X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=libs%2Flib_general.php;h=21cd6ab0df3d5bfa4d3ce4856d9d953b6297fe3c;hb=e6f94c5bb5f99efcffa64abc47f1bb0d6cef22b9;hp=b3db3ef3d75bbc72dbfb6e73f74d2c388db0fab0;hpb=2685c934e37fff93bf337dcf52853ae4d906077e;p=ctracker.git diff --git a/libs/lib_general.php b/libs/lib_general.php index b3db3ef..21cd6ab 100644 --- a/libs/lib_general.php +++ b/libs/lib_general.php @@ -4,7 +4,7 @@ * * @author Roland Haeder * @version 3.0.0 - * @copyright Copyright (c) 2009 Cracker Tracker Team + * @copyright Copyright (c) 2009 - 2011 Cracker Tracker Team * @license GNU GPL 3.0 or any newer version * @link http://www.ship-simu.org * @@ -73,38 +73,44 @@ if (!function_exists('implode_secure')) { } // END - function } // END - if -// Getter for ctracker_debug +// Getter for ctracker_debug_enabled function isCrackerTrackerDebug () { // Is it set? - return ((isset($GLOBALS['ctracker_debug'])) && ($GLOBALS['ctracker_debug'] === true)); + return ((isset($GLOBALS['ctracker_debug_enabled'])) && ($GLOBALS['ctracker_debug_enabled'] === TRUE)); } // Determines the real remote address -function determineRealRemoteAddress () { +function determineCrackerTrackerRealRemoteAddress () { + // Initial value + $address = '0.0.0.0'; + // Is a proxy in use? if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) { // Proxy was used - $address = $_SERVER['HTTP_X_FORWARDED_FOR']; + $address = trim($_SERVER['HTTP_X_FORWARDED_FOR']); } elseif (isset($_SERVER['HTTP_CLIENT_IP'])) { // Yet, another proxy - $address = $_SERVER['HTTP_CLIENT_IP']; - } else { + $address = trim($_SERVER['HTTP_CLIENT_IP']); + } elseif (isset($_SERVER['REMOTE_ADDR'])) { // The regular address when no proxy was used - $address = $_SERVER['REMOTE_ADDR']; + $address = trim(getenv('REMOTE_ADDR')); } - // This strips out the real address from proxy output - if (strstr($address, ',')) { + if ($address == 'unknown') { + // Invalid IP somehow given + $address = '0.0.0.0'; + } elseif (strstr($address, ',')) { + // This strips out the real address from proxy output $addressArray = explode(',', $address); $address = $addressArray[0]; - } // END - if + } // Return the result return $address; } // Determine if a proxy was used -function isProxyUsed () { +function isCrackerTrackerProxyUsed () { // Check if specific entries are set $proxyUsed = ((isset($_SERVER['HTTP_X_FORWARDED_FOR'])) || (isset($_SERVER['HTTP_CLIENT_IP']))); @@ -112,5 +118,387 @@ function isProxyUsed () { return $proxyUsed; } +// Detects the user-agent string +function crackerTrackerUserAgent () { + // Default is 'unknown' + $ua = 'unknown'; + + // Is the entry there? + if (isset($_SERVER['HTTP_USER_AGENT'])) { + // Then use it securely + $ua = crackerTrackerSecureString($_SERVER['HTTP_USER_AGENT']); + } // END - if + + // Return it + return $ua; +} + +// Detects the script name +function crackerTrackerScriptName () { + // Is it there? + if (!isset($_SERVER['SCRIPT_NAME'])) { + // Return NULL + return NULL; + } // END - if + + // Should always be there! + return crackerTrackerSecureString($_SERVER['SCRIPT_NAME']); +} + +// Detects the query string +function crackerTrackerQueryString () { + // Is it there? + if (!isset($_SERVER['QUERY_STRING'])) { + // Return NULL + return NULL; + } // END - if + + // Should always be there! + return crackerTrackerEscapeString(urldecode($_SERVER['QUERY_STRING'])); +} + +// Detects the server's name +function crackerTrackerServerName () { + // Is it there? + if (!isset($_SERVER['SERVER_NAME'])) { + // Return NULL + return NULL; + } // END - if + + // Should always be there! + return crackerTrackerSecureString($_SERVER['SERVER_NAME']); +} + +// Detects the referer +function crackerTrackerReferer () { + // Default is a dash + $referer = '-'; + + // Is it there? + if (isset($_SERVER['HTTP_REFERER'])) { + // Then use it securely + $referer = crackerTrackerSecureString(urldecode($_SERVER['HTTP_REFERER'])); + } // END - if + + // Return it + return $referer; +} + +// Detects the scripts path +function crackerTrackerScriptPath () { + // Should always be there! + $path = dirname(crackerTrackerScriptName()) . '/'; + + // Return detected path + return $path; +} + +// Detects wether we have SSL +function crackerTrackerSecured () { + // Detect it + $ssl = ((isset($_SERVER['HTTPS'])) && ($_SERVER['HTTPS'] != 'off')); + + // Return result + return $ssl; +} + +// Secures a string by escaping it and passing it through strip_tags,htmlentities-chain +function crackerTrackerSecureString ($str) { + // First escape it + $str = crackerTrackerEscapeString($str); + + // Then pass it through the functions + $str = htmlentities(strip_tags($str), ENT_QUOTES); + + // Return it + return $str; +} + +// Is the file there and readable? +function isCrackerTrackerFileFound ($FQFN) { + // Simply check it + return ((file_exists($FQFN)) && (is_readable($FQFN))); +} + +// Loads a given "template" (this is more an include file) +function crackerTrackerLoadTemplate ($template) { + // Create the full-qualified filename (FQFN) + $FQFN = sprintf('%s/templates/%s.tpl.php', + dirname(__FILE__), + $template + ); + + // Is this template found? + if (isCrackerTrackerFileFound($FQFN)) { + // Detect language + crackerTrackerLanguage(); + + // Load it + require_once($FQFN); + } else { + // Not found, so die here + crackerTrackerDie(); + } +} + +// Loads a given "template" (this is more an include file) +function crackerTrackerLoadLocalizedTemplate ($template) { + // Create the full-qualified filename (FQFN) + $FQFN = sprintf('%s/templates/%s/%s.tpl.php', + dirname(__FILE__), + getCrackerTrackerLanguage(), + $template + ); + + // Is this template found? + if (isCrackerTrackerFileFound($FQFN)) { + // Load it + require_once($FQFN); + } else { + // Not found, so die here + crackerTrackerDie(); + } +} + +// Detects the browser's language file and tries to load it, fall-back on english! +function crackerTrackerLanguage () { + // Default is English + $GLOBALS['ctracker_language'] = 'en'; + $weight = 1; + + // Is the language string there? + if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) { + // Then detect it + foreach (explode(',', $_SERVER['HTTP_ACCEPT_LANGUAGE']) as $lang) { + // Split it again for q=x.x value + $langArray = explode(';', $lang); + + // If there is an entry, we have a weight + if ((isset($langArray[1])) && ($langArray[1] > $weight)) { + // Use this language/weight instead + $GLOBALS['ctracker_language'] = $langArray[0]; + $weight = $langArray[1]; + } // END - if + } // END - foreach + } // END - if + + // Construct FQFN + $FQFN = sprintf('%s/language/%s.php', + dirname(__FILE__), + getCrackerTrackerLanguage() + ); + + // Is it not there, switch to "en" + if ((getCrackerTrackerLanguage() != 'en') && (!isCrackerTrackerFileFound($FQFN))) { + // English is default! + $GLOBALS['ctracker_language'] = 'en'; + + // Construct FQFN again + $FQFN = sprintf('%s/language/en.php', dirname(__FILE__)); + } // END - if + + // Load the language file + require($FQFN); +} + +// Loads a given email template and passes through $content +function crackerTrackerLoadEmailTemplate ($template, array $content = array(), $language = NULL) { + // Init language + crackerTrackerLanguage(); + + // Generate the FQFN + $FQFN = sprintf('%s/mails/%s/%s.tpl', + dirname(__FILE__), + getCrackerTrackerLanguage($language), + $template + ); + + // So is the file there? + if (isCrackerTrackerFileFound($FQFN)) { + // Init result + $result = 'No result from template ' . $template . '. Please report this at http://forum.ship-simu.org Thank you.'; + + // Then load it + eval('$result = "' . crackerTrackerCompileCode(file_get_contents($FQFN)) . '";'); + + // Return the result + return $result; + } else { + // Not found + crackerTrackerDie(); + } +} + +// Getter for message +function getCrackerTrackerLocalized ($message) { + // Default message + $output = '!' . $message . '!'; + + // Is the language string there? + if (isset($GLOBALS['ctracker_localized'][$message])) { + // Use this instead + $output = $GLOBALS['ctracker_localized'][$message]; + } // END - if + + // Return it + return $output; +} + +// Tries to find a message and outputs it +function crackerTrackerOutputLocalized ($message) { + // Output