X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=inc%2Ffunctions.php;h=25aa0e93360b1355be31ad0aba7a695c05452ee2;hp=eb09c9b1198dac8f4deeee550c5574f2ef99b5a3;hb=b8e55a5faa25153eee1c0f55661815142041eb8d;hpb=8a9324b2d931f54f54f4319fd7234910af77012c diff --git a/inc/functions.php b/inc/functions.php index eb09c9b119..25aa0e9336 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -32,47 +32,34 @@ ************************************************************************/ // Some security stuff... -if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) -{ +if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) { $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php"; require($INC); } // Check if our config file is writeable or not -function is_INCWritable($inc) -{ +function is_INCWritable($inc) { $fp = @fopen(PATH."inc/".$inc.".php", 'a'); - if ($inc == "dummy") - { + if ($inc == "dummy") { // Remove dummy file @fclose($fp); return @unlink(PATH."inc/dummy.php"); - } - else - { + } else { // Close all other files return @fclose($fp); } } -// Check if we can write to an sql file -function is_SQLWriteable($sql) -{ - $fp = @fopen(PATH.$sql.".sql", 'a'); - return @fclose($fp); -} - // Open a table (you may want to add some header stuff here) -function OPEN_TABLE($PERCENT = "", $CLASS = "", $ALIGN="left", $VALIGN="", $td_only=false) -{ +function OPEN_TABLE($PERCENT = "", $CLASS = "", $ALIGN="left", $VALIGN="", $td_only=false) { global $table_cnt; // Count tables so we can generate CSS classes for every table... :-) - if (empty($CLASS)) - { + if (empty($CLASS)) { // Class is empty so count one up and create a class $table_cnt++; $CLASS = "class".$table_cnt; } $OUT = ""; OUTPUT_HTML($OUT); } + // Close a table (you may want to add some footer stuff here) -function CLOSE_TABLE($ADD="") -{ +function CLOSE_TABLE($ADD="") { OUTPUT_HTML(" "); if (!empty($ADD)) OUTPUT_HTML($ADD); @@ -112,16 +99,13 @@ function OUTPUT_HTML($HTML, $NEW_LINE = true) { { case "render": // That's why you don't need any \n at the end of your HTML code... :-) - if (_OB_CACHING == "on") - { + if (_OB_CACHING == "on") { // Output into PHP's internal buffer - echo stripslashes($HTML); + OUTPUT_RAW($HTML); // That's why you don't need any \n at the end of your HTML code... :-) if ($NEW_LINE) echo "\n"; - } - else - { + } else { // Render mode for old or lame servers... $OUTPUT .= $HTML; @@ -132,10 +116,10 @@ function OUTPUT_HTML($HTML, $NEW_LINE = true) { case "direct": // If we are switching from render to direct output rendered code - if ((!empty($OUTPUT)) && (_OB_CACHING != "on")) { echo $OUTPUT; $OUTPUT = ""; } + if ((!empty($OUTPUT)) && (_OB_CACHING != "on")) { OUTPUT_RAW($OUTPUT); $OUTPUT = ""; } // The same as above... ^ - echo stripslashes($HTML); + OUTPUT_RAW($HTML); if ($NEW_LINE) echo "\n"; break; @@ -162,8 +146,7 @@ function OUTPUT_HTML($HTML, $NEW_LINE = true) { } // Output code here, DO NOT REMOVE! ;-) - echo stripslashes($OUTPUT); - flush(); + OUTPUT_RAW($OUTPUT); } elseif ((OUTPUT_MODE == "render") && (!empty($OUTPUT))) { // Rewrite links when rewrite extension is active if ((EXT_IS_ACTIVE("rewrite", true)) && (function_exists('REWRITE_LINKS')) && ($CSS != "1") && ($CSS != "-1")) { @@ -177,9 +160,22 @@ function OUTPUT_HTML($HTML, $NEW_LINE = true) { } // Output code here, DO NOT REMOVE! ;-) - echo stripslashes($OUTPUT); - flush(); + OUTPUT_RAW($OUTPUT); + } +} + +// Output the raw HTML code +function OUTPUT_RAW ($HTML) { + if ((isBooleanConstantAndTrue('mxchange_installed')) && (basename($_SERVER['PHP_SELF']) != "install.php")) { + // Not in install-mode so strip slashes away + echo stripslashes($HTML); + } else { + // Output directly in install-mode + echo $HTML; } + + // Flush the output + flush(); } // Add a fatal error message to the queue array @@ -196,18 +192,22 @@ function ADD_FATAL ($message, $extra="") } // Load a template file and return it's content (only it's name; do not use ' or ") -function LOAD_TEMPLATE($template, $return=false, $content="") -{ +function LOAD_TEMPLATE($template, $return=false, $content="") { // Add more variables which you want to use in your template files - global $DATA, $username; + global $DATA, $_CONFIG, $username; + + // Count the template load + if (!isset($_CONFIG['num_templates'])) $_CONFIG['num_templates'] = 0; + $_CONFIG['num_templates']++; + + // Init