				<tr><td>Aliases:</td><td><input type='text' name='aliases' /></td></tr>
+				<tr><td>Members:</td><td><input type='text' name='members' /></td></tr>
+				<tr><td>URLs:</td><td><textarea name='urls'></textarea></td></tr>
+				<tr><td>Notes:</td><td><textarea name='notes'></textarea></td></tr>
+				<tr><td colspan='2'><input type='submit' value='Submit' /></td></tr>
+			</table>
+		";
+
+        $page->set_title("Artists");
+        $page->set_heading("Artists");
+        $page->add_block(new Block("Artists", $html, "main", 10));
+    }
+    
+    public function list_artists($artists, $pageNumber, $totalPages)
+    {
+        global $user, $page;
+
+        $html = "<table id='poolsList' class='zebra'>".
+            "<thead><tr>".
+            "<th>Name</th>".
+            "<th>Type</th>".
+            "<th>Last updater</th>".
+            "<th>Posts</th>";
+
+        if (!$user->is_anonymous()) {
+            $html .= "<th colspan='2'>Action</th>";
+        } // space for edit link
+            
+        $html .= "</tr></thead>";
+
+        $deletionLinkActionArray = [
+            'artist' => 'artist/nuke/',
+            'alias' => 'artist/alias/delete/',
+            'member' => 'artist/member/delete/',
+        ];
+
+        $editionLinkActionArray = [
+            'artist' => 'artist/edit/',
+            'alias' => 'artist/alias/edit/',
+            'member' => 'artist/member/edit/',
+        ];
+
+        $typeTextArray = [
+            'artist' => 'Artist',
+            'alias' => 'Alias',
+            'member' => 'Member',
+        ];
+
+        foreach ($artists as $artist) {
+            if ($artist['type'] != 'artist') {
+                $artist['name'] = str_replace("_", " ", $artist['name']);
+            }
+
+            $elementLink = "<a href='".make_link("artist/view/".$artist['artist_id'])."'>".str_replace("_", " ", $artist['name'])."</a>";
+            //$artist_link = "<a href='".make_link("artist/view/".$artist['artist_id'])."'>".str_replace("_", " ", $artist['artist_name'])."</a>";
+            $user_link = "<a href='".make_link("user/".$artist['user_name'])."'>".$artist['user_name']."</a>";
+            $edit_link = "<a href='".make_link($editionLinkActionArray[$artist['type']].$artist['id'])."'>Edit</a>";
+            $del_link = "<a href='".make_link($deletionLinkActionArray[$artist['type']].$artist['id'])."'>Delete</a>";
+
+            $html .= "<tr>".
+                "<td class='left'>".$elementLink;
+
+            //if ($artist['type'] == 'member')
+            //	$html .= " (member of ".$artist_link.")";
+
+            //if ($artist['type'] == 'alias')
+            //	$html .= " (alias for ".$artist_link.")";
+
+            $html .= "</td>".
+                "<td>".$typeTextArray[$artist['type']]."</td>".
+                "<td>".$user_link."</td>".
+                "<td>".$artist['posts']."</td>";
+
+            if (!$user->is_anonymous()) {
+                $html .= "<td>".$edit_link."</td>";
+            }
+            if ($user->can(Permissions::ARTISTS_ADMIN)) {
+                $html .= "<td>".$del_link."</td>";
+            }
+
+            $html .= "</tr>";
+        }
+
+        $html .= "</tbody></table>";
+
+        $page->set_title("Artists");
+        $page->set_heading("Artists");
+        $page->add_block(new Block("Artists", $html, "main", 10));
+
+        $this->display_paginator($page, "artist/list", null, $pageNumber, $totalPages);
+    }
+
+    public function show_new_alias_composer($artistID)
+    {
+        global $user;
+
+        $html = '
+			<form method="POST" action='.make_link("artist/alias/add").'>
+				'.$user->get_auth_html().'
