* @version 3.0.0
* @copyright Copyright (c) 2009 - 2011 Cracker Tracker Team
* @license GNU GPL 3.0 or any newer version
* @link http://www.ship-simu.org
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see .
*/
if (!function_exists('implode_r')) {
// Implode recursive a multi-dimension array, taken from www.php.net
function implode_r ($glue, $array, $array_name = NULL) {
$return = array();
while(list($key,$value) = @each($array)) {
if(is_array($value)) {
// Is an array again, so call recursive
$return[] = implode_r($glue, $value, (string) $key);
} else {
if($array_name != NULL) {
$return[] = $array_name . '[' . (string) $key . ']=' . $value . "\n";
} else {
$return[] = $key . '=' . $value."\n";
}
}
} // END - while
// Return resulting array
return(implode($glue, $return));
} // END - function
} // END - if
if (!function_exists('implode_secure')) {
// Implode a simple array with a 'call-back' to our escaper function
function implode_secure ($array) {
// Return string
$return = '';
// Implode all data
foreach ($array as $entry) {
// Don't escape some
if (in_array($entry, array('NOW()'))) {
// Add it with non-string glue
$return .= $entry . ',';
} elseif (empty($entry)) {
// Empty strings need no escaping
$return .= '"",';
} else {
// Secure this string and add it
$return .= '"' . crackerTrackerEscapeString($entry) . '",';
}
} // END - foreach
// Remove last char
$return = substr($return, 0, -1);
// Return this string
return $return;
} // END - function
} // END - if
// Getter for ctracker_debug_enabled
function isCrackerTrackerDebug () {
// Is it set?
$result = ((isset($GLOBALS['ctracker_debug_enabled'])) && ($GLOBALS['ctracker_debug_enabled'] === TRUE));
// Debug message
//* DEBUG: */ error_log('result=' . intval($result));
// Return it
return $result;
}
// Determines the real remote address
function determineCrackerTrackerRealRemoteAddress () {
// Initial value
$address = '0.0.0.0';
// Is a proxy in use?
if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
// Proxy was used
$address = trim($_SERVER['HTTP_X_FORWARDED_FOR']);
} elseif (isset($_SERVER['HTTP_CLIENT_IP'])) {
// Yet, another proxy
$address = trim($_SERVER['HTTP_CLIENT_IP']);
} elseif (isset($_SERVER['REMOTE_ADDR'])) {
// The regular address when no proxy was used
$address = trim(getenv('REMOTE_ADDR'));
}
if ($address == 'unknown') {
// Invalid IP somehow given
$address = '0.0.0.0';
} elseif (strstr($address, ',')) {
// This strips out the real address from proxy output
$addressArray = explode(',', $address);
$address = $addressArray[0];
}
// Return the result
return $address;
}
// Determine if a proxy was used
function isCrackerTrackerProxyUsed () {
// Check if specific entries are set
$proxyUsed = ((isset($_SERVER['HTTP_X_FORWARDED_FOR'])) || (isset($_SERVER['HTTP_CLIENT_IP'])));
// Return result
return $proxyUsed;
}
// Detects the user-agent string
function crackerTrackerUserAgent () {
// Default is 'unknown'
$ua = 'unknown';
// Is the entry there?
if (isset($_SERVER['HTTP_USER_AGENT'])) {
// Then use it securely
$ua = crackerTrackerSecureString($_SERVER['HTTP_USER_AGENT']);
} // END - if
// Return it
return $ua;
}
// Detects the script name
function crackerTrackerScriptName () {
// Is it there?
if (!isset($_SERVER['SCRIPT_NAME'])) {
// Return NULL
return NULL;
} // END - if
// Should always be there!
return crackerTrackerSecureString($_SERVER['SCRIPT_NAME']);
}
// Detects the query string
function crackerTrackerQueryString () {
// Is it there?
if (!isset($_SERVER['QUERY_STRING'])) {
// Return NULL
return NULL;
} // END - if
// Should always be there!
return crackerTrackerEscapeString(urldecode($_SERVER['QUERY_STRING']));
}
// Detects the server's name
function crackerTrackerServerName () {
// Is it there?
if (!isset($_SERVER['SERVER_NAME'])) {
// Return NULL
return NULL;
} // END - if
// Should always be there!
return crackerTrackerSecureString($_SERVER['SERVER_NAME']);
}
// Detects the referer
function crackerTrackerReferer () {
// Default is a dash
$referer = '-';
// Is it there?
if (isset($_SERVER['HTTP_REFERER'])) {
// Then use it securely
$referer = crackerTrackerSecureString(urldecode($_SERVER['HTTP_REFERER']));
} // END - if
// Return it
return $referer;
}
// Detects the scripts path
function crackerTrackerScriptPath () {
// Should always be there!
