{--FATAL_ERROR--}: {--LANG_NO_RENDER_DIRECT--}'); break; } // END - switch } elseif ((getPhpCaching() == 'on') && (isset($GLOBALS['footer_sent'])) && ($GLOBALS['footer_sent'] == 1)) { // Headers already sent? if (headers_sent()) { // Log this error logDebugMessage(__FUNCTION__, __LINE__, 'Headers already sent! We need debug backtrace here.'); // Trigger an user error debug_report_bug('Headers are already sent!'); } // END - if // Output cached HTML code $GLOBALS['output'] = ob_get_contents(); // Clear output buffer for later output if output is found if (!empty($GLOBALS['output'])) { clearOutputBuffer(); } // END - if // Send HTTP header sendHeader('HTTP/1.1 200'); // Used later $now = gmdate('D, d M Y H:i:s') . ' GMT'; // General headers for no caching sendHeader('Expired: ' . $now); // RFC2616 - Section 14.21 sendHeader('Last-Modified: ' . $now); sendHeader('Cache-Control: no-store, no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0'); // HTTP/1.1 sendHeader('Pragma: no-cache'); // HTTP/1.0 sendHeader('Connection: Close'); sendHeader('Content-Type: ' . getContentType() . '; charset=UTF-8'); sendHeader('Content-language: ' . getLanguage()); // Extension 'rewrite' installed? if ((isExtensionActive('rewrite')) && (getOutputMode() != 1)) { $GLOBALS['output'] = rewriteLinksInCode($GLOBALS['output']); } // END - if // Init counter $cnt = 0; // Compile and run finished rendered HTML code while (((strpos($GLOBALS['output'], '{--') > 0) || (strpos($GLOBALS['output'], '{!') > 0) || (strpos($GLOBALS['output'], '{?') > 0)) && ($cnt < 3)) { // Prepare the content and eval() it... $content = array(); $newContent = ''; // Compile it $eval = "\$newContent = \"".compileCode(smartAddSlashes($GLOBALS['output']))."\";"; eval($eval); // Was that eval okay? if (empty($newContent)) { // Something went wrong! debug_report_bug('Evaluation error:
' . linenumberCode($eval) . ''); } // END - if $GLOBALS['output'] = $newContent; // Count round $cnt++; } // END - while // Output code here, DO NOT REMOVE! ;-) outputRawCode($GLOBALS['output']); } elseif ((getConfig('OUTPUT_MODE') == 'render') && (!empty($GLOBALS['output']))) { // Rewrite links when rewrite extension is active if ((isExtensionActive('rewrite')) && (getOutputMode() != 1)) { $GLOBALS['output'] = rewriteLinksInCode($GLOBALS['output']); } // END - if // Compile and run finished rendered HTML code while (strpos($GLOBALS['output'], '{!') > 0) { eval("\$GLOBALS['output'] = \"".compileCode(smartAddSlashes($GLOBALS['output']))."\";"); } // END - while // Output code here, DO NOT REMOVE! ;-) outputRawCode($GLOBALS['output']); } } // Output the raw HTML code function outputRawCode ($htmlCode) { // Output stripped HTML code to avoid broken JavaScript code, etc. print(stripslashes(stripslashes($htmlCode))); // Flush the output if only getPhpCaching() is not 'on' if (getPhpCaching() != 'on') { // Flush it flush(); } // END - if } // Init fatal message array function initFatalMessages () { $GLOBALS['fatal_messages'] = array(); } // Getter for whole fatal error messages function getFatalArray () { return $GLOBALS['fatal_messages']; } // Add a fatal error message to the queue array function addFatalMessage ($F, $L, $message, $extra='') { if (is_array($extra)) { // Multiple extras for a message with masks $message = call_user_func_array('sprintf', $extra); } elseif (!empty($extra)) { // $message is text with a mask plus extras to insert into the text $message = sprintf($message, $extra); } // Add message to $GLOBALS['fatal_messages'] $GLOBALS['fatal_messages'][] = $message; // Log fatal messages away