Continued:

[ctracker.git] / libs / lib_general.php

diff --git a/libs/lib_general.php b/libs/lib_general.php
index 84dd1bf0f7818a73db7c5189da467e2dc74f3260..ad4f25bc2e38077a3b0b3c513f6e2e76d644ee65 100644 (file)
--- a/libs/lib_general.php
+++ b/libs/lib_general.php
@@ -2,11 +2,11 @@
 /**
  * General functions library
  *
- * @author             Roland Haeder <webmaster@ship-simu.org>
+ * @author             Roland Haeder <webmaster@shipsimu.org>
  * @version            3.0.0
- * @copyright  Copyright (c) 2009 - 2011 Cracker Tracker Team
+ * @copyright  Copyright (c) 2009 - 2017 Cracker Tracker Team
  * @license            GNU GPL 3.0 or any newer version
- * @link               http://www.ship-simu.org
+ * @link               http://www.shipsimu.org
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -22,61 +22,81 @@
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
  */
 
-if (!function_exists('implode_r')) {
-       // Implode recursive a multi-dimension array, taken from www.php.net
-       function implode_r ($glue, $array, $array_name = NULL) {
-               $return = array();
-               while(list($key,$value) = @each($array)) {
-                       if(is_array($value)) {
-                               // Is an array again, so call recursive
-                               $return[] = implode_r($glue, $value, (string) $key);
+// Implode recursive a multi-dimension array, taken from www.php.net
+function implode_r (string $glue, array $array, string $array_name = NULL) {
+       $return = [];
+       while (list($key,$value) = @each($array)) {
+               if (is_array($value)) {
+                       // Is an array again, so call recursive
+                       $return[] = implode_r($glue, $value, (string) $key);
+               } else {
+                       if ($array_name != NULL) {
+                               $return[] = $array_name . '[' . (string) $key . ']=' . $value . "\n";
                        } else {
-                               if($array_name != NULL) {
-                                       $return[] = $array_name . '[' . (string) $key . ']=' . $value . "\n";
-                               } else {
-                                       $return[] = $key . '=' . $value."\n";
-                               }
+                               $return[] = $key . '=' . $value."\n";
                        }
-               } // END - while
-
-               // Return resulting array
-               return(implode($glue, $return));
-       } // END - function
-} // END - if
-
-if (!function_exists('implode_secure')) {
-       // Implode a simple array with a 'call-back' to our escaper function
-       function implode_secure ($array) {
-               // Return string
-               $return = '';
-
-               // Implode all data
-               foreach ($array as $entry) {
-                       // Don't escape some
-                       if (in_array($entry, array('NOW()'))) {
-                               // Add it with non-string glue
-                               $return .= $entry . ',';
-                       } elseif (empty($entry)) {
-                               // Empty strings need no escaping
-                               $return .= '"",';
-                       } else {
-                               // Secure this string and add it
-                               $return .= '"' . crackerTrackerEscapeString($entry) . '",';
-                       }
-               } // END - foreach
+               }
+       }
+
+       // Return resulting array
+       return implode($glue, $return);
+}
 
-               // Remove last char
-               $return = substr($return, 0, -1);
+// Implode a simple array with a 'call-back' to our escaper function
+function implode_secure (array $array) {
+       // Return string
+       $return = '';
+
+       // Implode all data
+       foreach ($array as $entry) {
+               // Don't escape some
+               if (in_array($entry, array('NOW()'))) {
+                       // Add it with non-string glue
+                       $return .= $entry . ',';
+               } elseif (empty($entry)) {
+                       // Empty strings need no escaping
+                       $return .= '"",';
+               } else {
+                       // Secure this string and add it
+                       $return .= '"' . crackerTrackerEscapeString($entry) . '",';
+               }
+       }
+
+       // Remove last char
+       $return = substr($return, 0, -1);
+
+       // Return this string
+       return $return;
+}
 
-               // Return this string
-               return $return;
-       } // END - function
-} // END - if
+// Load configuration, if found
+function crackerTrackerLoadConfiguration () {
+       // FQFN
+       $fqfn = sprintf('%s/config/db_config.php', $GLOBALS['ctracker_base_path']);
+
+       // Is the file readable?
+       if (!isCrackerTrackerFileFound($fqfn)) {
+               // No config file found
+               die(__FUNCTION__.': No configuration file found.');
+       }
+
+       // Load it
+       require $fqfn;
+
+       // Load email header
+       $GLOBALS['ctracker_header'] = crackerTrackerLoadEmailTemplate('header');
+}
 
