X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=libs%2Flib_general.php;h=fa4643de30088e24b74c1d3721fe76b79a18265b;hb=486c0950007142f4d629481751d5bf40b6af6ded;hp=abc177842cf068ddb12d3eb8fa647cf3e5cee961;hpb=96df8d1dbd3a3a81caf0dfb55d086d8bfdb77850;p=ctracker.git diff --git a/libs/lib_general.php b/libs/lib_general.php index abc1778..fa4643d 100644 --- a/libs/lib_general.php +++ b/libs/lib_general.php @@ -2,11 +2,11 @@ /** * General functions library * - * @author Roland Haeder + * @author Roland Haeder * @version 3.0.0 - * @copyright Copyright (c) 2009 - 2011 Cracker Tracker Team + * @copyright Copyright (c) 2009 - 2017 Cracker Tracker Team * @license GNU GPL 3.0 or any newer version - * @link http://www.ship-simu.org + * @link http://www.shipsimu.org * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -25,13 +25,13 @@ if (!function_exists('implode_r')) { // Implode recursive a multi-dimension array, taken from www.php.net function implode_r ($glue, $array, $array_name = NULL) { - $return = array(); - while(list($key,$value) = @each($array)) { - if(is_array($value)) { + $return = []; + while (list($key,$value) = @each($array)) { + if (is_array($value)) { // Is an array again, so call recursive $return[] = implode_r($glue, $value, (string) $key); } else { - if($array_name != NULL) { + if ($array_name != NULL) { $return[] = $array_name . '[' . (string) $key . ']=' . $value . "\n"; } else { $return[] = $key . '=' . $value."\n"; @@ -40,13 +40,13 @@ if (!function_exists('implode_r')) { } // END - while // Return resulting array - return(implode($glue, $return)); + return implode($glue, $return); } // END - function } // END - if if (!function_exists('implode_secure')) { // Implode a simple array with a 'call-back' to our escaper function - function implode_secure ($array) { + function implode_secure (array $array) { // Return string $return = ''; @@ -73,31 +73,61 @@ if (!function_exists('implode_secure')) { } // END - function } // END - if +// Load configuration, if found +function crackerTrackerLoadConfiguration () { + // FQFN + $fqfn = sprintf('%s/config/db_config.php', $GLOBALS['ctracker_base_path']); + + // Is the file readable? + if (!isCrackerTrackerFileFound($fqfn)) { + // No config file found + die(__FUNCTION__.': No configuration file found.'); + } // END - if + + // Load it + require $fqfn; + + // Load email header + $GLOBALS['ctracker_header'] = crackerTrackerLoadEmailTemplate('header'); +} + // Getter for ctracker_debug_enabled function isCrackerTrackerDebug () { // Is it set? - return ((isset($GLOBALS['ctracker_debug_enabled'])) && ($GLOBALS['ctracker_debug_enabled'] === true)); + $result = ((isset($GLOBALS['ctracker_debug_enabled'])) && ($GLOBALS['ctracker_debug_enabled'] === TRUE)); + + // Debug message + //* DEBUG: */ error_log('result=' . intval($result)); + + // Return it + return $result; } // Determines the real remote address function determineCrackerTrackerRealRemoteAddress () { + // Initial value + $address = '0.0.0.0'; + // Is a proxy in use? if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) { // Proxy was used - $address = $_SERVER['HTTP_X_FORWARDED_FOR']; + $address = trim($_SERVER['HTTP_X_FORWARDED_FOR']); } elseif (isset($_SERVER['HTTP_CLIENT_IP'])) { // Yet, another proxy - $address = $_SERVER['HTTP_CLIENT_IP']; - } else { + $address = trim($_SERVER['HTTP_CLIENT_IP']); + } elseif (isset($_SERVER['REMOTE_ADDR'])) { // The regular address when no proxy was used - $address = $_SERVER['REMOTE_ADDR']; + $address = trim(getenv('REMOTE_ADDR')); } - // This strips out the real address from proxy output - if (strstr($address, ',')) { + if ($address == 'unknown') { + // Invalid IP somehow given + $address = '0.0.0.0'; + } elseif (strstr($address, ',')) { + // This strips out the real address from proxy output $addressArray = explode(',', $address); $address = $addressArray[0]; - } // END - if + } // Return the result return $address; @@ -113,14 +143,20 @@ function isCrackerTrackerProxyUsed () { } // Detects the user-agent string -function crackerTrackerUserAgent () { +function crackerTrackerUserAgent ($sanitize = FALSE) { // Default is 'unknown' $ua = 'unknown'; // Is the entry there? if (isset($_SERVER['HTTP_USER_AGENT'])) { // Then use it