+				  <table>
+					<tr><td>Alias:</td><td><input type="text" name="aliases" />
+										   <input type="hidden" name="artistID" value='.$artistID.' /></td></tr>
+					<tr><td colspan="2"><input type="submit" value="Submit" /></td></tr>
+				</table>
+			</form>		
+		';
+
+        global $page;
+        $page->add_block(new Block("Artist Aliases", $html, "main", 20));
+    }
+
+    public function show_new_member_composer($artistID)
+    {
+        global $user;
+
+        $html = '
+			<form method="POST" action='.make_link("artist/member/add").'>
+				'.$user->get_auth_html().'
+				<table>
+					<tr><td>Members:</td><td><input type="text" name="members" />
+										   <input type="hidden" name="artistID" value='.$artistID.' /></td></tr>
+					<tr><td colspan="2"><input type="submit" value="Submit" /></td></tr>
+				</table>
+			</form>
+		';
+
+        global $page;
+        $page->add_block(new Block("Artist members", $html, "main", 30));
+    }
+
+    public function show_new_url_composer($artistID)
+    {
+        global $user;
+
+        $html = '
+			<form method="POST" action='.make_link("artist/url/add").'>
+				'.$user->get_auth_html().'
+				<table>
+					<tr><td>URL:</td><td><textarea name="urls"></textarea>
+									   <input type="hidden" name="artistID" value='.$artistID.' /></td></tr>
+					<tr><td colspan="2"><input type="submit" value="Submit" /></td></tr>
+				</table>
+			</form>
+		';
+
+        global $page;
+        $page->add_block(new Block("Artist URLs", $html, "main", 40));
+    }
+
+    public function show_alias_editor($alias)
+    {
+        global $user;
+
+        $html = '
+			<form method="POST" action="'.make_link("artist/alias/edited/".$alias['id']).'">
+				'.$user->get_auth_html().'
+				<label for="alias">Alias:</label>
+				<input type="text" name="alias" id="alias" value="'.$alias['alias'].'" />
+				<input type="hidden" name="aliasID" value="'.$alias['id'].'" />
+				<input type="submit" value="Submit" />
+			</form>
+		';
+
+        global $page;
+        $page->add_block(new Block("Edit Alias", $html, "main", 10));
+    }
+
+    public function show_url_editor($url)
+    {
+        global $user;
+
+        $html = '
+			<form method="POST" action="'.make_link("artist/url/edited/".$url['id']).'">
+				'.$user->get_auth_html().'
+				<label for="url">URL:</label>
+				<input type="text" name="url" id="url" value="'.$url['url'].'" />
+				<input type="hidden" name="urlID" value="'.$url['id'].'" />
+				<input type="submit" value="Submit" />
+			</form>
+		';
+
+        global $page;
+        $page->add_block(new Block("Edit URL", $html, "main", 10));
+    }
+
+    public function show_member_editor($member)
+    {
+        global $user;
+
+        $html = '
+			<form method="POST" action="'.make_link("artist/member/edited/".$member['id']).'">
+				'.$user->get_auth_html().'
+				<label for="name">Member name:</label>
+				<input type="text" name="name" id="name" value="'.$member['name'].'" />
+				<input type="hidden" name="memberID" value="'.$member['id'].'" />
+				<input type="submit" value="Submit" />
+			</form>
+		';
+
+        global $page;
+        $page->add_block(new Block("Edit Member", $html, "main", 10));
+    }
+
+    public function show_artist($artist, $aliases, $members, $urls, $images, $userIsLogged, $userIsAdmin)
+    {
+        global $page;
+
+        $artist_link = "<a href='".make_link("post/list/".$artist['name']."/1")."'>".str_replace("_", " ", $artist['name'])."</a>";
+
+        $html = "<table id='poolsList' class='zebra'>
+					<thead>
+						<tr>
+							<th></th>
+							<th></th>";
+            
+        if ($userIsLogged) {
+            $html .= "<th></th>";
+        }
+        if ($userIsAdmin) {
+            $html .= "<th></th>";
+        }
+
+        $html .= "  <tr>
+					</thead>
+
+					<tr>
+						<td class='left'>Name:</td>
+						<td class='left'>".$artist_link."</td>";
+        if ($userIsLogged) {
+            $html .= "<td></td>";
+        }
+        if ($userIsAdmin) {
+            $html .= "<td></td>";
+        }
+        $html .= "</tr>";
+
+        $html .= $this->render_aliases($aliases, $userIsLogged, $userIsAdmin);
+        $html .= $this->render_members($members, $userIsLogged, $userIsAdmin);
+        $html .= $this->render_urls($urls, $userIsLogged, $userIsAdmin);
+
+        $html .= "<tr>
+						<td class='left'>Notes:</td>
+						<td class='left'>".$artist["notes"]."</td>";
+        if ($userIsLogged) {
+            $html .= "<td></td>";
+        }
+        if ($userIsAdmin) {
+            $html .= "<td></td>";
+        }
+        //TODO how will notes be edited? On edit artist? (should there be an editartist?) or on a editnotes?
