// Some security stuff...
if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) {
- $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
+ $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4)."/security.php";
require($INC);
}
while (strpos($OUTPUT, '{!') > 0) {
// Prepare the content and eval() it...
$newContent = "";
- $eval = "\$newContent = \"" . COMPILE_CODE(addslashes($OUTPUT)) . "\";";
+ $eval = "\$newContent = \"".COMPILE_CODE(addslashes($OUTPUT))."\";";
@eval($eval);
if (empty($newContent)) {
// Compile and run finished rendered HTML code
while (strpos($OUTPUT, '{!') > 0) {
- $eval = "\$OUTPUT = \"" . COMPILE_CODE(addslashes($OUTPUT)) . "\";";
+ $eval = "\$OUTPUT = \"".COMPILE_CODE(addslashes($OUTPUT))."\";";
eval($eval);
}
if (empty($GLOBALS['refid'])) $GLOBALS['refid'] = 0;
$REFID = $GLOBALS['refid'];
+ // DEPRECATED!!!
if ($template == "member_support_form") {
// Support request of a member
- $result = SQL_QUERY_ESC("SELECT sex, surname, family FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT sex, surname, family FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
array($GLOBALS['userid']), __FILE__, __LINE__);
list($sex, $surname, $family) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
$date_time = MAKE_DATETIME(time(), "1");
// Base directory
- $BASE = PATH."templates/".GET_LANGUAGE()."/html/";
+ $BASE = sprintf("%stemplates/%s/html/", PATH, GET_LANGUAGE());
$MODE = "";
// Check for admin/guest/member templates
while (strpos($tmpl_file, "\'") !== false) { $tmpl_file = str_replace("\'", '{QUOT}', $tmpl_file); }
// Do we have to compile the code?
+ $ret = "";
if ((strpos($tmpl_file, "\$") !== false) || (strpos($tmpl_file, '{--') !== false) || (strpos($tmpl_file, '--}') > 0)) {
// Okay, compile it!
- $tmpl_file = "\$ret=\"" . COMPILE_CODE(addslashes($tmpl_file)) . "\";";
+ $tmpl_file = "\$ret=\"".COMPILE_CODE(addslashes($tmpl_file))."\";";
eval($tmpl_file);
} else {
// Simply return loaded code
// Send mail out to an email address
function SEND_EMAIL($TO, $SUBJECT, $MSG, $HTML='N', $FROM="") {
// Compile subject line (for POINTS constant etc.)
- $eval = "\$SUBJECT = \"" . COMPILE_CODE(addslashes($SUBJECT)) . "\";";
+ $eval = "\$SUBJECT = \"".COMPILE_CODE(addslashes($SUBJECT))."\";";
eval($eval);
$SUBJECT = html_entity_decode($SUBJECT);
ADD_MESSAGE_TO_BOX($TO, $SUBJECT, $MSG, $HTML);
return;
} else {
- $result_email = SQL_QUERY_ESC("SELECT email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", array(bigintval($TO)), __FILE__, __LINE__);
+ $result_email = SQL_QUERY_ESC("SELECT email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1", array(bigintval($TO)), __FILE__, __LINE__);
list($TO) = SQL_FETCHROW($result_email);
SQL_FREERESULT($result_email);
}
// get new instance
$mail = new PHPMailer();
- $mail->PluginDir = PATH."inc/phpmailer/";
+ $mail->PluginDir = sprintf("%sinc/phpmailer/", PATH);
$mail->IsSMTP();
$mail->SMTPAuth = true;
$mail->Port = 25;
$mail->Username = SMTP_USER;
$mail->Password = SMTP_PASSWORD;
- $mail->From = $from;
+ if (empty($from)) {
+ $mail->From = WEBMASTER;
+ } else {
+ $mail->From = $from;
+ }
$mail->FromName = MAIN_TITLE;
$mail->Subject = $subject;
if ((EXT_IS_ACTIVE("html_mail")) && (strip_tags($msg) != $msg)) {
//
function DEREFERER($URL) {
- $URL = URL."/modules.php?module=loader&url=".urlencode(base64_encode(COMPILE_CODE($URL)));
+ $URL = URL."/modules.php?module=loader&url=".urlencode(base64_encode(gzcompress(COMPILE_CODE($URL))));
return $URL;
}
// Prepare frametester URL
$frametesterUrl = sprintf("%s/modules.php?module=frametester&url=%s",
URL,
- urlencode(base64_encode(COMPILE_CODE($URL)))
+ urlencode(base64_encode(gzcompress(COMPILE_CODE($URL))))
);
return $frametesterUrl;
}
$EXPIRATION = round($_CONFIG['auto_purge']/60/60/24)." "._DAYS;
}
+ // DEPRECATED switch!
