X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=inc%2Ffunctions.php;h=91ef0668200e4cdceaf4e7e274243fad32a2841c;hp=1c555e08ac7d220e1e076cfc340b4c8968d09f65;hb=16f0ea892c6537f1eff6549ab9a3baf1d6756a13;hpb=da8af06015e111df135ae2c7db6885ec03af9c3f

diff --git a/inc/functions.php b/inc/functions.php
index 1c555e08ac..91ef066820 100644
--- a/inc/functions.php
+++ b/inc/functions.php
@@ -92,6 +92,9 @@ function generatePassword ($length = '0', $exclude =  array()) {
 	// Exclude some entries
 	$localAbc = array_diff($GLOBALS['_abc'], $exclude);
 
+	// $localAbc must have at least 10 entries
+	assert(count($localAbc) >= 10);
+
 	// Start creating password
 	$password = '';
 	while (strlen($password) < $length) {
@@ -331,15 +334,18 @@ function translateMenuVisibleLocked ($content, $prefix = '') {
 // Generates an URL for the dereferer
 function generateDereferrerUrl ($url) {
 	// Don't de-refer our own links!
-	if (substr($url, 0, strlen(getUrl())) != getUrl()) {
+	if ((!empty($url)) && (substr($url, 0, strlen(getUrl())) != getUrl())) {
 		// Encode URL
 		$encodedUrl = encodeString(compileUriCode($url));
 
-		// Log plain URL
-		//* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'url=' . $url);
+		// Generate hash
+		$hash = generateHash($url . getSiteKey() . getDateKey());
+
+		// Log plain URL and hash
+		//* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'url=' . $url . ',hash=' . $hash . '(' . strlen($hash) . ')');
 
 		// De-refer this URL
-		$url = '{%url=modules.php?module=loader&amp;url=' . $encodedUrl . '&amp;hash=' . encodeHashForCookie(generateHash($url . getSiteKey() . getDateKey())) . '%}';
+		$url = '{%url=modules.php?module=loader&amp;url=' . $encodedUrl . '&amp;hash=' . encodeHashForCookie($hash) . '&amp;salt=' . substr($hash, 0, getSaltLength()) . '%}';
 	} // END - if
 
 	// Return link
@@ -706,7 +712,7 @@ function isUrlValid ($url, $compile = TRUE) {
 // Generate a hash for extra-security for all passwords
 function generateHash ($plainText, $salt = '', $hash = TRUE) {
 	// Debug output
-	//* DEBUG: */ debugOutput('plainText('.strlen($plainText).')=' . $plainText . ',salt('.strlen($salt).')=' . $salt . ',hash=' . intval($hash));
+	//* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'plainText('.strlen($plainText).')=' . $plainText . ',salt('.strlen($salt).')=' . $salt . ',hash=' . intval($hash));
 
 	// Is the required extension 'sql_patches' there and a salt is not given?
 	// 123                            4                      43    3     4     432    2                  3             32    2                             3                32    2      3     3      21
@@ -743,20 +749,20 @@ function generateHash ($plainText, $salt = '', $hash = TRUE) {
 
 		// Generate SHA1 sum from modula of number and the prime number
 		$sha1 = sha1(($a % getPrime()) . $server . getEncryptSeparator() . $keys . getEncryptSeparator() . $data . getEncryptSeparator() . getDateKey() . getEncryptSeparator() . $a);
-		//* DEBUG: */ debugOutput('SHA1=' . $sha1.' ('.strlen($sha1).')<br />');
+		//* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'SHA1=' . $sha1.' ('.strlen($sha1).')');
 		$sha1 = scrambleString($sha1);
-		//* DEBUG: */ debugOutput('Scrambled=' . $sha1.' ('.strlen($sha1).')<br />');
+		//* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'Scrambled=' . $sha1.' ('.strlen($sha1).')');
 		//* DEBUG: */ $sha1b = descrambleString($sha1);
-		//* DEBUG: */ debugOutput('Descrambled=' . $sha1b.' ('.strlen($sha1b).')<br />');
+		//* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'Descrambled=' . $sha1b.' ('.strlen($sha1b).')');
 
