X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=inc%2Ffunctions.php;h=2a0e1d0530f888ed03b95fc828ec02d2c8a3d761;hb=b4df691a2d9cabc94a6def5bd1ee3d4945d5efd4;hp=aeb0ac419f36d907c3eeaeaf1fb390ea38faa3b8;hpb=acb333ee2e7afc7eeb04e9966a574fb15591e757;p=mailer.git diff --git a/inc/functions.php b/inc/functions.php index aeb0ac419f..2a0e1d0530 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -40,24 +40,6 @@ if (!defined('__SECURITY')) { die(); } // END - if -// Sends out all headers required for HTTP/1.1 reply -function sendHttpHeaders () { - // Used later - $now = gmdate('D, d M Y H:i:s') . ' GMT'; - - // Send HTTP header - sendHeader('HTTP/1.1 ' . getHttpStatus()); - - // General headers for no caching - sendHeader('Expires: ' . $now); // RFC2616 - Section 14.21 - sendHeader('Last-Modified: ' . $now); - sendHeader('Cache-Control: no-store, no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0'); // HTTP/1.1 - sendHeader('Pragma: no-cache'); // HTTP/1.0 - sendHeader('Connection: Close'); - sendHeader('Content-Type: ' . getContentType() . '; charset=UTF-8'); - sendHeader('Content-Language: ' . getLanguage()); -} - // Init fatal message array function initFatalMessages () { $GLOBALS['fatal_messages'] = array(); @@ -259,13 +241,18 @@ function sendRawEmail ($toEmail, $subject, $message, $headers) { } // Generate a password in a specified length or use default password length -function generatePassword ($length = '0') { +function generatePassword ($length = '0', $exclude = array()) { // Auto-fix invalid length of zero - if ($length == '0') $length = getPassLen(); + if ($length == '0') { + $length = getPassLen(); + } // END - if // Initialize array with all allowed chars $ABC = explode(',', 'a,b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z,A,B,C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,X,Y,Z,0,1,2,3,4,5,6,7,8,9,-,+,_,/,.'); + // Exclude some entries + $ABC = array_diff($ABC, $exclude); + // Start creating password $PASS = ''; for ($i = '0'; $i < $length; $i++) { @@ -311,6 +298,7 @@ function generateDateTime ($time, $mode = '0') { case '4': $ret = date('d.m.Y|H:i:s', $time); break; case '5': $ret = date('d-m-Y (l-F-T)', $time); break; case '6': $ret = date('Ymd', $time); break; + case '7': $ret = date('Y-m-d H:i:s', $time); break; // Compatible with MySQL TIMESTAMP default: logDebugMessage(__FUNCTION__, __LINE__, sprintf("Invalid date mode %s detected.", $mode)); break; @@ -326,6 +314,7 @@ function generateDateTime ($time, $mode = '0') { case '4': $ret = date('d.m.Y|H:i:s', $time); break; case '5': $ret = date('d-m-Y (l-F-T)', $time); break; case '6': $ret = date('Ymd', $time); break; + case '7': $ret = date('Y-m-d H:i:s', $time); break; // Compatible with MySQL TIMESTAMP default: logDebugMessage(__FUNCTION__, __LINE__, sprintf("Invalid date mode %s detected.", $mode)); break; @@ -364,14 +353,18 @@ function translateComma ($dotted, $cut = true, $max = '0') { // First, cast all to double, due to PHP changes $dotted = (double) $dotted; - // Default is 3 you can change this in admin area "Misc -> Misc Options" - if (!isConfigEntrySet('max_comma')) setConfigEntry('max_comma', 3); + // Default is 3 you can change this in admin area "Settings -> Misc Options" + if (!isConfigEntrySet('max_comma')) { + setConfigEntry('max_comma', 3); + } // END - if // Use from config is default $maxComma = getConfig('max_comma'); // Use from parameter? - if ($max > 0) $maxComma = $max; + if ($max > 0) { + $maxComma = $max; + } // END - if // Cut zeros off? if (($cut === true) && ($max == '0')) { @@ -485,22 +478,22 @@ function translateMenuVisibleLocked ($content, $prefix = '') { } // Generates an URL for the dereferer -function generateDerefererUrl ($URL) { +function generateDerefererUrl ($url) { // Don't de-refer our own links! - if (substr($URL, 0, strlen(getUrl())) != getUrl()) { + if (substr($url, 0, strlen(getUrl())) != getUrl()) { // De-refer this link - $URL = '{%url=modules.php?module=loader&url=' . encodeString(compileUriCode($URL)) . '%}'; + $url = '{%url=modules.php?module=loader&url=' . encodeString(compileUriCode($url)) . '%}'; } // END - if // Return link - return $URL; + return $url; } // Generates an URL for the frametester -function generateFrametesterUrl ($URL) { +function generateFrametesterUrl ($url) { // Prepare frametester URL $frametesterUrl = sprintf("{%%url=modules.php?module=frametester&url=%s%%}", - encodeString(compileUriCode($URL)) + encodeString(compileUriCode($url)) ); // Return the new URL @@ -547,38 +540,31 @@ function makeTime ($hours, $minutes, $seconds, $stamp) { } // Redirects to an URL and if neccessarry extends it with own base URL -function redirectToUrl ($URL, $allowSpider = true) { +function redirectToUrl ($url, $allowSpider = true) { // Remove {%url= - if (substr($URL, 0, 6) == '{%url=') $URL = substr($URL, 6, -2); + if (substr($url, 0, 6) == '{%url=') { + $url = substr($url, 6, -2); + } // END - if // Compile out codes - eval('$URL = "' . compileRawCode(encodeUrl($URL)) . '";'); + eval('$url = "' . compileRawCode(encodeUrl($url)) . '";'); // Default 'rel' value is external, nofollow is evil from Google and hurts the Internet $rel = ' rel="external"'; // Do we have internal or external URL? - if (substr($URL, 0, strlen(getUrl())) == getUrl()) { + if (substr($url, 0, strlen(getUrl())) == getUrl()) { // Own (=internal) URL $rel = ''; } // END - if // Three different ways to debug... - //* DEBUG: */ debug_report_bug(__FUNCTION__, __LINE__, 'URL=' . $URL); - //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'URL=' . $URL); - //* DEBUG: */ die($URL); + //* DEBUG: */ debug_report_bug(__FUNCTION__, __LINE__, 'URL=' . $url); + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'URL=' . $url); + //* DEBUG: */ die($url); - // Simple probe for bots/spiders from search engines - if ((isSpider()) && ($allowSpider === true)) { - // Set HTTP-Status - setHttpStatus('200 OK'); - - // Set content-type here to fix a missing array element - setContentType('text/html'); - - // Output new location link as anchor - outputHtml('' . secureString($URL) . ''); - } elseif (!headers_sent()) { + // We should not sent a redirect if headers are already sent + if (!headers_sent()) { // Clear output buffer clearOutputBuffer(); @@ -586,11 +572,11 @@ function redirectToUrl ($URL, $allowSpider = true) { $GLOBALS['output'] = ''; // Load URL when headers are not sent - sendRawRedirect(doFinalCompilation(str_replace('&', '&', $URL), false)); + sendRawRedirect(doFinalCompilation(str_replace('&', '&', $url), false)); } else { // Output error message loadInclude('inc/header.php'); - loadTemplate('redirect_url', false, str_replace('&', '&', $URL)); + loadTemplate('redirect_url', false, str_replace('&', '&', $url)); loadInclude('inc/footer.php'); } @@ -652,14 +638,14 @@ function array_pk_sort (&$array, $a_sort, $primary_key = '0', $order = -1, $nums // // Deprecated : $length (still has one reference in this function) -// Optional : $DATA +// Optional : $extraData // -function generateRandomCode ($length, $code, $userid, $DATA = '') { +function generateRandomCode ($length, $code, $userid, $extraData = '') { // Build server string $server = $_SERVER['PHP_SELF'] . getEncryptSeperator() . detectUserAgent() . getEncryptSeperator() . getenv('SERVER_SOFTWARE') . getEncryptSeperator() . detectRealIpAddress() . getEncryptSeperator() . detectRemoteAddr(); // Build key string - $keys = getConfig('SITE_KEY') . getEncryptSeperator() . getConfig('DATE_KEY'); + $keys = getSiteKey() . getEncryptSeperator() . getDateKey(); if (isConfigEntrySet('secret_key')) { $keys .= getEncryptSeperator().getSecretKey(); } // END - if @@ -672,7 +658,7 @@ function generateRandomCode ($length, $code, $userid, $DATA = '') { } // END - if // Build string from misc data - $data = $code . getEncryptSeperator() . $userid . getEncryptSeperator() . $DATA; + $data = $code . getEncryptSeperator() . $userid . getEncryptSeperator() . $extraData; // Add more additional data if (isSessionVariableSet('u_hash')) { @@ -690,22 +676,26 @@ function generateRandomCode ($length, $code, $userid, $DATA = '') { if (isConfigEntrySet('master_salt')) { // Generate hash with master salt from modula of number with the prime number and other data - $saltedHash = generateHash(($a % getPrime()) . getEncryptSeperator() . $server . getEncryptSeperator() . $keys . getEncryptSeperator() . $data . getEncryptSeperator() . getConfig('DATE_KEY') . getEncryptSeperator() . $a, getMasterSalt()); + $saltedHash = generateHash(($a % getPrime()) . getEncryptSeperator() . $server . getEncryptSeperator() . $keys . getEncryptSeperator() . $data . getEncryptSeperator() . getDateKey() . getEncryptSeperator() . $a, getMasterSalt()); // Create number from hash - $rcode = hexdec(substr($saltedHash, strlen(getMasterSalt()), 9)) / abs(getConfig('rand_no') - $a + sqrt(getConfig('_ADD'))) / pi(); + $rcode = hexdec(substr($saltedHash, strlen(getMasterSalt()), 9)) / abs(getRandNo() - $a + sqrt(getConfig('_ADD'))) / pi(); } else { // Generate hash with "hash of site key" from modula of number with the prime number and other