some data $ACTION = SQL_ESCAPE($GLOBALS['action']); $WHAT = SQL_ESCAPE($GLOBALS['what']); $ret = ""; if (empty($GLOBALS['refid'])) $GLOBALS['refid'] = 0; $REFID = $GLOBALS['refid']; - if ($template == "member_support_form") - { + if ($template == "member_support_form") { // Support request of a member $result = SQL_QUERY_ESC("SELECT sex, surname, family FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__); @@ -224,42 +224,28 @@ function LOAD_TEMPLATE($template, $return=false, $content="") $MODE = ""; // Check for admin/guest/member templates - if (strpos($template, "admin_") > -1) - { + if (strpos($template, "admin_") > -1) { // Admin template found $MODE = "admin/"; - } - elseif (strpos($template, "guest_") > -1) - { + } elseif (strpos($template, "guest_") > -1) { // Guest template found $MODE = "guest/"; - } - elseif (strpos($template, "member_") > -1) - { + } elseif (strpos($template, "member_") > -1) { // Member template found $MODE = "member/"; - } - elseif (strpos($template, "install_") > -1) - { + } elseif (strpos($template, "install_") > -1) { // Installation template found $MODE = "install/"; - } - elseif (strpos($template, "ext_") > -1) - { + } elseif (strpos($template, "ext_") > -1) { // Extension template found $MODE = "ext/"; - } - elseif (strpos($template, "la_") > -1) - { + } elseif (strpos($template, "la_") > -1) { // "Logical-area" template found $MODE = "la/"; - } - else - { + } else { // Test for extension $test = substr($template, 0, strpos($template, "_")); - if (EXT_IS_ACTIVE($test)) - { + if (EXT_IS_ACTIVE($test)) { // Set extra path to extension's name $MODE = $test."/"; } @@ -270,8 +256,7 @@ function LOAD_TEMPLATE($template, $return=false, $content="") //////////////////////// $file = $BASE.$MODE.$template.".tpl"; - if ((!empty($GLOBALS['what'])) && ((strpos($template, "_header") > 0) || (strpos($template, "_footer") > 0)) && (($MODE == "guest/") || ($MODE == "member/") || ($MODE == "admin/"))) - { + if ((!empty($GLOBALS['what'])) && ((strpos($template, "_header") > 0) || (strpos($template, "_footer") > 0)) && (($MODE == "guest/") || ($MODE == "member/") || ($MODE == "admin/"))) { // Select what depended header/footer template file for admin/guest/member area $file2 = sprintf("%s%s%s_%s.tpl", $BASE, @@ -288,15 +273,13 @@ function LOAD_TEMPLATE($template, $return=false, $content="") } // Does the special template exists? - if (!file_exists($file)) - { + if ((!file_exists($file)) || (!is_readable($file))) { // Reset to default template $file = $BASE.$template.".tpl"; } // Now does the final template exists? - if (file_exists($file)) - { + if ((file_exists($file)) && (is_readable($file))) { // The local file does exists so we load it. :) $tmpl_file = implode("", file($file)); @@ -304,23 +287,18 @@ function LOAD_TEMPLATE($template, $return=false, $content="") while (strpos($tmpl_file, "\'") !== false) { $tmpl_file = str_replace("\'", "{QUOT}", $tmpl_file); } // Do we have to compile the code? - if ((strpos($tmpl_file, "\$") !== false) || (strpos($tmpl_file, '{--') !== false) || (strpos($tmpl_file, '--}') > 0)) - { + if ((strpos($tmpl_file, "\$") !== false) || (strpos($tmpl_file, '{--') !== false) || (strpos($tmpl_file, '--}') > 0)) { // Okay, compile it! $tmpl_file = "\$ret=\"".COMPILE_CODE(addslashes($tmpl_file))."\";"; eval($tmpl_file); - } - else - { + } else { // Simply return loaded code $ret = $tmpl_file; } // Add surrounding HTML comments to help finding bugs faster $ret = "\n".$ret."\n"; - } - elseif ((IS_ADMIN()) || ((mxchange_installing) && (!mxchange_installed))) - { + } elseif ((IS_ADMIN()) || ((isBooleanConstantAndTrue('mxchange_installing')) && (!isBooleanConstantAndTrue('mxchange_installed')))) { // Only admins shall see this warning or when installation mode is active $ret = "
".TEMPLATE_404."
(".basename($file).")
@@ -331,46 +309,37 @@ function LOAD_TEMPLATE($template, $return=false, $content="") 
".print_r($DATA, true)."


"; } - if (!empty($ret)) - { + + // Do we have some content to output or return? + if (!empty($ret)) { // Not empty so let's put it out! ;) - if ($return) - { + if ($return) { // Return the HTML code return $ret; - } - else - { + } else { // Output direct OUTPUT_HTML($ret); } - } - elseif (DEBUG_MODE) - { + } elseif (isBooleanConstantAndTrue('DEBUG_MODE')) { // Warning, empty output! return "E:".$template."
