$mail->CharSet = 'UTF-8';
// Path for PHPMailer
- $mail->PluginDir = sprintf("%sinc/phpmailer/", getConfig('PATH'));
+ $mail->PluginDir = sprintf("%sinc/phpmailer/", getPath());
$mail->IsSMTP();
$mail->SMTPAuth = true;
} else {
$mail->From = $from;
}
- $mail->FromName = getConfig('MAIN_TITLE');
+ $mail->FromName = getMainTitle();
$mail->Subject = $subject;
if ((isExtensionActive('html_mail')) && (secureString($message) != $message)) {
$mail->Body = $message;
$mail->Body = decodeEntities($message);
}
$mail->AddAddress($toEmail, '');
- $mail->AddReplyTo(getConfig('WEBMASTER'), getConfig('MAIN_TITLE'));
+ $mail->AddReplyTo(getConfig('WEBMASTER'), getMainTitle());
$mail->AddCustomHeader('Errors-To:' . getConfig('WEBMASTER'));
$mail->AddCustomHeader('X-Loop:' . getConfig('WEBMASTER'));
$mail->Send();
// Generates an URL for the dereferer
function generateDerefererUrl ($URL) {
// Don't de-refer our own links!
- if (substr($URL, 0, strlen(getConfig('URL'))) != getConfig('URL')) {
+ if (substr($URL, 0, strlen(getUrl())) != getUrl()) {
// De-refer this link
$URL = '{%url=modules.php?module=loader&url=' . encodeString(compileUriCode($URL)) . '%}';
} // END - if
$rel = ' rel="external"';
// Do we have internal or external URL?
- if (substr($URL, 0, strlen(getConfig('URL'))) == getConfig('URL')) {
+ if (substr($URL, 0, strlen(getUrl())) == getUrl()) {
// Own (=internal) URL
$rel = '';
} // END - if
//
function generateRandomCode ($length, $code, $userid, $DATA = '') {
// Build server string
- $server = $_SERVER['PHP_SELF'] . getConfig('ENCRYPT_SEPERATOR') . detectUserAgent() . getConfig('ENCRYPT_SEPERATOR') . getenv('SERVER_SOFTWARE') . getConfig('ENCRYPT_SEPERATOR') . detectRemoteAddr();
+ $server = $_SERVER['PHP_SELF'] . getEncryptSeperator() . detectUserAgent() . getEncryptSeperator() . getenv('SERVER_SOFTWARE') . getEncryptSeperator() . detectRemoteAddr();
// Build key string
- $keys = getConfig('SITE_KEY') . getConfig('ENCRYPT_SEPERATOR') . getConfig('DATE_KEY');
- if (isConfigEntrySet('secret_key')) $keys .= getConfig('ENCRYPT_SEPERATOR').getConfig('secret_key');
- if (isConfigEntrySet('file_hash')) $keys .= getConfig('ENCRYPT_SEPERATOR').getConfig('file_hash');
- $keys .= getConfig('ENCRYPT_SEPERATOR') . getDateFromPatchTime();
- if (isConfigEntrySet('master_salt')) $keys .= getConfig('ENCRYPT_SEPERATOR').getConfig('master_salt');
+ $keys = getConfig('SITE_KEY') . getEncryptSeperator() . getConfig('DATE_KEY');
+ if (isConfigEntrySet('secret_key')) $keys .= getEncryptSeperator().getSecretKey();
+ if (isConfigEntrySet('file_hash')) $keys .= getEncryptSeperator().getFileHash();
+ $keys .= getEncryptSeperator() . getDateFromPatchTime();
+ if (isConfigEntrySet('master_salt')) $keys .= getEncryptSeperator().getMasterSalt();
// Build string from misc data
- $data = $code . getConfig('ENCRYPT_SEPERATOR') . $userid . getConfig('ENCRYPT_SEPERATOR') . $DATA;
+ $data = $code . getEncryptSeperator() . $userid . getEncryptSeperator() . $DATA;
// Add more additional data
- if (isSessionVariableSet('u_hash')) $data .= getConfig('ENCRYPT_SEPERATOR') . getSession('u_hash');
+ if (isSessionVariableSet('u_hash')) $data .= getEncryptSeperator() . getSession('u_hash');
// Add referal id, language, theme and userid
- $data .= getConfig('ENCRYPT_SEPERATOR') . determineReferalId();
- $data .= getConfig('ENCRYPT_SEPERATOR') . getLanguage();
- $data .= getConfig('ENCRYPT_SEPERATOR') . getCurrentTheme();
- $data .= getConfig('ENCRYPT_SEPERATOR') . getMemberId();