 // Getter for ctracker_debug_enabled
 function isCrackerTrackerDebug () {
        // Is it set?
-       return ((isset($GLOBALS['ctracker_debug_enabled'])) && ($GLOBALS['ctracker_debug_enabled'] === TRUE));
+       $result = ((isset($GLOBALS['ctracker_debug_enabled'])) && ($GLOBALS['ctracker_debug_enabled'] === true));
+
+       // Debug message
+       //* DEBUG: */ error_log('result=' . intval($result));
+
+       // Return it
+       return $result;
 }
 
 // Determines the real remote address
@@ -87,20 +107,23 @@ function determineCrackerTrackerRealRemoteAddress () {
        // Is a proxy in use?
        if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
                // Proxy was used
-               $address = $_SERVER['HTTP_X_FORWARDED_FOR'];
+               $address = trim($_SERVER['HTTP_X_FORWARDED_FOR']);
        } elseif (isset($_SERVER['HTTP_CLIENT_IP'])) {
                // Yet, another proxy
-               $address = $_SERVER['HTTP_CLIENT_IP'];
+               $address = trim($_SERVER['HTTP_CLIENT_IP']);
        } elseif (isset($_SERVER['REMOTE_ADDR'])) {
                // The regular address when no proxy was used
-               $address = getenv('REMOTE_ADDR');
+               $address = trim(getenv('REMOTE_ADDR'));
        }
 
-       // This strips out the real address from proxy output
-       if (strstr($address, ',')) {
+       if ($address == 'unknown') {
+               // Invalid IP somehow given
+               $address = '0.0.0.0';
+       } elseif (strstr($address, ',')) {
+               // This strips out the real address from proxy output
                $addressArray = explode(',', $address);
                $address = $addressArray[0];
-       } // END - if
+       }
 
        // Return the result
        return $address;
@@ -116,71 +139,128 @@ function isCrackerTrackerProxyUsed () {
 }
 
 // Detects the user-agent string
-function crackerTrackerUserAgent () {
+function crackerTrackerUserAgent (bool $sanitize = false) {
        // Default is 'unknown'
        $ua = 'unknown';
 
        // Is the entry there?
        if (isset($_SERVER['HTTP_USER_AGENT'])) {
                // Then use it securely
-               $ua = crackerTrackerSecureString($_SERVER['HTTP_USER_AGENT']);
-       } // END - if
+               $ua = crackerTrackerSecureString(urldecode($_SERVER['HTTP_USER_AGENT']));
+       }
+
+       // Sanitize it?
+       if ($sanitize === true) {
+               // Sanitize ...
+               $ua = crackerTrackerSanitize($ua);
+       }
 
        // Return it
        return $ua;
 }
 
 // Detects the script name
-function crackerTrackerScriptName () {
+function crackerTrackerScriptName (bool $sanitize = false) {
+       // Default is NULL
+       $scriptName = NULL;
+
        // Is it there?
-       if (!isset($_SERVER['SCRIPT_NAME'])) {
+       if (!empty($_SERVER['SCRIPT_NAME'])) {
                // Return NULL
-               return NULL;
-       } // END - if
+               $scriptName = crackerTrackerSecureString($_SERVER['SCRIPT_NAME']);
+       }
 
-       // Should always be there!
-       return crackerTrackerSecureString($_SERVER['SCRIPT_NAME']);
+       // Sanitize it?
+       if ($sanitize === true) {
+               // Sanitize ...
+               $scriptName = crackerTrackerSanitize($scriptName);
+       }
+
+       // Return
+       return $scriptName;
 }
 
 // Detects the query string
-function crackerTrackerQueryString () {
+function crackerTrackerQueryString (bool $sanitize = false) {
+       // Default is NULL
+       $query = NULL;
+
        // Is it there?
-       if (!isset($_SERVER['QUERY_STRING'])) {
-               // Return NULL
-               return NULL;
-       } // END - if
+       if (!empty($_SERVER['QUERY_STRING'])) {
+               // Get string escaped
+               $query = crackerTrackerEscapeString(urldecode($_SERVER['QUERY_STRING']));
+       } elseif (!empty($_SERVER['REQUEST_URI'])) {
+               // Get string escaped
+               $query = crackerTrackerEscapeString(urldecode($_SERVER['REQUEST_URI']));
+       }
 