data - $saltedHash = generateHash(($a % getPrime()) . getEncryptSeperator() . $server . getEncryptSeperator() . $keys . getEncryptSeperator() . $data . getEncryptSeperator() . getConfig('DATE_KEY') . getEncryptSeperator() . $a, substr(sha1(getConfig('SITE_KEY')), 0, getSaltLength())); + $saltedHash = generateHash(($a % getPrime()) . getEncryptSeperator() . $server . getEncryptSeperator() . $keys . getEncryptSeperator() . $data . getEncryptSeperator() . getDateKey() . getEncryptSeperator() . $a, substr(sha1(getSiteKey()), 0, getSaltLength())); // Create number from hash - $rcode = hexdec(substr($saltedHash, 8, 9)) / abs(getConfig('rand_no') - $a + sqrt(getConfig('_ADD'))) / pi(); + $rcode = hexdec(substr($saltedHash, 8, 9)) / abs(getRandNo() - $a + sqrt(getConfig('_ADD'))) / pi(); } // At least 10 numbers shall be secure enought! $len = getCodeLength(); - if ($len == '0') $len = $length; - if ($len == '0') $len = 10; + if ($len == '0') { + $len = $length; + } // END - if + if ($len == '0') { + $len = 10; + } // END - if // Cut off requested counts of number $return = substr(str_replace('.', '', $rcode), 0, $len); @@ -736,7 +726,7 @@ function bigintval ($num, $castValue = true, $abortOnMismatch = true) { } // Creates a Uni* timestamp from given selection data and prefix -function createTimestampFromSelections ($prefix, $postData) { +function createEpocheTimeFromSelections ($prefix, $postData) { // Initial return value $ret = '0'; @@ -746,7 +736,9 @@ function createTimestampFromSelections ($prefix, $postData) { $M1 = getMonth(); // If so and if current time is before 02/29 and estimated time is after 02/29 then add 86400 seconds (one day) - if ((floor($TEST) == $TEST) && ($M1 == '02') && ($postData[$prefix . '_mo'] > '02')) $SWITCH = getOneDay(); + if ((floor($TEST) == $TEST) && ($M1 == '02') && ($postData[$prefix . '_mo'] > '02')) { + $SWITCH = getOneDay(); + } // END - if // First add years... $ret += $postData[$prefix . '_ye'] * (31536000 + $SWITCH); @@ -815,7 +807,9 @@ function extractHostnameFromUrl (&$script) { // Extract host name $host = str_replace('http://', '', $url); - if (isInString('/', $host)) $host = substr($host, 0, strpos($host, '/')); + if (isInString('/', $host)) { + $host = substr($host, 0, strpos($host, '/')); + } // END - if // Generate relative URL //* DEBUG: */ debugOutput('SCRIPT=' . $script); @@ -828,288 +822,14 @@ function extractHostnameFromUrl (&$script) { } //* DEBUG: */ debugOutput('SCRIPT=' . $script); - if (substr($script, 0, 1) == '/') $script = substr($script, 1); + if (substr($script, 0, 1) == '/') { + $script = substr($script, 1); + } // END - if // Return host name return $host; } -// Send a GET request -function sendGetRequest ($script, $data = array()) { - // Extract host name from script - $host = extractHostnameFromUrl($script); - - // Add data - $body = http_build_query($data, '', '&'); - - // There should be data, else we don't need to extend $script with $body - if (empty($body)) { - // Do we have a question-mark in the script? - if (strpos($script, '?') === false) { - // No, so first char must be question mark - $body = '?' . $body; - } else { - // Ok, add & - $body = '&' . $body; - } - - // Add script data - $script .= $body; - - // Remove trailed & to make it more conform - if (substr($script, -1, 1) == '&') $script = substr($script, 0, -1); - } // END - if - - // Generate GET request header - $request = 'GET /' . trim($script) . ' HTTP/1.1' . getConfig('HTTP_EOL'); - $request .= 'Host: ' . $host . getConfig('HTTP_EOL'); - $request .= 'Referer: ' . getUrl() . '/admin.php' . getConfig('HTTP_EOL'); - if (isConfigEntrySet('FULL_VERSION')) { - $request .= 'User-Agent: ' . getTitle() . '/' . getFullVersion() . getConfig('HTTP_EOL'); - } else { - $request .= 'User-Agent: ' . getTitle() . '/' . getConfig('VERSION') . getConfig('HTTP_EOL'); - } - $request .= 'Accept: image/png,image/*;q=0.8,text/plain,text/html,*/*;q=0.5' . getConfig('HTTP_EOL'); - $request .= 'Accept-Charset: UTF-8,*' . getConfig('HTTP_EOL'); - $request .= 'Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0' . getConfig('HTTP_EOL'); - $request .= 'Connection: close' . getConfig('HTTP_EOL'); - $request .