+ $data .= getEncryptSeperator() . determineReferalId();
+ $data .= getEncryptSeperator() . getLanguage();
+ $data .= getEncryptSeperator() . getCurrentTheme();
+ $data .= getEncryptSeperator() . getMemberId();
// Calculate number for generating the code
$a = $code + getConfig('_ADD') - 1;
if (isConfigEntrySet('master_salt')) {
// Generate hash with master salt from modula of number with the prime number and other data
- $saltedHash = generateHash(($a % getConfig('_PRIME')) . getConfig('ENCRYPT_SEPERATOR') . $server . getConfig('ENCRYPT_SEPERATOR') . $keys . getConfig('ENCRYPT_SEPERATOR') . $data . getConfig('ENCRYPT_SEPERATOR') . getConfig('DATE_KEY') . getConfig('ENCRYPT_SEPERATOR') . $a, getConfig('master_salt'));
+ $saltedHash = generateHash(($a % getPrime()) . getEncryptSeperator() . $server . getEncryptSeperator() . $keys . getEncryptSeperator() . $data . getEncryptSeperator() . getConfig('DATE_KEY') . getEncryptSeperator() . $a, getMasterSalt());
// Create number from hash
- $rcode = hexdec(substr($saltedHash, strlen(getConfig('master_salt')), 9)) / abs(getConfig('rand_no') - $a + sqrt(getConfig('_ADD'))) / pi();
+ $rcode = hexdec(substr($saltedHash, strlen(getMasterSalt()), 9)) / abs(getConfig('rand_no') - $a + sqrt(getConfig('_ADD'))) / pi();
} else {
// Generate hash with "hash of site key" from modula of number with the prime number and other data
- $saltedHash = generateHash(($a % getConfig('_PRIME')) . getConfig('ENCRYPT_SEPERATOR') . $server . getConfig('ENCRYPT_SEPERATOR') . $keys . getConfig('ENCRYPT_SEPERATOR') . $data . getConfig('ENCRYPT_SEPERATOR') . getConfig('DATE_KEY') . getConfig('ENCRYPT_SEPERATOR') . $a, substr(sha1(getConfig('SITE_KEY')), 0, getConfig('salt_length')));
+ $saltedHash = generateHash(($a % getPrime()) . getEncryptSeperator() . $server . getEncryptSeperator() . $keys . getEncryptSeperator() . $data . getEncryptSeperator() . getConfig('DATE_KEY') . getEncryptSeperator() . $a, substr(sha1(getConfig('SITE_KEY')), 0, getSaltLength()));
// Create number from hash
$rcode = hexdec(substr($saltedHash, 8, 9)) / abs(getConfig('rand_no') - $a + sqrt(getConfig('_ADD'))) / pi();
// Extract host from script name
function extractHostnameFromUrl (&$script) {
// Use default SERVER_URL by default... ;) So?
- $url = getConfig('SERVER_URL');
+ $url = getServerUrl();
// Is this URL valid?
if (substr($script, 0, 7) == 'http://') {
// Generate GET request header
$request = 'GET /' . trim($script) . ' HTTP/1.1' . getConfig('HTTP_EOL');
$request .= 'Host: ' . $host . getConfig('HTTP_EOL');
- $request .= 'Referer: ' . getConfig('URL') . '/admin.php' . getConfig('HTTP_EOL');
+ $request .= 'Referer: ' . getUrl() . '/admin.php' . getConfig('HTTP_EOL');
if (isConfigEntrySet('FULL_VERSION')) {
- $request .= 'User-Agent: ' . getConfig('TITLE') . '/' . getConfig('FULL_VERSION') . getConfig('HTTP_EOL');
+ $request .= 'User-Agent: ' . getTitle() . '/' . getFullVersion() . getConfig('HTTP_EOL');
} else {
- $request .= 'User-Agent: ' . getConfig('TITLE') . '/' . getConfig('VERSION') . getConfig('HTTP_EOL');
+ $request .= 'User-Agent: ' . getTitle() . '/' . getConfig('VERSION') . getConfig('HTTP_EOL');
}
$request .= 'Accept: image/png,image/*;q=0.8,text/plain,text/html,*/*;q=0.5' . getConfig('HTTP_EOL');
$request .= 'Accept-Charset: UTF-8,*' . getConfig('HTTP_EOL');
// Generate POST request header
$request = 'POST /' . trim($script) . ' HTTP/1.0' . getConfig('HTTP_EOL');
$request .= 'Host: ' . $host . getConfig('HTTP_EOL');