 		// Generate the password salt string
 		$salt = substr($sha1, 0, getSaltLength());
-		//* DEBUG: */ debugOutput($salt.' ('.strlen($salt).')<br />');
+		//* DEBUG: */ debugOutput($salt.' ('.strlen($salt).')');
 	} else {
 		// Use given salt
-		//* DEBUG: */ debugOutput('salt=' . $salt);
+		//* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'salt=' . $salt);
 		$salt = substr($salt, 0, getSaltLength());
-		//* DEBUG: */ debugOutput('salt=' . $salt . '(' . strlen($salt) . '/' . getSaltLength() . ')<br />');
+		//* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'salt=' . $salt . '(' . strlen($salt) . '/' . getSaltLength() . ')');
 
 		// Sanity check on salt
 		if (strlen($salt) != getSaltLength()) {
@@ -769,7 +775,7 @@ function generateHash ($plainText, $salt = '', $hash = TRUE) {
 	$finalHash = $salt . sha1($salt . $plainText);
 
 	// Debug output
-	//* DEBUG: */ debugOutput('finalHash('.strlen($finalHash).')=' . $finalHash);
+	//* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'finalHash('.strlen($finalHash).')=' . $finalHash);
 
 	// Return hash
 	return $finalHash;
@@ -874,32 +880,39 @@ function encodeHashForCookie ($passHash) {
 		//* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, strlen($passHash) . '/' . strlen(getSecretKey()));
 		if ((strlen($passHash) != 49) || (strlen(getSecretKey()) != 40)) {
 			// Both keys must have same length so return unencrypted
-			//* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, strlen($passHash) . '!=49/' . strlen(getSecretKey()) . '!=40');
+			//* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, strlen($passHash) . '!=49/' . strlen(getSecretKey()) . '!=40 -  EXIT!');
 			return $ret;
 		} // END - if
 
 		$newHash = ''; $start = 9;
 		//* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'passHash=' . $passHash . '(' . strlen($passHash) . ')');
 		for ($idx = 0; $idx < 20; $idx++) {
-			$part1 = hexdec(substr($passHash, ($idx * 2) + (strlen($passHash) - strlen(getSecretKey())), 2));
+			// Get hash parts and convert them (00-FF) to matching ASCII value (0-255)
+			$part1 = hexdec(substr($passHash     , $start, 2));
 			$part2 = hexdec(substr(getSecretKey(), $start, 2));
-			//* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'part1=' . $part1 . '/part2=' . $part2);
+
+			// Default is hexadecimal of index if both are same
 			$mod = dechex($idx);
+			// Is part1 larger or part2 than its counter part?
 			if ($part1 > $part2) {
+				// part1 is larger
 				$mod = dechex(sqrt(($part1 - $part2) * getPrime() / pi()));
 			} elseif ($part2 > $part1) {
+				// part2 is larger
 				$mod = dechex(sqrt(($part2 - $part1) * getPrime() / pi()));
 			}
+
 			$mod = substr($mod, 0, 2);
-			//* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'part1=' . $part1 . '/part2=' . $part2 . '/mod=' . $mod . '(' . strlen($mod) . ')');
-			$mod = str_repeat(0, (2 - strlen($mod))) . $mod;
+			//* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'idx=' . $idx . ',part1=' . $part1 . '/part2=' . $part2 . '/mod=' . $mod . '(' . strlen($mod) . ')');
+			$mod = str_repeat('0', (2 - strlen($mod))) . $mod;
 			//* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'mod(' . ($idx * 2) . ')=' . $mod . '*');
 			$start += 2;
 			$newHash .= $mod;
 		} // END - for
 
-		//* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, $passHash . ',' . $newHash . ' (' . strlen($newHash) . ')');
-		$ret = generateHash($newHash, getMasterSalt());
+		// Just copy it over, as the master salt is not really helpful here
+		//* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, $passHash . '(' . strlen($passHash) . '),' . $newHash . ' (' . strlen($newHash) . ')');
+		$ret = $newHash;
 	} // END - if
 
 	// Return result
@@ -1232,7 +1245,7 @@ function changeDataInFile ($FQFN, $comment, $prefix, $suffix, $inserted, $seek=0
 					if ($next > -1) {
 						if ($next === $seek) {
 							$next = -1;
-							$line = $prefix . $inserted . $suffix . chr(10);
+							$line = $prefix . $inserted . $suffix . PHP_EOL;
 						} else {
 							$next++;
 						}
@@ -1276,7 +1289,7 @@ function logDebugMessage ($funcFile, $line, $message, $force=true) {
 	// Is debug mode enabled?
 	if ((isDebugModeEnabled()) || ($force === TRUE)) {
 		// Remove CRLF
-		$message = str_replace(array(chr(13), chr(10)), array('', ''), $message);
+		$message = str_replace(array(chr(13), PHP_EOL), array('', ''), $message);
 
