X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=inc%2Ffunctions.php;h=0f96686c20698392812a06755c7db34096dde385;hb=0e104a9282a1cdc7d769bbccb03bd3462aa8f4e0;hp=fbfc36201714a216853d3f13295b90e057134500;hpb=c72268213d4d4829d845d39c101bb08fbe4ed79a;p=mailer.git
diff --git a/inc/functions.php b/inc/functions.php
index fbfc362017..0f96686c20 100644
--- a/inc/functions.php
+++ b/inc/functions.php
@@ -6,19 +6,17 @@
* -------------------------------------------------------------------- *
* File : functions.php *
* -------------------------------------------------------------------- *
- * Short description : Many non-MySQL functions (also file access) *
+ * Short description : Many non-database functions (also file access) *
* -------------------------------------------------------------------- *
- * Kurzbeschreibung : Viele Nicht-MySQL-Funktionen (auch Dateizugriff) *
+ * Kurzbeschreibung : Viele Nicht-Datenbank-Funktionen *
* -------------------------------------------------------------------- *
* $Revision:: $ *
* $Date:: $ *
* $Tag:: 0.2.1-FINAL $ *
* $Author:: $ *
- * Needs to be in all Files and every File needs "svn propset *
- * svn:keywords Date Revision" (autoprobset!) at least!!!!!! *
* -------------------------------------------------------------------- *
* Copyright (c) 2003 - 2009 by Roland Haeder *
- * Copyright (c) 2009, 2010 by Mailer Developer Team *
+ * Copyright (c) 2009 - 2011 by Mailer Developer Team *
* For more information visit: http://www.mxchange.org *
* *
* This program is free software; you can redistribute it and/or modify *
@@ -42,24 +40,6 @@ if (!defined('__SECURITY')) {
die();
} // END - if
-// Sends out all headers required for HTTP/1.1 reply
-function sendHttpHeaders () {
- // Used later
- $now = gmdate('D, d M Y H:i:s') . ' GMT';
-
- // Send HTTP header
- sendHeader('HTTP/1.1 ' . getHttpStatus());
-
- // General headers for no caching
- sendHeader('Expires: ' . $now); // RFC2616 - Section 14.21
- sendHeader('Last-Modified: ' . $now);
- sendHeader('Cache-Control: no-store, no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0'); // HTTP/1.1
- sendHeader('Pragma: no-cache'); // HTTP/1.0
- sendHeader('Connection: Close');
- sendHeader('Content-Type: ' . getContentType() . '; charset=UTF-8');
- sendHeader('Content-Language: ' . getLanguage());
-}
-
// Init fatal message array
function initFatalMessages () {
$GLOBALS['fatal_messages'] = array();
@@ -89,7 +69,7 @@ function addFatalMessage ($F, $L, $message, $extra = '') {
// Getter for total fatal message count
function getTotalFatalErrors () {
- // Init coun
+ // Init count
$count = '0';
// Do we have at least the first entry?
@@ -104,70 +84,68 @@ function getTotalFatalErrors () {
// Send mail out to an email address
function sendEmail ($toEmail, $subject, $message, $isHtml = 'N', $mailHeader = '') {
- //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, "TO={$toEmail},SUBJECT={$subject}
");
-
- // Compile subject line (for POINTS constant etc.)
- eval('$subject = decodeEntities("' . compileRawCode(escapeQuotes($subject)) . '");');
+ //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'toEmail=' . $toEmail . ',subject=' . $subject . ',isHtml=' . $isHtml);
+ // Empty parameters should be avoided, so we need to find them
+ if (empty($isHtml)) {
+ // isHtml is empty
+ debug_report_bug(__FUNCTION__, __LINE__, 'isHtml is empty.');
+ } // END - if
// Set from header
if ((!isInStringIgnoreCase('@', $toEmail)) && ($toEmail > 0)) {
- // Value detected, is the message extension installed?
- // @TODO Extension 'msg' does not exist
- if (isExtensionActive('msg')) {
- ADD_MESSAGE_TO_BOX($toEmail, $subject, $message, $isHtml);
- return;
+ // Does the user exist?
+ if ((isExtensionActive('user')) && (fetchUserData($toEmail))) {
+ // Get the email
+ $toEmail = getUserData('email');
} else {
- // Does the user exist?
- if (fetchUserData($toEmail)) {
- // Get the email
- $toEmail = getUserData('email');
- } else {
- // Set webmaster
- $toEmail = getConfig('WEBMASTER');
- }
+ // Set webmaster
+ $toEmail = getWebmaster();
}
} elseif ($toEmail == '0') {
// Is the webmaster!
- $toEmail = getConfig('WEBMASTER');
+ $toEmail = getWebmaster();
}
- //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, "TO={$toEmail}
");
+ //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'TO=' . $toEmail);
// Check for PHPMailer or debug-mode
if ((!checkPhpMailerUsage()) || (isDebugModeEnabled())) {
+ // Prefix is '' for text mails
+ $prefix = '';
+
+ // Is HTML?
+ if ($isHtml == 'Y') {
+ // Set prefix
+ $prefix = 'html_';
+ } // END - if
+
// Not in PHPMailer-Mode
if (empty($mailHeader)) {
// Load email header template
- $mailHeader = loadEmailTemplate('header');
+ $mailHeader = loadEmailTemplate($prefix . 'header');
} else {
// Append header
- $mailHeader .= loadEmailTemplate('header');
+ $mailHeader .= loadEmailTemplate($prefix . 'header');
}
} // END - if
- // Fix HTML parameter (default is no!)