\n"; } } // Send mail out to an email address -function SEND_EMAIL($TO, $SUBJECT, $MSG, $HTML='N', $FROM="") -{ +function SEND_EMAIL($TO, $SUBJECT, $MSG, $HTML='N', $FROM="") { // Compile subject line (for POINTS constant etc.) $eval = "\$SUBJECT = \"".COMPILE_CODE(addslashes($SUBJECT))."\";"; eval($eval); $SUBJECT = html_entity_decode($SUBJECT); // Set from header - if (!eregi("@", $TO)) - { + if (!eregi("@", $TO)) { // Value detected, load email from database - if (EXT_IS_ACTIVE("msg")) - { + if (EXT_IS_ACTIVE("msg")) { ADD_MESSAGE_TO_BOX($TO, $SUBJECT, $MSG, $HTML); return; - } - else - { + } else { $result_email = SQL_QUERY_ESC("SELECT email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", array(bigintval($TO)), __FILE__, __LINE__); list($TO) = SQL_FETCHROW($result_email); SQL_FREERESULT($result_email); @@ -386,7 +355,7 @@ function SEND_EMAIL($TO, $SUBJECT, $MSG, $HTML='N', $FROM="") // Append header $FROM .= LOAD_EMAIL_TEMPLATE("header"); } - } elseif (DEBUG_MODE) { + } elseif (isBooleanConstantAndTrue('DEBUG_MODE')) { if (empty($FROM)) { // Load email header template $FROM = LOAD_EMAIL_TEMPLATE("header"); @@ -398,8 +367,7 @@ function SEND_EMAIL($TO, $SUBJECT, $MSG, $HTML='N', $FROM="") // Fix HTML parameter (default is no!) if (empty($HTML)) $HTML = 'N'; - if (DEBUG_MODE) - { + if (isBooleanConstantAndTrue('DEBUG_MODE')) { // In debug mode we want to display the mail instead of sending it away so we can debug this part echo "
 ".htmlentities(trim($FROM))."
@@ -407,26 +375,21 @@ To      : ".$TO."
 Subject : ".$SUBJECT."
 Message : ".$MSG."
\n"; - } - elseif (($HTML == 'Y') && (EXT_IS_ACTIVE("html_mail", true))) - { + } elseif (($HTML == 'Y') && (EXT_IS_ACTIVE("html_mail", true))) { // Send mail as HTML away SEND_HTML_EMAIL($TO, $SUBJECT, $MSG, $FROM); - } - elseif (!empty($TO)) - { + } elseif (!empty($TO)) { // Compile email $TO = COMPILE_CODE($TO); // Send Mail away - SEND_RAW_EMAIL(stripslashes($TO), COMPILE_CODE($SUBJECT), stripslashes($MSG), $FROM); - } - elseif ($HTML == 'N') - { + SEND_RAW_EMAIL($TO, COMPILE_CODE($SUBJECT), COMPILE_CODE($MSG), $FROM); + } elseif ($HTML == 'N') { // Problem found! - SEND_RAW_EMAIL(WEBMASTER, COMPILE_CODE($SUBJECT), stripslashes($MSG), $FROM); + SEND_RAW_EMAIL(WEBMASTER, COMPILE_CODE($SUBJECT), COMPILE_CODE($MSG), $FROM); } } + // Check if legacy or PHPMailer command // @private function CHECK_PHPMAILER_USAGE() { @@ -478,8 +441,8 @@ function SEND_RAW_EMAIL ($to, $subject, $msg, $from) { // Generate a password in a specified length or use default password length function GEN_PASS($LEN = 0) { - global $CONFIG; - if ($LEN == 0) $LEN = $CONFIG['pass_len']; + global $_CONFIG; + if ($LEN == 0) $LEN = $_CONFIG['pass_len']; // Initialize array with all allowed chars $ABC = explode(",", "a,b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z,A,B,C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,X,Y,Z,0,1,2,3,4,5,6,7,8,9,-,+,_,/"); @@ -536,87 +499,72 @@ function MAKE_DATETIME($time, $mode="0") } return $ret; } -// + +// Translates the american decimal dot into a german comma function TRANSLATE_COMMA($dotted, $cut=true) { - global $CONFIG; + global $_CONFIG; // Default is 3 you can change this in admin area "Misc -> Misc Options" - if (empty($CONFIG['max_comma'])) $CONFIG['max_comma'] = "3"; - if (!ereg("\.", $dotted)) $dotted .= ".".str_repeat("0", $CONFIG['max_comma']); - if ($cut) - { + if (empty($_CONFIG['max_comma'])) $_CONFIG['max_comma'] = "3"; + if (!ereg("\.", $dotted)) $dotted .