"); + debug_print_backtrace(); + die("Thank you for your help finding bugs."); + } // END - if + // Output cached HTML code $OUTPUT = ob_get_contents(); // Clear output buffer for later output ob_end_clean(); - if ((EXT_IS_ACTIVE("rewrite", true)) && (function_exists('REWRITE_LINKS')) && ($CSS != "1") && ($CSS != "-1")) { + // Send HTTP header + header("HTTP/1.1 200"); + + // Used later + $now = gmdate('D, d M Y H:i:s') . ' GMT'; + + // General headers for no caching + header("Expired: " . $now); // RFC2616 - Section 14.21 + header("Last-Modified: " . $now); + header("Cache-Control: no-store, no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0"); // HTTP/1.1 + header("Pragma: no-cache"); // HTTP/1.0 + header("Connection: Close"); + + // Extension "rewrite" installed? + if ((EXT_IS_ACTIVE("rewrite")) && (function_exists('REWRITE_LINKS')) && ($CSS != "1") && ($CSS != "-1")) { $OUTPUT = REWRITE_LINKS($OUTPUT); - } + } // END - if // Compile and run finished rendered HTML code while (strpos($OUTPUT, '{!') > 0) { - $eval = "\$OUTPUT = \"" . COMPILE_CODE(addslashes($OUTPUT)) . "\";"; - eval($eval); - } + // Prepare the content and eval() it... + $newContent = ""; + $eval = "\$newContent = \"".COMPILE_CODE(addslashes($OUTPUT))."\";"; + @eval($eval); + + // Was that eval okay? + if (empty($newContent)) { + // Something went wrong! + die("Evaluation error:
".htmlentities($eval).""); + } // END - if + $OUTPUT = $newContent; + } // END - while // Output code here, DO NOT REMOVE! ;-) OUTPUT_RAW($OUTPUT); } elseif ((OUTPUT_MODE == "render") && (!empty($OUTPUT))) { // Rewrite links when rewrite extension is active - if ((EXT_IS_ACTIVE("rewrite", true)) && (function_exists('REWRITE_LINKS')) && ($CSS != "1") && ($CSS != "-1")) { + if ((EXT_IS_ACTIVE("rewrite")) && (function_exists('REWRITE_LINKS')) && ($CSS != "1") && ($CSS != "-1")) { $OUTPUT = REWRITE_LINKS($OUTPUT); - } + } // END - if // Compile and run finished rendered HTML code while (strpos($OUTPUT, '{!') > 0) { - $eval = "\$OUTPUT = \"" . COMPILE_CODE(addslashes($OUTPUT)) . "\";"; + $eval = "\$OUTPUT = \"".COMPILE_CODE(addslashes($OUTPUT))."\";"; eval($eval); - } + } // END - while // Output code here, DO NOT REMOVE! ;-) OUTPUT_RAW($OUTPUT); @@ -163,60 +211,101 @@ function OUTPUT_HTML($HTML, $NEW_LINE = true) { // Output the raw HTML code function OUTPUT_RAW ($HTML) { - if ((isBooleanConstantAndTrue('mxchange_installed')) && (basename($_SERVER['PHP_SELF']) != "install.php")) { - // Not in install-mode so strip slashes away - echo stripslashes($HTML); - } else { - // Output directly in install-mode - echo $HTML; - } - - // Flush the output - flush(); + // Output stripped HTML code to avoid broken JavaScript code, etc. + echo stripslashes(stripslashes($HTML)); + + // Flush the output if only _OB_CACHING is not "on" + if (_OB_CACHING != "on") { + // Flush it + flush(); + } // END - if } // Add a fatal error message to the queue array -function ADD_FATAL ($message, $extra="") { +function addFatalMessage ($message, $extra="") { global $FATAL; + if (empty($extra)) { // Regular text message to add to $FATAL $FATAL[] = $message; } else { // $message is text with a mask plus extras to insert into the text - $FATAL[] = sprintf($message, $extra); + $message = sprintf($message, $extra); + $FATAL[] = $message; } + + // Log fatal messages away + DEBUG_LOG(__FUNCTION__, __LINE__, " message={$message}"); +} + +// Getter for total fatal message count +function getTotalFatalMessages () { + global $FATAL; + + // Init coun + $count = 0; + + // Do we have at least the first entry? + if (!empty($FATAL[0])) { + // Get total count + $count = count($FATAL); + } // END - if + + // Return value + return $count; } // Load a template file and return it's content (only it's