debug_report_bug($message); logDebugMessage($F, $L, " message={$message}"); } // Getter for total fatal message count function getTotalFatalErrors () { // Init coun $count = 0; // Do we have at least the first entry? if (!empty($GLOBALS['fatal_messages'][0])) { // Get total count $count = count($GLOBALS['fatal_messages']); } // END - if // Return value return $count; } // Load a template file and return it's content (only it's name; do not use ' or ") function loadTemplate ($template, $return=false, $content=array()) { // @TODO Remove this sanity-check if all is fine if (!is_bool($return)) debug_report_bug('return is not bool (' . gettype($return) . ')'); // @TODO Try to rewrite all $DATA to $content global $DATA; // Do we have cache? if (!isset($GLOBALS['template_eval'][$template])) { // Add more variables which you want to use in your template files $username = getUsername(); // Make all template names lowercase $template = strtolower($template); // Count the template load incrementConfigEntry('num_templates'); // Init some data $ret = ''; if (empty($GLOBALS['refid'])) $GLOBALS['refid'] = 0; // Generate date/time string $date_time = generateDateTime(time(), 1); // Is content an array if (is_array($content)) $content['date_time'] = $date_time; // @DEPRECATED Try to rewrite the if() condition if ($template == 'member_support_form') { // Support request of a member $result = SQL_QUERY_ESC("SELECT `userid`, `gender`, `surname`, `family`, `email` FROM `{?_MYSQL_PREFIX?}_user_data` WHERE `userid`=%s LIMIT 1", array(getUserId()), __FUNCTION__, __LINE__); // Is content an array? if (is_array($content)) { // Merge data $content = merge_array($content, SQL_FETCHARRAY($result)); // Translate gender $content['gender'] = translateGender($content['gender']); } else { // @DEPRECATED // @TODO Find all templates which are using these direct variables and rewrite them. // @TODO After this step is done, this else-block is history list($gender, $surname, $family, $email) = SQL_FETCHROW($result); // Translate gender $gender = translateGender($gender); logDebugMessage(__FUNCTION__, __LINE__, sprintf("DEPRECATION-WARNING: content is not array [%s], template=%s.", gettype($content), $template)); } // Free result SQL_FREERESULT($result); } // END - if // Base directory $basePath = sprintf("%stemplates/%s/html/", getConfig('PATH'), getLanguage()); $mode = ''; // Check for admin/guest/member templates if (substr($template, 0, 6) == 'admin_') { // Admin template found $mode = 'admin/'; } elseif (substr($template, 0, 6) == 'guest_') { // Guest template found $mode = 'guest/'; } elseif (substr($template, 0, 7) == 'member_') { // Member template found $mode = 'member/'; } elseif (substr($template, 0, 8) == 'install_') { // Installation template found $mode = 'install/'; } elseif (substr($template, 0, 4) == 'ext_') { // Extension template found $mode = 'ext/'; } elseif (substr($template, 0, 3) == 'la_') { // 'Logical-area' template found $mode = 'la/'; } elseif (substr($template, 0, 3) == 'js_') { // JavaScript template found $mode = 'js/'; } elseif (substr($template, 0, 5) == 'menu_') { // Menu template found $mode = 'menu/'; } else { // Test for extension $test = substr($template, 0, strpos($template, '_')); // Probe for valid extension name if (isExtensionNameValid($test)) { // Set extra path to extension's name $mode = $test . '/'; } // END - if } //////////////////////// // Generate file name // //////////////////////// $FQFN = $basePath . $mode . $template . '.tpl'; if ((isWhatSet()) && ((strpos($template, '_header') > 0) || (strpos($template, '_footer') > 0)) && (($mode == 'guest/') || ($mode == 