= ".".str_repeat("0", $_CONFIG['max_comma']); + if ($cut) { // Remove trailing zeros $dot = str_replace(".", "x", $dotted); - while(substr($dot, -1, 1) == "0") - { + while(substr($dot, -1, 1) == "0") { $dot = substr($dot, 0, -1); } - if (substr($dot, -1, 1) == "x") - { + + if (substr($dot, -1, 1) == "x") { // Last char is the 'x' $dotted = substr($dot, 0, -1); - } - else - { + } else { // Last char is a number $dotted = str_replace("x", ".", $dot); } } - switch (GET_LANGUAGE()) - { + + // Translate it now + switch (GET_LANGUAGE()) { case "de": $pos = strpos($dotted, "."); - if ($pos > 0) - { - if ($cut) - { + if ($pos > 0) { + if ($cut) { // Cut x numbers behind comma - $dotted = str_replace(".", ",", substr($dotted, 0, ($pos + $CONFIG['max_comma'] + 1))); - } - else - { + $dotted = str_replace(".", ",", substr($dotted, 0, ($pos + $_CONFIG['max_comma'] + 1))); + } else { // Replace comma with dot $dotted = str_replace(".", ",", $dotted); } - } - elseif (!$cut) - { - if (empty($pos)) - { - $dotted = "0,".str_repeat("0", $CONFIG['max_comma']); - } - else - { - $dotted .= ",".str_repeat("0", $CONFIG['max_comma']); + } elseif (!$cut) { + if (empty($pos)) { + $dotted = "0,".str_repeat("0", $_CONFIG['max_comma']); + } else { + $dotted .= ",".str_repeat("0", $_CONFIG['max_comma']); } } break; default: - if (!$cut) - { - if ($pos > 0) - { - $dotted = substr($dotted, 0, ($pos + $CONFIG['max_comma'] + 1)); - } - else - { - $dotted .= ".".str_repeat("0", $CONFIG['max_comma']); + if (!$cut) { + if ($pos > 0) { + $dotted = substr($dotted, 0, ($pos + $_CONFIG['max_comma'] + 1)); + } else { + $dotted .= ".".str_repeat("0", $_CONFIG['max_comma']); } } break; } return $dotted; } + // -function DEREFERER($URL) -{ +function DEREFERER($URL) { $URL = URL."/modules.php?module=loader&url=".urlencode(base64_encode(COMPILE_CODE($URL))); return $URL; } + // -function TRANSLATE_SEX($sex) -{ +function TRANSLATE_SEX($sex) { switch ($sex) { case "M": $ret = SEX_M; break; @@ -690,17 +638,11 @@ function TRANSLATE_STATUS($status) return $ret; } // -function GET_LANGUAGE() -{ - global $_COOKIE, $_GET; - - if (!empty($_GET['mx_lang'])) - { +function GET_LANGUAGE() { + if (!empty($_GET['mx_lang'])) { // Accept only first 2 chars $lang = substr($_GET['mx_lang'], 0, 2); - } - else - { + } else { // Do nothing $lang = ""; } @@ -709,40 +651,34 @@ function GET_LANGUAGE() $ret = DEFAULT_LANG; // Check GET variable and cookie - if (!empty($lang)) - { + if (!empty($lang)) { // Check if main language file does exist - if (file_exists(PATH."inc/language/".$lang.".php")) - { + if (file_exists(PATH."inc/language/".$lang.".php")) { // Okay found, so let's update cookies SET_LANGUAGE($lang); } - } - elseif (!empty($_COOKIE['mx_lang'])) - { + } elseif (!isSessionVariableSet('mx_lang')) { // Return stored value from cookie - $ret = $_COOKIE['mx_lang']; + $ret = get_session('mx_lang'); + + // Fixes a warning before the session has the mx_lang constant + if (empty($ret)) $ret = DEFAULT_LANG; } return $ret; } // -function SET_LANGUAGE($lang) -{ - global $CONFIG; +function SET_LANGUAGE($lang) { + global $_CONFIG; // Accept only first 2 chars! $lang = substr(SQL_ESCAPE(strip_tags($lang)), 0, 2); // Set cookie - @setcookie("mx_lang", $lang, (time() + $CONFIG['online_timeout']), COOKIE_PATH); - - // Set array - $_COOKIE['mx_lang'] = $lang; + set_session("mx_lang", $lang); } // -function LOAD_EMAIL_TEMPLATE($template, $content="", $UID="0") -{ - global $DATA, $CONFIG, $REPLACER; +function LOAD_EMAIL_TEMPLATE($template, $content="", $UID="0") { + global $DATA, $_CONFIG, $REPLACER; // Keept for backward-compatiblity (please replace these variables against our new {--CONST--} syntax!) $MAIN_TITLE = MAIN_TITLE; $URL = URL; $WEBMASTER = WEBMASTER; @@ -753,37 +689,32 @@ function LOAD_EMAIL_TEMPLATE($template, $content="", $UID="0") $HTTP_USER_AGENT = getenv('HTTP_USER_AGENT'); $ADMIN = MAIN_TITLE; - if (!empty($_COOKIE['admin_login'])) - { + if (isSessionVariableSet('admin_login')) { // Load Admin data $result = SQL_QUERY_ESC("SELECT email FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1", - array(SQL_ESCAPE($_COOKIE['admin_login'])), __FILE__, __LINE__); + array(SQL_ESCAPE(get_session('admin_login'))), __FILE__, __LINE__); list($ADMIN) = SQL_FETCHROW($result); SQL_FREERESULT($result); } // Expiration