 		// Log this message away
 		appendLineToFile(getPath() . getCachePath() . 'debug.log', generateDateTime(time(), '4') . '|' . getModule(FALSE) . '|' . basename($funcFile) . '|' . $line . '|' . $message);
@@ -1330,9 +1343,12 @@ function handleExtraValues ($filterFunction, $value, $extraValue) {
 }
 
 // Tries to determine if call-back functions and/or extra values shall be parsed
-function doHandleExtraValues ($filterFunctions, $extraValues, $key, $entries, $userIdColumn, $search) {
-	// Debug message
-	/* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'key=' . $key . ',entries=' . $entries . ',userIdColumn=' . $userIdColumn[0] . ',search=' . $search . ',filterFunctions=' . print_r($filterFunctions, TRUE) . ',extraValues=' . print_r($extraValues, TRUE));
+function doHandleExtraValues ($filterFunctions, $extraValues, $key, $entries, $userIdColumn, $search, $id = NULL) {
+	// Debug mode enabled?
+	if (isDebugModeEnabled()) {
+		// Debug message
+		/* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'key=' . $key . ',entries=' . $entries . ',userIdColumn=' . $userIdColumn[0] . ',search=' . $search . ',filterFunctions=' . print_r($filterFunctions, TRUE) . ',extraValues=' . print_r($extraValues, TRUE));
+	} // END - if
 
 	// Send data through the filter function if found
 	if ($key == $userIdColumn[0]) {
@@ -1342,7 +1358,7 @@ function doHandleExtraValues ($filterFunctions, $extraValues, $key, $entries, $u
 		// Debug mode enabled?
 		if (isDebugModeEnabled()) {
 			// Then log it
-			/* NOISY-DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'search=' . $search . ',filterFunctions=' . $filterFunctions[$search] . ',extraValues=' . $extraValues[$key] . ',key=' . $key . ',id=' . $id . ',entries[' . gettype($entries) . ']=' . $entries . ' - BEFORE!');
+			/* NOISY-DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'search=' . $search . ',filterFunctions=' . $filterFunctions[$key] . ',extraValues=' . $extraValues[$key] . ',key=' . $key . ',id=' . $id . ',entries[' . gettype($entries) . ']=' . $entries . ' - BEFORE!');
 		} // END - if
 
 		// Filter function + extra value set
@@ -1351,8 +1367,26 @@ function doHandleExtraValues ($filterFunctions, $extraValues, $key, $entries, $u
 		// Debug mode enabled?
 		if (isDebugModeEnabled()) {
 			// Then log it
-			/* NOISY-DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'search=' . $search . ',filterFunctions=' . $filterFunctions[$search] . ',extraValues=' . $extraValues[$key] . ',key=' . $key . ',id=' . $id . ',entries[' . gettype($entries) . ']=' . $entries . ' - AFTER!');
+			/* NOISY-DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'search=' . $search . ',filterFunctions=' . $filterFunctions[$key] . ',extraValues=' . $extraValues[$key] . ',key=' . $key . ',id=' . $id . ',entries[' . gettype($entries) . ']=' . $entries . ' - AFTER!');
+		} // END - if
+	} elseif ((!empty($filterFunctions[$search])) && (!empty($extraValues[$search]))) {
+		// Debug mode enabled?
+		if (isDebugModeEnabled()) {
+			// Then log it
+			/* NOISY-DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'search=' . $search . ',filterFunctions=' . $filterFunctions[$search] . ',key=' . $key . ',search=' . $search . ',entries[' . gettype($entries) . ']=' . $entries . ' - BEFORE!');
+		} // END - if
+
+		// Handle extra values
+		$entries = handleExtraValues($filterFunctions[$search], $entries, $extraValues[$search]);
+
+		// Debug mode enabled?
+		if (isDebugModeEnabled()) {
+			// Then log it
+			/* NOISY-DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'search=' . $search . ',filterFunctions=' . $filterFunctions[$search] . ',key=' . $key . ',search=' . $search . ',entries[' . gettype($entries) . ']=' . $entries . ' - AFTER!');
 		} // END - if
+
+		// Make sure entries is not bool, then something went wrong
+		assert(!is_bool($entries));
 	} elseif (!empty($filterFunctions[$search])) {
 		// Debug mode enabled?
 		if (isDebugModeEnabled()) {
@@ -1912,7 +1946,7 @@ function encodeUrl ($url, $outputMode = '0') {
 	} // END - if
 
