X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=inc%2Ffunctions.php;h=b6083824ef45981a8d8d594c5bd3b9a03a6832f1;hb=f1bd377294fb23a46edc085f83e735c7d3a7d4f0;hp=a941932a6ca5d471dbe8008484b418f6c5802fbd;hpb=f284a776f8a824cc8a87dc391e2b4560693d9265;p=mailer.git
diff --git a/inc/functions.php b/inc/functions.php
index a941932a6c..b6083824ef 100644
--- a/inc/functions.php
+++ b/inc/functions.php
@@ -89,27 +89,26 @@ function generatePassword ($length = '0', $exclude = array()) {
$length = getPassLen();
} // END - if
- // Initialize array with all allowed chars
- $ABC = explode(',', 'a,b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z,A,B,C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,X,Y,Z,0,1,2,3,4,5,6,7,8,9,-,+,_,/,.');
-
// Exclude some entries
- $ABC = array_diff($ABC, $exclude);
+ $localAbc = array_diff($GLOBALS['_abc'], $exclude);
// Start creating password
- $PASS = '';
- for ($i = '0'; $i < $length; $i++) {
- $PASS .= $ABC[mt_rand(0, count($ABC) -1)];
- } // END - for
+ $password = '';
+ while (strlen($password) < $length) {
+ $password .= $localAbc[mt_rand(0, count($localAbc) -1)];
+ } // END - while
- // When the size is below 40 we can also add additional security by scrambling
- // it. Otherwise we may corrupt hashes
- if (strlen($PASS) <= 40) {
+ /*
+ * When the size is below 40 we can also add additional security by
+ * scrambling it. Otherwise the hash may corrupted..
+ */
+ if (strlen($password) <= 40) {
// Also scramble the password
- $PASS = scrambleString($PASS);
+ $password = scrambleString($password);
} // END - if
// Return the password
- return $PASS;
+ return $password;
}
// Generates a human-readable timestamp from the Uni* stamp
@@ -332,15 +331,18 @@ function translateMenuVisibleLocked ($content, $prefix = '') {
// Generates an URL for the dereferer
function generateDereferrerUrl ($url) {
// Don't de-refer our own links!
- if (substr($url, 0, strlen(getUrl())) != getUrl()) {
+ if ((!empty($url)) && (substr($url, 0, strlen(getUrl())) != getUrl())) {
// Encode URL
$encodedUrl = encodeString(compileUriCode($url));
- // Log plain URL
- //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'url=' . $url);
+ // Generate hash
+ $hash = generateHash($url . getSiteKey() . getDateKey());
+
+ // Log plain URL and hash
+ //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'url=' . $url . ',hash=' . $hash . '(' . strlen($hash) . ')');
// De-refer this URL
- $url = '{%url=modules.php?module=loader&url=' . $encodedUrl . '&hash=' . encodeHashForCookie(generateHash($url)) . '%}';
+ $url = '{%url=modules.php?module=loader&url=' . $encodedUrl . '&hash=' . encodeHashForCookie($hash) . '&salt=' . substr($hash, 0, getSaltLength()) . '%}';
} // END - if
// Return link
@@ -707,7 +709,7 @@ function isUrlValid ($url, $compile = TRUE) {
// Generate a hash for extra-security for all passwords
function generateHash ($plainText, $salt = '', $hash = TRUE) {
// Debug output
- //* DEBUG: */ debugOutput('plainText('.strlen($plainText).')=' . $plainText . ',salt('.strlen($salt).')=' . $salt . ',hash=' . intval($hash));
+ //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'plainText('.strlen($plainText).')=' . $plainText . ',salt('.strlen($salt).')=' . $salt . ',hash=' . intval($hash));
// Is the required extension 'sql_patches' there and a salt is not given?
// 123 4 43 3 4 432 2 3 32 2 3 32 2 3 3 21
@@ -744,20 +746,20 @@ function generateHash ($plainText, $salt = '', $hash = TRUE) {
// Generate SHA1 sum from modula of number and the prime number
$sha1 = sha1(($a % getPrime()) . $server . getEncryptSeparator() . $keys . getEncryptSeparator() . $data . getEncryptSeparator() . getDateKey() . getEncryptSeparator() . $a);
- //* DEBUG: */ debugOutput('SHA1=' . $sha1.' ('.strlen($sha1).')