- $request .= 'Referer: ' . getConfig('URL') . '/admin.php' . getConfig('HTTP_EOL');
- $request .= 'User-Agent: ' . getConfig('TITLE') . '/' . getConfig('FULL_VERSION') . getConfig('HTTP_EOL');
+ $request .= 'Referer: ' . getUrl() . '/admin.php' . getConfig('HTTP_EOL');
+ $request .= 'User-Agent: ' . getTitle() . '/' . getFullVersion() . getConfig('HTTP_EOL');
$request .= 'Accept: text/plain;q=0.8' . getConfig('HTTP_EOL');
$request .= 'Accept-Charset: UTF-8,*' . getConfig('HTTP_EOL');
$request .= 'Cache-Control: no-cache' . getConfig('HTTP_EOL');
// When the salt is empty build a new one, else use the first x configured characters as the salt
if (empty($salt)) {
// Build server string for more entropy
- $server = $_SERVER['PHP_SELF'] . getConfig('ENCRYPT_SEPERATOR') . detectUserAgent() . getConfig('ENCRYPT_SEPERATOR') . getenv('SERVER_SOFTWARE') . getConfig('ENCRYPT_SEPERATOR') . detectRemoteAddr();
+ $server = $_SERVER['PHP_SELF'] . getEncryptSeperator() . detectUserAgent() . getEncryptSeperator() . getenv('SERVER_SOFTWARE') . getEncryptSeperator() . detectRemoteAddr();
// Build key string
- $keys = getConfig('SITE_KEY') . getConfig('ENCRYPT_SEPERATOR') . getConfig('DATE_KEY') . getConfig('ENCRYPT_SEPERATOR') . getConfig('secret_key') . getConfig('ENCRYPT_SEPERATOR') . getConfig('file_hash') . getConfig('ENCRYPT_SEPERATOR') . getDateFromPatchTime() . getConfig('ENCRYPT_SEPERATOR') . getConfig('master_salt');
+ $keys = getConfig('SITE_KEY') . getEncryptSeperator() . getConfig('DATE_KEY') . getEncryptSeperator() . getSecretKey() . getEncryptSeperator() . getFileHash() . getEncryptSeperator() . getDateFromPatchTime() . getEncryptSeperator() . getMasterSalt();
// Additional data
- $data = $plainText . getConfig('ENCRYPT_SEPERATOR') . uniqid(mt_rand(), true) . getConfig('ENCRYPT_SEPERATOR') . time();
+ $data = $plainText . getEncryptSeperator() . uniqid(mt_rand(), true) . getEncryptSeperator() . time();
// Calculate number for generating the code
$a = time() + getConfig('_ADD') - 1;
// Generate SHA1 sum from modula of number and the prime number
- $sha1 = sha1(($a % getConfig('_PRIME')) . $server . getConfig('ENCRYPT_SEPERATOR') . $keys . getConfig('ENCRYPT_SEPERATOR') . $data . getConfig('ENCRYPT_SEPERATOR') . getConfig('DATE_KEY') . getConfig('ENCRYPT_SEPERATOR') . $a);
+ $sha1 = sha1(($a % getPrime()) . $server . getEncryptSeperator() . $keys . getEncryptSeperator() . $data . getEncryptSeperator() . getConfig('DATE_KEY') . getEncryptSeperator() . $a);
//* DEBUG: */ debugOutput('SHA1=' . $sha1.' ('.strlen($sha1).')<br />');
$sha1 = scrambleString($sha1);
//* DEBUG: */ debugOutput('Scrambled=' . $sha1.' ('.strlen($sha1).')<br />');
//* DEBUG: */ debugOutput('Descrambled=' . $sha1b.' ('.strlen($sha1b).')<br />');
// Generate the password salt string
- $salt = substr($sha1, 0, getConfig('salt_length'));
+ $salt = substr($sha1, 0, getSaltLength());
//* DEBUG: */ debugOutput($salt.' ('.strlen($salt).')<br />');
} else {
// Use given salt
//* DEBUG: */ debugOutput('salt=' . $salt);
- $salt = substr($salt, 0, getConfig('salt_length'));
- //* DEBUG: */ debugOutput('salt=' . $salt . '(' . strlen($salt) . '/' . getConfig('salt_length') . ')<br />');
+ $salt = substr($salt, 0, getSaltLength());
+ //* DEBUG: */ debugOutput('salt=' . $salt . '(' . strlen($salt) . '/' . getSaltLength() . ')<br />');
// Sanity check on salt
- if (strlen($salt) != getConfig('salt_length')) {
+ if (strlen($salt) != getSaltLength()) {
// Not the same!