- if (empty($isHtml)) $isHtml = 'N';
-
// Debug mode enabled?
if (isDebugModeEnabled()) {
// In debug mode we want to display the mail instead of sending it away so we can debug this part
outputHtml('
-Headers : ' . encodeEntities(utf8_decode(trim($mailHeader))) . ' -To : ' . encodeEntities(utf8_decode($toEmail)) . ' -Subject : ' . encodeEntities(utf8_decode($subject)) . ' -Message : ' . encodeEntities(utf8_decode($message)) . ' +Headers : ' . htmlentities(utf8_decode(trim($mailHeader))) . ' +To : ' . htmlentities(utf8_decode($toEmail)) . ' +Subject : ' . htmlentities(utf8_decode($subject)) . ' +Message : ' . htmlentities(utf8_decode($message)) . ''); // This is always fine return true; - } elseif (($isHtml == 'Y') && (isExtensionActive('html_mail'))) { - // Send mail as HTML away - return sendHtmlEmail($toEmail, $subject, $message, $mailHeader); } elseif (!empty($toEmail)) { // Send Mail away return sendRawEmail($toEmail, $subject, $message, $mailHeader); } elseif ($isHtml != 'Y') { - // Problem found! - return sendRawEmail(getConfig('WEBMASTER'), '[PROBLEM:]' . $subject, $message, $mailHeader); + // Problem detected while sending a mail, forward it to admin + return sendRawEmail(getWebmaster(), '[PROBLEM:]' . $subject, $message, $mailHeader); } // Why did we end up here? This should not happen @@ -182,12 +160,17 @@ function checkPhpMailerUsage() { } // Send out a raw email with PHPMailer class or legacy mail() command -function sendRawEmail ($toEmail, $subject, $message, $from) { - // Just compile all again, to put out all configs, etc. - eval('$toEmail = decodeEntities("' . doFinalCompilation(compileRawCode(escapeQuotes($toEmail)), false) . '");'); - eval('$subject = decodeEntities("' . doFinalCompilation(compileRawCode(escapeQuotes($subject)), false) . '");'); - eval('$message = decodeEntities("' . doFinalCompilation(compileRawCode(escapeQuotes($message)), false) . '");'); - eval('$from = decodeEntities("' . doFinalCompilation(compileRawCode(escapeQuotes($from)) , false) . '");'); +function sendRawEmail ($toEmail, $subject, $message, $headers) { + // Just compile all to put out all configs, etc. + $eval = '$toEmail = decodeEntities("' . escapeQuotes(doFinalCompilation(compileRawCode($toEmail), false)) . '"); '; + $eval .= '$subject = decodeEntities("' . escapeQuotes(doFinalCompilation(compileRawCode($subject), false)) . '"); '; + $eval .= '$headers = decodeEntities("' . escapeQuotes(doFinalCompilation(compileRawCode($headers), false)) . '"); '; + + // Do not decode entities in the message because we also send HTML mails through this function + $eval .= '$message = "' . escapeQuotes(doFinalCompilation(compileRawCode($message), false)) . '";'; + + // Run the final eval() command + eval($eval); // Shall we use PHPMailer class or legacy mode? if (checkPhpMailerUsage()) { @@ -210,10 +193,10 @@ function sendRawEmail ($toEmail, $subject, $message, $from) { $mail->Port = 25; $mail->Username = getConfig('SMTP_USER'); $mail->Password = getConfig('SMTP_PASSWORD'); - if (empty($from)) { - $mail->From = getConfig('WEBMASTER'); + if (empty($headers)) { + $mail->From = getWebmaster(); } else { - $mail->From = $from; + $mail->From = $headers; } $mail->FromName = getMainTitle(); $mail->Subject = $subject; @@ -225,10 +208,12 @@ function sendRawEmail ($toEmail, $subject, $message, $from) { } else { $mail->Body = decodeEntities($message); } + $mail->AddAddress($toEmail, ''); - $mail->AddReplyTo(getConfig('WEBMASTER'), getMainTitle()); - $mail->AddCustomHeader('Errors-To:' . getConfig('WEBMASTER')); - $mail->AddCustomHeader('X-Loop:' . getConfig('WEBMASTER')); + $mail->AddReplyTo(getWebmaster(), getMainTitle()); + $mail->AddCustomHeader('Errors-To:' . getWebmaster()); + $mail->AddCustomHeader('X-Loop:' . getWebmaster()); + $mail->AddCustomHeader('Bounces-To:' . getWebmaster()); $mail->Send(); // Has an error occured? @@ -244,18 +229,23 @@ function sendRawEmail ($toEmail, $subject, $message, $from) { } } else { // Use legacy mail() command - return mail($toEmail, $subject, decodeEntities($message), $from); + return mail($toEmail, $subject, decodeEntities($message), $headers); } } // Generate a password in a specified length or use default password length -function generatePassword ($length = '0') { +function generatePassword ($length = '0', $exclude = array()) { // Auto-fix invalid length of zero - if ($length == '0') $length = getConfig('pass_len'); + if ($length == '0') { + $length = getPassLen(); + } // END - if // Initialize array with all allowed chars $ABC = explode(',', 'a,b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z,A,B,C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,X,Y,Z,0,1,2,3,4,5,6,7,8,9,-,+,_,/,.'); + // Exclude some entries + $ABC = array_diff($ABC, $exclude); + // Start creating password $PASS = ''; for ($i = '0'; $i < $length; $i++) { @@ -276,7 +266,7 @@ function generatePassword ($length = '0') { // Generates a human-readable timestamp from the Uni* stamp function generateDateTime ($time, $mode = '0') { // If the stamp is zero it mostly