it + print getCrackerTrackerLocalized($message); +} + +// Compiles the given code +function crackerTrackerCompileCode ($code) { + // Find all $content[foo] + preg_match_all('/\$(content|GLOBALS)((\[([a-zA-Z0-9-_]+)\])*)/', $code, $matches); + + // Replace " with {QUOTE} + $code = str_replace('"', '{QUOTE}', $code); + + // Replace all + foreach ($matches[0] as $key=>$match) { + // Replace it + if (substr($match, 0, 8) == '$GLOBALS') { + // $GLOBALS + $code = str_replace($match, "\" . \$GLOBALS['" . $matches[4][$key] . "'] . \"", $code); + } elseif (substr($match, 0, 8) == '$content') { + // $content + $code = str_replace($match, "\" . \$content['" . $matches[4][$key] . "'] . \"", $code); + } + } // END - foreach + + // Return it + return $code; +} + +// "Getter" for language +function getCrackerTrackerLanguage ($lang = NULL) { + // Default is from browser + $language = $GLOBALS['ctracker_language']; + + // Is $lang set? + if (!is_null($lang)) { + // Then use this instead + $language = $lang; + } // END - if + + // Return it + return $language; +} + +// "Getter" for ticket id +function getCrackerTrackerTicketId () { + // Default is zero + $id = 0; + + // Is it set? + if (isset($GLOBALS['ctracker_last_ticket']['ctracker_ticket'])) { + // Then use it + $id = $GLOBALS['ctracker_last_ticket']['ctracker_ticket']; + } // END - if + + // Return the number + return $id; +} + +// Sends a cookie to the user that he would not see this security warning again +function sendCrackerTrackerCookie () { + // Set the cookie + // @TODO Why can't domain be set to value from crackerTrackerServerName() ? + setcookie('ctracker_ticket', getCrackerTrackerTicketId(), (time() + 60*60*24), '/', '', crackerTrackerSecured(), TRUE); + $_COOKIE['ctracker_ticket'] = getCrackerTrackerTicketId(); +} + +// Is the cookie set? +function ifCrackerTrackerCookieIsSet () { + // Is it set and valid? + return ((isset($_COOKIE['ctracker_ticket'])) && ($_COOKIE['ctracker_ticket'] > 0)); +} + +// Redirects to the same URL +function crackerTrackerRedirectSameUrl () { + // Construct the url + $url = '://' . crackerTrackerServerName() . crackerTrackerScriptName() . '?' . crackerTrackerQueryString(); + + // Do we have SSL? + if (crackerTrackerSecured()) { + // HTTPS + $url = 'https' . $url; + } else { + // HTTP + $url = 'http' . $url; + } + + // And redirect + crackerTrackerSendRawRedirect($url); +} + +/** + * Send a HTTP redirect to the browser. This function was taken from DokuWiki + * (GNU GPL 2; http://www.dokuwiki.org) and modified to fit into this script. + * + * Works arround Microsoft IIS cookie sending bug. Does exit the script. + * + * @link http://support.microsoft.com/kb/q176113/ + * @author Andreas Gohr + * @access private + */ +function crackerTrackerSendRawRedirect ($url) { + // Better remove any data by ctracker + unsetCtrackerData(); + + // always close the session + session_write_close(); + + // Revert entity & + $url = str_replace('&', '&', $url); + + // check if running on IIS < 6 with CGI-PHP + if ((isset($_SERVER['SERVER_SOFTWARE'])) && (isset($_SERVER['GATEWAY_INTERFACE'])) && + (strpos($_SERVER['GATEWAY_INTERFACE'],'CGI') !== FALSE) && + (preg_match('|^Microsoft-IIS/(\d)\.\d$|', trim($_SERVER['SERVER_SOFTWARE']), $matches)) && + ($matches[1] < 6)) { + // Send the IIS header + header('Refresh: 0;url=' . $url); + } else { + // Send generic header + header('Location: ' . $url); + } + exit(); +} + +// Removes all ctracker-related data from global space +function unsetCtrackerData () { + // Unset all ctracker data + foreach (array( + 'ctracker_host', + 'ctracker_dbname', + 'ctracker_user', + 'ctracker_password', + 'ctracker_debug_enabled', + 'ctracker_email', + 'ctracker_whitelist', + 'ctracker_get_blacklist', + 'ctracker_post_blacklist', + 'ctracker_header', + 'ctracker_post_track', + 'ctracker_checkworm', + 'ctracker_check_post', + 'ctracker_last_sql', + 'ctracker_last_result', + 'ctracker_config', + 'ctracker_updates', + 'ctracker_language', + 'ctracker_localized', + 'ctracker_link', + ) as $key) { + // Unset it + unset($GLOBALS[$key]); + } // END - foreach +} + // [EOF] ?>