- debug_report_bug(__FUNCTION__.': salt length mismatch! ('.strlen($salt).'/'.getConfig('salt_length').')');
+ debug_report_bug(__FUNCTION__.': salt length mismatch! ('.strlen($salt).'/'.getSaltLength().')');
} // END - if
}
return $str;
} elseif (strlen($str) == 40) {
// From database
- $scrambleNums = explode(':', getConfig('pass_scramble'));
+ $scrambleNums = explode(':', getPassScramble());
} else {
// Generate new numbers
$scrambleNums = explode(':', genScrambleString(strlen($str)));
if (strlen($str) != 40) return $str;
// Load numbers from config
- $scrambleNums = explode(':', getConfig('pass_scramble'));
+ $scrambleNums = explode(':', getPassScramble());
// Validate numbers
if (count($scrambleNums) != 40) return $str;
//* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, intval(isExtensionInstalled('sql_patches')) . '/' . intval(isConfigEntrySet('_PRIME')) . '/' . intval(isConfigEntrySet('secret_key')) . '/' . intval(isConfigEntrySet('master_salt')));
if ((isExtensionInstalled('sql_patches')) && (isConfigEntrySet('_PRIME')) && (isConfigEntrySet('secret_key')) && (isConfigEntrySet('master_salt'))) {
// Only calculate when the secret key is generated
- //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, strlen($passHash) . '/' . strlen(getConfig('secret_key')));
- if ((strlen($passHash) != 49) || (strlen(getConfig('secret_key')) != 40)) {
+ //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, strlen($passHash) . '/' . strlen(getSecretKey()));
+ if ((strlen($passHash) != 49) || (strlen(getSecretKey()) != 40)) {
// Both keys must have same length so return unencrypted
- //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, strlen($passHash) . '!=49/' . strlen(getConfig('secret_key')) . '!=40');
+ //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, strlen($passHash) . '!=49/' . strlen(getSecretKey()) . '!=40');
return $ret;
} // END - if
$newHash = ''; $start = 9;
//* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'passHash=' . $passHash . '(' . strlen($passHash) . ')');
for ($idx = 0; $idx < 20; $idx++) {
- $part1 = hexdec(substr($passHash, ($idx * 2) + (strlen($passHash) - strlen(getConfig('secret_key'))), 2));
- $part2 = hexdec(substr(getConfig('secret_key'), $start, 2));
+ $part1 = hexdec(substr($passHash, ($idx * 2) + (strlen($passHash) - strlen(getSecretKey())), 2));
+ $part2 = hexdec(substr(getSecretKey(), $start, 2));
//* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'part1=' . $part1 . '/part2=' . $part2);
$mod = dechex($idx);
if ($part1 > $part2) {
- $mod = dechex(sqrt(($part1 - $part2) * getConfig('_PRIME') / pi()));
+ $mod = dechex(sqrt(($part1 - $part2) * getPrime() / pi()));
} elseif ($part2 > $part1) {
- $mod = dechex(sqrt(($part2 - $part1) * getConfig('_PRIME') / pi()));
+ $mod = dechex(sqrt(($part2 - $part1) * getPrime() / pi()));
}
$mod = substr($mod, 0, 2);
//* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'part1=' . $part1 . '/part2=' . $part2 . '/mod=' . $mod . '(' . strlen($mod) . ')');
} // END - for
//* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, $passHash . ',' . $newHash . ' (' . strlen($newHash) . ')');
- $ret = generateHash($newHash, getConfig('master_salt'));
+ $ret = generateHash($newHash, getMasterSalt());
} // END - if
// Return result
$message = str_replace("\r", '', str_replace("\n", '', $message));
// Log this message away
- $fp = fopen(getConfig('CACHE_PATH') . 'debug.log', 'a') or debug_report_bug(__FUNCTION__, __LINE__, 'Cannot write logfile debug.log!');
+ $fp = fopen(getCachePath() . 'debug.log', 'a') or debug_report_bug(__FUNCTION__, __LINE__, 'Cannot write logfile debug.log!');
fwrite($fp, generateDateTime(time(), '4') . '|' . getModule(false) . '|' . basename($funcFile) . '|' . $line . '|' . $message . "\n");
fclose($fp);
} // END - if
// Determines referal id and sets it
function determineReferalId () {
// Skip this in non-html-mode and outside ref.php
- if ((getOutputMode() != 0) && (basename($_SERVER['PHP_SELF']) != 'ref.php')) return false;