didn't "happen" - if ($time == '0') { + if (($time == '0') || (is_null($time))) { // Never happend return '{--NEVER_HAPPENED--}'; } // END - if @@ -301,10 +291,11 @@ function generateDateTime ($time, $mode = '0') { case '4': $ret = date('d.m.Y|H:i:s', $time); break; case '5': $ret = date('d-m-Y (l-F-T)', $time); break; case '6': $ret = date('Ymd', $time); break; + case '7': $ret = date('Y-m-d H:i:s', $time); break; // Compatible with MySQL TIMESTAMP default: logDebugMessage(__FUNCTION__, __LINE__, sprintf("Invalid date mode %s detected.", $mode)); break; - } + } // END - switch break; default: // Default is the US date / time format! @@ -316,6 +307,7 @@ function generateDateTime ($time, $mode = '0') { case '4': $ret = date('d.m.Y|H:i:s', $time); break; case '5': $ret = date('d-m-Y (l-F-T)', $time); break; case '6': $ret = date('Ymd', $time); break; + case '7': $ret = date('Y-m-d H:i:s', $time); break; // Compatible with MySQL TIMESTAMP default: logDebugMessage(__FUNCTION__, __LINE__, sprintf("Invalid date mode %s detected.", $mode)); break; @@ -349,25 +341,23 @@ function translateYesNo ($yn) { return $GLOBALS[__FUNCTION__][$yn]; } -// Translates the "pool type" into human-readable -function translatePoolType ($type) { - // Return "translation" - return sprintf("{--POOL_TYPE_%s--}", $type); -} - // Translates the american decimal dot into a german comma function translateComma ($dotted, $cut = true, $max = '0') { // First, cast all to double, due to PHP changes $dotted = (double) $dotted; - // Default is 3 you can change this in admin area "Misc -> Misc Options" - if (!isConfigEntrySet('max_comma')) setConfigEntry('max_comma', 3); + // Default is 3 you can change this in admin area "Settings -> Misc Options" + if (!isConfigEntrySet('max_comma')) { + setConfigEntry('max_comma', 3); + } // END - if // Use from config is default $maxComma = getConfig('max_comma'); // Use from parameter? - if ($max > 0) $maxComma = $max; + if ($max > 0) { + $maxComma = $max; + } // END - if // Cut zeros off? if (($cut === true) && ($max == '0')) { @@ -376,25 +366,26 @@ function translateComma ($dotted, $cut = true, $max = '0') { if (count($com) < 2) { // Don't display commatas even if there are none... ;-) $maxComma = '0'; - } + } // END - if } // END - if // Debug log - //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, "dotted={$dotted},maxComma={$maxComma}"); // Translate it now + $translated = $dotted; switch (getLanguage()) { case 'de': // German language - $dotted = number_format($dotted, $maxComma, ',', '.'); + $translated = number_format($dotted, $maxComma, ',', '.'); break; default: // All others - $dotted = number_format($dotted, $maxComma, '.', ','); + $translated = number_format($dotted, $maxComma, '.', ','); break; } // END - switch // Return translated value - return $dotted; + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'dotted=' . $dotted . ',translated=' . $translated . ',maxComma=' . $maxComma); + return $translated; } // Translate Uni*-like gender to human-readable @@ -404,9 +395,12 @@ function translateGender ($gender) { // Male/female or company? switch ($gender) { - case 'M': $ret = '{--GENDER_M--}'; break; - case 'F': $ret = '{--GENDER_F--}'; break; - case 'C': $ret = '{--GENDER_C--}'; break; + case 'M': // Male + case 'F': // Female + case 'C': // Company + $ret = sprintf("{--GENDER_%s--}", $gender); + break; + default: // Please report bugs on unknown genders debug_report_bug(__FUNCTION__, __LINE__, sprintf("Unknown gender %s detected.", $gender)); @@ -419,22 +413,25 @@ function translateGender ($gender) { // "Translates" the user status function translateUserStatus ($status) { + // Default status is unknown if something goes through + $ret = '{--ACCOUNT_STATUS_UNKNOWN--}'; + // Generate message depending on status switch ($status) { case 'UNCONFIRMED': case 'CONFIRMED': case 'LOCKED': - $ret = sprintf("{--ACCOUNT_%s--}", $status); + $ret = sprintf("{--ACCOUNT_STATUS_%s--}", $status); break; case '': case null: - $ret = '{--ACCOUNT_DELETED--}'; + $ret = '{--ACCOUNT_STATUS_DELETED--}'; break; default: // Please report all unknown status - debug_report_bug(__FUNCTION__, __LINE__, sprintf("Unknown status %s detected.", $status)); + debug_report_bug(__FUNCTION__, __LINE__, sprintf("Unknown status %s(%s) detected.", $status, gettype($status))); break; } // END - switch @@ -444,6 +441,9 @@ function translateUserStatus ($status) { // "Translates" 'visible' and 'locked' to a CSS class function translateMenuVisibleLocked ($content, $prefix = '') { + // Default is 'menu_unknown' + $content['visible_css'] = $prefix . 