');
+ //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'SHA1=' . $sha1.' ('.strlen($sha1).')');
$sha1 = scrambleString($sha1);
- //* DEBUG: */ debugOutput('Scrambled=' . $sha1.' ('.strlen($sha1).')
');
+ //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'Scrambled=' . $sha1.' ('.strlen($sha1).')');
//* DEBUG: */ $sha1b = descrambleString($sha1);
- //* DEBUG: */ debugOutput('Descrambled=' . $sha1b.' ('.strlen($sha1b).')
');
+ //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'Descrambled=' . $sha1b.' ('.strlen($sha1b).')');
// Generate the password salt string
$salt = substr($sha1, 0, getSaltLength());
- //* DEBUG: */ debugOutput($salt.' ('.strlen($salt).')
');
+ //* DEBUG: */ debugOutput($salt.' ('.strlen($salt).')');
} else {
// Use given salt
- //* DEBUG: */ debugOutput('salt=' . $salt);
+ //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'salt=' . $salt);
$salt = substr($salt, 0, getSaltLength());
- //* DEBUG: */ debugOutput('salt=' . $salt . '(' . strlen($salt) . '/' . getSaltLength() . ')
');
+ //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'salt=' . $salt . '(' . strlen($salt) . '/' . getSaltLength() . ')');
// Sanity check on salt
if (strlen($salt) != getSaltLength()) {
@@ -770,7 +772,7 @@ function generateHash ($plainText, $salt = '', $hash = TRUE) {
$finalHash = $salt . sha1($salt . $plainText);
// Debug output
- //* DEBUG: */ debugOutput('finalHash('.strlen($finalHash).')=' . $finalHash);
+ //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'finalHash('.strlen($finalHash).')=' . $finalHash);
// Return hash
return $finalHash;
@@ -875,32 +877,39 @@ function encodeHashForCookie ($passHash) {
//* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, strlen($passHash) . '/' . strlen(getSecretKey()));
if ((strlen($passHash) != 49) || (strlen(getSecretKey()) != 40)) {
// Both keys must have same length so return unencrypted
- //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, strlen($passHash) . '!=49/' . strlen(getSecretKey()) . '!=40');
+ //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, strlen($passHash) . '!=49/' . strlen(getSecretKey()) . '!=40 - EXIT!');
return $ret;
} // END - if
$newHash = ''; $start = 9;
//* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'passHash=' . $passHash . '(' . strlen($passHash) . ')');
for ($idx = 0; $idx < 20; $idx++) {
- $part1 = hexdec(substr($passHash, ($idx * 2) + (strlen($passHash) - strlen(getSecretKey())), 2));
+ // Get hash parts and convert them (00-FF) to matching ASCII value (0-255)
+ $part1 = hexdec(substr($passHash , $start, 2));
$part2 = hexdec(substr(getSecretKey(), $start, 2));
- //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'part1=' . $part1 . '/part2=' . $part2);
+
+ // Default is hexadecimal of index if both are same
$mod = dechex($idx);
+ // Is part1 larger or part2 than its counter part?
if ($part1 > $part2) {
+ // part1 is larger
$mod = dechex(sqrt(($part1 - $part2) * getPrime() / pi()));
} elseif ($part2 > $part1) {
+ // part2 is larger
$mod = dechex(sqrt(($part2 - $part1) * getPrime() / pi()));
}
+
$mod = substr($mod, 0, 2);
- //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'part1=' . $part1 . '/part2=' . $part2 . '/mod=' . $mod . '(' . strlen($mod) . ')');
- $mod = str_repeat(0, (2 - strlen($mod))) . $mod;
+ //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'idx=' . $idx . ',part1=' . $part1 . '/part2=' . $part2 . '/mod=' . $mod . '(' . strlen($mod) . ')');
+ $mod = str_repeat('0', (2 - strlen($mod))) . $mod;
//* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'mod(' . ($idx * 2) . ')=' . $mod . '*');
$start += 2;
$newHash .= $mod;
} // END - for
- //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, $passHash . ',' . $newHash . ' (' . strlen($newHash) . ')');
- $ret = generateHash($newHash, getMasterSalt());
+ // Just copy it over, as the master salt is not really helpful here
+ //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, $passHash . '(' . strlen($passHash) . '),' . $newHash . ' (' . strlen($newHash) . ')');
+ $ret = $newHash;
} // END - if
// Return result
@@ -1330,6 +1339,54 @@ function handleExtraValues ($filterFunction, $value, $extraValue) {
return $ret;
}
+// Tries to determine if call-back functions and/or extra values shall be parsed
+function doHandleExtraValues ($filterFunctions, $extraValues, $key, $entries, $userIdColumn, $search) {
+ // Debug message
+ /* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'key=' . $key . ',entries=' . $entries . ',userIdColumn=' . $userIdColumn[0] . ',search=' . $search . ',filterFunctions=' . print_r($filterFunctions, TRUE) . ',extraValues=' . print_r($extraValues, TRUE));
+
+ // Send data through the filter function if found
+ if ($key == $userIdColumn[0]) {
+ // Is the userid, we have to process it with convertZeroToNull()
+ $entries = convertZeroToNull($entries);
+ } elseif ((!empty($filterFunctions[$key])) && (isset($extraValues[$key]))) {
+ // Debug mode enabled?