+ if ((getScriptOutputMode() != 0) && (basename($_SERVER['PHP_SELF']) != 'ref.php')) return false;
// Check if refid is set
if ((isset($GLOBALS['refid'])) && ($GLOBALS['refid'] > 0)) {
} elseif (isGetRequestParameterSet('ref')) {
// Set refid=ref (the referal link uses such variable)
$GLOBALS['refid'] = secureString(getRequestParameter('ref'));
- } elseif ((isSessionVariableSet('refid')) && (getSession('refid') != 0)) {
+ } elseif ((isSessionVariableSet('refid')) && (getSession('refid') > 0)) {
// Set session refid als global
$GLOBALS['refid'] = bigintval(getSession('refid'));
- } elseif ((isExtensionInstalledAndNewer('user', '0.3.4')) && (getConfig('select_user_zero_refid') == 'Y')) {
+ } elseif ((isExtensionInstalledAndNewer('user', '0.3.4')) && (isRandomReferalIdEnabled())) {
// Select a random user which has confirmed enougth mails
$GLOBALS['refid'] = determineRandomReferalId();
} elseif ((isExtensionInstalledAndNewer('sql_patches', '0.1.2')) && (getConfig('def_refid') > 0)) {
$files = array();
// Open directory
- $dirPointer = opendir(getConfig('PATH') . $baseDir) or debug_report_bug(__FUNCTION__, __LINE__, 'Cannot read directory ' . basename($baseDir) . '.');
+ $dirPointer = opendir(getPath() . $baseDir) or debug_report_bug(__FUNCTION__, __LINE__, 'Cannot read directory ' . basename($baseDir) . '.');
// Read all entries
while ($baseFile = readdir($dirPointer)) {
// Construct include filename and FQFN
$fileName = $baseDir . $baseFile;
- $FQFN = getConfig('PATH') . $fileName;
+ $FQFN = getPath() . $fileName;
// Remove double slashes
$FQFN = str_replace('//', '/', $FQFN);
// Do we have cache?
if (!isset($GLOBALS['debug_sql_available'])) {
// Check it and cache it in $GLOBALS
- $GLOBALS['debug_sql_available'] = ((isConfigurationLoaded()) && (isExtensionInstalledAndNewer('other', '0.2.2')) && (getConfig('display_debug_sqls') == 'Y'));
+ $GLOBALS['debug_sql_available'] = ((isConfigurationLoaded()) && (isDisplayDebugSqlEnabled()));
} // END - if
// Don't execute anything here if we don't need or ext-other is missing
// Encodes an URL for adding session id, etc.
function encodeUrl ($url, $outputMode = '0') {
// Do we have already have a PHPSESSID inside or view.php is called? Then abort here
- if ((strpos($url, session_name()) !== false) || (getOutputMode() == -3)) return $url;
+ if ((strpos($url, session_name()) !== false) || (getScriptOutputMode() == -3)) return $url;
// Do we have a valid session?
if (((!isset($GLOBALS['valid_session'])) || ($GLOBALS['valid_session'] === false) || (!isset($_COOKIE[session_name()]))) && (isSpider() === false)) {
if (strpos($url, '?') === false) {
// No question mark
$seperator = '?';
- } elseif ((getOutputMode() != '0') || ($outputMode != '0')) {
+ } elseif ((getScriptOutputMode() != '0') || ($outputMode != '0')) {
// Non-HTML mode
$seperator = '&';
}
} // END - if
// Add {?URL?} ?
- if ((substr($url, 0, strlen(getConfig('URL'))) != getConfig('URL')) && (substr($url, 0, 7) != '{?URL?}') && (substr($url, 0, 7) != 'http://') && (substr($url, 0, 8) != 'https://')) {
+ if ((substr($url, 0, strlen(getUrl())) != getUrl()) && (substr($url, 0, 7) != '{?URL?}') && (substr($url, 0, 7) != 'http://') && (substr($url, 0, 8) != 'https://')) {
// Add it
$url = '{?URL?}/' . $url;
} // END - if
// Walk through all entries
foreach ($ds as $d) {
// Generate proper FQFN
- $FQFN = str_replace('//', '/', getConfig('PATH') . $dir . '/' . $d);
+ $FQFN = str_replace('//', '/', getPath() . $dir . '/' . $d);
// Is it a file and readable?
//* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'dir=' . $dir . ',d=' . $d);
return $field;
}
+// Converts a userid so it can be used in SQL queries
+function makeDatabaseUserId ($userid) {
+ // Is it a valid username?
+ if (isValidUserId($userid)) {
+ // Always secure it
+ $userid = bigintval($userid);
+ } else {
+ // Is not valid or zero
+ $userid = 'NULL';
+ }
+
+ // Return it
+ return $userid;
+}
+
//////////////////////////////////////////////////
// AUTOMATICALLY RE-GENERATED MISSING FUNCTIONS //
//////////////////////////////////////////////////