$path = dirname(crackerTrackerScriptName()) . '/';
// Return detected path
return $path;
}
// Detects wether we have SSL
function crackerTrackerSecured () {
// Detect it
$ssl = ((isset($_SERVER['HTTPS'])) && ($_SERVER['HTTPS'] != 'off'));
// Return result
return $ssl;
}
// Secures a string by escaping it and passing it through strip_tags,htmlentities-chain
function crackerTrackerSecureString ($str) {
// First escape it
$str = crackerTrackerEscapeString($str);
// Then pass it through the functions
$str = htmlentities(strip_tags($str), ENT_QUOTES);
// Return it
return $str;
}
// Is the file there and readable?
function isCrackerTrackerFileFound ($FQFN) {
// Simply check it
return ((file_exists($FQFN)) && (is_readable($FQFN)));
}
// Loads a given "template" (this is more an include file)
function crackerTrackerLoadTemplate ($template) {
// Create the full-qualified filename (FQFN)
$FQFN = sprintf('%s/templates/%s.tpl.php',
dirname(__FILE__),
$template
);
// Is this template found?
if (isCrackerTrackerFileFound($FQFN)) {
// Detect language
crackerTrackerLanguage();
// Load it
require_once($FQFN);
} else {
// Not found, so die here
crackerTrackerDie();
}
}
// Loads a given "template" (this is more an include file)
function crackerTrackerLoadLocalizedTemplate ($template) {
// Create the full-qualified filename (FQFN)
$FQFN = sprintf('%s/templates/%s/%s.tpl.php',
dirname(__FILE__),
getCrackerTrackerLanguage(),
$template
);
// Is this template found?
if (isCrackerTrackerFileFound($FQFN)) {
// Load it
require_once($FQFN);
} else {
// Not found, so die here
crackerTrackerDie();
}
}
// Detects the browser's language file and tries to load it, fall-back on english!
function crackerTrackerLanguage () {
// Default is English
$GLOBALS['ctracker_language'] = 'en';
$weight = 1;
// Is the language string there?
if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {
// Then detect it
foreach (explode(',', $_SERVER['HTTP_ACCEPT_LANGUAGE']) as $lang) {
// Split it again for q=x.x value
$langArray = explode(';', $lang);
// If there is an entry, we have a weight
if ((isset($langArray[1])) && ($langArray[1] > $weight)) {
// Use this language/weight instead
$GLOBALS['ctracker_language'] = $langArray[0];
$weight = $langArray[1];
} // END - if
} // END - foreach
} // END - if
// Construct FQFN
$FQFN = sprintf('%s/language/%s.php',
dirname(__FILE__),
getCrackerTrackerLanguage()
);
// Is it not there, switch to "en"
if ((getCrackerTrackerLanguage() != 'en') && (!isCrackerTrackerFileFound($FQFN))) {
// English is default!
$GLOBALS['ctracker_language'] = 'en';
// Construct FQFN again
$FQFN = sprintf('%s/language/en.php', dirname(__FILE__));
} // END - if
// Load the language file
require($FQFN);
}
// Loads a given email template and passes through $content
function crackerTrackerLoadEmailTemplate ($template, array $content = array(), $language = NULL) {
// Init language
crackerTrackerLanguage();
// Generate the FQFN
$FQFN = sprintf('%s/mails/%s/%s.tpl',
dirname(__FILE__),
getCrackerTrackerLanguage($language),
$template
);
// So is the file there?
if (isCrackerTrackerFileFound($FQFN)) {
// Init result
$result = 'No result from template ' . $template . '. Please report this at http://forum.ship-simu.org Thank you.';
// Then load it
eval('$result = "' . crackerTrackerCompileCode(file_get_contents($FQFN)) . '";');
// Return the result
return $result;
} else {
// Not found
crackerTrackerDie();
}
}
// Getter for message
function getCrackerTrackerLocalized ($message) {
// Default message
$output = '!' . $message . '!';
// Is the language string there?