+        //same question for deletion
+        $html .= "</tr>
+		</table>";
+
+        $page->set_title("Artist");
+        $page->set_heading("Artist");
+        $page->add_block(new Block("Artist", $html, "main", 10));
+
+        //we show the images for the artist
+        $artist_images = "";
+        foreach ($images as $image) {
+            $thumb_html = $this->build_thumb_html($image);
+                
+            $artist_images .= '<span class="thumb">'.
+                '<a href="$image_link">'.$thumb_html.'</a>'.
+                '</span>';
+        }
+            
+        $page->add_block(new Block("Artist Images", $artist_images, "main", 20));
+    }
+
+    private function render_aliases(array $aliases, bool $userIsLogged, bool $userIsAdmin): string
+    {
+        $html = "";
+        if (count($aliases) > 0) {
+            $aliasViewLink = str_replace("_", " ", $aliases[0]['alias_name']); // no link anymore
+            $aliasEditLink = "<a href='" . make_link("artist/alias/edit/" . $aliases[0]['alias_id']) . "'>Edit</a>";
+            $aliasDeleteLink = "<a href='" . make_link("artist/alias/delete/" . $aliases[0]['alias_id']) . "'>Delete</a>";
+
+            $html .= "<tr>
+							  <td class='left'>Aliases:</td>
+							  <td class='left'>" . $aliasViewLink . "</td>";
+
+            if ($userIsLogged) {
+                $html .= "<td class='left'>" . $aliasEditLink . "</td>";
+            }
+
+            if ($userIsAdmin) {
+                $html .= "<td class='left'>" . $aliasDeleteLink . "</td>";
+            }
+
+            $html .= "</tr>";
+
+            if (count($aliases) > 1) {
+                for ($i = 1; $i < count($aliases); $i++) {
+                    $aliasViewLink = str_replace("_", " ", $aliases[$i]['alias_name']); // no link anymore
+                    $aliasEditLink = "<a href='" . make_link("artist/alias/edit/" . $aliases[$i]['alias_id']) . "'>Edit</a>";
+                    $aliasDeleteLink = "<a href='" . make_link("artist/alias/delete/" . $aliases[$i]['alias_id']) . "'>Delete</a>";
+
+                    $html .= "<tr>
+									  <td class='left'>&nbsp;</td>
+									  <td class='left'>" . $aliasViewLink . "</td>";
+                    if ($userIsLogged) {
+                        $html .= "<td class='left'>" . $aliasEditLink . "</td>";
+                    }
+                    if ($userIsAdmin) {
+                        $html .= "<td class='left'>" . $aliasDeleteLink . "</td>";
+                    }
+
+                    $html .= "</tr>";
+                }
+            }
+        }
+        return $html;
+    }
+
+    private function render_members(array $members, bool $userIsLogged, bool $userIsAdmin): string
+    {
+        $html = "";
+        if (count($members) > 0) {
+            $memberViewLink = str_replace("_", " ", $members[0]['name']); // no link anymore
+            $memberEditLink = "<a href='" . make_link("artist/member/edit/" . $members[0]['id']) . "'>Edit</a>";
+            $memberDeleteLink = "<a href='" . make_link("artist/member/delete/" . $members[0]['id']) . "'>Delete</a>";
+
+            $html .= "<tr>
+							<td class='left'>Members:</td>
+							<td class='left'>" . $memberViewLink . "</td>";
+            if ($userIsLogged) {
+                $html .= "<td class='left'>" . $memberEditLink . "</td>";
+            }
+            if ($userIsAdmin) {
+                $html .= "<td class='left'>" . $memberDeleteLink . "</td>";
+            }
+
+            $html .= "</tr>";
+
+            if (count($members) > 1) {
+                for ($i = 1; $i < count($members); $i++) {
+                    $memberViewLink = str_replace("_", " ", $members[$i]['name']); // no link anymore
+                    $memberEditLink = "<a href='" . make_link("artist/member/edit/" . $members[$i]['id']) . "'>Edit</a>";