name; do not use ' or ") -function LOAD_TEMPLATE($template, $return=false, $content="") { +function LOAD_TEMPLATE ($template, $return=false, $content=array()) { // Add more variables which you want to use in your template files global $DATA, $_CONFIG, $username; + // Make all template names lowercase + $template = strtolower($template); + // Count the template load - if (!isset($_CONFIG['num_templates'])) $_CONFIG['num_templates'] = 0; - $_CONFIG['num_templates']++; + incrementConfigEntry('num_templates'); + + // Prepare IP number and User Agent + $REMOTE_ADDR = GET_REMOTE_ADDR(); + if (!defined('REMOTE_ADDR')) define('REMOTE_ADDR', $REMOTE_ADDR); + $HTTP_USER_AGENT = GET_USER_AGENT(); // Init some data - $ACTION = SQL_ESCAPE($GLOBALS['action']); - $WHAT = SQL_ESCAPE($GLOBALS['what']); $ret = ""; if (empty($GLOBALS['refid'])) $GLOBALS['refid'] = 0; - $REFID = $GLOBALS['refid']; + // @DEPRECATED Try to rewrite the if() condition if ($template == "member_support_form") { // Support request of a member - $result = SQL_QUERY_ESC("SELECT sex, surname, family FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", - array($GLOBALS['userid']), __FILE__, __LINE__); - list($sex, $surname, $family) = SQL_FETCHROW($result); + $result = SQL_QUERY_ESC("SELECT userid, gender, surname, family, email FROM `"._MYSQL_PREFIX."_user_data` WHERE userid=%s LIMIT 1", + array($GLOBALS['userid']), __FILE__, __LINE__); + + // Is content an array? + if (is_array($content)) { + // Merge data + $content = merge_array($content, SQL_FETCHARRAY($result)); + + // Translate gender + $content['gender'] = TRANSLATE_GENDER($content['gender']); + } else { + // DEPRECATED: Load data in direct variables + list($gender, $surname, $family, $email) = SQL_FETCHROW($result); + + // Translate gender + $gender = TRANSLATE_GENDER($gender); + DEBUG_LOG(__FUNCTION__, __LINE__, sprintf("DEPRECATION-WARNING: content is not array (%s).", gettype($content))); + } + + // Free result SQL_FREERESULT($result); - $salut = TRANSLATE_SEX($sex); - } + } // END - if // Generate date/time string $date_time = MAKE_DATETIME(time(), "1"); // Base directory - $BASE = PATH."templates/".GET_LANGUAGE()."/html/"; + $BASE = sprintf("%stemplates/%s/html/", PATH, GET_LANGUAGE()); $MODE = ""; // Check for admin/guest/member templates @@ -262,30 +351,31 @@ function LOAD_TEMPLATE($template, $return=false, $content="") { ); // Probe for it... - if (file_exists($file2)) $file = $file2; + if (FILE_READABLE($file2)) $file = $file2; // Remove variable from memory unset($file2); } // Does the special template exists? - if ((!file_exists($file)) || (!is_readable($file))) { + if (!FILE_READABLE($file)) { // Reset to default template $file = $BASE.$template.".tpl"; - } + } // END - if // Now does the final template exists? - if ((file_exists($file)) && (is_readable($file))) { + if (FILE_READABLE($file)) { // The local file does exists so we load it. :) - $tmpl_file = implode("", file($file)); + $tmpl_file = READ_FILE($file); // Replace ' to our own chars to preventing them being quoted - while (strpos($tmpl_file, "\'") !== false) { $tmpl_file = str_replace("\'", '{QUOT}', $tmpl_file); } + while (strpos($tmpl_file, "'") !== false) { $tmpl_file = str_replace("'", '{QUOT}', $tmpl_file); } // Do we have to compile the code? + $ret = ""; if ((strpos($tmpl_file, "\$") !== false) || (strpos($tmpl_file, '{--') !== false) || (strpos($tmpl_file, '--}') > 0)) { // Okay, compile it! - $tmpl_file = "\$ret=\"" . COMPILE_CODE(addslashes($tmpl_file)) . "\";"; + $tmpl_file = "\$ret=\"".COMPILE_CODE(addslashes($tmpl_file))."\";"; eval($tmpl_file); } else { // Simply return loaded code @@ -300,12 +390,16 @@ function LOAD_TEMPLATE($template, $return=false, $content="") { (".basename($file).")