'member/') || ($mode == 'admin/'))) { // Select what depended header/footer template file for admin/guest/member area $file2 = sprintf("%s%s%s_%s.tpl", $basePath, $mode, $template, getWhat() ); // Probe for it... if (isFileReadable($file2)) $FQFN = $file2; // Remove variable from memory unset($file2); } // END - if // Does the special template exists? if (!isFileReadable($FQFN)) { // Reset to default template $FQFN = $basePath . $template . '.tpl'; } // END - if // Now does the final template exists? if (isFileReadable($FQFN)) { // The local file does exists so we load it. :) $GLOBALS['tpl_content'] = readFromFile($FQFN); // Replace ' to our own chars to preventing them being quoted while (strpos($GLOBALS['tpl_content'], "'") !== false) { $GLOBALS['tpl_content'] = str_replace("'", '{QUOT}', $GLOBALS['tpl_content']); } // Do we have to compile the code? $ret = ''; if ((strpos($GLOBALS['tpl_content'], '$') !== false) || (strpos($GLOBALS['tpl_content'], '{--') !== false) || (strpos($GLOBALS['tpl_content'], '{!') !== false) || (strpos($GLOBALS['tpl_content'], '{?') !== false)) { // Normal HTML output? if ($GLOBALS['output_mode'] == 0) { // Add surrounding HTML comments to help finding bugs faster $ret = "\n" . $GLOBALS['tpl_content'] . "\n"; // Prepare eval() command $eval = '$ret = "' . compileCode(smartAddSlashes($GLOBALS['tpl_content'])) . '";'; } else { // Prepare eval() command $eval = '$ret = "' . compileCode(smartAddSlashes($GLOBALS['tpl_content'])) . '";'; } } else { // Add surrounding HTML comments to help finding bugs faster $ret = "\n" . $GLOBALS['tpl_content'] . "\n"; $eval = '$ret = "' . smartAddSlashes($ret) . '";'; } // END - if // Cache the eval() command here $GLOBALS['template_eval'][$template] = $eval; // Eval the code eval($GLOBALS['template_eval'][$template]); } else { // No file! $GLOBALS['template_eval'][$template] = '404'; } } elseif (((isAdmin()) || ((isInstalling()) && (!isInstalled()))) && ($GLOBALS['template_eval'][$template] == '404')) { // Only admins shall see this warning or when installation mode is active $ret = '
' . print_r($content, true) . '{--TEMPLATE_DATA--}
' . print_r($DATA, true) . '
' . print_r($content, true) . ''; } } // Loads an email template and compiles it function loadEmailTemplate ($template, $content = array(), $UID = 0) { global $DATA; // Our configuration is kept non-global here $_CONFIG = getConfigArray(); // Make sure all template names are lowercase! $template = strtolower($template); // Default 'nickname' if extension is not installed $nick = '---'; // Prepare IP number and User Agent $REMOTE_ADDR = detectRemoteAddr(); $HTTP_USER_AGENT = detectUserAgent(); // Default admin $ADMIN = getConfig('MAIN_TITLE'); // Is the admin logged in? if (isAdmin()) { // Get admin id $adminId = getCurrentAdminId(); // Load Admin data $ADMIN = getAdminEmail($adminId); } // END - if // Neutral email address is default $email = getConfig('WEBMASTER'); // Expiration in a nice output format // NOTE: Use $content[expiration] in your templates instead of $EXPIRATION if (getConfig('auto_purge') == 0) { // Will never expire! $EXPIRATION = getMessage('MAIL_WILL_NEVER_EXPIRE'); } else { // Create nice date string $EXPIRATION = createFancyTime(getConfig('auto_purge')); } // Is content an array? if (is_array($content)) { // Add expiration to array, $EXPIRATION is now deprecated! $content['expiration'] = $EXPIRATION; } // END - if // Load user's data //* DEBUG: */ outputHtml(__FUNCTION__."(".__LINE__."):UID={$UID},template={$template},content[]=".gettype($content)."
".print_r($content, true)."{--TEMPLATE_DATA--}
".print_r($DATA, true)."