+                    $memberDeleteLink = "<a href='" . make_link("artist/member/delete/" . $members[$i]['id']) . "'>Delete</a>";
+
+                    $html .= "<tr>
+							<td class='left'>&nbsp;</td>
+							<td class='left'>" . $memberViewLink . "</td>";
+                    if ($userIsLogged) {
+                        $html .= "<td class='left'>" . $memberEditLink . "</td>";
+                    }
+                    if ($userIsAdmin) {
+                        $html .= "<td class='left'>" . $memberDeleteLink . "</td>";
+                    }
+
+                    $html .= "</tr>";
+                }
+            }
+        }
+        return $html;
+    }
+
+    private function render_urls(array $urls, bool $userIsLogged, bool $userIsAdmin): string
+    {
+        $html = "";
+        if (count($urls) > 0) {
+            $urlViewLink = "<a href='" . str_replace("_", " ", $urls[0]['url']) . "' target='_blank'>" . str_replace("_", " ", $urls[0]['url']) . "</a>";
+            $urlEditLink = "<a href='" . make_link("artist/url/edit/" . $urls[0]['id']) . "'>Edit</a>";
+            $urlDeleteLink = "<a href='" . make_link("artist/url/delete/" . $urls[0]['id']) . "'>Delete</a>";
+
+            $html .= "<tr>
+							<td class='left'>URLs:</td>
+							<td class='left'>" . $urlViewLink . "</td>";
+
+            if ($userIsLogged) {
+                $html .= "<td class='left'>" . $urlEditLink . "</td>";
+            }
+
+            if ($userIsAdmin) {
+                $html .= "<td class='left'>" . $urlDeleteLink . "</td>";
+            }
+
+            $html .= "</tr>";
+
+            if (count($urls) > 1) {
+                for ($i = 1; $i < count($urls); $i++) {
+                    $urlViewLink = "<a href='" . str_replace("_", " ", $urls[$i]['url']) . "' target='_blank'>" . str_replace("_", " ", $urls[$i]['url']) . "</a>";
+                    $urlEditLink = "<a href='" . make_link("artist/url/edit/" . $urls[$i]['id']) . "'>Edit</a>";
+                    $urlDeleteLink = "<a href='" . make_link("artist/url/delete/" . $urls[$i]['id']) . "'>Delete</a>";
+
+                    $html .= "<tr>
+								<td class='left'>&nbsp;</td>
+								<td class='left'>" . $urlViewLink . "</td>";
+                    if ($userIsLogged) {
+                        $html .= "<td class='left'>" . $urlEditLink . "</td>";
+                    }
+
+                    if ($userIsAdmin) {
+                        $html .= "<td class='left'>" . $urlDeleteLink . "</td>";
+                    }
+
+                    $html .= "</tr>";
+                }
+                return $html;
+            }
+        }
+        return $html;
+    }
+
+    public function get_help_html()
+    {
+        return '<p>Search for images with a particular artist.</p>
+        <div class="command_example">
+        <pre>artist=leonardo</pre>
+        <p>Returns images with the artist "leonardo".</p>
+        </div> 
+        ';
+    }
+}

ext/auto_tagger/config.php

@@ -0,0 +1,7 @@
+<?php declare(strict_types=1);
+
+abstract class AutoTaggerConfig
+{
+    public const VERSION = "ext_auto_tagger_ver";
+    public const ITEMS_PER_PAGE = "auto_tagger_items_per_page";
+}

ext/auto_tagger/info.php

@@ -0,0 +1,12 @@
+<?php declare(strict_types=1);
+
+class AutoTaggerInfo extends ExtensionInfo
+{
+    public const KEY = "auto_tagger";
+
+    public $key = self::KEY;
+    public $name = "Auto-Tagger";
+    public $authors = ["Matthew Barbour"=>"matthew@darkholme.net"];
+    public $license = self::LICENSE_WTFPL;
+    public $description = "Provides several automatic tagging functions";
+}

ext/auto_tagger/main.php

@@ -0,0 +1,335 @@
+<?php declare(strict_types=1);
+
+require_once 'config.php';
+
+use MicroCRUD\ActionColumn;
+use MicroCRUD\TextColumn;
+use MicroCRUD\Table;
+
+class AutoTaggerTable extends Table
+{