".print_r($content, true)."+
".print_r($content, true)."".TEMPLATE_DATA." -
".print_r($DATA, true)."+
".print_r($DATA, true)."
+ print("\n"); + } elseif (($HTML == "Y") && (EXT_IS_ACTIVE("html_mail"))) { // Send mail as HTML away SEND_HTML_EMAIL($TO, $SUBJECT, $MSG, $FROM); } elseif (!empty($TO)) { - // Compile email - $TO = COMPILE_CODE($TO); - // Send Mail away - SEND_RAW_EMAIL($TO, COMPILE_CODE($SUBJECT), COMPILE_CODE($MSG), $FROM); - } elseif ($HTML == 'N') { + SEND_RAW_EMAIL($TO, $SUBJECT, $MSG, $FROM); + } elseif ($HTML == "N") { // Problem found! - SEND_RAW_EMAIL(WEBMASTER, COMPILE_CODE($SUBJECT), COMPILE_CODE($MSG), $FROM); + SEND_RAW_EMAIL(WEBMASTER, "[PROBLEM:]".$SUBJECT, $MSG, $FROM); } } @@ -404,7 +521,7 @@ function SEND_RAW_EMAIL ($to, $subject, $msg, $from) { // get new instance $mail = new PHPMailer(); - $mail->PluginDir = PATH."inc/phpmailer/"; + $mail->PluginDir = sprintf("%sinc/phpmailer/", PATH); $mail->IsSMTP(); $mail->SMTPAuth = true; @@ -412,7 +529,11 @@ function SEND_RAW_EMAIL ($to, $subject, $msg, $from) { $mail->Port = 25; $mail->Username = SMTP_USER; $mail->Password = SMTP_PASSWORD; - $mail->From = $from; + if (empty($from)) { + $mail->From = WEBMASTER; + } else { + $mail->From = $from; + } $mail->FromName = MAIN_TITLE; $mail->Subject = $subject; if ((EXT_IS_ACTIVE("html_mail")) && (strip_tags($msg) != $msg)) { @@ -421,7 +542,7 @@ function SEND_RAW_EMAIL ($to, $subject, $msg, $from) { $mail->WordWrap = 70; $mail->IsHTML(true); } else { - $mail->Body = $msg; + $mail->Body = html_entity_decode($msg); } $mail->AddAddress($to, ""); $mail->AddReplyTo(WEBMASTER,MAIN_TITLE); @@ -430,15 +551,15 @@ function SEND_RAW_EMAIL ($to, $subject, $msg, $from) { $mail->Send(); } else { // Use legacy mail() command - @mail($to, $subject, $msg, $from); + @mail($to, $subject, html_entity_decode($msg), $from); } } // // Generate a password in a specified length or use default password length -function GEN_PASS($LEN = 0) { - global $_CONFIG; - if ($LEN == 0) $LEN = $_CONFIG['pass_len']; +function GEN_PASS ($LEN = 0) { + // Auto-fix invalid length of zero + if ($LEN == 0) $LEN = getConfig('pass_len'); // Initialize array with all allowed chars $ABC = explode(",", "a,b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z,A,B,C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,X,Y,Z,0,1,2,3,4,5,6,7,8,9,-,+,_,/"); @@ -450,19 +571,19 @@ function GEN_PASS($LEN = 0) { $PASS = ""; for ($i = 0; $i < $LEN; $i++) { $PASS .