= getConfig('HTTP_EOL'); - - // Send the raw request - $response = sendRawRequest($host, $request); - - // Return the result to the caller function - return $response; -} - -// Send a POST request -function sendPostRequest ($script, $postData) { - // Is postData an array? - if (!is_array($postData)) { - // Abort here - logDebugMessage(__FUNCTION__, __LINE__, sprintf("postData is not an array. Type: %s", gettype($postData))); - return array('', '', ''); - } // END - if - - // Extract host name from script - $host = extractHostnameFromUrl($script); - - // Construct request body - $body = http_build_query($postData, '', '&'); - - // Generate POST request header - $request = 'POST /' . trim($script) . ' HTTP/1.0' . getConfig('HTTP_EOL'); - $request .= 'Host: ' . $host . getConfig('HTTP_EOL'); - $request .= 'Referer: ' . getUrl() . '/admin.php' . getConfig('HTTP_EOL'); - $request .= 'User-Agent: ' . getTitle() . '/' . getFullVersion() . getConfig('HTTP_EOL'); - $request .= 'Accept: text/plain;q=0.8' . getConfig('HTTP_EOL'); - $request .= 'Accept-Charset: UTF-8,*' . getConfig('HTTP_EOL'); - $request .= 'Cache-Control: no-cache' . getConfig('HTTP_EOL'); - $request .= 'Content-Type: application/x-www-form-urlencoded' . getConfig('HTTP_EOL'); - $request .= 'Content-Length: ' . strlen($body) . getConfig('HTTP_EOL'); - $request .= 'Connection: close' . getConfig('HTTP_EOL'); - $request .= getConfig('HTTP_EOL'); - - // Add body - $request .= $body; - - // Send the raw request - $response = sendRawRequest($host, $request); - - // Return the result to the caller function - return $response; -} - -// Sends a raw request to another host -function sendRawRequest ($host, $request) { - // Init errno and errdesc with 'all fine' values - $errno = '0'; $errdesc = ''; - - // Initialize array - $response = array('', '', ''); - - // Default is not to use proxy - $useProxy = false; - - // Are proxy settins set? - if (isProxyUsed()) { - // Then use it - $useProxy = true; - } // END - if - - // Load include - loadIncludeOnce('inc/classes/resolver.class.php'); - - // Get resolver instance - $resolver = new HostnameResolver(); - - // Open connection - //* DEBUG: */ die('SCRIPT=' . $script); - if ($useProxy === true) { - // Resolve hostname into IP address - $ip = $resolver->resolveHostname(compileRawCode(getConfig('proxy_host'))); - - // Connect to host through proxy connection - $fp = fsockopen($ip, bigintval(getConfig('proxy_port')), $errno, $errdesc, 30); - } else { - // Resolve hostname into IP address - $ip = $resolver->resolveHostname($host); - - // Connect to host directly - $fp = fsockopen($ip, 80, $errno, $errdesc, 30); - } - - // Is there a link? - if (!is_resource($fp)) { - // Failed! - logDebugMessage(__FUNCTION__, __LINE__, $errdesc . ' (' . $errno . ')'); - return $response; - } elseif ((!stream_set_blocking($fp, 0)) || (!stream_set_timeout($fp, 1))) { - // Cannot set non-blocking mode or timeout - logDebugMessage(__FUNCTION__, __LINE__, socket_strerror(socket_last_error())); - return $response; - } - - // Do we use proxy? - if ($useProxy === true) { - // Setup proxy tunnel - $response = setupProxyTunnel($host, $fp); - - // If the response is invalid, abort - if ((count($response) == 3) && (empty($response[0])) && (empty($response[1])) && (empty($response[2]))) { - // Invalid response! - logDebugMessage(__FUNCTION__, __LINE__, 'Proxy tunnel not working?'); - return $response; - } // END - if - } // END - if - - // Write request - fwrite($fp, $request); - - // Start counting - $start = microtime(true); - - // Read response - while (!feof($fp)) { - // Get info from stream - $info = stream_get_meta_data($fp); - - // Is it timed out? 15 seconds is a really patient... - if (($info['timed_out'] == true) || (microtime(true) - $start) > 15) { - // Timeout - logDebugMessage(__FUNCTION__, __LINE__, 'Timed out to get data from host ' . $host); - - // Abort here - break; - } // END - if - - // Get line from stream - $line = fgets($fp, 128); - - // Ignore empty lines because of non-blocking mode - if (empty($line)) { - // uslepp a little to avoid 100% CPU load - usleep(10); - - // Skip this - continue; - } // END - if - - // Add it to response - $response[] = trim($line); - } // END - while - - // Close socket - fclose($fp); - - // Time request if debug-mode is enabled - if (isDebugModeEnabled()) { - // Add debug message... - logDebugMessage(__FUNCTION__, __LINE__, 'Request took ' . (microtime(true) - $start) . ' seconds and returned ' . count($response) . ' line(s).'); - } // END - if - - // Skip first empty lines - $resp = $response; - foreach ($resp as $idx => $line) { - // Trim space away - $line = trim($line); - - // Is this line empty? - if (empty($line)) { - // Then remove it - array_shift($response); - } else { - // Abort on first non-empty line - break; - } - } // END - foreach - - //* DEBUG: */ debugOutput('Request:
'.print_r($request, true).'