+    public function __construct(\FFSPHP\PDO $db)
+    {
+        parent::__construct($db);
+        $this->table = "auto_tagger";
+        $this->base_query = "SELECT * FROM auto_tag";
+        $this->primary_key = "tag";
+        $this->size = 100;
+        $this->limit = 1000000;
+        $this->set_columns([
+            new TextColumn("tag", "Tag"),
+            new TextColumn("additional_tags", "Additional Tags"),
+            new ActionColumn("tag"),
+        ]);
+        $this->order_by = ["tag"];
+        $this->table_attrs = ["class" => "zebra"];
+    }
+}
+
+class AddAutoTagEvent extends Event
+{
+    /** @var string  */
+    public $tag;
+    /** @var string  */
+    public $additional_tags;
+
+    public function __construct(string $tag, string $additional_tags)
+    {
+        parent::__construct();
+        $this->tag = trim($tag);
+        $this->additional_tags = trim($additional_tags);
+    }
+}
+
+class DeleteAutoTagEvent extends Event
+{
+    public $tag;
+
+    public function __construct(string $tag)
+    {
+        parent::__construct();
+        $this->tag = $tag;
+    }
+}
+
+class AutoTaggerException extends SCoreException
+{
+}
+
+class AddAutoTagException extends SCoreException
+{
+}
+
+class AutoTagger extends Extension
+{
+    /** @var AutoTaggerTheme */
+    protected $theme;
+
+    public function onPageRequest(PageRequestEvent $event)
+    {
+        global $config, $database, $page, $user;
+
+        if ($event->page_matches("auto_tag")) {
+            if ($event->get_arg(0) == "add") {
+                if ($user->can(Permissions::MANAGE_AUTO_TAG)) {
+                    $user->ensure_authed();
+                    $input = validate_input(["c_tag"=>"string", "c_additional_tags"=>"string"]);
+                    try {
+                        send_event(new AddAutoTagEvent($input['c_tag'], $input['c_additional_tags']));
+                        $page->set_mode(PageMode::REDIRECT);
+                        $page->set_redirect(make_link("auto_tag/list"));
+                    } catch (AddAutoTagException $ex) {
+                        $this->theme->display_error(500, "Error adding auto-tag", $ex->getMessage());
+                    }
+                }
+            } elseif ($event->get_arg(0) == "remove") {
+                if ($user->can(Permissions::MANAGE_AUTO_TAG)) {
+                    $user->ensure_authed();
+                    $input = validate_input(["d_tag"=>"string"]);
+                    send_event(new DeleteAutoTagEvent($input['d_tag']));
+                    $page->set_mode(PageMode::REDIRECT);
+                    $page->set_redirect(make_link("auto_tag/list"));
+                }
+            } elseif ($event->get_arg(0) == "list") {
+                $t = new AutoTaggerTable($database->raw_db());
+                $t->token = $user->get_auth_token();
+                $t->inputs = $_GET;
+                $t->size = $config->get_int(AutoTaggerConfig::ITEMS_PER_PAGE, 30);
+                if ($user->can(Permissions::MANAGE_AUTO_TAG)) {
+                    $t->create_url = make_link("auto_tag/add");
+                    $t->delete_url = make_link("auto_tag/remove");
+                }
+                $this->theme->display_auto_tagtable($t->table($t->query()), $t->paginator());
+            } elseif ($event->get_arg(0) == "export") {
+                $page->set_mode(PageMode::DATA);
+                $page->set_type(MIME_TYPE_CSV);
+                $page->set_filename("auto_tag.csv");
+                $page->set_data($this->get_auto_tag_csv($database));
+            } elseif ($event->get_arg(0) == "import") {
+                if ($user->can(Permissions::MANAGE_AUTO_TAG)) {
+                    if (count($_FILES) > 0) {
+                        $tmp = $_FILES['auto_tag_file']['tmp_name'];
+                        $contents = file_get_contents($tmp);