in a nice output format - if ($CONFIG['auto_purge'] == 0) - { + if ($_CONFIG['auto_purge'] == 0) { // Will never expire! $EXPIRATION = MAIL_WILL_NEVER_EXPIRE; - } - elseif (function_exists('CREATE_FANCY_TIME')) - { + } elseif (function_exists('CREATE_FANCY_TIME')) { // Create nice date string - $EXPIRATION = CREATE_FANCY_TIME($CONFIG['auto_purge']); - } - else - { + $EXPIRATION = CREATE_FANCY_TIME($_CONFIG['auto_purge']); + } else { // Display days only - $EXPIRATION = round($CONFIG['auto_purge']/60/60/24)." "._DAYS; + $EXPIRATION = round($_CONFIG['auto_purge']/60/60/24)." "._DAYS; } + switch ($template) { case "bonus-mail": // Load data for the bonus mail $BONUSID = $DATA[0]; $content = $DATA[2]; - $POINTS = TRANSLATE_COMMA($DATA[4]); + $points = TRANSLATE_COMMA($DATA[4]); $TIME = $DATA[5]; $TARGET_URL = $DATA[8]; $CATEGORY = GET_CATEGORY($DATA[9]); @@ -798,7 +729,7 @@ function LOAD_EMAIL_TEMPLATE($template, $content="", $UID="0") case "order-admin": case "order-member": - $BLOCKS = $CONFIG['max_send']; + $BLOCKS = $_CONFIG['max_send']; $SUBJECT = $DATA[0]; $content = $DATA[1]; $PAYMENT = GET_PAYMENT($DATA[3]); @@ -820,13 +751,13 @@ function LOAD_EMAIL_TEMPLATE($template, $content="", $UID="0") break; case "confirm-member": - $POINTS = $CONFIG['points_register']; + $points = $_CONFIG['points_register']; break; case "confirm-referral": $PERCENT = $DATA[0]; $LEVEL = $DATA[1]; - $POINTS = $DATA[2]; + $points = $DATA[2]; $REFID = $DATA[3]; break; @@ -835,7 +766,7 @@ function LOAD_EMAIL_TEMPLATE($template, $content="", $UID="0") $CATEGORY = GET_CATEGORY($DATA[9]); $TIME = GET_PAY_POINTS($DATA[5], "time"); $TARGET_URL = $DATA[7]; - $POINTS = TRANSLATE_COMMA(GET_PAY_POINTS($DATA[5], "payment")); + $points = TRANSLATE_COMMA(GET_PAY_POINTS($DATA[5], "payment")); // Warning! This ID has changed from 10 to 11! $MAILID = $DATA[11]; @@ -855,11 +786,11 @@ function LOAD_EMAIL_TEMPLATE($template, $content="", $UID="0") case "back-admin": case "back-member": - $POINTS = TRANSLATE_COMMA($DATA[10]); + $points = TRANSLATE_COMMA($DATA[10]); break; case "add-points": - $POINTS = $_POST['points']; + $points = bigintval($_POST['points']); break; case "guest_request_confirm": @@ -868,18 +799,14 @@ function LOAD_EMAIL_TEMPLATE($template, $content="", $UID="0") } // Load user's data - if ($UID > 0) - { - if (EXT_IS_ACTIVE("nickname")) - { + if ($UID > 0) { + if (EXT_IS_ACTIVE("nickname")) { // Load nickname $result = SQL_QUERY_ESC("SELECT surname, family, sex, email, nickname FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", array(bigintval($UID)), __FILE__, __LINE__); list($surname, $family, $sex, $email, $nick) = SQL_FETCHROW($result); SQL_FREERESULT($result); - } - else - { + } else { // Load normal data $result = SQL_QUERY_ESC("SELECT surname, family, sex, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", array(bigintval($UID)), __FILE__, __LINE__); @@ -887,9 +814,7 @@ function LOAD_EMAIL_TEMPLATE($template, $content="", $UID="0") SQL_FREERESULT($result); $nick = "---"; } - } - else - { + } else { // Neutral sex and email address is default $sex = 'N'; $email = WEBMASTER; @@ -905,40 +830,29 @@ function LOAD_EMAIL_TEMPLATE($template, $content="", $UID="0") $BASE = PATH."templates/".GET_LANGUAGE()."/emails/"; // Check for admin/guest/member templates - if (strpos($template, "admin_") > -1) - { + if (strpos($template, "admin_") > -1) { // Admin template found $file = $BASE."admin/".$template.".tpl"; - } - elseif (strpos($template, "guest_") > -1) - { + } elseif (strpos($template, "guest_") > -1) { // Guest template found $file = $BASE."guest/".$template.".tpl"; - } - elseif (strpos($template, "member_") > -1) - { + } elseif (strpos($template, "member_") > -1) { // Member template found $file = $BASE."member/".