= $ABC[mt_rand(0, sizeof($ABC) -1)]; - } + } // END - for // When the size is below 40 we can also add additional security by scrambling it if (strlen($PASS) <= 40) { // Also scramble the password $PASS = scrambleString($PASS); - } + } // END - if // Return the password return $PASS; } // -function MAKE_DATETIME($time, $mode="0") +function MAKE_DATETIME ($time, $mode="0") { if ($time == 0) { // Never happend @@ -475,144 +596,120 @@ function MAKE_DATETIME($time, $mode="0") switch (GET_LANGUAGE()) { case "de": // German date / time format - switch ($mode) - { + switch ($mode) { case "0": $ret = date("d.m.Y \u\m H:i \U\h\\r", $time); break; case "1": $ret = strtolower(date("d.m.Y - H:i", $time)); break; case "2": $ret = date("d.m.Y|H:i", $time); break; case "3": $ret = date("d.m.Y", $time); break; + default: + DEBUG_LOG(__FUNCTION__, __LINE__, sprintf("Invalid date mode %s detected.", $mode)); + break; } break; default: // Default is the US date / time format! - switch ($mode) - { + switch ($mode) { case "0": $ret = date("r", $time); break; case "1": $ret = date("Y-m-d - g:i A", $time); break; case "2": $ret = date("y-m-d|H:i", $time); break; case "3": $ret = date("y-m-d", $time); break; + default: + DEBUG_LOG(__FUNCTION__, __LINE__, sprintf("Invalid date mode %s detected.", $mode)); + break; } } return $ret; } // Translates the american decimal dot into a german comma -function TRANSLATE_COMMA($dotted, $cut=true) -{ +function TRANSLATE_COMMA ($dotted, $cut=true, $max=0) { global $_CONFIG; + // Default is 3 you can change this in admin area "Misc -> Misc Options" - if (empty($_CONFIG['max_comma'])) $_CONFIG['max_comma'] = "3"; - if (!ereg("\.", $dotted)) $dotted .= ".".str_repeat("0", $_CONFIG['max_comma']); - if ($cut) { - // Remove trailing zeros - $dot = str_replace(".", "x", $dotted); - while(substr($dot, -1, 1) == "0") { - $dot = substr($dot, 0, -1); - } + if (getConfig('max_comma') == null) $_CONFIG['max_comma'] = "3"; - if (substr($dot, -1, 1) == "x") { - // Last char is the 'x' - $dotted = substr($dot, 0, -1); - } else { - // Last char is a number - $dotted = str_replace("x", ".", $dot); + // Use from config is default + $maxComma = getConfig('max_comma'); + + // Use from parameter? + if ($max > 0) $maxComma = $max; + + // Cut zeros off? + if (($cut) && ($max == 0)) { + // Test for commata if in cut-mode + $com = explode(".", $dotted); + if (count($com) < 2) { + // Don't display commatas even if there are none... ;-) + $maxComma = 0; } - } + } // END - if + + // Debug log + //* DEBUG: */ DEBUG_LOG(__FUNCTION__, __LINE__, "dotted={$dotted},maxComma={$maxComma}"); // Translate it now switch (GET_LANGUAGE()) { case "de": - $pos = strpos($dotted, "."); - if ($pos > 0) { - if ($cut) { - // Cut x numbers behind comma - $dotted = str_replace(".", ",", substr($dotted, 0, ($pos + $_CONFIG['max_comma'] + 1))); - } else { - // Replace comma with dot - $dotted = str_replace(".", ",", $dotted); - } - } elseif (!$cut) { - if (empty($pos)) { - $dotted = "0,".str_repeat("0", $_CONFIG['max_comma']); - } else { - $dotted .= ",".str_repeat("0", $_CONFIG['max_comma']); - } - } + $dotted = number_format($dotted, $maxComma, ",", "."); break; default: - if (!$cut) { - if ($pos > 0) { - $dotted = substr($dotted, 0, ($pos + $_CONFIG['max_comma'] + 1)); - } else { - $dotted .