'menu_unknown'; + // Translate 'visible' and keep an eye on the prefix switch ($content['visible']) { // Should be visible @@ -471,22 +471,22 @@ function translateMenuVisibleLocked ($content, $prefix = '') { } // Generates an URL for the dereferer -function generateDerefererUrl ($URL) { +function generateDerefererUrl ($url) { // Don't de-refer our own links! - if (substr($URL, 0, strlen(getUrl())) != getUrl()) { + if (substr($url, 0, strlen(getUrl())) != getUrl()) { // De-refer this link - $URL = '{%url=modules.php?module=loader&url=' . encodeString(compileUriCode($URL)) . '%}'; + $url = '{%url=modules.php?module=loader&url=' . encodeString(compileUriCode($url)) . '%}'; } // END - if // Return link - return $URL; + return $url; } // Generates an URL for the frametester -function generateFrametesterUrl ($URL) { +function generateFrametesterUrl ($url) { // Prepare frametester URL $frametesterUrl = sprintf("{%%url=modules.php?module=frametester&url=%s%%}", - encodeString(compileUriCode($URL)) + encodeString(compileUriCode($url)) ); // Return the new URL @@ -498,7 +498,7 @@ function countSelection ($array) { // Integrity check if (!is_array($array)) { // Not an array! - debug_report_bug(__FUNCTION__.': No array provided.'); + debug_report_bug(__FUNCTION__, __LINE__, 'No array provided.'); } // END - if // Init count @@ -533,53 +533,43 @@ function makeTime ($hours, $minutes, $seconds, $stamp) { } // Redirects to an URL and if neccessarry extends it with own base URL -function redirectToUrl ($URL, $allowSpider = true) { +function redirectToUrl ($url, $allowSpider = true) { // Remove {%url= - if (substr($URL, 0, 6) == '{%url=') $URL = substr($URL, 6, -2); + if (substr($url, 0, 6) == '{%url=') { + $url = substr($url, 6, -2); + } // END - if // Compile out codes - eval('$URL = "' . compileRawCode(encodeUrl($URL)) . '";'); + eval('$url = "' . compileRawCode(encodeUrl($url)) . '";'); // Default 'rel' value is external, nofollow is evil from Google and hurts the Internet $rel = ' rel="external"'; // Do we have internal or external URL? - if (substr($URL, 0, strlen(getUrl())) == getUrl()) { + if (substr($url, 0, strlen(getUrl())) == getUrl()) { // Own (=internal) URL $rel = ''; } // END - if // Three different ways to debug... - //* DEBUG: */ debug_report_bug(__FUNCTION__, __LINE__, sprintf("%s[%s:] URL=%s", __FUNCTION__, __LINE__, $URL)); - //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'URL=' . $URL); - //* DEBUG: */ die($URL); - - // Simple probe for bots/spiders from search engines - if ((isSpider()) && ($allowSpider === true)) { - // Set HTTP-Status - setHttpStatus('200 OK'); + //* DEBUG: */ debug_report_bug(__FUNCTION__, __LINE__, 'URL=' . $url); + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'URL=' . $url); + //* DEBUG: */ die($url); - // Set content-type here to fix a missing array element - setContentType('text/html'); - - // Output new location link as anchor - outputHtml('' . secureString($URL) . ''); - } elseif (!headers_sent()) { + // We should not sent a redirect if headers are already sent + if (!headers_sent()) { // Clear output buffer clearOutputBuffer(); // Clear own output buffer $GLOBALS['output'] = ''; - // Set header - setHttpStatus('302 Found'); - // Load URL when headers are not sent - sendRawRedirect(doFinalCompilation(str_replace('&', '&', $URL), false)); + sendRawRedirect(doFinalCompilation(str_replace('&', '&', $url), false)); } else { // Output error message loadInclude('inc/header.php'); - loadTemplate('redirect_url', false, str_replace('&', '&', $URL)); + loadTemplate('redirect_url', false, str_replace('&', '&', $url)); loadInclude('inc/footer.php'); } @@ -604,26 +594,26 @@ function redirectToUrl ($URL, $allowSpider = true) { * * ************************************************************************/ function array_pk_sort (&$array, $a_sort, $primary_key = '0', $order = -1, $nums = false) { - $dummy = $array; + $temporaryArray = $array; while ($primary_key < count($a_sort)) { - foreach ($dummy[$a_sort[$primary_key]] as $key => $value) { - foreach ($dummy[$a_sort[$primary_key]] as $key2 => $value2) { + foreach ($temporaryArray[$a_sort[$primary_key]] as $key => $value) { + foreach ($temporaryArray[$a_sort[$primary_key]] as $key2 => $value2) { $match = false; if ($nums === false) { // Sort byte-by-byte (also numbers will be interpreted as chars! E.g.: "9" > "10") - if (($key != $key2) && (strcmp(strtolower($dummy[$a_sort[$primary_key]][$key]), strtolower($dummy[$a_sort[$primary_key]][$key2])) == $order)) $match = true; + if (($key != $key2) && (strcmp(strtolower($temporaryArray[$a_sort[$primary_key]][$key]), strtolower($temporaryArray[$a_sort[$primary_key]][$key2])) == $order)) $match = true; } elseif ($key != $key2) { // Sort numbers (E.g.: 9 < 10) - if (($dummy[$a_sort[$primary_key]][$key] < $dummy[$a_sort[$primary_key]][$key2]) && ($order == -1)) $match = true; - if (($dummy[$a_sort[$primary_key]][$key] > $dummy[$a_sort[$primary_key]][$key2]) && ($order == 1)) $match = true; + if (($temporaryArray[$a_sort[$primary_key]][$key] < $temporaryArray[$a_sort[$primary_key]][$key2]) && ($order == -1)) $match = true; + if (($temporaryArray[$a_sort[$primary_key]][$key] > $temporaryArray[$a_sort[$primary_key]][$key2]) && ($order == 1)) $match = true; } if ($match) { // We have found two different values, so let's sort whole array - foreach ($dummy as $sort_key => $sort_val) { - $t = $dummy[$sort_key][$key]; - $dummy[$sort_key][$key] = $dummy[$sort_key][$key2]; - $dummy[$sort_key][$key2] = $t; + foreach ($temporaryArray as $sort_key => $sort_val) { + $t = $temporaryArray[$sort_key][$key]; + $temporaryArray[$sort_key][$key] = $temporaryArray[$sort_key][$key2]; + $temporaryArray[$sort_key][$key2] = $t; unset($t); } // END - foreach } // END - if @@ -635,30 +625,38 @@ function array_pk_sort (&$array, $a_sort, $primary_key = '0', $order = -1, $nums } // END - while // Write back sorted array - $array = $dummy; + $array = $temporaryArray; } // -// Deprecated : $length -// Optional : $DATA +// Deprecated : $length (still has one reference in this function) +// Optional : $extraData // -function generateRandomCode ($length, $code, $userid, $DATA = '') { +function generateRandomCode ($length, $code, $userid, $extraData = '') { // Build server string - $server = $_SERVER['PHP_SELF'] . getEncryptSeperator() . detectUserAgent() . getEncryptSeperator() . getenv('SERVER_SOFTWARE') . getEncryptSeperator() . detectRemoteAddr(); + $server = $_SERVER['PHP_SELF'] . getEncryptSeperator() . detectUserAgent() . getEncryptSeperator() . getenv('SERVER_SOFTWARE') . getEncryptSeperator() . detectRealIpAddress() . getEncryptSeperator() . detectRemoteAddr(); // Build key string - $keys = getConfig('SITE_KEY') . getEncryptSeperator() . getConfig('DATE_KEY'); - if (isConfigEntrySet('secret_key')) $keys .= getEncryptSeperator().getSecretKey(); - if (isConfigEntrySet('file_hash')) $keys .= getEncryptSeperator().getFileHash(); - $keys .= getEncryptSeperator() . getDateFromPatchTime(); - if (isConfigEntrySet('master_salt')) $keys .= getEncryptSeperator().getMasterSalt(); + $keys = getSiteKey() . getEncryptSeperator() . getDateKey(); + if (isConfigEntrySet('secret_key')) { + $keys .= getEncryptSeperator() . getSecretKey(); + } // END - if + if (isConfigEntrySet('file_hash')) { + $keys .= getEncryptSeperator() . getFileHash(); + } // END - if + $keys .= getEncryptSeperator() . getDateFromRepository(); + if (isConfigEntrySet('master_salt')) { + $keys .= getEncryptSeperator() . getMasterSalt(); + } // END - if // Build string from misc data - $data = $code . getEncryptSeperator() . $userid . getEncryptSeperator() . $DATA; + $data = $code . getEncryptSeperator() . $userid . getEncryptSeperator() . $extraData; // Add more additional data - if (isSessionVariableSet('u_hash')) $data .= getEncryptSeperator() . getSession('u_hash'); + if (isSessionVariableSet('u_hash')) { + $data .= getEncryptSeperator() . getSession('u_hash'); + } // END - if // Add referal id, language, theme and userid $data .= getEncryptSeperator() . determineReferalId(); @@ -671,25 +669,28 @@ function generateRandomCode ($length, $code, $userid, $DATA = '') { if (isConfigEntrySet('master_salt')) { // Generate hash with master salt from modula of number with the prime number and other data - $saltedHash = generateHash(($a % getPrime()) . getEncryptSeperator() . $server . getEncryptSeperator() . $keys . getEncryptSeperator() . $data . getEncryptSeperator() . getConfig('DATE_KEY') . getEncryptSeperator() . $a, getMasterSalt()); - - // Create number from hash - $rcode = hexdec(substr($saltedHash, strlen(getMasterSalt()), 9)) / abs(getConfig('rand_no') - $a + sqrt(getConfig('_ADD'))) / pi(); + $saltedHash = generateHash(($a % getPrime()) . getEncryptSeperator() . $server . getEncryptSeperator() . $keys . getEncryptSeperator() . $data . getEncryptSeperator() . getDateKey() . getEncryptSeperator() . $a, getMasterSalt()); } else { // Generate hash with "hash of site key" from modula of number with the prime number and other data - $saltedHash = generateHash(($a % getPrime()) . getEncryptSeperator() . $server . getEncryptSeperator() . $keys . getEncryptSeperator() . $data . getEncryptSeperator() . getConfig('DATE_KEY') . getEncryptSeperator() . $a, substr(sha1(getConfig('SITE_KEY')), 0, getSaltLength())); - - // Create number from hash - $rcode = hexdec(substr($saltedHash, 8, 9)) / abs(getConfig('rand_no') - $a + sqrt(getConfig('_ADD'))) / pi(); + $saltedHash = generateHash(($a % getPrime()) . getEncryptSeperator() . $server . getEncryptSeperator() . $keys . getEncryptSeperator() . $data . getEncryptSeperator() . getDateKey() . getEncryptSeperator() . $a, substr(sha1(getSiteKey()), 0, getSaltLength())); } + // Create number from hash + $rcode = hexdec(substr($saltedHash, getSaltLength(), 9)) / abs(getRandNo() - $a + sqrt(getConfig('_ADD'))) / pi(); + // At least 10 numbers shall be secure enought! - $len = getConfig('code_length'); - if ($len == '0') $len = $length; - if ($len == '0') $len = 10; + if (isExtensionActive('other')) { + $len = getCodeLength(); + } else { + $len = $length; + } // END - if + + if ($len == '0') { + $len = 10; + } // END - if - // Cut off requested counts of number - $return = substr(str_replace('.', '', $rcode), 0, $len); + // Cut off requested counts of number, but skip first digit (which is mostly a zero) + $return = substr($rcode, (strpos($rcode, '.') + 1), $len); // Done building code return $return; @@ -701,12 +702,15 @@ function bigintval ($num, $castValue = true, $abortOnMismatch = true) { $ret = preg_replace('/[^0123456789]/', '', $num); // Shall we cast? - if ($castValue === true) $ret = (double)$ret; + if ($castValue === true) { + // Cast to biggest numeric type + $ret = (double) $ret; + } // END - if // Has the whole value changed? - if (('' . $ret . '' != '' . $num . '') && ($abortOnMismatch === true)) { + if (('' . $ret . '' != '' . $num . '') && ($abortOnMismatch === true) && (!is_null($num))) { // Log the values - debug_report_bug(__FUNCTION__, __LINE__, 'Problem with number found. ret=' . $ret . ', num='. $num); + debug_report_bug(__FUNCTION__, __LINE__, 'Problem with number found. ret[' . gettype($ret) . ']=' . $ret . ', num[' . gettype($num) . ']='. $num); } // END - if // Return result @@ -714,7 +718,7 @@ function bigintval ($num, $castValue = true, $abortOnMismatch = true) { } // Creates a Uni* timestamp from given selection data and prefix -function createTimestampFromSelections ($prefix, $postData) { +function createEpocheTimeFromSelections ($prefix, $postData) { // Initial return value $ret = '0'; @@ -724,7 +728,9 @@ function createTimestampFromSelections ($prefix, $postData) { $M1 = getMonth(); // If so and if current time is before 02/29 and estimated time is after 02/29 then add 86400 seconds (one day) - if ((floor($TEST) == $TEST) && ($M1 == '02') && ($postData[$prefix . '_mo'] > '02')) $SWITCH = getConfig('ONE_DAY'); + if ((floor($TEST) == $TEST) && ($M1 == '02') && ($postData[$prefix . '_mo'] > '02')) { + $SWITCH = getOneDay(); + } // END - if // First add years... $ret += $postData[$prefix . '_ye'] * (31536000 + $SWITCH); @@ -756,10 +762,10 @@ function createFancyTime ($stamp) { // Get data array with years/months/weeks/days/... $data = createTimeSelections($stamp, '', '', '', true); $ret = ''; - foreach($data as $k => $v) { + foreach ($data as $k => $v) { if ($v > 0) { // Value is greater than 0 "eval" data to return string - eval('$ret .= ", ".$v." {--_' . strtoupper($k) . '--}";'); + $ret .= ', ' . $v . ' {--_' . strtoupper($k) . '--}'; break; } // END - if } // END - foreach @@ -793,7 +799,9 @@ function extractHostnameFromUrl (&$script) { // Extract host name $host = str_replace('http://', '', $url); - if (isInString('/', $host)) $host = substr($host, 0, strpos($host, '/')); + if (isInString('/', $host)) { + $host = substr($host, 0, strpos($host, '/')); + } // END - if // Generate relative URL //* DEBUG: */ debugOutput('SCRIPT=' . $script); @@ -806,285 +814,14 @@ function extractHostnameFromUrl (&$script) { } //* DEBUG: */ debugOutput('SCRIPT=' . $script); - if (substr($script, 0, 1) == '/') $script = substr($script, 1); + if (substr($script, 0, 1) == '/') { + $script = substr($script, 1); + } // END - if // Return host name return $host; } -// Send a GET request -function sendGetRequest ($script, $data = array()) { - // Extract host name from script - $host = extractHostnameFromUrl($script); - - // Add data - $body = http_build_query($data, '', '&'); - - // Do we have a question-mark in the script? - if (strpos($script, '?') === false) { - // No, so first char must be question mark - $body = '?' . $body; - } else { - // Ok, add & - $body = '&' . $body; - } - - // Add script data - $script .= $body; - - // Remove trailed & to make it more conform - if (substr($script, -1, 1) == '&') $script = substr($script, 0, -1); - - // Generate GET request header - $request = 'GET /' . trim($script) . ' HTTP/1.1' . getConfig('HTTP_EOL'); - $request .= 'Host: ' . $host . getConfig('HTTP_EOL'); - $request .= 'Referer: ' . getUrl() . '/admin.php' . getConfig('HTTP_EOL'); - if (isConfigEntrySet('FULL_VERSION')) { - $request .= 'User-Agent: ' . getTitle() . '/' . getFullVersion() . getConfig('HTTP_EOL'); - } else { - $request .= 'User-Agent: ' . getTitle() . '/' . getConfig('VERSION') . getConfig('HTTP_EOL'); - } - $request .= 'Accept: image/png,image/*;q=0.8,text/plain,text/html,*/*;q=0.5' . getConfig('HTTP_EOL'); - $request .= 'Accept-Charset: UTF-8,*' . getConfig('HTTP_EOL'); - $request .= 'Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0' . getConfig('HTTP_EOL'); - $request .= 'Connection: close' . getConfig('HTTP_EOL'); - $request .= getConfig('HTTP_EOL'); - - // Send the raw request - $response = sendRawRequest($host, $request); - - // Return the result to the caller function - return $response; -} - -// Send a POST request -function sendPostRequest ($script, $postData) { - // Is postData an array? - if (!is_array($postData)) { - // Abort here - logDebugMessage(__FUNCTION__, __LINE__, sprintf("postData is not an array. Type: %s", gettype($postData))); - return array('', '', ''); - } // END - if - - // Extract host name from script - $host = extractHostnameFromUrl($script); - - // Construct request body - $body = http_build_query($postData, '', '&'); - - // Generate POST request header - $request = 'POST /' . trim($script) . ' HTTP/1.0' . getConfig('HTTP_EOL'); - $request .= 'Host: ' . $host . getConfig('HTTP_EOL'); - $request .= 'Referer: ' . getUrl() . '/admin.php' . getConfig('HTTP_EOL'); - $request .