$template.".tpl"; - } - else - { + } else { // Test for extension $test = substr($template, 0, strpos($template, "_")); - if (EXT_IS_ACTIVE($test)) - { + if (EXT_IS_ACTIVE($test)) { // Set extra path to extension's name $file = $BASE.$test."/".$template.".tpl"; - } - else - { + } else { // No special filename $file = $BASE.$template.".tpl"; } } // Does the special template exists? - if (!@file_exists($file)) - { + if ((!@file_exists($file)) || (!is_readable($file))) { // Reset to default template $file = $BASE.$template.".tpl"; } @@ -993,6 +907,14 @@ function MAKE_TIME($H, $M, $S, $stamp) } // function LOAD_URL($URL, $addUrlData=true) { + global $CSS, $_CONFIG, $link, $db, $footer; + + // Check if http(s):// is there + if ((substr($URL, 0, 7) != "http://") && (substr($URL, 0, 8) != "https://")) { + // Make all URLs full-qualified + $URL = URL."/".$URL; + } + // Compile out URI codes $URL = COMPILE_CODE($URL); @@ -1255,36 +1177,36 @@ function TRANSLATE_YESNO($yn) // function GEN_RANDOM_CODE($length, $code, $uid, $DATA="") { - global $CONFIG; + global $_CONFIG; // Build server string $server = $_SERVER['PHP_SELF'].":".getenv('HTTP_USER_AGENT').":".getenv('SERVER_SOFTWARE').":".getenv('REMOTE_ADDR').":".":".filemtime(PATH."inc/databases.php"); // Build key string - $keys = SITE_KEY.":".DATE_KEY.":".$CONFIG['secret_key'].":".$CONFIG['file_hash'].":".date("d-m-Y (l-F-T)", $CONFIG['patch_ctime']).":".$CONFIG['master_salt']; + $keys = SITE_KEY.":".DATE_KEY.":".$_CONFIG['secret_key'].":".$_CONFIG['file_hash'].":".date("d-m-Y (l-F-T)", $_CONFIG['patch_ctime']).":".$_CONFIG['master_salt']; // Build string from misc data $data = $code.":".$uid.":".$DATA; // Add more additional data - if (isset($_COOKIE['u_hash'])) $data .= ":".$_COOKIE['u_hash']; - if (isset($GLOBALS['userid'])) $data .= ":".$GLOBALS['userid']; - if (isset($_COOKIE['lifetime'])) $data .= ":".$_COOKIE['lifetime']; - if (isset($_COOKIE['mxchange_theme'])) $data .= ":".$_COOKIE['mxchange_theme']; - if (isset($_COOKIE['mx_lang'])) $data .= ":".$_COOKIE['mx_lang']; - if (isset($GLOBALS['refid'])) $data .= ":".$GLOBALS['refid']; + if (isSessionVariableSet('u_hash')) $data .= ":".get_session('u_hash'); + if (isset($GLOBALS['userid'])) $data .= ":".$GLOBALS['userid']; + if (isSessionVariableSet('lifetime')) $data .= ":".get_session('lifetime'); + if (isSessionVariableSet('mxchange_theme')) $data .= ":".get_session('mxchange_theme'); + if (isSessionVariableSet('mx_lang')) $data .= ":".GET_LANGUAGE(); + if (isset($GLOBALS['refid'])) $data .= ":".$GLOBALS['refid']; // Calculate number for generating the code $a = $code + _ADD - 1; // Generate hash with master salt from modula of number with the prime number and other data - $saltedHash = generateHash(($a % _PRIME).":".$server.":".$keys.":".$data.":".date("d-m-Y (l-F-T)", time()).":".$a, $CONFIG['master_salt']); + $saltedHash = generateHash(($a % _PRIME).":".$server.":".$keys.":".$data.":".date("d-m-Y (l-F-T)", time()).":".$a, $_CONFIG['master_salt']); // Create number from hash - $rcode = hexdec(substr($saltedHash, strlen($CONFIG['master_salt']), 9)) / abs(_MAX - $a + sqrt(_ADD)) / pi(); + $rcode = hexdec(substr($saltedHash, strlen($_CONFIG['master_salt']), 9)) / abs(_MAX - $a + sqrt(_ADD)) / pi(); // At least 10 numbers shall be secure enought! - $len = $CONFIG['code_length']; + $len = $_CONFIG['code_length']; if ($len == 0) $len = 10; // Cut off requested counts of number @@ -1302,8 +1224,8 @@ function bigintval($num) // Insert the code in $img_code into jpeg or PNG image function GENERATE_IMAGE($img_code, $header=true) { - global $CONFIG; - if ((strlen($img_code) > 6) || (empty($img_code)) || ($CONFIG['code_length'] == 0)) + global $_CONFIG; + if ((strlen($img_code) > 6) || (empty($img_code)) || ($_CONFIG['code_length'] == 0)) { // Stop execution of function here because of over-sized code length return; @@ -1314,7 +1236,7 @@ function GENERATE_IMAGE($img_code, $header=true) return "\n"; } - switch ($CONFIG['img_type']) + switch ($_CONFIG['img_type']) { case "jpg": // Loads JPEG image @@ -1354,10 +1276,10 @@ function GENERATE_IMAGE($img_code, $header=true) imagestring($image, 5, 14, 2, $img_code, $text_color); // Return to browser - header ("Content-Type: image/".