Headers : ' . htmlentities(trim($mailHeader)) . ' To : ' . $toEmail . ' Subject : ' . $subject . ' Message : ' . $message . ''); } elseif (($isHtml == 'Y') && (isExtensionActive('html_mail'))) { // Send mail as HTML away sendHtmlEmail($toEmail, $subject, $message, $mailHeader); } elseif (!empty($toEmail)) { // Send Mail away sendRawEmail($toEmail, $subject, $message, $mailHeader); } elseif ($isHtml != 'Y') { // Problem found! sendRawEmail(getConfig('WEBMASTER'), '[PROBLEM:]' . $subject, $message, $mailHeader); } } // Check if legacy or PHPMailer command // @TODO Rewrite this to an extension 'smtp' // @private function checkPhpMailerUsage() { return ((getConfig('SMTP_HOSTNAME') != '') && (getConfig('SMTP_USER') != '')); } // Send out a raw email with PHPMailer class or legacy mail() command function sendRawEmail ($toEmail, $subject, $message, $from) { // Shall we use PHPMailer class or legacy mode? if (checkPhpMailerUsage()) { // Use PHPMailer class with SMTP enabled loadIncludeOnce('inc/phpmailer/class.phpmailer.php'); loadIncludeOnce('inc/phpmailer/class.smtp.php'); // get new instance $mail = new PHPMailer(); $mail->PluginDir = sprintf("%sinc/phpmailer/", getConfig('PATH')); $mail->IsSMTP(); $mail->SMTPAuth = true; $mail->Host = getConfig('SMTP_HOSTNAME'); $mail->Port = 25; $mail->Username = getConfig('SMTP_USER'); $mail->Password = getConfig('SMTP_PASSWORD'); if (empty($from)) { $mail->From = getConfig('WEBMASTER'); } else { $mail->From = $from; } $mail->FromName = getConfig('MAIN_TITLE'); $mail->Subject = $subject; if ((isExtensionActive('html_mail')) && (secureString($message) != $message)) { $mail->Body = $message; $mail->AltBody = 'Your mail program required HTML support to read this mail!'; $mail->WordWrap = 70; $mail->IsHTML(true); } else { $mail->Body = decodeEntities($message); } $mail->AddAddress($toEmail, ''); $mail->AddReplyTo(getConfig('WEBMASTER'), getConfig('MAIN_TITLE')); $mail->AddCustomHeader('Errors-To:' . getConfig('WEBMASTER')); $mail->AddCustomHeader('X-Loop:' . getConfig('WEBMASTER')); $mail->Send(); } else { // Use legacy mail() command mail($toEmail, $subject, decodeEntities($message), $from); } } // Generate a password in a specified length or use default password length function generatePassword ($length = 0) { // Auto-fix invalid length of zero if ($length == 0) $length = getConfig('pass_len'); // Initialize array with all allowed chars $ABC = explode(',', 'a,b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z,A,B,C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,X,Y,Z,0,1,2,3,4,5,6,7,8,9,-,+,_,/,.'); // Start creating password $PASS = ''; for ($i = 0; $i < $length; $i++) { $PASS .= $ABC[mt_rand(0, count($ABC) -1)]; } // END - for // When the size is below 40 we can also add additional security by scrambling // it. Otherwise we may corrupt hashes if (strlen($PASS) <= 40) { // Also scramble the password $PASS = scrambleString($PASS); } // END - if // Return the password return $PASS; } // Generates a human-readable timestamp from the Uni* stamp function generateDateTime ($time, $mode = 0) { // Filter out numbers $time = bigintval($time); // If the stamp is zero it mostly didn't "happen" if ($time == 0) { // Never happend return getMessage('NEVER_HAPPENED'); } // END - if switch (getLanguage()) { case 'de': // German date / time format switch ($mode) { case 0: $ret = date("d.m.Y \u\m H:i \U\h\\r", $time); break; case 1: $ret = strtolower(date('d.m.Y - H:i', $time)); break; case 2: $ret = date('d.m.Y|H:i', $time); break; case 3: $ret = date('d.m.Y', $time); break; default: logDebugMessage(__FUNCTION__, __LINE__, sprintf("Invalid date mode %s detected.", $mode)); break; } break; default: // Default is the US date / time format! switch ($mode) { case 0: $ret = date('r', $time); break; case 1: $ret = date('Y-m-d - g:i A', $time); break; case 2: $ret = date('y-m-d|H:i', $time); break; case 3: $ret = date('y-m-d', $time); break; default: logDebugMessage(__FUNCTION__, __LINE__, sprintf("Invalid date mode %s detected.", $mode)); break; } // END - switch } // END - switch // Return result return $ret; } // Translates Y/N to yes/no function translateYesNo ($yn) { // Default $translated = '??? (' . $yn . ')'; switch ($yn) { case 'Y': $translated = getMessage('YES'); break; case 'N': $translated = getMessage('NO'); break; default: // Log unknown value logDebugMessage(__FUNCTION__, __LINE__, sprintf("Unknown value %s. Expected Y/N!", $yn)); break; } // Return it return $translated; } // Translates the "pool type" into human-readable function translatePoolType ($type) { // Default?type is unknown $translated = sprintf(getMessage('POOL_TYPE_UNKNOWN'), $type); // Generate constant $constName = sprintf("POOL_TYPE_%s", $type); // Does it exist? if (isMessageIdValid($constName)) { // Then use it $translated = getMessage($constName); } // END - if // Return "translation" return $translated; } // Translates the american decimal dot into a german comma function translateComma ($dotted, $cut = true, $max = 0) { // Default is 3 you can change this in admin area "Misc -> Misc Options" if (!isConfigEntrySet('max_comma')) setConfigEntry('max_comma', 3); // Use from config is default $maxComma = getConfig('max_comma'); // Use from parameter? if ($max > 0) $maxComma = $max; // Cut zeros off? if (($cut === true) && ($max == 0)) { // Test for commata if in cut-mode $com = explode('.', $dotted); if (count($com) < 2) { // Don't display commatas even if there are none... ;-) $maxComma = 0; } } // END - if // Debug log //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, "dotted={$dotted},maxComma={$maxComma}"); // Translate it now switch (getLanguage()) { case 'de': // German language $dotted = number_format($dotted, $maxComma, ',', '.'); break; default: // All others $dotted = number_format($dotted, $maxComma, '.', ','); break; } // Return translated value return $dotted; } // Translate Uni*-like gender to human-readable function translateGender ($gender) { // Default $ret = '!' . $gender . '!'; // Male/female or company? switch ($gender) { case 'M': $ret = getMessage('GENDER_M'); break; case 'F': $ret = getMessage('GENDER_F'); break; case 'C': $ret = getMessage('GENDER_C'); break; default: // Log unknown gender logDebugMessage(__FUNCTION__, __LINE__, sprintf("Unknown gender %s detected.", $gender)); break; } // Return translated gender return $ret; } // "Translates" the user status function translateUserStatus ($status) { // Generate message depending on status switch ($status) { case 'UNCONFIRMED': case 'CONFIRMED': case 'LOCKED': $ret = getMessage(sprintf("ACCOUNT_%s", $status)); break; case '': case null: $ret = getMessage('ACCOUNT_DELETED'); break; default: logDebugMessage(__FUNCTION__, __LINE__, sprintf("Unknown status %s detected.", $status)); $ret = sprintf(getMessage('UNKNOWN_STATUS'), $status); break; } // END - switch // Return it return $ret; } // Generates an URL for the dereferer function generateDerefererUrl ($URL) { // Don't de-refer our own links! if (substr($URL, 0, strlen(getConfig('URL'))) != getConfig('URL')) { // De-refer this link $URL = '{?URL?}/modules.php?module=loader&url=' . encodeString(compileUriCode($URL)); } // END - if // Return link return $URL; } // Generates an URL for the frametester function generateFrametesterUrl ($URL) { // Prepare frametester URL $frametesterUrl = sprintf("{?URL?}/modules.php?module=frametester&url=%s", encodeString(compileUriCode($URL)) ); // Return the new URL return $frametesterUrl; } // Count entries from e.g. a selection box function countSelection ($array) { // Integrity check if (!is_array($array)) { // Not an array! debug_report_bug(__FUNCTION__.': No array provided.'); } // END - if // Init count $ret = 0; // Count all entries foreach ($array as $key => $selected) { // Is it checked? if (!empty($selected)) $ret++; } // END - foreach // Return counted selections return $ret; } // Generate XHTML code for the CAPTCHA function generateCaptchaCode ($code, $type, $DATA, $userid) { return ''; } // Generates a timestamp (some wrapper for mktime()) function makeTime ($hours, $minutes, $seconds, $stamp) { // Extract day, month and year from given timestamp $days = date('d', $stamp); $months = date('m', $stamp); $years = date('Y', $stamp); // Create timestamp for wished time which depends on extracted date return mktime( $hours, $minutes, $seconds, $months, $days, $years ); } // Redirects to an URL and if neccessarry extends it with own base URL function redirectToUrl ($URL) { // Compile out URI codes $URL = compileUriCode($URL); // Check if http(s):// is there if ((substr($URL, 0, 7) != 'http://') && (substr($URL, 0, 8) != 'https://')) { // Make all URLs full-qualified $URL = getConfig('URL') . '/' . $URL; } // END - if // Three different debug ways... //* DEBUG: */ debug_report_bug(sprintf("%s[%s:] URL=%s", __FUNCTION__, __LINE__, $URL)); //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, $URL); //* DEBUG: */ die($URL); // Default 'rel' value is external, nofollow is evil from Google and hurts the Internet $rel = ' rel="external"'; // Do we have internal or external URL? if (substr($URL, 0, strlen(getConfig('URL'))) == getConfig('URL')) { // Own (=internal) URL $rel = ''; } // END - if // Get output buffer $GLOBALS['output'] = ob_get_contents(); // Clear it only if there is content if (!empty($GLOBALS['output'])) { clearOutputBuffer(); } // END - if // Simple probe for bots/spiders from search engines if ((strpos(detectUserAgent(), 'spider') !== false) || (strpos(detectUserAgent(), 'bot') !== false)) { // Secure the URL against bad things such als HTML insertions and so on... $URL = secureString($URL); // Output new location link as anchor outputHtml('' . $URL . ''); } elseif (!headers_sent()) { // Load URL when headers are not sent //* DEBUG: */ debug_report_bug("URL={$URL}"); sendHeader('Location: '.str_replace('&', '&', $URL)); } else { // Output error message loadInclude('inc/header.php'); loadTemplate('redirect_url', false, str_replace('&', '&', $URL)); loadInclude('inc/footer.php'); } // Shut the mailer down here shutdown(); } // Wrapper for redirectToUrl but URL comes from a configuration entry function redirectToConfiguredUrl ($configEntry) { // Get the URL $URL = getConfig($configEntry); // Is this URL set? if (is_null($URL)) { // Then abort here debug_report_bug(sprintf("Configuration entry %s is not set!", $configEntry)); } // END - if // Load the URL redirectToUrl($URL); } // Compiles the given HTML/mail code function compileCode ($code, $simple = false, $constants = true, $full = true) { // Is the code a string? if (!is_string($code)) { // Silently return it return $code; } // END - if // Init replacement-array with full security characters $secChars = $GLOBALS['security_chars']; // Select smaller set of chars to replace when we e.g. want to compile URLs if ($full === false) $secChars = $GLOBALS['url_chars']; // Compile more through a filter $code = runFilterChain('compile_code', $code); // Compile constants if ($constants === true) { // BEFORE 0.2.1 : Language and data constants // WITH 0.2.1+ : Only language constants $code = str_replace('{--', "\".getMessage('", str_replace('--}', "').\"", $code)); // BEFORE 0.2.1 : Not used // WITH 0.2.1+ : Data constants $code = str_replace('{!', "\".constant('", str_replace("!}", "').\"", $code)); } // END - if // Compile QUOT and other non-HTML codes foreach ($secChars['to'] as $k => $to) { // Do the reversed thing as in inc/libs/security_functions.php $code = str_replace($to, $secChars['from'][$k], $code); } // END - foreach // But shall I keep simple quotes for later use? if ($simple) $code = str_replace("'", '{QUOT}', $code); // Find $content[bla][blub] entries preg_match_all('/\$(content|GLOBALS|DATA)((\[([a-zA-Z0-9-_]+)\])*)/', $code, $matches); // Are some matches found? if ((count($matches) > 0) && (count($matches[0]) > 0)) { // Replace all matches $matchesFound = array(); foreach ($matches[0] as $key => $match) { // Fuzzy look has failed by default $fuzzyFound = false; // Fuzzy look on match if already found foreach ($matchesFound as $found => $set) { // Get test part $test = substr($found, 0, strlen($match)); // Does this entry exist? //* DEBUG: */ outputHtml(__FUNCTION__."(".__LINE__."):found={$found},match={$match},set={$set}