Core Functions

SLAED CMS provides a comprehensive set of core functions that handle essential system operations including input handling, user authentication, template rendering, and security.

Table of Contents

Input Handling

SLAED CMS provides safe input handling through the getVar function:

// Get numeric value from GET
$id = getVar('get', 'id', 'num');

// Get filtered text from POST
$title = getVar('post', 'title', 'text');

// Get HTML content (filtered)
$content = getVar('post', 'content', 'html');

// Get email with validation
$email = getVar('post', 'email', 'email');

// Get URL with validation
$website = getVar('post', 'website', 'url');

// Get variable name (alphanumeric + underscore)
$module = getVar('get', 'name', 'var');

Input Types:

  • num - Numbers only
  • text - Safe text (HTML escaped)
  • html - Filtered HTML content
  • email - Valid email addresses
  • url - Valid URLs
  • var - Variable names (a-z, A-Z, 0-9, -, _)

User Authentication

User authentication functions help determine user status and permissions:

// Check if user is logged in
if (is_user()) {
    // User is authenticated
}

// Check if user is administrator
if (is_admin()) {
    // User has admin privileges
}

// Check if user is super admin
if (is_admin_god()) {
    // User has highest privileges
}

// Check if user is module moderator
if (is_moder($module_name)) {
    // User can moderate specific module
}

// Check if request is from search bot
if (is_bot()) {
    // Request from search engine crawler
}

User Information

global $user;

// User data array structure:
// $user[0] = User ID
// $user[1] = Username
// $user[2] = Email
// $user[3] = User group/role
// $user[4] = Avatar filename
// $user[5] = Signature

// Get current user ID
$user_id = is_user() ? intval($user[0]) : 0;

// Get user information by ID
function get_user_data($user_id) {
    global $db, $prefix;
    $stmt = $db->prepare("SELECT user_id, user_name, user_email, user_group, user_avatar FROM {$prefix}_users WHERE user_id = ?");
    $stmt->bind_param("i", $user_id);
    $stmt->execute();
    return $stmt->get_result()->fetch_assoc();
}

Template Functions

Template functions handle page rendering and output:

// Include theme files
function setThemeInclude() {
    global $theme;
    $theme = get_theme();
    include_once('templates/'.$theme.'/index.php');
    include_once('core/template.php');
}

// Get current theme
$current_theme = get_theme();

// Basic template rendering
function setTemplateBasic($type, $values = array()) {
    // $type: 'title', 'content', 'pagination', etc.
    // $values: array of placeholder => value pairs
}

// Warning/message templates
function setTemplateWarning($type, $values = array()) {
    // $type: 'info', 'warn', 'error', 'success'
    // $values: message parameters
}

Page Structure

// Start HTML output (header, navigation)
head();

// Your content here
echo '
Module Content
';
echo '
Your module content...
';

// End HTML output (footer)
foot();

Security Functions

Security functions protect against common web vulnerabilities:

// Analyze string for security
function analyze($string) {
    return preg_replace('#[^a-zA-Z0-9_-]#', '', $string);
}

// XSS protection
function xss_clean($string) {
    return htmlspecialchars($string, ENT_QUOTES, 'UTF-8');
}

// Filter HTML content
function filter_html($html, $allowed_tags = '<p><br><strong><em><u><a><img><ul><ol><li>') {
    return strip_tags($html, $allowed_tags);
}

CSRF Protection

// Generate CSRF token
function generate_csrf_token() {
    if (!isset($_SESSION['csrf_token'])) {
        $_SESSION['csrf_token'] = bin2hex(random_bytes(32));
    }
    return $_SESSION['csrf_token'];
}

// Verify CSRF token
function verify_csrf_token($token) {
    return isset($_SESSION['csrf_token']) && hash_equals($_SESSION['csrf_token'], $token);
}

// CSRF token form field
function csrf_token_field() {
    return '';
}

Utility Functions

Various utility functions for common operations:

String Operations

// Cut string to specified length
function cutstr($string, $length, $suffix = '...') {
    if (mb_strlen($string) > $length) {
        return mb_substr($string, 0, $length) . $suffix;
    }
    return $string;
}

// Generate random string
function generate_random_string($length = 32) {
    return bin2hex(random_bytes($length / 2));
}

Date and Time

// Format timestamp
function format_time($timestamp, $format = 'Y-m-d H:i:s') {
    return date($format, $timestamp);
}

// Time ago function
function time_ago($timestamp, $language = 'en') {
    $diff = time() - $timestamp;
    
    if ($diff < 60) {
        return $diff . ' seconds ago';
    } elseif ($diff < 3600) {
        $minutes = floor($diff / 60);
        return $minutes . ' minute' . ($minutes != 1 ? 's' : '') . ' ago';
    } elseif ($diff < 86400) {
        $hours = floor($diff / 3600);
        return $hours . ' hour' . ($hours != 1 ? 's' : '') . ' ago';
    } else {
        $days = floor($diff / 86400);
        return $days . ' day' . ($days != 1 ? 's' : '') . ' ago';
    }
}

Constants and Globals

Important constants and global variables available in SLAED CMS:

// Core constants
define('MODULE_FILE', true);    // Module context
define('ADMIN_FILE', true);     // Admin context
define('BLOCK_FILE', true);     // Block context
define('FUNC_FILE', true);      // Function context

// Directory constants
define('BASE_DIR', str_replace('\\', '/', dirname(__DIR__)));
define('CONFIG_DIR', BASE_DIR.'/config');
define('UPLOADS_DIR', BASE_DIR.'/uploads');
define('CACHE_DIR', BASE_DIR.'/storage/cache');
define('LOGS_DIR', BASE_DIR.'/storage/logs');

// Global variables
global $db;           // Database connection
global $prefix;       // Table prefix
global $user;         // Current user info
global $conf;         // Configuration array
global $currentlang;  // Current language
Previous Next

Read Next

Database API Template API Security API