'); - //* DEBUG: */ debugOutput('Response:
'.print_r($response, true).'
'); - - // Proxy agent found or something went wrong? - if (!isset($response[0])) { - // No response, maybe timeout - $response = array('', '', ''); - logDebugMessage(__FUNCTION__, __LINE__, 'Invalid empty response array, maybe timed out?'); - } elseif ((substr(strtolower($response[0]), 0, 11) == 'proxy-agent') && ($useProxy === true)) { - // Proxy header detected, so remove two lines - array_shift($response); - array_shift($response); - } // END - if - - // Was the request successfull? - if ((!isInStringIgnoreCase('200 OK', $response[0])) || (empty($response[0]))) { - // Not found / access forbidden - logDebugMessage(__FUNCTION__, __LINE__, 'Unexpected status code ' . $response[0] . ' detected. "200 OK" was expected.'); - $response = array('', '', ''); - } // END - if - - // Return response - return $response; -} - -// Sets up a proxy tunnel for given hostname and through resource -function setupProxyTunnel ($host, $resource) { - // Initialize array - $response = array('', '', ''); - - // Generate CONNECT request header - $proxyTunnel = 'CONNECT ' . $host . ':80 HTTP/1.0' . getConfig('HTTP_EOL'); - $proxyTunnel .= 'Host: ' . $host . getConfig('HTTP_EOL'); - - // Use login data to proxy? (username at least!) - if (getConfig('proxy_username') != '') { - // Add it as well - $encodedAuth = base64_encode(compileRawCode(getConfig('proxy_username')) . ':' . compileRawCode(getConfig('proxy_password'))); - $proxyTunnel .= 'Proxy-Authorization: Basic ' . $encodedAuth . getConfig('HTTP_EOL'); - } // END - if - - // Add last new-line - $proxyTunnel .= getConfig('HTTP_EOL'); - //* DEBUG: */ debugOutput('proxyTunnel=
' . $proxyTunnel.'
'); - - // Write request - fwrite($fp, $proxyTunnel); - - // Got response? - if (feof($fp)) { - // No response received - return $response; - } // END - if - - // Read the first line - $resp = trim(fgets($fp, 10240)); - $respArray = explode(' ', $resp); - if ((strtolower($respArray[0]) !== 'http/1.0') || ($respArray[1] != '200')) { - // Invalid response! - return $response; - } // END - if - - // All fine! - return $respArray; -} - // Taken from www.php.net isInStringIgnoreCase() user comments function isEmailValid ($email) { // Check first part of email address @@ -1126,24 +846,26 @@ function isEmailValid ($email) { } // Function taken from user comments on www.php.net / function isInStringIgnoreCase() -function isUrlValid ($URL, $compile=true) { +function isUrlValid ($url, $compile=true) { // Trim URL a little - $URL = trim(urldecode($URL)); - //* DEBUG: */ debugOutput($URL); + $url = trim(urldecode($url)); + //* DEBUG: */ debugOutput($url); // Compile some chars out... - if ($compile === true) $URL = compileUriCode($URL, false, false, false); - //* DEBUG: */ debugOutput($URL); + if ($compile === true) { + $url = compileUriCode($url, false, false, false); + } // END - if + //* DEBUG: */ debugOutput($url); // Check for the extension filter if (isExtensionActive('filter')) { // Use the extension's filter set - return FILTER_VALIDATE_URL($URL, false); + return FILTER_VALIDATE_URL($url, false); } // END - if // If not installed, perform a simple test. Just make it sure there is always a http:// or // https:// in front of the URLs - return isUrlValidSimple($URL); + return isUrlValidSimple($url); } // Generate a hash for extra-security for all passwords @@ -1176,7 +898,7 @@ function generateHash ($plainText, $salt = '', $hash = true) { $server = $_SERVER['PHP_SELF'] . getEncryptSeperator() . detectUserAgent() . getEncryptSeperator() . getenv('SERVER_SOFTWARE') . getEncryptSeperator() . detectRealIpAddress() . getEncryptSeperator() . detectRemoteAddr(); // Build key string - $keys = getConfig('SITE_KEY') . getEncryptSeperator() . getConfig('DATE_KEY') . getEncryptSeperator() . getSecretKey() . getEncryptSeperator() . getFileHash() . getEncryptSeperator() . getDateFromPatchTime() . getEncryptSeperator() . getMasterSalt(); + $keys = getSiteKey() . getEncryptSeperator() . getDateKey() . getEncryptSeperator() . getSecretKey() . getEncryptSeperator() . getFileHash() . getEncryptSeperator() . getDateFromPatchTime() . getEncryptSeperator() . getMasterSalt(); // Additional data $data = $plainText . getEncryptSeperator() . uniqid(mt_rand(), true) . getEncryptSeperator() . time(); @@ -1185,7 +907,7 @@ function generateHash ($plainText, $salt = '', $hash = true) { $a = time() + getConfig('_ADD') - 1; // Generate SHA1 sum from modula of number and the prime number - $sha1 = sha1(($a % getPrime()) . $server . getEncryptSeperator() . $keys . getEncryptSeperator() . $data . getEncryptSeperator() . getConfig('DATE_KEY') . getEncryptSeperator() . $a); + $sha1 = sha1(($a % getPrime()) . $server . getEncryptSeperator() . $keys . getEncryptSeperator() . $data . getEncryptSeperator() . getDateKey() . getEncryptSeperator() . $a); //* DEBUG: */ debugOutput('SHA1=' . $sha1.' ('.strlen($sha1).')