= 'User-Agent: ' . getTitle() . '/' . getFullVersion() . getConfig('HTTP_EOL'); - $request .= 'Accept: text/plain;q=0.8' . getConfig('HTTP_EOL'); - $request .= 'Accept-Charset: UTF-8,*' . getConfig('HTTP_EOL'); - $request .= 'Cache-Control: no-cache' . getConfig('HTTP_EOL'); - $request .= 'Content-Type: application/x-www-form-urlencoded' . getConfig('HTTP_EOL'); - $request .= 'Content-Length: ' . strlen($body) . getConfig('HTTP_EOL'); - $request .= 'Connection: close' . getConfig('HTTP_EOL'); - $request .= getConfig('HTTP_EOL'); - - // Add body - $request .= $body; - - // Send the raw request - $response = sendRawRequest($host, $request); - - // Return the result to the caller function - return $response; -} - -// Sends a raw request to another host -function sendRawRequest ($host, $request) { - // Init errno and errdesc with 'all fine' values - $errno = '0'; $errdesc = ''; - - // Initialize array - $response = array('', '', ''); - - // Default is not to use proxy - $useProxy = false; - - // Are proxy settins set? - if ((isConfigEntrySet('proxy_host')) && (getConfig('proxy_host') != '') && (isConfigEntrySet('proxy_port')) && (getConfig('proxy_port') > 0)) { - // Then use it - $useProxy = true; - } // END - if - - // Load include - loadIncludeOnce('inc/classes/resolver.class.php'); - - // Get resolver instance - $resolver = new HostnameResolver(); - - // Open connection - //* DEBUG: */ die('SCRIPT=' . $script); - if ($useProxy === true) { - // Resolve hostname into IP address - $ip = $resolver->resolveHostname(compileRawCode(getConfig('proxy_host'))); - - // Connect to host through proxy connection - $fp = fsockopen($ip, bigintval(getConfig('proxy_port')), $errno, $errdesc, 30); - } else { - // Resolve hostname into IP address - $ip = $resolver->resolveHostname($host); - - // Connect to host directly - $fp = fsockopen($ip, 80, $errno, $errdesc, 30); - } - - // Is there a link? - if (!is_resource($fp)) { - // Failed! - logDebugMessage(__FUNCTION__, __LINE__, $errdesc . ' (' . $errno . ')'); - return $response; - } elseif ((!stream_set_blocking($fp, 0)) || (!stream_set_timeout($fp, 1))) { - // Cannot set non-blocking mode or timeout - logDebugMessage(__FUNCTION__, __LINE__, socket_strerror(socket_last_error())); - return $response; - } - - // Do we use proxy? - if ($useProxy === true) { - // Setup proxy tunnel - $response = setupProxyTunnel($host, $fp); - - // If the response is invalid, abort - if ((count($response) == 3) && (empty($response[0])) && (empty($response[1])) && (empty($response[2]))) { - // Invalid response! - logDebugMessage(__FUNCTION__, __LINE__, 'Proxy tunnel not working?'); - return $response; - } // END - if - } // END - if - - // Write request - fwrite($fp, $request); - - // Start counting - $start = microtime(true); - - // Read response - while (!feof($fp)) { - // Get info from stream - $info = stream_get_meta_data($fp); - - // Is it timed out? 15 seconds is a really patient... - if (($info['timed_out'] == true) || (microtime(true) - $start) > 15) { - // Timeout - logDebugMessage(__FUNCTION__, __LINE__, 'Timed out to get data from host ' . $host); - - // Abort here - break; - } // END - if - - // Get line from stream - $line = fgets($fp, 128); - - // Ignore empty lines because of non-blocking mode - if (empty($line)) { - // uslepp a little to avoid 100% CPU load - usleep(10); - - // Skip this - continue; - } // END - if - - // Add it to response - $response[] = trim($line); - } // END - while - - // Close socket - fclose($fp); - - // Time request if debug-mode is enabled - if (isDebugModeEnabled()) { - // Add debug message... - logDebugMessage(__FUNCTION__, __LINE__, 'Request took ' . (microtime(true) - $start) . ' seconds and returned ' . count($response) . ' line(s).'); - } // END - if - - // Skip first empty lines - $resp = $response; - foreach ($resp as $idx => $line) { - // Trim space away - $line = trim($line); - - // Is this line empty? - if (empty($line)) { - // Then remove it - array_shift($response); - } else { - // Abort on first non-empty line - break; - } - } // END - foreach - - //* DEBUG: */ debugOutput('Request:
'.print_r($request, true).''); - //* DEBUG: */ debugOutput('Response:
'.print_r($response, true).''); - - // Proxy agent found or something went wrong? - if (!isset($response[0])) { - // No response, maybe timeout - $response = array('', '', ''); - logDebugMessage(__FUNCTION__, __LINE__, 'Invalid empty response array, maybe timed out?'); - } elseif ((substr(strtolower($response[0]), 0, 11) == 'proxy-agent') && ($useProxy === true)) { - // Proxy header detected, so remove two lines - array_shift($response); - array_shift($response); - } // END - if - - // Was the request successfull? - if ((!isInStringIgnoreCase('200 OK', $response[0])) || (empty($response[0]))) { - // Not found / access forbidden - logDebugMessage(__FUNCTION__, __LINE__, 'Unexpected status code ' . $response[0] . ' detected. "200 OK" was expected.'); - $response = array('', '', ''); - } // END - if - - // Return response - return $response; -} - -// Sets up a proxy tunnel for given hostname and through resource -function setupProxyTunnel ($host, $resource) { - // Initialize array - $response = array('', '', ''); - - // Generate CONNECT request header - $proxyTunnel = 'CONNECT ' . $host . ':80 HTTP/1.0' . getConfig('HTTP_EOL'); - $proxyTunnel .