= ".".str_repeat("0", $_CONFIG['max_comma']); - } - } + $dotted = number_format($dotted, $maxComma, ".", ","); break; } + + // Return translated value return $dotted; } // -function DEREFERER($URL) { - $URL = URL."/modules.php?module=loader&url=".urlencode(base64_encode(COMPILE_CODE($URL))); +function DEREFERER ($URL) { + // Don't de-refer our own links! + if (substr($URL, 0, strlen(URL)) != URL) { + // De-refer this link + $URL = "modules.php?module=loader&url=".urlencode(base64_encode(gzcompress($URL))); + } // END - if + + // Return link return $URL; } // -function TRANSLATE_SEX($sex) { - switch ($sex) - { - case "M": $ret = SEX_M; break; - case "F": $ret = SEX_F; break; - case "C": $ret = SEX_C; break; - default : $ret = $sex; break; - } - return $ret; -} -// -function GET_POOL_TYPE($PT) -{ - switch ($PT) +function TRANSLATE_GENDER ($gender) { + switch ($gender) { - case "TEMP" : $ret = POOL_TEMP; break; - case "SEND" : $ret = POOL_SEND; break; - case "NEW" : $ret = POOL_NEW; break; - case "ADMIN" : $ret = POOL_ADMIN; break; - case "ACTIVE" : $ret = POOL_ACTIVE; break; - case "DELETED": $ret = POOL_DELETED; break; - default : $ret = POOL_UNKNOWN." (".$PT.")"; break; + case "M": $ret = GENDER_M; break; + case "F": $ret = GENDER_F; break; + case "C": $ret = GENDER_C; break; + default : $ret = $gender; break; } return $ret; } // -function FRAMETESTER($URL) -{ - global $_SERVER; - $URL = URL."/modules.php?module=frametester&url=".urlencode(base64_encode(COMPILE_CODE($URL))); - return $URL; +function FRAMETESTER($URL) { + // Prepare frametester URL + $frametesterUrl = sprintf("%s/modules.php?module=frametester&url=%s", + URL, + urlencode(base64_encode(gzcompress(COMPILE_CODE($URL)))) + ); + return $frametesterUrl; } // -function SELECTION_COUNT($array) -{ - $ret = "0"; - if (is_array($array)) - { - foreach ($array as $key=>$sel) - { +function SELECTION_COUNT($array) { + $ret = 0; + if (is_array($array)) { + foreach ($array as $key => $sel) { if (!empty($sel)) $ret++; } } return $ret; } // -function IMG_CODE ($code, $type, $DATA, $uid) -{ +function IMG_CODE ($code, $type, $DATA, $uid) { return ""; } // -function TRANSLATE_STATUS($status) -{ +function TRANSLATE_STATUS($status) { switch ($status) { case "UNCONFIRMED": @@ -627,7 +724,13 @@ function TRANSLATE_STATUS($status) $ret = ACCOUNT_LOCKED; break; + case "": + case null: + $ret = ACCOUNT_DELETED; + break; + default: + DEBUG_LOG(__FUNCTION__, __LINE__, sprintf("Unknown status %s detected.", $status)); $ret = UNKNOWN_STATUS_1.