+ if (isDebugModeEnabled()) {
+ // Then log it
+ /* NOISY-DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'search=' . $search . ',filterFunctions=' . $filterFunctions[$search] . ',extraValues=' . $extraValues[$key] . ',key=' . $key . ',id=' . $id . ',entries[' . gettype($entries) . ']=' . $entries . ' - BEFORE!');
+ } // END - if
+
+ // Filter function + extra value set
+ $entries = handleExtraValues($filterFunctions[$key], $entries, $extraValues[$key]);
+
+ // Debug mode enabled?
+ if (isDebugModeEnabled()) {
+ // Then log it
+ /* NOISY-DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'search=' . $search . ',filterFunctions=' . $filterFunctions[$search] . ',extraValues=' . $extraValues[$key] . ',key=' . $key . ',id=' . $id . ',entries[' . gettype($entries) . ']=' . $entries . ' - AFTER!');
+ } // END - if
+ } elseif (!empty($filterFunctions[$search])) {
+ // Debug mode enabled?
+ if (isDebugModeEnabled()) {
+ // Then log it
+ /* NOISY-DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'search=' . $search . ',filterFunctions=' . $filterFunctions[$search] . ',key=' . $key . ',search=' . $search . ',entries[' . gettype($entries) . ']=' . $entries . ' - BEFORE!');
+ } // END - if
+
+ // Handle extra values
+ $entries = handleExtraValues($filterFunctions[$search], $entries, NULL);
+
+ // Debug mode enabled?
+ if (isDebugModeEnabled()) {
+ // Then log it
+ /* NOISY-DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'search=' . $search . ',filterFunctions=' . $filterFunctions[$search] . ',key=' . $key . ',search=' . $search . ',entries[' . gettype($entries) . ']=' . $entries . ' - AFTER!');
+ } // END - if
+
+ // Make sure entries is not bool, then something went wrong
+ assert(!is_bool($entries));
+ }
+
+ // Return value
+ return $entries;
+}
+
// Converts timestamp selections into a timestamp
function convertSelectionsToEpocheTime (array &$postData, array &$content, &$id, &$skip) {
// Init test variable
@@ -1873,8 +1930,9 @@ function encodeUrl ($url, $outputMode = '0') {
$separator = '?';
} // END - if
- // Add it to URL
+ // Is the session id set?
if (session_id() != '') {
+ // Then add it to URL
$url .= $separator . session_name() . '=' . session_id();
} // END - if
} // END - if
@@ -1885,10 +1943,15 @@ function encodeUrl ($url, $outputMode = '0') {
$url = '{?URL?}/' . $url;
} // END - if
+ // Debug message
+ //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'url=' . $url . ',isHtmlOutputMode()=' . intval(isHtmlOutputMode()) . ',outputMode=' . $outputMode);
+
// Is there to decode entities?
if ((!isHtmlOutputMode()) || ($outputMode != '0')) {
+ //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'url=' . $url . ' - BEFORE DECODING');
// Decode them for e.g. JavaScript parts
$url = decodeEntities($url);
+ //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'url=' . $url . ' - AFTER DECODING');
} // END - if
// Debug log
@@ -1903,10 +1966,10 @@ function isSpider () {
// Get the UA and trim it down
$userAgent = trim(detectUserAgent(TRUE));
- // It should not be empty, if so it is better a spider/bot
+ // It should not be empty, if so it is better a browser
if (empty($userAgent)) {
- // It is a spider/bot
- return TRUE;
+ // It is a browser that blocks its UA string
+ return FALSE;
} // END - if
// Is it a spider?