= 'Host: ' . $host . getConfig('HTTP_EOL'); - - // Use login data to proxy? (username at least!) - if (getConfig('proxy_username') != '') { - // Add it as well - $encodedAuth = base64_encode(compileRawCode(getConfig('proxy_username')) . ':' . compileRawCode(getConfig('proxy_password'))); - $proxyTunnel .= 'Proxy-Authorization: Basic ' . $encodedAuth . getConfig('HTTP_EOL'); - } // END - if - - // Add last new-line - $proxyTunnel .= getConfig('HTTP_EOL'); - //* DEBUG: */ debugOutput('proxyTunnel=
' . $proxyTunnel.''); - - // Write request - fwrite($fp, $proxyTunnel); - - // Got response? - if (feof($fp)) { - // No response received - return $response; - } // END - if - - // Read the first line - $resp = trim(fgets($fp, 10240)); - $respArray = explode(' ', $resp); - if ((strtolower($respArray[0]) !== 'http/1.0') || ($respArray[1] != '200')) { - // Invalid response! - return $response; - } // END - if - - // All fine! - return $respArray; -} - // Taken from www.php.net isInStringIgnoreCase() user comments function isEmailValid ($email) { // Check first part of email address @@ -1101,24 +838,26 @@ function isEmailValid ($email) { } // Function taken from user comments on www.php.net / function isInStringIgnoreCase() -function isUrlValid ($URL, $compile=true) { +function isUrlValid ($url, $compile=true) { // Trim URL a little - $URL = trim(urldecode($URL)); - //* DEBUG: */ debugOutput($URL); + $url = trim(urldecode($url)); + //* DEBUG: */ debugOutput($url); // Compile some chars out... - if ($compile === true) $URL = compileUriCode($URL, false, false, false); - //* DEBUG: */ debugOutput($URL); + if ($compile === true) { + $url = compileUriCode($url, false, false, false); + } // END - if + //* DEBUG: */ debugOutput($url); // Check for the extension filter if (isExtensionActive('filter')) { // Use the extension's filter set - return FILTER_VALIDATE_URL($URL, false); + return FILTER_VALIDATE_URL($url, false); } // END - if // If not installed, perform a simple test. Just make it sure there is always a http:// or // https:// in front of the URLs - return isUrlValidSimple($URL); + return isUrlValidSimple($url); } // Generate a hash for extra-security for all passwords @@ -1129,7 +868,7 @@ function generateHash ($plainText, $salt = '', $hash = true) { // Is the required extension 'sql_patches' there and a salt is not given? // 123 4 43 3 4 432 2 3 32 2 3 32 2 3 3 21 if (((isExtensionInstalledAndOlder('sql_patches', '0.3.6')) && (empty($salt))) || (!isExtensionActive('sql_patches')) || (!isExtensionInstalledAndNewer('other', '0.2.5')) || (strlen($salt) == 32)) { - // Extension sql_patches is missing/outdated so we hash the plain text with MD5 + // Extension ext-sql_patches is missing/outdated so we hash the plain text with MD5 if ($hash === true) { // Is plain password return md5($plainText); @@ -1148,10 +887,10 @@ function generateHash ($plainText, $salt = '', $hash = true) { // When the salt is empty build a new one, else use the first x configured characters as the salt if (empty($salt)) { // Build server string for more entropy - $server = $_SERVER['PHP_SELF'] . getEncryptSeperator() . detectUserAgent() . getEncryptSeperator() . getenv('SERVER_SOFTWARE') . getEncryptSeperator() . detectRemoteAddr(); + $server = $_SERVER['PHP_SELF'] . getEncryptSeperator() . detectUserAgent() . getEncryptSeperator() . getenv('SERVER_SOFTWARE') . getEncryptSeperator() . detectRealIpAddress() . getEncryptSeperator() . detectRemoteAddr(); // Build key string - $keys = getConfig('SITE_KEY') . getEncryptSeperator() . getConfig('DATE_KEY') . getEncryptSeperator() . getSecretKey() . getEncryptSeperator() . getFileHash() . getEncryptSeperator() . getDateFromPatchTime() . getEncryptSeperator() . getMasterSalt(); + $keys = getSiteKey() . getEncryptSeperator() . getDateKey() . getEncryptSeperator() . getSecretKey() . getEncryptSeperator() . getFileHash() . getEncryptSeperator() . getDateFromRepository() . getEncryptSeperator() . getMasterSalt(); // Additional data $data = $plainText . getEncryptSeperator() . uniqid(mt_rand(), true) . getEncryptSeperator() . time(); @@ -1160,7 +899,7 @@ function generateHash ($plainText, $salt = '', $hash = true) { $a = time() + getConfig('_ADD') - 1; // Generate SHA1 sum from modula of number and the prime number - $sha1 = sha1(($a % getPrime()) . $server . getEncryptSeperator() . $keys . getEncryptSeperator() . $data . getEncryptSeperator() . getConfig('DATE_KEY') . getEncryptSeperator() . $a); + $sha1 = sha1(($a % getPrime()) . $server . getEncryptSeperator() . $keys . getEncryptSeperator() . $data . getEncryptSeperator() . getDateKey() . getEncryptSeperator() . $a); //* DEBUG: */ debugOutput('SHA1=' . $sha1.' ('.strlen($sha1).')