$CONFIG['img_type']); + header ("Content-Type: image/".$_CONFIG['img_type']); // Output image with matching image factory - switch ($CONFIG['img_type']) + switch ($_CONFIG['img_type']) { case "jpg": imagejpeg($image); break; case "png": imagepng($image); break; @@ -1879,7 +1801,7 @@ function CREATE_EMAIL_LINK($email, $table="admins") { } // Generate a hash for extra-security for all passwords function generateHash($plainText, $salt = "") { - global $CONFIG, $_SERVER; + global $_CONFIG, $_SERVER; // Is the required extension "sql_patches" there? if ((GET_EXT_VERSION("sql_patches") < "0.3.6") || (GET_EXT_VERSION("sql_patches") == "")) { @@ -1893,7 +1815,7 @@ function generateHash($plainText, $salt = "") { $server = $_SERVER['PHP_SELF'].":".getenv('HTTP_USER_AGENT').":".getenv('SERVER_SOFTWARE').":".getenv('REMOTE_ADDR').":".":".filemtime(PATH."inc/databases.php"); // Build key string - $keys = SITE_KEY.":".DATE_KEY.":".$CONFIG['secret_key'].":".$CONFIG['file_hash'].":".date("d-m-Y (l-F-T)", $CONFIG['patch_ctime']).":".$CONFIG['master_salt']; + $keys = SITE_KEY.":".DATE_KEY.":".$_CONFIG['secret_key'].":".$_CONFIG['file_hash'].":".date("d-m-Y (l-F-T)", $_CONFIG['patch_ctime']).":".$_CONFIG['master_salt']; // Additional data $data = $plainText.":".uniqid(rand(), true).":".time(); @@ -1910,12 +1832,12 @@ function generateHash($plainText, $salt = "") { //* DEBUG: */ echo "Descrambled=".$sha1b." (".strlen($sha1b).")
"; // Generate the password salt string - $salt = substr($sha1, 0, $CONFIG['salt_length']); + $salt = substr($sha1, 0, $_CONFIG['salt_length']); //* DEBUG: */ echo $salt." (".strlen($salt).")
"; } else { - $salt = substr($salt, 0, $CONFIG['salt_length']); + $salt = substr($salt, 0, $_CONFIG['salt_length']); } // Return hash @@ -1923,7 +1845,7 @@ function generateHash($plainText, $salt = "") { } // function scrambleString($str) { - global $CONFIG; + global $_CONFIG; // Init $scrambled = ""; @@ -1934,7 +1856,7 @@ function scrambleString($str) { return $str; } elseif (strlen($str) == 40) { // From database - $scrambleNums = explode(":", $CONFIG['pass_scramble']); + $scrambleNums = explode(":", $_CONFIG['pass_scramble']); } else { // Generate new numbers $scrambleNums = explode(":", genScrambleString(strlen($str))); @@ -1957,12 +1879,12 @@ function scrambleString($str) { // function descrambleString($str) { - global $CONFIG; + global $_CONFIG; // Scramble only 40 chars long strings if (strlen($str) != 40) return $str; // Load numbers from config - $scrambleNums = explode(":", $CONFIG['pass_scramble']); + $scrambleNums = explode(":", $_CONFIG['pass_scramble']); // Validate numbers if (count($scrambleNums) != 40) return $str; @@ -2008,7 +1930,7 @@ function genScrambleString($len) { // normally be stored in cookies function ADD_URL_DATA($URL) { - global $_GET, $CONFIG; + global $_CONFIG; $ADD = ""; // Determine URL binder @@ -2020,9 +1942,9 @@ function ADD_URL_DATA($URL) if ((!empty($_GET['refid'])) && (strpos($URL, "refid=") == 0)) { // Cookie found in URL $ADD .= $BIND."refid=".bigintval($_GET['refid']); - } elseif ((GET_EXT_VERSION("sql_patches") != "") && ($CONFIG['def_refid'] > 0)) { + } elseif ((GET_EXT_VERSION("sql_patches") != "") && ($_CONFIG['def_refid'] > 0)) { // Not found! So let's set default here - $ADD .= $BIND."refid=".$CONFIG['def_refid']; + $ADD .= $BIND."refid=".