switch ($template)
{
case "bonus-mail": // Load data for the bonus mail
if ($UID > 0) {
if (EXT_IS_ACTIVE("nickname")) {
// Load nickname
- $result = SQL_QUERY_ESC("SELECT surname, family, sex, email, nickname FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT surname, family, sex, email, nickname FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
array(bigintval($UID)), __FILE__, __LINE__);
list($surname, $family, $sex, $email, $nick) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
} else {
// Load normal data
- $result = SQL_QUERY_ESC("SELECT surname, family, sex, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT surname, family, sex, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
array(bigintval($UID)), __FILE__, __LINE__);
list($surname, $family, $sex, $email) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
$DATA['email'] = $email;
// Base directory
- $BASE = PATH."templates/".GET_LANGUAGE()."/emails/";
+ $BASE = sprintf("%stemplates/%s/emails/", PATH, GET_LANGUAGE());
// Check for admin/guest/member templates
if (strpos($template, "admin_") > -1) {
if ((!@file_exists($file)) || (!is_readable($file))) {
// Reset to default template
$file = $BASE.$template.".tpl";
- }
+ } // END - if
// Now does the final template exists?
- if ((@file_exists($file)) && (is_readable($file)))
- {
+ if ((@file_exists($file)) && (is_readable($file))) {
// The local file does exists so we load it. :)
$tmpl_file = @implode("", @file($file));
$tmpl_file = addslashes($tmpl_file);
// Replace HTML confirm chars
$content = html_entity_decode($content);
- }
- elseif (!empty($template))
- {
+ } elseif (!empty($template)) {
// Template file not found!
$content = TEMPLATE_404.": ".$template."<br />
".TEMPLATE_CONTENT."
// Debug mode not active? Then remove the HTML tags
if (!DEBUG_MODE) $content = strip_tags($content);
- }
- else
- {
+ } else {
// No template name supplied!
$content = NO_TEMPLATE_SUPPLIED;
}
+
+ // Return compiled content
return COMPILE_CODE($content);
}
//
-function MAKE_TIME($H, $M, $S, $stamp)
-{
+function MAKE_TIME($H, $M, $S, $stamp) {
// Extract day, month and year from given timestamp
$DAY = date("d", $stamp);
$MONTH = date("m", $stamp);
OUTPUT_HTML("<A href=\"".$URL."\">".$URL."</A>");
} elseif (!headers_sent()) {
// Load URL when headers are not sent
+ /*
+ print("<pre>");
+ debug_print_backtrace();
+ die("</pre>URL={$URL}");
+ */
@header ("Location: ".str_replace("&", "&", $URL));
} else {
// Output error message
return $return;
}
// Does only allow numbers
-function bigintval($num, $castValue = true)
-{
+function bigintval($num, $castValue = true) {
// Filter all numbers out
$ret = preg_replace("/[^0123456789]/", "", $num);
- // Cast the value?