$status.UNKNOWN_STATUS_2; break; } @@ -635,21 +738,24 @@ function TRANSLATE_STATUS($status) } // function GET_LANGUAGE() { - if (!empty($_GET['mx_lang'])) { - // Accept only first 2 chars - $lang = substr($_GET['mx_lang'], 0, 2); - } else { - // Do nothing - $lang = ""; - } + global $cacheArray; // Set default return value to default language from config $ret = DEFAULT_LANG; - // Check GET variable and cookie - if (!empty($lang)) { + // Init variable + $lang = ""; + + // Is the variable set + if (!empty($_GET['mx_lang'])) { + // Accept only first 2 chars + $lang = substr($_GET['mx_lang'], 0, 2); + } elseif (isset($cacheArray['language'])) { + // Use cached + $ret = $cacheArray['language']; + } elseif (!empty($lang)) { // Check if main language file does exist - if (file_exists(PATH."inc/language/".$lang.".php")) { + if (FILE_READABLE(PATH."inc/language/".$lang.".php")) { // Okay found, so let's update cookies SET_LANGUAGE($lang); } @@ -660,170 +766,107 @@ function GET_LANGUAGE() { // Fixes a warning before the session has the mx_lang constant if (empty($ret)) $ret = DEFAULT_LANG; } + + // Cache entry + $cacheArray['language'] = $ret; + + // Return value return $ret; } // -function SET_LANGUAGE($lang) { - global $_CONFIG; - +function SET_LANGUAGE ($lang) { // Accept only first 2 chars! $lang = substr(SQL_ESCAPE(strip_tags($lang)), 0, 2); // Set cookie - set_session("mx_lang", $lang); + set_session('mx_lang', $lang); } // -function LOAD_EMAIL_TEMPLATE($template, $content="", $UID="0") { - global $DATA, $_CONFIG, $REPLACER; +function LOAD_EMAIL_TEMPLATE($template, $content=array(), $UID="0") { + global $DATA, $REPLACER, $_CONFIG; + + // Make sure all template names are lowercase! + $template = strtolower($template); - // Keept for backward-compatiblity (please replace these variables against our new {--CONST--} syntax!) - $MAIN_TITLE = MAIN_TITLE; $URL = URL; $WEBMASTER = WEBMASTER; - $surname = ""; $family = ""; $nick = ""; $sex = 'N'; + // Default "nickname" if extension is not installed + $nick = "---"; + + // Keept for backward-compatiblity (please replace these variables against our new {!CONST!} syntax!) + // No longer used: $MAIN_TITLE = MAIN_TITLE; $URL = URL; $WEBMASTER = WEBMASTER; // Prepare IP number and User Agent - $REMOTE_ADDR = getenv('REMOTE_ADDR'); - $HTTP_USER_AGENT = getenv('HTTP_USER_AGENT'); + $REMOTE_ADDR = GET_REMOTE_ADDR(); + $HTTP_USER_AGENT = GET_USER_AGENT(); + // Default admin $ADMIN = MAIN_TITLE; - if (isSessionVariableSet('admin_login')) { + + // Is the admin logged in? + if (IS_ADMIN()) { + // Get admin id + $aid = GET_CURRENT_ADMIN_ID(); + // Load Admin data - $result = SQL_QUERY_ESC("SELECT email FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1", - array(SQL_ESCAPE(get_session('admin_login'))), __FILE__, __LINE__); - list($ADMIN) = SQL_FETCHROW($result); - SQL_FREERESULT($result); - } + $ADMIN = GET_ADMIN_EMAIL($aid); + } // END - if + + // Neutral email address is default + $email = WEBMASTER; // Expiration in a nice output format - if ($_CONFIG['auto_purge'] == 0) { + if (getConfig('auto_purge') == 0) { // Will never expire! $EXPIRATION = MAIL_WILL_NEVER_EXPIRE; } elseif (function_exists('CREATE_FANCY_TIME')) { // Create nice date string - $EXPIRATION = CREATE_FANCY_TIME($_CONFIG['auto_purge']); + $EXPIRATION = CREATE_FANCY_TIME(getConfig('auto_purge')); } else { // Display days only - $EXPIRATION = round($_CONFIG['auto_purge']/60/60/24)." "._DAYS; + $EXPIRATION = round(getConfig('auto_purge')/60/60/24)." "._DAYS; } - switch ($template) - { - case "bonus-mail": // Load data for the bonus mail - $BONUSID = $DATA[0]; - $content = $DATA[2]; - $points = TRANSLATE_COMMA($DATA[4]); - $TIME = $DATA[5]; - $TARGET_URL = $DATA[8]; - $CATEGORY = GET_CATEGORY($DATA[9]); - $DATA[10] = $UID; - - // Replace variables - foreach ($REPLACER as $key=>$value) - { - if (isset($DATA[$key])) $content = str_replace($value, $DATA[$key], $content); - } - break; - - case "order-admin": - case "order-member": - $BLOCKS = $_CONFIG['max_send']; - $SUBJECT = $DATA[0]; - $content = $DATA[1]; - $PAYMENT = GET_PAYMENT($DATA[3]); - $TARGET_URL = $DATA[5]; - $CATEGORY = GET_CATEGORY($DATA[6]); - break; - - case "order-reject": - case "order-deleted": - case "order-accept": - $TARGET_URL = $DATA[0]; - $URL = $DATA[0]; - $SUBJECT = $DATA[1]; - break; - - case "new-pass": - $PASS = $DATA[0]; - $REMOTE = $DATA[1]; - break; - - case "confirm-member": - $points = $_CONFIG['points_register']; - break; - - case "confirm-referral": - $PERCENT = $DATA[0]; - $LEVEL = $DATA[1]; - $points = $DATA[2]; - $REFID = $DATA[3]; - break; - - case "normal-mail": - $SEND_UID = $DATA[1]; - $CATEGORY = GET_CATEGORY($DATA[9]); - $TIME = GET_PAY_POINTS($DATA[5], "time"); - $TARGET_URL = $DATA[7]; - $points = TRANSLATE_COMMA(GET_PAY_POINTS($DATA[5], "payment")); - // Warning! This ID has changed from 10 to 11! - $MAILID = $DATA[11]; - - // Replace variables - foreach ($REPLACER as $key=>$value) - { - if (isset($DATA[$key])) $content = str_replace($value, $DATA[$key], $content); - } - break; - - case "done-member": - case "done-admin": - $SEND_UID = $DATA[1]; - $CATEGORY = GET_CATEGORY($DATA[9]); - $TARGET_URL = $DATA[7]; - break; - - case "back-admin": - case "back-member": - $points = TRANSLATE_COMMA($DATA[10]); - break; - - case "add-points": - $points = bigintval($_POST['points']); - break; - - case "guest_request_confirm": - $HASH = $DATA[2]; - break; - } + // Is content an array? + if (is_array($content)) { + // Add expiration to array, $EXPIRATION is now deprecated! + $content['expiration'] = $EXPIRATION; + } // END - if // Load user's data - if ($UID > 0) { + //* DEBUG: */ print __FUNCTION__."(".__LINE__."):UID={$UID},template={$template},content[]=".gettype($content)."".htmlentities(trim($FROM))." To : ".$TO." Subject : ".$SUBJECT." Message : ".$MSG." -\n"; - } elseif (($HTML == 'Y') && (EXT_IS_ACTIVE("html_mail", true))) { +
".print_r($content, true)."+
".print_r($content, true)."".TEMPLATE_DATA." -
".print_r($DATA, true)."+
".print_r($DATA, true)."