'); $sha1 = scrambleString($sha1); //* DEBUG: */ debugOutput('Scrambled=' . $sha1.' ('.strlen($sha1).')
'); @@ -1204,7 +926,7 @@ function generateHash ($plainText, $salt = '', $hash = true) { // Sanity check on salt if (strlen($salt) != getSaltLength()) { // Not the same! - debug_report_bug(__FUNCTION__, __LINE__, 'salt length mismatch! ('.strlen($salt).'/'.getSaltLength().')'); + debug_report_bug(__FUNCTION__, __LINE__, 'salt length mismatch! (' . strlen($salt) . '/' . getSaltLength() . ')'); } // END - if } @@ -1223,7 +945,7 @@ function scrambleString ($str) { // Init $scrambled = ''; - // Final check, in case of failture it will return unscrambled string + // Final check, in case of failure it will return unscrambled string if (strlen($str) > 40) { // The string is to long return $str; @@ -1469,7 +1191,7 @@ function getMessageFromErrorCode ($code) { case getCode('ACCOUNT_LOCKED') : $message = '{--LOGIN_STATUS_LOCKED--}'; break; case getCode('ACCOUNT_UNCONFIRMED'): $message = '{--LOGIN_STATUS_UNCONFIRMED--}'; break; case getCode('COOKIES_DISABLED') : $message = '{--LOGIN_COOKIES_DISABLED--}'; break; - case getCode('BEG_SAME_AS_OWN') : $message = '{--BEG_SAME_UID_AS_OWN--}'; break; + case getCode('BEG_SAME_AS_OWN') : $message = '{--BEG_SAME_USERID_AS_OWN--}'; break; case getCode('LOGIN_FAILED') : $message = '{--GUEST_LOGIN_FAILED_GENERAL--}'; break; case getCode('MODULE_MEMBER_ONLY') : $message = getMaskedMessage('MODULE_MEMBER_ONLY', getRequestParameter('mod')); break; case getCode('OVERLENGTH') : $message = '{--MEMBER_TEXT_OVERLENGTH--}'; break; @@ -1519,13 +1241,13 @@ function getMessageFromErrorCode ($code) { $content['timestamp'] = generateDateTime($content['timestamp'], 1); // Calculate hours... - $content['hours'] = round(getConfig('url_tlock') / 60 / 60); + $content['hours'] = round(getUrlTlock() / 60 / 60); // Minutes... - $content['minutes'] = round((getConfig('url_tlock') - $content['hours'] * 60 * 60) / 60); + $content['minutes'] = round((getUrlTlock() - $content['hours'] * 60 * 60) / 60); // And seconds - $content['seconds'] = round(getConfig('url_tlock') - $content['hours'] * 60 * 60 - $content['minutes'] * 60); + $content['seconds'] = round(getUrlTlock() - $content['hours'] * 60 * 60 - $content['minutes'] * 60); // Finally contruct the message $message = loadTemplate('tlock_message', true, $content); @@ -1749,7 +1471,7 @@ function handleExtraValues ($filterFunction, $value, $extraValue) { } // Converts timestamp selections into a timestamp -function convertSelectionsToTimestamp (&$postData, &$DATA, &$id, &$skip) { +function convertSelectionsToEpocheTime (array &$postData, array &$DATA, &$id, &$skip) { // Init test variable $skip = false; $test2 = ''; @@ -1763,7 +1485,7 @@ function convertSelectionsToTimestamp (&$postData, &$DATA, &$id, &$skip) { $test = substr($id, 0, -3); if ((isset($postData[$test.'_ye'])) && (isset($postData[$test.'_mo'])) && (isset($postData[$test.'_we'])) && (isset($postData[$test.'_da'])) && (isset($postData[$test.'_ho'])) && (isset($postData[$test.'_mi'])) && (isset($postData[$test.'_se'])) && ($test != $test2)) { // Generate timestamp - $postData[$test] = createTimestampFromSelections($test, $postData); + $postData[$test] = createEpocheTimeFromSelections($test, $postData); $DATA[] = sprintf("`%s`='%s'", $test, $postData[$test]); $GLOBALS['skip_config'][$test] = true; @@ -1917,11 +1639,11 @@ function addNewBonusMail ($data, $mode = '', $output = true) { // Mail inserted into bonus pool if ($output === true) { - loadTemplate('admin_settings_saved', false, '{--ADMIN_BONUS_SEND--}'); + displayMessage('{--ADMIN_BONUS_SEND--}'); } // END - if } elseif ($output === true) { // More entered than can be reached! - loadTemplate('admin_settings_saved', false, '{--ADMIN_MORE_SELECTED--}'); + displayMessage('{--ADMIN_MORE_SELECTED--}'); } else { // Debug log logDebugMessage(__FUNCTION__, __LINE__, 'cat=' . $data['cat'] . ',receiver=' . $data['receiver'] . ',data=' . base64_encode(serialize($data)) . ' More selected, than available!'); @@ -1936,60 +1658,69 @@ function determineReferalId () { } // END - if // Check if refid