$_CONFIG['def_refid']; } // Is there already added data? Then change the binder @@ -2043,16 +1965,18 @@ function ADD_URL_DATA($URL) } // function generatePassString($passHash) { - global $CONFIG; - $ret = "*FAILED*"; + global $_CONFIG; + + // Return vanilla password hash + $ret = $passHash; // Is a secret key and master salt already initialized? - if ((!empty($CONFIG['secret_key'])) && (!empty($CONFIG['master_salt']))) { + if ((!empty($_CONFIG['secret_key'])) && (!empty($_CONFIG['master_salt']))) { // Only calculate when the secret key is generated $newHash = ""; $start = 9; for ($idx = 0; $idx < 10; $idx++) { $part1 = hexdec(substr($passHash, $start, 4)); - $part2 = hexdec(substr($CONFIG['secret_key'], $start, 4)); + $part2 = hexdec(substr($_CONFIG['secret_key'], $start, 4)); $mod = dechex($idx); if ($part1 > $part2) { $mod = dechex(sqrt(($part1 - $part2) * _PRIME / pi())); @@ -2065,8 +1989,9 @@ function generatePassString($passHash) { $start += 4; $newHash .= $mod; } + //* DEBUG: */ die($passHash."
".$newHash." (".strlen($newHash).")"); - $ret = generateHash($newHash, $CONFIG['master_salt']); + $ret = generateHash($newHash, $_CONFIG['master_salt']); } // Return result @@ -2079,8 +2004,8 @@ function FIX_DELETED_COOKIES ($cookies) { // Then check all cookies if they are marked as deleted! foreach ($cookies as $cookieName) { // Is the cookie set to "deleted"? - if ((isset($_COOKIE[$cookieName])) && ($_COOKIE[$cookieName] == "deleted")) { - unset($_COOKIE[$cookieName]); + if (get_session($cookieName) == "deleted") { + set_session($cookieName, ""); } } } @@ -2098,6 +2023,93 @@ function mxchange_die ($msg) { // Exit explicitly exit; } + +// Display parsing time and number of SQL queries in footer +function DISPLAY_PARSING_TIME_FOOTER() { + global $startTime, $_CONFIG; + $endTime = microtime(true); + + // Is the timer started? + if (!isset($GLOBALS['startTime'])) { + // Abort here + return false; + } + + // "Explode" both times + $start = explode(" ", $GLOBALS['startTime']); + $end = explode(" ", $endTime); + $runTime = $end[0] - $start[0]; + if ($runTime < 0) $runTime = 0; + $runTime = TRANSLATE_COMMA($runTime); + + // Prepare output + $content = array( + 'runtime' => $runTime, + 'numSQLs' => ($_CONFIG['sql_count'] + 1), + 'numTemplates' => ($_CONFIG['num_templates'] + 1) + ); + + // Load the template + LOAD_TEMPLATE("footer_stats", false, $content); +} + +// Unset/set session variables +function set_session ($var, $value) { + global $CSS; + // Abort in CSS mode here + if ($CSS == 1) return true; + + // Trim value and session variable + $var = trim(SQL_ESCAPE($var)); $value = trim($value); + + // Is the session variable set? + if (("".$value."" == "") && (isSessionVariableSet($var))) { + // Remove the session + //* DEBUG: */ echo "UNSET:".$var."=".get_session($var)."
\n"; + unset($_SESSION[$var]); + return session_unregister($var); + } elseif (("".$value."" != "") && (!isSessionVariableSet($var))) { + // Set session + //* DEBUG: */ echo "SET:".$var."=".$value."
\n"; + $_SESSION[$var] = $value; + return session_register($var); + } + + // Return always true if the session variable is already set. + // Keept me busy for a longer while... + //* DEBUG: */ echo "IGNORED:".$var."=".$value."
\n"; + return true; +} +// Check wether a boolean constant is set +// Taken from user comments in PHP documentation for function constant() +function isBooleanConstantAndTrue($constname) { // : Boolean + $res = false; + if (defined($constname)) $res = (constant($constname) === true); + return($res); +} + +// Check wether a session variable is set +function isSessionVariableSet($var) { + return (isset($_SESSION[$var])); +} + +// Returns wether the value of the session variable or NULL if not set +function get_session($var) { + if (!isset($_SESSION)) session_start(); + + // Default is not found! ;-) + $value = null; + + // Is the variable there? + if (isSessionVariableSet($var)) { + // Then get it secured! + $value = SQL_ESCAPE($_SESSION[$var]); + } + + // Return the value + return $value; +} + // ////////////////////////////////////////////// // //