+                        $count = $this->add_auto_tag_csv($database, $contents);
+                        log_info(AutoTaggerInfo::KEY, "Imported $count auto-tag definitions from file from file", "Imported $count auto-tag definitions");
+                        $page->set_mode(PageMode::REDIRECT);
+                        $page->set_redirect(make_link("auto_tag/list"));
+                    } else {
+                        $this->theme->display_error(400, "No File Specified", "You have to upload a file");
+                    }
+                } else {
+                    $this->theme->display_error(401, "Admins Only", "Only admins can edit the auto-tag list");
+                }
+            }
+        }
+    }
+
+    public function onPageSubNavBuilding(PageSubNavBuildingEvent $event)
+    {
+        if ($event->parent=="tags") {
+            $event->add_nav_link("auto_tag", new Link('auto_tag/list'), "Auto-Tag", NavLink::is_active(["auto_tag"]));
+        }
+    }
+
+    public function onDatabaseUpgrade(DatabaseUpgradeEvent $event)
+    {
+        global $database;
+
+        // Create the database tables
+        if ($this->get_version(AutoTaggerConfig::VERSION) < 1) {
+            $database->create_table("auto_tag", "
+                    tag VARCHAR(128) NOT NULL PRIMARY KEY,
+                    additional_tags VARCHAR(2000) NOT NULL
+                ");
+
+            if ($database->get_driver_name() == DatabaseDriver::PGSQL) {
+                $database->execute('CREATE INDEX auto_tag_lower_tag_idx ON auto_tag ((lower(tag)))');
+            }
+            $this->set_version(AutoTaggerConfig::VERSION, 1);
+
+            log_info(AutoTaggerInfo::KEY, "extension installed");
+        }
+    }
+
+    public function onTagSet(TagSetEvent $event)
+    {
+        $results = $this->apply_auto_tags($event->tags);
+        if (!empty($results)) {
+            $event->tags = $results;
+        }
+    }
+
+    public function onAddAutoTag(AddAutoTagEvent $event)
+    {
+        global $page;
+        $this->add_auto_tag($event->tag, $event->additional_tags);
+        $page->flash("Added Auto-Tag");
+    }
+
+    public function onDeleteAutoTag(DeleteAutoTagEvent $event)
+    {
+        $this->remove_auto_tag($event->tag);
+    }
+
+    public function onUserBlockBuilding(UserBlockBuildingEvent $event)
+    {
+        global $user;
+        if ($user->can(Permissions::MANAGE_AUTO_TAG)) {
+            $event->add_link("Auto-Tag Editor", make_link("auto_tag/list"));
+        }
+    }
+
+    private function get_auto_tag_csv(Database $database): string
+    {
+        $csv = "";
+        $pairs = $database->get_pairs("SELECT tag, additional_tags FROM auto_tag ORDER BY tag");
+        foreach ($pairs as $old => $new) {
+            $csv .= "\"$old\",\"$new\"\n";
+        }
+        return $csv;
+    }
+
+    private function add_auto_tag_csv(Database $database, string $csv): int
+    {
+        $csv = str_replace("\r", "\n", $csv);
+        $i = 0;
+        foreach (explode("\n", $csv) as $line) {
+            $parts = str_getcsv($line);
+            if (count($parts) == 2) {
+                try {
+                    send_event(new AddAutoTagEvent($parts[0], $parts[1]));
+                    $i++;
+                } catch (AddAutoTagException $ex) {
+                    $this->theme->display_error(500, "Error adding auto-tags", $ex->getMessage());
+                }
+            }
+        }
+        return $i;
+    }
+
+    private function add_auto_tag(string $tag, string $additional_tags)
+    {
+        global $database;
+        if ($database->exists("SELECT * FROM auto_tag WHERE LOWER(tag)=LOWER(:tag)", ["tag"=>$tag])) {
+            throw new AutoTaggerException("Auto-Tag is already set for that tag");
+        } else {
+            $tag = Tag::sanitize($tag);