is set - if ((isset($GLOBALS['refid'])) && ($GLOBALS['refid'] > 0)) { + if (isReferalIdValid()) { // This is fine... } elseif (isPostRequestParameterSet('refid')) { // Get referal id from POST element refid - $GLOBALS['refid'] = secureString(postRequestParameter('refid')); + setReferalId(secureString(postRequestParameter('refid'))); } elseif (isGetRequestParameterSet('refid')) { // Get referal id from GET parameter refid - $GLOBALS['refid'] = secureString(getRequestParameter('refid')); + setReferalId(secureString(getRequestParameter('refid'))); } elseif (isGetRequestParameterSet('ref')) { // Set refid=ref (the referal link uses such variable) - $GLOBALS['refid'] = secureString(getRequestParameter('ref')); + setReferalId(secureString(getRequestParameter('ref'))); } elseif ((isGetRequestParameterSet('user')) && (basename($_SERVER['PHP_SELF']) == 'click.php')) { // The variable user comes from click.php - $GLOBALS['refid'] = bigintval(getRequestParameter('user')); + setReferalId(bigintval(getRequestParameter('user'))); } elseif ((isSessionVariableSet('refid')) && (isValidUserId(getSession('refid')))) { // Set session refid als global - $GLOBALS['refid'] = bigintval(getSession('refid')); + setReferalId(bigintval(getSession('refid'))); } elseif (isRandomReferalIdEnabled()) { // Select a random user which has confirmed enougth mails - $GLOBALS['refid'] = determineRandomReferalId(); + setReferalId(determineRandomReferalId()); } elseif ((isExtensionInstalledAndNewer('sql_patches', '0.1.2')) && (isValidUserId(getDefRefid()))) { // Set default refid as refid in URL - $GLOBALS['refid'] = getDefRefid(); + setReferalId(getDefRefid()); } else { // No default id when sql_patches is not installed or none set - $GLOBALS['refid'] = null; + setReferalId(null); } // Set cookie when default refid > 0 - if (!isSessionVariableSet('refid') || (isValidUserId($GLOBALS['refid'])) || ((!isValidUserId(getSession('refid'))) && (isExtensionInstalledAndNewer('sql_patches', '0.1.2')) && (isValidUserId(getDefRefid())))) { + if (!isSessionVariableSet('refid') || (!isValidUserId(getReferalId())) || ((!isValidUserId(getSession('refid'))) && (isExtensionInstalledAndNewer('sql_patches', '0.1.2')) && (isValidUserId(getDefRefid())))) { // Default is not found $found = false; // Do we have nickname or userid set? - if ((isExtensionActive('nickname')) && (isNicknameUsed($GLOBALS['refid']))) { + if ((isExtensionActive('nickname')) && (isNicknameUsed(getReferalId()))) { // Nickname in URL, so load the id - $found = fetchUserData($GLOBALS['refid'], 'nickname'); - } elseif (isValidUserId($GLOBALS['refid'])) { + $found = fetchUserData(getReferalId(), 'nickname'); + + // If we found it, use the userid as referal id + if ($found === true) { + // Set the userid as 'refid' + setReferalId(getUserData('userid')); + } // END - if + } elseif (isValidUserId(getReferalId())) { // Direct userid entered - $found = fetchUserData($GLOBALS['refid']); + $found = fetchUserData(getReferalId()); } // Is the record valid? if ((($found === false) || (!isUserDataValid())) && (isExtensionInstalledAndNewer('sql_patches', '0.1.2'))) { // No, then reset referal id - $GLOBALS['refid'] = getDefRefid(); + setReferalId(getDefRefid()); } // END - if // Set cookie - setSession('refid', $GLOBALS['refid']); - } // END - if + setSession('refid', getReferalId()); + } elseif (!isReferalIdValid()) { + // Not valid! + setSession('refid', 0); + } // Return determined refid - return $GLOBALS['refid']; + return getReferalId(); } // Enables the reset mode and runs it @@ -2001,6 +1732,15 @@ function doReset () { runFilterChain('reset'); } +// Enables the reset mode (hourly, weekly and monthly) and runs it +function doHourly () { + // Enable the hourly reset mode + $GLOBALS['hourly_enabled'] = true; + + // Run filters (one always!) + runFilterChain('hourly'); +} + // Our shutdown-function function shutdown () { // Call the filter chain 'shutdown' @@ -2494,7 +2234,7 @@ function generateAdminMailLinks ($mailType, $mailId) { if (SQL_NUMROWS($result) == 1) { // Load the entry $content = SQL_FETCHARRAY($result); - die('
'.print_r($content, true).'