-       // Should always be there!
-       return crackerTrackerEscapeString(urldecode($_SERVER['QUERY_STRING']));
+       // Sanitize it?
+       if ((!empty($query)) && ($sanitize === true)) {
+               // Sanitize ...
+               $query = crackerTrackerSanitize($query);
+       }
+
+       // Return it
+       return $query;
 }
 
 // Detects the server's name
-function crackerTrackerServerName () {
+function crackerTrackerServerName (bool $sanitize = false) {
+       // Default is NULL
+       $serverName = NULL;
+
        // Is it there?
-       if (!isset($_SERVER['SERVER_NAME'])) {
+       if (!empty($_SERVER['SERVER_NAME'])) {
                // Return NULL
-               return NULL;
-       } // END - if
+               $serverName = crackerTrackerSecureString($_SERVER['SERVER_NAME']);
+       }
 
-       // Should always be there!
-       return crackerTrackerSecureString($_SERVER['SERVER_NAME']);
+       // Sanitize it?
+       if ($sanitize === true) {
+               // Sanitize ...
+               $serverName = crackerTrackerSanitize($serverName);
+       }
+
+       // Return it
+       return $serverName;
 }
 
 // Detects the referer
-function crackerTrackerReferer () {
+function crackerTrackerReferer (bool $sanitize = false) {
        // Default is a dash
        $referer = '-';
 
        // Is it there?
-       if (isset($_SERVER['HTTP_REFERER'])) {
+       if (!empty($_SERVER['HTTP_REFERER'])) {
                // Then use it securely
                $referer = crackerTrackerSecureString(urldecode($_SERVER['HTTP_REFERER']));
-       } // END - if
+       }
+
+       // Sanitize it?
+       if ($sanitize === true) {
+               // Sanitize ...
+               $referer = crackerTrackerSanitize($referer);
+       }
 
        // Return it
        return $referer;
 }
 
+// Detects request method
+function crackerTrackerRequestMethod () {
+       // Default is NULL
+       $method = NULL;
+
+       // Is it set?
+       if (!empty($_SERVER['REQUEST_METHOD'])) {
+               // Then use it
+               $method = $_SERVER['REQUEST_METHOD'];
+       }
+
+       // Return it
+       return $method;
+}
+
 // Detects the scripts path
 function crackerTrackerScriptPath () {
        // Should always be there!
@@ -220,8 +300,8 @@ function isCrackerTrackerFileFound ($FQFN) {
 // Loads a given "template" (this is more an include file)
 function crackerTrackerLoadTemplate ($template) {
        // Create the full-qualified filename (FQFN)
-       $FQFN = sprintf('%s/templates/%s.tpl.php',
-               dirname(__FILE__),
+       $FQFN = sprintf('%s/libs/templates/%s.tpl.php',
+               $GLOBALS['ctracker_base_path'],
                $template
        );
 
@@ -241,8 +321,8 @@ function crackerTrackerLoadTemplate ($template) {
 // Loads a given "template" (this is more an include file)
 function crackerTrackerLoadLocalizedTemplate ($template) {
        // Create the full-qualified filename (FQFN)
-       $FQFN = sprintf('%s/templates/%s/%s.tpl.php',
-               dirname(__FILE__),
+       $FQFN = sprintf('%s/libs/templates/%s/%s.tpl.php',
+               $GLOBALS['ctracker_base_path'],
                getCrackerTrackerLanguage(),
                $template
        );
@@ -275,13 +355,13 @@ function crackerTrackerLanguage () {
                                // Use this language/weight instead
                                $GLOBALS['ctracker_language'] = $langArray[0];
                                $weight   = $langArray[1];
-                       } // END - if
-               } // END - foreach
-       } // END - if
+                       }
+               }
+       }
 
        // Construct FQFN
-       $FQFN = sprintf('%s/language/%s.php',
-               dirname(__FILE__),
+       $FQFN = sprintf('%s/libs/language/%s.php',
+               $GLOBALS['ctracker_base_path'],
                getCrackerTrackerLanguage()
        );
 