- if ($castValue) $ret = (int) $ret;
-
// Return result
return $ret;
}
// Insert the code in $img_code into jpeg or PNG image
-function GENERATE_IMAGE($img_code, $header=true)
-{
+function GENERATE_IMAGE($img_code, $header=true) {
global $_CONFIG;
if ((strlen($img_code) > 6) || (empty($img_code)) || ($_CONFIG['code_length'] == 0))
{
{
case "jpg":
// Loads JPEG image
- $img = PATH."/theme/".GET_CURR_THEME()."/images/code_bg.jpg";
- if ((file_exists($img)) && (is_readable($img)))
- {
+ $img = sprintf("%s/theme/%s/images/code_bg.jpg", PATH, GET_CURR_THEME());
+ if ((file_exists($img)) && (is_readable($img))) {
// Okay, load image and hide all errors
$image = @imagecreatefromjpeg($img);
- }
- else
- {
+ } else {
// Exit function here
return;
}
case "png":
// Loads PNG image
- $img = PATH."/theme/".GET_CURR_THEME()."/images/code_bg.png";
- if ((file_exists($img)) && (is_readable($img)))
- {
+ $img = sprintf("%s/theme/%s/images/code_bg.png", PATH, GET_CURR_THEME());
+ if ((file_exists($img)) && (is_readable($img))) {
// Okay, load image and hide all errors
$image = @imagecreatefrompng($img);
- }
- else
- {
+ } else {
// Exit function here
return;
}
header ("Content-Type: image/".$_CONFIG['img_type']);
// Output image with matching image factory
- switch ($_CONFIG['img_type'])
- {
+ switch ($_CONFIG['img_type']) {
case "jpg": imagejpeg($image); break;
case "png": imagepng($image); break;
}
}
if (ereg("s", $display) || (empty($display)))
{
- $OUT .= " <TD align=\"center\" class=\"admin_title bottom\"><STRONG class=\"tiny\">".SECS."</STRONG></TD>\n";
+ $OUT .= " <TD align=\"center\" class=\"admin_title bottom\"><STRONG class=\"tiny\">"._SECONDS."</STRONG></TD>\n";
}
$OUT .= "</TR>\n";
$OUT .= "<TR>\n";
}
// Finish navigation link
- $eval = substr($eval, 0, -7) . "]\";";
+ $eval = substr($eval, 0, -7)."]\";";
eval($eval);
// Return string
return $plainText;
} // END - if
+ // Do we miss an arry element here?
+ if (!isset($_CONFIG['file_hash'])) {
+ // Stop here
+ print(__FUNCTION__.":<pre>");
+ debug_print_backtrace();
+ die("</pre>");
+ } // END - if
+
// When the salt is empty build a new one, else use the first x configured characters as the salt
if ($salt == "") {
// Build server string
// Generate the password salt string
$salt = substr($sha1, 0, $_CONFIG['salt_length']);
//* DEBUG: */ echo $salt." (".strlen($salt).")<br />";
- }
- else
- {
+ } else {
+ // Use given salt
$salt = substr($salt, 0, $_CONFIG['salt_length']);
+ //* DEBUG: */ echo "GIVEN={$salt}<br />\n";
}
// Return hash
- return $salt . sha1($salt . $plainText);
+ return $salt.sha1($salt.$plainText);
}
//
function scrambleString($str) {
// Add all together and return it
return $URL.$ADD;
}
-//
+// Generate an PGP-like encrypted hash of given hash for e.g. cookies
function generatePassString($passHash) {
global $_CONFIG;
//* DEBUG: */ echo "*".$start."=".$mod."*<br>";
$start += 4;
$newHash .= $mod;
- }
+ } // END - for
- //* DEBUG: */ die($passHash."<br>".$newHash." (".strlen($newHash).")");
+ //* DEBUG: */ print($passHash."<br>".$newHash." (".strlen($newHash).")");
$ret = generateHash($newHash, $_CONFIG['master_salt']);
+ //* DEBUG: */ print($ret."<br />\n");
} else {
// Hash it simple
//* DEBUG: */ echo "--".$passHash."--<br />\n";
} elseif (!empty($value)) {
// Update session
$_SESSION[$var] = $value;
+ } else {
+ // Something bad happens!
+ return false; // Hope this doesn't make so much trouble???
}
// Return always true if the session variable is already set.
SEND_ADMIN_EMAILS($subject, $msg);
}
}
-
+// Destroy user session
+function destroy_user_session () {
+ // Remove all user data from session
+ return ((set_session("userid", "")) && (set_session("u_hash", "")) && (set_session("lifetime", "")));
+}
+// Merges an array together but only if both are arrays
+function merge_array ($array1, $array2) {
+ // Are both an array?
+ if ((is_array($array1)) && (is_array($array2))) {
+ // Merge all together
+ return array_merge($array1, $array2);
+ } elseif (is_array($array1)) {
+ // Return left array
+ return $array1;
+ }
+
+ // Something wired happened here...
+ print(__FUNCTION__.":<pre>");
+ debug_print_backtrace();
+ die("</pre>");
+}
+// Debug message logger
+function DEBUG_LOG ($message) {
+ // Is debug mode enabled?
+ if (isBooleanConstantAndTrue('DEBUG_MODE')) {
+ // Log this message away
+ $fp = fopen(PATH."inc/cache/debug.log", 'a') or mxchange_die("Cannot write logfile debug.log!");
+ fwrite($fp, date("d.m.Y|H:i:s", time())."|{$message}\n");
+ fclose($fp);
+ } // END - if
+}
//
//////////////////////////////////////////////////
// //