+            $additional_tags = Tag::explode($additional_tags);
+
+            $database->execute(
+                "INSERT INTO auto_tag(tag, additional_tags) VALUES(:tag, :additional_tags)",
+                ["tag"=>$tag, "additional_tags"=>Tag::implode($additional_tags)]
+            );
+
+            log_info(
+                AutoTaggerInfo::KEY,
+                "Added auto-tag for {$tag} -> {".implode(" ", $additional_tags)."}"
+            );
+
+            // Now we apply it to existing items
+            $this->apply_new_auto_tag($tag);
+        }
+    }
+
+    private function update_auto_tag(string $tag, string $additional_tags): bool
+    {
+        global $database;
+        $result = $database->get_row("SELECT * FROM auto_tag WHERE LOWER(tag)=LOWER(:tag)", ["tag"=>$tag]);
+
+        if ($result===null) {
+            throw new AutoTaggerException("Auto-tag not set for $tag, can't update");
+        } else {
+            $additional_tags = Tag::explode($additional_tags);
+            $current_additional_tags = Tag::explode($result["additional_tags"]);
+
+            if (!Tag::compare($additional_tags, $current_additional_tags)) {
+                $database->execute(
+                    "UPDATE auto_tag SET additional_tags = :additional_tags WHERE LOWER(tag)=LOWER(:tag)",
+                    ["tag"=>$tag, "additional_tags"=>Tag::implode($additional_tags)]
+                );
+
+                log_info(
+                    AutoTaggerInfo::KEY,
+                    "Updated auto-tag for {$tag} -> {".implode(" ", $additional_tags)."}",
+                    "Updated Auto-Tag"
+                );
+
+                // Now we apply it to existing items
+                $this->apply_new_auto_tag($tag);
+                return true;
+            }
+        }
+        return false;
+    }
+
+    private function apply_new_auto_tag(string $tag)
+    {
+        global $database;
+        $tag_id = $database->get_one("SELECT id FROM tags WHERE LOWER(tag) = LOWER(:tag)", ["tag"=>$tag]);
+        if (!empty($tag_id)) {
+            $image_ids = $database->get_col_iterable("SELECT image_id FROM  image_tags WHERE tag_id = :tag_id", ["tag_id"=>$tag_id]);
+            foreach ($image_ids as $image_id) {
+                $image = Image::by_id($image_id);
+                $event = new TagSetEvent($image, $image->get_tag_array());
+                send_event($event);
+            }
+        }
+    }
+
+
+
+    private function remove_auto_tag(String $tag)
+    {
+        global $database;
+
+        $database->execute("DELETE FROM auto_tag WHERE LOWER(tag)=LOWER(:tag)", ["tag" => $tag]);
+    }
+
+    /**
+     * #param string[] $tags_mixed
+     */
+    private function apply_auto_tags(array $tags_mixed): ?array
+    {
+        global $database;
+
+        while (true) {
+            $new_tags = [];
+            foreach ($tags_mixed as $tag) {
+                $additional_tags = $database->get_one(
+                    "SELECT additional_tags FROM auto_tag WHERE LOWER(tag) = LOWER(:input)",
+                    ["input" => $tag]
+                );
+
+                if (!empty($additional_tags)) {
+                    $additional_tags = explode(" ", $additional_tags);
+                    $new_tags = array_merge(
+                        $new_tags,
+                        array_udiff($additional_tags, $tags_mixed, 'strcasecmp')
+                    );
+                }
+            }
+            if (empty($new_tags)) {
+                break;
+            }
+            $tags_mixed = array_merge($tags_mixed, $new_tags);
+        }
+
+        $results = array_intersect_key(
+            $tags_mixed,
+            array_unique(array_map('strtolower', $tags_mixed))
+        );
+
+
+
+        return $results;
+    }
+
+    /**
+     * Get the priority for this extension.