@@ -291,21 +371,21 @@ function crackerTrackerLanguage () {
                $GLOBALS['ctracker_language'] = 'en';
 
                // Construct FQFN again
-               $FQFN = sprintf('%s/language/en.php', dirname(__FILE__));
-       } // END - if
+               $FQFN = sprintf('%s/libs/language/en.php', $GLOBALS['ctracker_base_path']);
+       }
 
        // Load the language file
        require($FQFN);
 }
 
 // Loads a given email template and passes through $content
-function crackerTrackerLoadEmailTemplate ($template, array $content = array(), $language = NULL) {
+function crackerTrackerLoadEmailTemplate ($template, array $content = [], $language = NULL) {
        // Init language
        crackerTrackerLanguage();
 
        // Generate the FQFN
-       $FQFN = sprintf('%s/mails/%s/%s.tpl',
-               dirname(__FILE__),
+       $FQFN = sprintf('%s/libs/mails/%s/%s.tpl',
+               $GLOBALS['ctracker_base_path'],
                getCrackerTrackerLanguage($language),
                $template
        );
@@ -313,10 +393,11 @@ function crackerTrackerLoadEmailTemplate ($template, array $content = array(), $
        // So is the file there?
        if (isCrackerTrackerFileFound($FQFN)) {
                // Init result
-               $result = 'No result from template ' . $template . '. Please report this at http://forum.ship-simu.org Thank you.';
+               $result = 'No result from template ' . $template . '. Please report this at http://forum.shipsimu.org Thank you.';
 
                // Then load it
-               eval('$result = "' . crackerTrackerCompileCode(file_get_contents($FQFN)) . '";');
+               //* DEBUG-DIE: */ die('<pre>$result = "' . crackerTrackerCompileCode(trim(file_get_contents($FQFN))) . '";</pre>');
+               eval('$result = "' . crackerTrackerCompileCode(trim(file_get_contents($FQFN))) . '";');
 
                // Return the result
                return $result;
@@ -335,7 +416,7 @@ function getCrackerTrackerLocalized ($message) {
        if (isset($GLOBALS['ctracker_localized'][$message])) {
                // Use this instead
                $output = $GLOBALS['ctracker_localized'][$message];
-       } // END - if
+       }
 
        // Return it
        return $output;
@@ -365,7 +446,7 @@ function crackerTrackerCompileCode ($code) {
                        // $content
                        $code = str_replace($match, "\" . \$content['" . $matches[4][$key] . "'] . \"", $code);
                }
-       } // END - foreach
+       }
 
        // Return it
        return $code;
@@ -380,7 +461,7 @@ function getCrackerTrackerLanguage ($lang = NULL) {
        if (!is_null($lang)) {
                // Then use this instead
                $language = $lang;
-       } // END - if
+       }
 
        // Return it
        return $language;
@@ -395,7 +476,7 @@ function getCrackerTrackerTicketId () {
        if (isset($GLOBALS['ctracker_last_ticket']['ctracker_ticket'])) {
                // Then use it
                $id = $GLOBALS['ctracker_last_ticket']['ctracker_ticket'];
-       } // END - if
+       }
 
        // Return the number
        return $id;
@@ -405,7 +486,7 @@ function getCrackerTrackerTicketId () {
 function sendCrackerTrackerCookie () {
        // Set the cookie
        // @TODO Why can't domain be set to value from crackerTrackerServerName() ?
-       setcookie('ctracker_ticket', getCrackerTrackerTicketId(), (time() + 60*60*24), '/', '', crackerTrackerSecured(), TRUE);
+       setcookie('ctracker_ticket', getCrackerTrackerTicketId(), (time() + 60*60*24), '/', '', crackerTrackerSecured(), true);
        $_COOKIE['ctracker_ticket'] = getCrackerTrackerTicketId();
 }
 