'); + die('Unfinished area:
'.__FUNCTION__.':
content=
'.print_r($content, true).'
'); } // END - if // Free result @@ -2505,10 +2245,131 @@ function generateAdminMailLinks ($mailType, $mailId) { return $OUT; } + +/** + * determine if a string can represent a number in hexadecimal + * + * @param $hex A string to check if it is hex-encoded + * @return $foo True if the string is a hex, otherwise false + * @author Marques Johansson + * @link http://php.net/manual/en/function.http-chunked-decode.php#89786 + */ +function isHexadecimal ($hex) { + // Make it lowercase + $hex = strtolower(trim(ltrim($hex, '0'))); + + // Fix empty strings to zero + if (empty($hex)) { + $hex = 0; + } // END - if + + // Simply compare decode->encode result with original + return ($hex == dechex(hexdec($hex))); +} + +// Replace "\r" with "[r]" and "\n" with "[n]" and add a final new-line to make +// them visible to the developer. Use this function to debug e.g. buggy HTTP +// response handler functions. +function replaceReturnNewLine ($str) { + return str_replace("\r", '[r]', str_replace("\n", '[n] +', $str)); +} + +// Converts a given string by splitting it up with given delimiter similar to +// explode(), but appending the delimiter again +function stringToArray ($delimiter, $string) { + // Init array + $strArray = array(); + + // "Walk" through all entries + foreach (explode($delimiter, $string) as $split) { + // Append the delimiter and add it to the array + $strArray[] = $split . $delimiter; + } // END - foreach + + // Return array + return $strArray; +} + +// Detects the prefix 'mb_' if a multi-byte string is given +function detectMultiBytePrefix ($str) { + // Default is without multi-byte + $mbPrefix = ''; + + // Detect multi-byte (strictly) + if (mb_detect_encoding($str, 'auto', true) !== false) { + // With multi-byte encoded string + $mbPrefix = 'mb_'; + } // END - if + + // Return the prefix + return $mbPrefix; +} + +// Searches the given array for a sub-string match and returns all found keys in an array +function getArrayKeysFromSubStrArray ($heystack, array $needles, $offset = 0) { + // Init array for all found keys + $keys = array(); + + // Now check all entries + foreach ($needles as $key => $needle) { + // Do we have found a partial string? + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'heystack='.$heystack.',key='.$key.',needle='.$needle.',offset='.$offset); + if (strpos($heystack, $needle, $offset) !== false) { + // Add the found key + $keys[] = $key; + } // END - if + } // END - foreach + + // Return the array + return $keys; +} + +// Determines database column name from given subject and locked +function determinePointsColumnFromSubjectLocked ($subject, $locked) { + // Default is 'normal' points + $pointsColumn = 'points'; + + // Which points, locked or normal? + if ($locked === true) { + $pointsColumn = 'locked_points'; + } // END - if + + // Prepare array for filter + $filterData = array( + 'subject' => $subject, + 'locked' => $locked, + 'column' => $pointsColumn + ); + + // Run the filter + $filterData = runFilterChain('determine_points_column_name', $filterData); + + // Extract column name from array + $pointsColumn = $filterData['column']; + + // Return it + return $pointsColumn; +} + +// Setter for referal id (no bigintval, or nicknames will fail!) +function setReferalId ($refid) { + $GLOBALS['refid'] = $refid; +} + +// Checks if 'refid' is valid +function isReferalIdValid () { + return ((isset($GLOBALS['refid'])) && (getReferalId() !== NULL) && (getReferalId() > 0)); +} + +// Getter for referal id +function getReferalId () { + return $GLOBALS['refid']; +} + //----------------------------------------------------------------------------- // Automatically re-created functions, all taken from user comments on www.php.net //----------------------------------------------------------------------------- -// if (!function_exists('html_entity_decode')) { // Taken from documentation on www.php.net function html_entity_decode ($string) { @@ -2518,29 +2379,5 @@ if (!function_exists('html_entity_decode')) { } } // END - if -if (!function_exists('http_build_query')) { - // Taken from documentation on www.php.net, credits to Marco K. (Germany) and some light mods by R.Haeder - function http_build_query($data, $prefix = '', $sep = '', $key = '') { - $ret = array(); - foreach ((array) $data as $k => $v) { - if (is_int($k) && $prefix != null) { - $k = urlencode($prefix . $k); - } // END - if - - if ((!empty($key)) || ($key === 0)) $k = $key . '[' . urlencode($k) . ']'; - - if (is_array($v) || is_object($v)) { - array_push($ret, http_build_query($v, '', $sep, $k)); - } else { - array_push($ret, $k.'='.urlencode($v)); - } - } // END - foreach - - if (empty($sep)) $sep = ini_get('arg_separator.output'); - - return implode($sep, $ret); - } -} // END - if - // [EOF] ?>