securely - $ua = crackerTrackerSecureString($_SERVER['HTTP_USER_AGENT']); + $ua = crackerTrackerSecureString(urldecode($_SERVER['HTTP_USER_AGENT'])); + } // END - if + + // Sanitize it? + if ($sanitize === TRUE) { + // Sanitize ... + $ua = crackerTrackerSanitize($ua); } // END - if // Return it @@ -128,38 +164,107 @@ function crackerTrackerUserAgent () { } // Detects the script name -function crackerTrackerScriptName () { - // Should always be there! - return crackerTrackerSecureString($_SERVER['SCRIPT_NAME']); +function crackerTrackerScriptName ($sanitize = FALSE) { + // Default is NULL + $scriptName = NULL; + + // Is it there? + if (!empty($_SERVER['SCRIPT_NAME'])) { + // Return NULL + $scriptName = crackerTrackerSecureString($_SERVER['SCRIPT_NAME']); + } // END - if + + // Sanitize it? + if ($sanitize === TRUE) { + // Sanitize ... + $scriptName = crackerTrackerSanitize($scriptName); + } // END - if + + // Return + return $scriptName; } // Detects the query string -function crackerTrackerQueryString () { - // Should always be there! - return crackerTrackerEscapeString($_SERVER['QUERY_STRING']); +function crackerTrackerQueryString ($sanitize = FALSE) { + // Default is NULL + $query = NULL; + + // Is it there? + if (!empty($_SERVER['QUERY_STRING'])) { + // Get string escaped + $query = crackerTrackerEscapeString(urldecode($_SERVER['QUERY_STRING'])); + } elseif (!empty($_SERVER['REQUEST_URI'])) { + // Get string escaped + $query = crackerTrackerEscapeString(urldecode($_SERVER['REQUEST_URI'])); + } + + // Sanitize it? + if ((!empty($query)) && ($sanitize === TRUE)) { + // Sanitize ... + $query = crackerTrackerSanitize($query); + } // END - if + + // Return it + return $query; } // Detects the server's name -function crackerTrackerServerName () { - // Should always be there! - return crackerTrackerSecureString($_SERVER['SERVER_NAME']); +function crackerTrackerServerName ($sanitize = FALSE) { + // Default is NULL + $serverName = NULL; + + // Is it there? + if (!empty($_SERVER['SERVER_NAME'])) { + // Return NULL + $serverName = crackerTrackerSecureString($_SERVER['SERVER_NAME']); + } // END - if + + // Sanitize it? + if ($sanitize === TRUE) { + // Sanitize ... + $serverName = crackerTrackerSanitize($serverName); + } // END - if + + // Return it + return $serverName; } // Detects the referer -function crackerTrackerReferer () { +function crackerTrackerReferer ($sanitize = FALSE) { // Default is a dash $referer = '-'; // Is it there? - if (isset($_SERVER['HTTP_REFERER'])) { + if (!empty($_SERVER['HTTP_REFERER'])) { // Then use it securely - $referer = crackerTrackerSecureString($_SERVER['HTTP_REFERER']); + $referer = crackerTrackerSecureString(urldecode($_SERVER['HTTP_REFERER'])); + } // END - if + + // Sanitize it? + if ($sanitize === TRUE) { + // Sanitize ... + $referer = crackerTrackerSanitize($referer); } // END - if // Return it return $referer; } +// Detects request method +function crackerTrackerRequestMethod () { + // Default is NULL + $method = NULL; + + // Is it set? + if (!empty($_SERVER['REQUEST_METHOD'])) { + // Then use it + $method = $_SERVER['REQUEST_METHOD']; + } // END - if + + // Return it + return $method; +} + // Detects the scripts path function crackerTrackerScriptPath () { // Should always be there! @@ -199,8 +304,8 @@ function isCrackerTrackerFileFound ($FQFN) { // Loads a given "template" (this is more an include file) function crackerTrackerLoadTemplate ($template) { // Create the full-qualified filename (FQFN) - $FQFN = sprintf("%s/templates/%s.tpl.php", - dirname(__FILE__), + $FQFN = sprintf('%s/libs/templates/%s.tpl.php', + $GLOBALS['ctracker_base_path'], $template ); @@ -220,8 +325,8 @@ function crackerTrackerLoadTemplate ($template) { // Loads a given "template" (this is more an include file) function crackerTrackerLoadLocalizedTemplate ($template) { // Create the full-qualified filename (FQFN) - $FQFN = sprintf("%s/templates/%s/%s.tpl.php", - dirname(__FILE__), + $FQFN = sprintf('%s/libs/templates/%s/%s.tpl.php', + $GLOBALS['ctracker_base_path'], getCrackerTrackerLanguage(), $template ); @@ -259,8 +364,8 @@ function crackerTrackerLanguage () { } // END - if // Construct FQFN - $FQFN = sprintf("%s/language/%s.php", - dirname(__FILE__), + $FQFN = sprintf('%s/libs/language/%s.php', + $GLOBALS['ctracker_base_path'], getCrackerTrackerLanguage() ); @@ -270,9 +375,7 @@ function crackerTrackerLanguage () { $GLOBALS['ctracker_language'] = 'en'; // Construct FQFN again - $FQFN = sprintf("%s/language/en.php", - dirname(__FILE__) - ); + $FQFN = sprintf('%s/libs/language/en.php', $GLOBALS['ctracker_base_path']); } // END - if // Load the language file @@ -280,13 +383,13 @@ function crackerTrackerLanguage () { } // Loads a given email template and passes through $content -function crackerTrackerLoadEmailTemplate ($template, array $content = array(), $language = null) { +function crackerTrackerLoadEmailTemplate ($template, array $content = [], $language = NULL) { // Init language crackerTrackerLanguage(); // Generate the FQFN - $FQFN = sprintf("%s/mails/%s/%s.tpl", - dirname(__FILE__), + $FQFN = sprintf('%s/libs/mails/%s/%s.tpl', + $GLOBALS['ctracker_base_path'], getCrackerTrackerLanguage($language), $template ); @@ -294,10 +397,11 @@ function crackerTrackerLoadEmailTemplate ($template, array $content = array(), $ // So is the file there? if (isCrackerTrackerFileFound($FQFN)) { // Init result - $result = 'No result from template ' . $template . '. Please report this at http://forum.ship-simu.org Thank you.'; + $result = 'No result from template ' . $template . '. Please report this at http://forum.shipsimu.org Thank you.'; // Then load it - eval('$result = "' . crackerTrackerCompileCode(file_get_contents($FQFN)) . '";'); + //* DEBUG-DIE: */ die('
$result = "' . crackerTrackerCompileCode(trim(file_get_contents($FQFN))) . '";
'); + eval('$result = "' . crackerTrackerCompileCode(trim(file_get_contents($FQFN))) . '";'); // Return the result return $result; @@ -353,7 +457,7 @@ function crackerTrackerCompileCode ($code) { } // "Getter" for language -function getCrackerTrackerLanguage ($lang = null) { +function getCrackerTrackerLanguage ($lang = NULL) { // Default is from browser $language = $GLOBALS['ctracker_language']; @@ -386,7 +490,7 @@ function getCrackerTrackerTicketId () { function sendCrackerTrackerCookie () { // Set the cookie // @TODO Why can't domain be set to value from crackerTrackerServerName() ? - setcookie('ctracker_ticket', getCrackerTrackerTicketId(), (time() + 60*60*24), '/', '', crackerTrackerSecured(), true); + setcookie('ctracker_ticket', getCrackerTrackerTicketId(), (time() + 60*60*24), '/', '', crackerTrackerSecured(), TRUE); $_COOKIE['ctracker_ticket'] = getCrackerTrackerTicketId(); } @@ -425,6 +529,9 @@ function crackerTrackerRedirectSameUrl () { * @access private */ function crackerTrackerSendRawRedirect ($url) { + // Better remove any data by ctracker + unsetCtrackerData(); + // always close the session session_write_close(); @@ -433,7 +540,7 @@ function crackerTrackerSendRawRedirect ($url) { // check if running on IIS < 6 with CGI-PHP if ((isset($_SERVER['SERVER_SOFTWARE'])) && (isset($_SERVER['GATEWAY_INTERFACE'])) && - (strpos($_SERVER['GATEWAY_INTERFACE'],'CGI') !== false) && + (strpos($_SERVER['GATEWAY_INTERFACE'],'CGI') !== FALSE) && (preg_match('|^Microsoft-IIS/(\d)\.\d$|', trim($_SERVER['SERVER_SOFTWARE']), $matches)) && ($matches[1] < 6)) { // Send the IIS header @@ -445,5 +552,43 @@ function crackerTrackerSendRawRedirect ($url) { exit(); } -// [EOF] -?> +// Removes all ctracker-related data from global space +function unsetCtrackerData () { + // Debug message + //* DEBUG: */ error_log(__FUNCTION__ . ': CALLED!'); + + // Unset all ctracker data + foreach (array( + 'ctracker_base_path', + 'ctracker_host', + 'ctracker_dbname', + 'ctracker_user', + 'ctracker_password', + 'ctracker_debug_enabled', + 'ctracker_email', + 'ctracker_whitelist', + 'ctracker_get_blacklist', + 'ctracker_post_blacklist', + 'ctracker_header', + 'ctracker_post_track', + 'ctracker_checked_get', + 'ctracker_checked_post', + 'ctracker_checked_ua', + 'ctracker_last_sql', + 'ctracker_last_result', + 'ctracker_config', + 'ctracker_updates', + 'ctracker_language', + 'ctracker_localized', + 'ctracker_link', + 'ctracker_blocked_methods', + ) as $key) { + // Unset it + unset($GLOBALS[$key]); + } // END - foreach +} + +// Sanitizes string +function crackerTrackerSanitize ($str) { + return str_replace(array('//', '/./'), array('/', '/'), $str); +}