@@ -417,20 +498,13 @@ function ifCrackerTrackerCookieIsSet () {
 
 // Redirects to the same URL
 function crackerTrackerRedirectSameUrl () {
-       // Construct the url
-       $url = '://' . crackerTrackerServerName() . crackerTrackerScriptName() . '?' . crackerTrackerQueryString();
-
-       // Do we have SSL?
-       if (crackerTrackerSecured()) {
-               // HTTPS
-               $url = 'https' . $url;
-       } else {
-               // HTTP
-               $url = 'http' . $url;
-       }
-
-       // And redirect
-       crackerTrackerSendRawRedirect($url);
+       // Construct and redirect to same URL
+       crackerTrackerSendRawRedirect(sprintf('%s://%s%s?%s',
+               (crackerTrackerSecured() ? 'https' : 'http'),
+               crackerTrackerServerName(),
+               crackerTrackerScriptName(),
+               crackerTrackerQueryString()
+       ));
 }
 
 /**
@@ -441,7 +515,6 @@ function crackerTrackerRedirectSameUrl () {
  *
  * @link    http://support.microsoft.com/kb/q176113/
  * @author  Andreas Gohr <andi@splitbrain.org>
- * @access  private
  */
 function crackerTrackerSendRawRedirect ($url) {
        // Better remove any data by ctracker
@@ -455,7 +528,7 @@ function crackerTrackerSendRawRedirect ($url) {
 
        // check if running on IIS < 6 with CGI-PHP
        if ((isset($_SERVER['SERVER_SOFTWARE'])) && (isset($_SERVER['GATEWAY_INTERFACE'])) &&
-               (strpos($_SERVER['GATEWAY_INTERFACE'],'CGI') !== FALSE) &&
+               (strpos($_SERVER['GATEWAY_INTERFACE'],'CGI') !== false) &&
                (preg_match('|^Microsoft-IIS/(\d)\.\d$|', trim($_SERVER['SERVER_SOFTWARE']), $matches)) &&
                ($matches[1] < 6)) {
                // Send the IIS header
@@ -469,8 +542,12 @@ function crackerTrackerSendRawRedirect ($url) {
 
 // Removes all ctracker-related data from global space
 function unsetCtrackerData () {
+       // Debug message
+       //* DEBUG: */ error_log(__FUNCTION__ . ': CALLED!');
+
        // Unset all ctracker data
        foreach (array(
+                       'ctracker_base_path',
                        'ctracker_host',
                        'ctracker_dbname',
                        'ctracker_user',
@@ -482,8 +559,9 @@ function unsetCtrackerData () {
                        'ctracker_post_blacklist',
                        'ctracker_header',
                        'ctracker_post_track',
-                       'ctracker_checkworm',
-                       'ctracker_check_post',
+                       'ctracker_checked_get',
+                       'ctracker_checked_post',
+                       'ctracker_checked_ua',
                        'ctracker_last_sql',
                        'ctracker_last_result',
                        'ctracker_config',
@@ -491,11 +569,56 @@ function unsetCtrackerData () {
                        'ctracker_language',
                        'ctracker_localized',
                        'ctracker_link',
+                       'ctracker_blocked_methods',
                ) as $key) {
                        // Unset it
                        unset($GLOBALS[$key]);
-       } // END - foreach
+       }
+}
+
+// Sanitizes string
+function crackerTrackerSanitize ($str) {
+       return str_replace(array('//', '/./'), array('/', '/'), $str);
+}
+
+function crackerTrackerIsConsole () {
+       return (php_sapi_name() == 'cli');
+}
+
+function ctrackerAntiSpamField () {
+       // Get all fields
+       $fields = ctrackerGetAntiSpamFields();
+
+       // Choose random
+       $fieldName = $fields[mt_rand(0, count($fields) - 1)];
+
+       // Return it
+       return $fieldName;
+}
+
+function ctrackerGetAntiSpamFields () {
+       return [
+               'ctracker_url',
+               'ctracker_aol',
+               'ctracker_yahoo',
+               'ctracker_icq',
+               'ctracker_jabber',
+       ];
 }
 
-// [EOF]
-?>
+function ifCtrackerTrackerAntiSpamFieldGiven () {
+       // Is request method POST?
+       if (crackerTrackerRequestMethod() != 'POST') {
+               // Cannot be given
+               return false;
+       }
+
+       // Walk through all fields
+       foreach (ctrackerGetAntiSpamFields() as $fieldName) {
+               // Is one found?
+               if (in_array($fieldName, $_POST) && !empty($_POST[$fieldName])) {
+                       // Filled out!
+                       return true;
+               }
+       }
+}