if (isset($GLOBALS['ctracker_localized'][$message])) {
// Use this instead
$output = $GLOBALS['ctracker_localized'][$message];
} // END - if
// Return it
return $output;
}
// Tries to find a message and outputs it
function crackerTrackerOutputLocalized ($message) {
// Output it
print getCrackerTrackerLocalized($message);
}
// Compiles the given code
function crackerTrackerCompileCode ($code) {
// Find all $content[foo]
preg_match_all('/\$(content|GLOBALS)((\[([a-zA-Z0-9-_]+)\])*)/', $code, $matches);
// Replace " with {QUOTE}
$code = str_replace('"', '{QUOTE}', $code);
// Replace all
foreach ($matches[0] as $key=>$match) {
// Replace it
if (substr($match, 0, 8) == '$GLOBALS') {
// $GLOBALS
$code = str_replace($match, "\" . \$GLOBALS['" . $matches[4][$key] . "'] . \"", $code);
} elseif (substr($match, 0, 8) == '$content') {
// $content
$code = str_replace($match, "\" . \$content['" . $matches[4][$key] . "'] . \"", $code);
}
} // END - foreach
// Return it
return $code;
}
// "Getter" for language
function getCrackerTrackerLanguage ($lang = NULL) {
// Default is from browser
$language = $GLOBALS['ctracker_language'];
// Is $lang set?
if (!is_null($lang)) {
// Then use this instead
$language = $lang;
} // END - if
// Return it
return $language;
}
// "Getter" for ticket id
function getCrackerTrackerTicketId () {
// Default is zero
$id = 0;
// Is it set?
if (isset($GLOBALS['ctracker_last_ticket']['ctracker_ticket'])) {
// Then use it
$id = $GLOBALS['ctracker_last_ticket']['ctracker_ticket'];
} // END - if
// Return the number
return $id;
}
// Sends a cookie to the user that he would not see this security warning again
function sendCrackerTrackerCookie () {
// Set the cookie
// @TODO Why can't domain be set to value from crackerTrackerServerName() ?
setcookie('ctracker_ticket', getCrackerTrackerTicketId(), (time() + 60*60*24), '/', '', crackerTrackerSecured(), TRUE);
$_COOKIE['ctracker_ticket'] = getCrackerTrackerTicketId();
}
// Is the cookie set?
function ifCrackerTrackerCookieIsSet () {
// Is it set and valid?
return ((isset($_COOKIE['ctracker_ticket'])) && ($_COOKIE['ctracker_ticket'] > 0));
}
// Redirects to the same URL
function crackerTrackerRedirectSameUrl () {
// Construct the url
$url = '://' . crackerTrackerServerName() . crackerTrackerScriptName() . '?' . crackerTrackerQueryString();
// Do we have SSL?
if (crackerTrackerSecured()) {
// HTTPS
$url = 'https' . $url;
} else {
// HTTP
$url = 'http' . $url;
}
// And redirect
crackerTrackerSendRawRedirect($url);
}
/**
* Send a HTTP redirect to the browser. This function was taken from DokuWiki
* (GNU GPL 2; http://www.dokuwiki.org) and modified to fit into this script.
*
* Works arround Microsoft IIS cookie sending bug. Does exit the script.
*
* @link http://support.microsoft.com/kb/q176113/
* @author Andreas Gohr
* @access private
*/
function crackerTrackerSendRawRedirect ($url) {
// Better remove any data by ctracker
unsetCtrackerData();
// always close the session
session_write_close();
// Revert entity &
$url = str_replace('&', '&', $url);
// check if running on IIS < 6 with CGI-PHP
if ((isset($_SERVER['SERVER_SOFTWARE'])) && (isset($_SERVER['GATEWAY_INTERFACE'])) &&
(strpos($_SERVER['GATEWAY_INTERFACE'],'CGI') !== FALSE) &&
(preg_match('|^Microsoft-IIS/(\d)\.\d$|', trim($_SERVER['SERVER_SOFTWARE']), $matches)) &&
($matches[1] < 6)) {
// Send the IIS header
header('Refresh: 0;url=' . $url);
} else {
// Send generic header
header('Location: ' . $url);
}
exit();
}
// Removes all ctracker-related data from global space
function unsetCtrackerData () {
// Debug message
//* DEBUG: */ error_log(__FUNCTION__ . ': CALLED!');
// Unset all ctracker data
foreach (array(
'ctracker_host',
'ctracker_dbname',
'ctracker_user',
'ctracker_password',
'ctracker_debug_enabled',
'ctracker_email',
'ctracker_whitelist',
'ctracker_get_blacklist',
'ctracker_post_blacklist',
'ctracker_header',
'ctracker_post_track',
'ctracker_checkworm',
'ctracker_check_post',
'ctracker_last_sql',
'ctracker_last_result',
'ctracker_config',
'ctracker_updates',
'ctracker_language',
'ctracker_localized',
'ctracker_link',
) as $key) {
// Unset it
unset($GLOBALS[$key]);
} // END - foreach
}
// [EOF]
?>