+     *
+     */
+    public function get_priority(): int
+    {
+        return 30;
+    }
+}

ext/auto_tagger/test.php

@@ -0,0 +1,58 @@
+<?php declare(strict_types=1);
+class AutoTaggerTest extends ShimmiePHPUnitTestCase
+{
+    public function testAutoTaggerList()
+    {
+        $this->get_page('auto_tag/list');
+        $this->assert_response(200);
+        $this->assert_title("Auto-Tag");
+    }
+
+    public function testAutoTaggerListReadOnly()
+    {
+        $this->log_in_as_user();
+        $this->get_page('auto_tag/list');
+        $this->assert_title("Auto-Tag");
+        $this->assert_no_text("value=\"Add\"");
+
+        $this->log_out();
+        $this->get_page('auto_tag/list');
+        $this->assert_title("Auto-Tag");
+        $this->assert_no_text("value=\"Add\"");
+    }
+
+    public function testAutoTagger()
+    {
+        $this->log_in_as_admin();
+
+        $this->get_page("auto_tag/export/auto_tag.csv");
+        $this->assert_no_text("test1");
+
+        send_event(new AddAutoTagEvent("test1", "test2"));
+        $this->get_page('auto_tag/list');
+        $this->assert_text("test1");
+        $this->assert_text("test2");
+        $this->get_page("auto_tag/export/auto_tag.csv");
+        $this->assert_text('"test1","test2"');
+
+        $image_id = $this->post_image("tests/pbx_screenshot.jpg", "test1");
+        $this->get_page("post/view/$image_id"); # check that the tag has been replaced
+        $this->assert_title("Image $image_id: test1 test2");
+        $this->delete_image($image_id);
+
+        send_event(new AddAutoTagEvent("test2", "test3"));
+
+        $image_id = $this->post_image("tests/pbx_screenshot.jpg", "test1");
+        $this->get_page("post/view/$image_id"); # check that the tag has been replaced
+        $this->assert_title("Image $image_id: test1 test2 test3");
+        $this->delete_image($image_id);
+
+        send_event(new DeleteAutoTagEvent("test1"));
+        send_event(new DeleteAutoTagEvent("test2"));
+        $this->get_page('auto_tag/list');
+        $this->assert_title("Auto-Tag");
+        $this->assert_no_text("test1");
+        $this->assert_no_text("test2");
+        $this->assert_no_text("test3");
+    }
+}

ext/auto_tagger/theme.php

@@ -0,0 +1,36 @@
+<?php declare(strict_types=1);
+
+class AutoTaggerTheme extends Themelet
+{
+    /**
+     * Show a page of auto-tag definitions.
+     *
+     * Note: $can_manage = whether things like "add new alias" should be shown
+     */
+    public function display_auto_tagtable($table, $paginator): void
+    {
+        global $page, $user;
+
+        $can_manage = $user->can(Permissions::MANAGE_AUTO_TAG);
+        $html = "
+            $table
+            $paginator
+			<p><a href='".make_link("auto_tag/export/auto_tag.csv")."' download='auto_tag.csv'>Download as CSV</a></p>
+		";
+
+        $bulk_html = "
+			".make_form(make_link("auto_tag/import"), 'post', true)."
+				<input type='file' name='auto_tag_file'>
+				<input type='submit' value='Upload List'>
+			</form>
+		";
+
+        $page->set_title("Auto-Tag List");
+        $page->set_heading("Auto-Tag List");
+        $page->add_block(new NavBlock());
+        $page->add_block(new Block("Auto-Tag", $html));
+        if ($can_manage) {
+            $page->add_block(new Block("Bulk Upload", $bulk_html, "main", 51));
+        }
+    }
+}