"; + debug_print_backtrace(); + die(""); + */ + $OUTPUT = ob_get_contents(); + + // Clear it only if there is content + if (!empty($OUTPUT)) { + ob_end_clean(); + } // END - if // Add some data to URL if cookies are not accepted if (((!defined('__COOKIES')) || (!__COOKIES)) && ($addUrlData)) $URL = ADD_URL_DATA($URL); // Probe for bot from search engine - if ((eregi("spider", getenv('HTTP_USER_AGENT'))) || (eregi("bot", getenv('HTTP_USER_AGENT'))) || (eregi("spider", getenv('HTTP_USER_AGENT')))) { + if ((eregi("spider", GET_USER_AGENT())) || (eregi("bot", GET_USER_AGENT()))) { // Search engine bot detected so let's rewrite many chars for the link $URL = htmlentities(strip_tags($URL), ENT_QUOTES); @@ -926,11 +984,16 @@ function LOAD_URL($URL, $addUrlData=true) { OUTPUT_HTML("".$URL.""); } elseif (!headers_sent()) { // Load URL when headers are not sent + /* + print("
"); + debug_print_backtrace(); + die("URL={$URL}"); + */ @header ("Location: ".str_replace("&", "&", $URL)); } else { // Output error message include(PATH."inc/header.php"); - OUTPUT_HTML(LOAD_URL_ERROR_1.$URL.LOAD_URL_ERROR_2); + LOAD_TEMPLATE("redirect_url", false, str_replace("&", "&", $URL)); include(PATH."inc/footer.php"); } exit(); @@ -938,6 +1001,12 @@ function LOAD_URL($URL, $addUrlData=true) { // function COMPILE_CODE($code, $simple = false, $constants = true, $full = true) { global $SEC_CHARS, $URL_CHARS; + // Is the code a string? + if (!is_string($code)) { + // Silently return it + return $code; + } // END - if + $ARRAY = $SEC_CHARS; // Select smaller set of chars to replace when we e.g. want to compile URLs @@ -947,21 +1016,21 @@ function COMPILE_CODE($code, $simple = false, $constants = true, $full = true) { if ($constants) { // BEFORE 0.2.1 : Language and data constants // WITH 0.2.1+ : Only language constants - $code = str_replace('{--', '".', str_replace('--}', '."', $code)); + $code = str_replace('{--','".', str_replace('--}','."', $code)); // BEFORE 0.2.1 : Not used // WITH 0.2.1+ : Data constants - $code = str_replace('{!', '".', str_replace("!}", '."', $code)); - } + $code = str_replace('{!','".', str_replace("!}", '."', $code)); + } // END - if // Compile QUOT and other non-HTML codes foreach ($ARRAY['to'] as $k => $to) { // Do the reversed thing as in inc/libs/security_functions.php $code = str_replace($to, $ARRAY['from'][$k], $code); - } + } // END - foreach // But shall I keep simple quotes for later use? - if ($simple) $code = str_replace("\'", '{QUOT}', $code); + if ($simple) $code = str_replace("'", '{QUOT}', $code); // Find $content[bla][blub] entries @preg_match_all('/\$(content|DATA)((\[([a-zA-Z0-9-_]+)\])*)/', $code, $matches); @@ -970,22 +1039,44 @@ function COMPILE_CODE($code, $simple = false, $constants = true, $full = true) { if ((count($matches) > 0) && (count($matches[0]) > 0)) { // Replace all matches $matchesFound = array(); - foreach ($matches[0] as $key=>$match) { - // Avoid replacing matches multiple times - if (!isset($matchesFound[$match])) { - // Not yet replaced! - $code = str_replace($match, "\".".$match.".\"", $code); - $matchesFound[$match] = 1; - } + foreach ($matches[0] as $key => $match) { + // Fuzzy look has failed by default + $fuzzyFound = false; + + // Fuzzy look on match if already found + foreach ($matchesFound as $found => $set) { + // Get test part + $test = substr($found, 0, strlen($match)); + + // Does this entry exist? + //* DEBUG: */ print __FUNCTION__."(".__LINE__."):found={$found},match={$match},set={$set}