 	// Is there a valid session?
-	if (((!isset($GLOBALS['valid_session'])) || ($GLOBALS['valid_session'] === FALSE) || (!isset($_COOKIE[session_name()]))) && (isSpider() === FALSE)) {
+	if ((!isSessionValid()) && (!isSpider())) {
 		// Determine right separator
 		$separator = '&amp;';
 		if (!isInString('?', $url)) {
@@ -1920,11 +1954,8 @@ function encodeUrl ($url, $outputMode = '0') {
 			$separator = '?';
 		} // END - if
 
-		// Is the session id set?
-		if (session_id() != '') {
-			// Then add it to URL
-			$url .= $separator . session_name() . '=' . session_id();
-		} // END - if
+		// Then add it to URL
+		$url .= $separator . session_name() . '=' . session_id();
 	} // END - if
 
 	// Add {?URL?} ?
@@ -1956,10 +1987,10 @@ function isSpider () {
 	// Get the UA and trim it down
 	$userAgent = trim(detectUserAgent(TRUE));
 
-	// It should not be empty, if so it is better a spider/bot
+	// It should not be empty, if so it is better a browser
 	if (empty($userAgent)) {
-		// It is a spider/bot
-		return TRUE;
+		// It is a browser that blocks its UA string
+		return FALSE;
 	} // END - if
 
 	// Is it a spider?
@@ -2047,13 +2078,10 @@ function convertZeroToNull ($number) {
 // Converts a NULL to zero
 function convertNullToZero ($number) {
 	// Is it a valid username?
-	if ((!is_null($number)) && (!empty($number)) && ($number > 0)) {
-		// Always secure it
-		$number = bigintval($number);
-	} else {
+	if ((is_null($number)) || (empty($number)) || ($number < 1)) {
 		// Is not valid or zero
 		$number = '0';
-	}
+	} // END - if
 
 	// Return it
 	return $number;
@@ -2168,7 +2196,7 @@ function isHexadecimal ($hex) {
 }
 
 /**
- * Replace chr(13) with "[r]" and chr(10) with "[n]" and add a final new-line to make
+ * Replace chr(13) with "[r]" and PHP_EOL with "[n]" and add a final new-line to make
  * them visible to the developer. Use this function to debug e.g. buggy HTTP
  * response handler functions.
  *
@@ -2176,7 +2204,7 @@ function isHexadecimal ($hex) {
  * @return	$str	Overworked string
  */
 function replaceReturnNewLine ($str) {
-	return str_replace(array(chr(13), chr(10)), array('[r]', '[n]'), $str);
+	return str_replace(array(chr(13), PHP_EOL), array('[r]', '[n]'), $str);
 }
 
 // Converts a given string by splitting it up with given delimiter similar to
@@ -2288,7 +2316,7 @@ function convertStringToBoolean ($str) {
 		} // END - if
 
 		// Determine it
-		$GLOBALS[__FUNCTION__][$str] = (($strTrimmed == 'true') ? true : false);
+		$GLOBALS[__FUNCTION__][$str] = ($strTrimmed == 'true');
 	} // END - if
 
 	// Return cache
@@ -2361,7 +2389,7 @@ function memberAddEntries ($tableName, $columns = array(), $filterFunctions = ar
 }
 
 // Edit rows by given id numbers
-function memberEditEntriesConfirm ($tableName, $columns = array(), $filterFunctions = array(), $extraValues = array(), $timeColumns = array(), $editNow = array(FALSE), $idColumn = array('id'), $userIdColumn = array('userid'), $rawUserId = array('userid'), $cacheFiles = array()) {
+function memberEditEntriesConfirm ($tableName, $columns = array(), $filterFunctions = array(), $extraValues = array(), $timeColumns = array(), $editNow = array(FALSE), $idColumn = array('id'), $userIdColumn = array('userid'), $rawUserId = array('userid'), $cacheFiles = array(), $content = array()) {
 	// $tableName must be an array
 	if ((!is_array($tableName)) || (count($tableName) != 1)) {
 		// No tableName specified
@@ -2395,12 +2423,12 @@ function memberEditEntriesConfirm ($tableName, $columns = array(), $filterFuncti
 		}
 	} else {
 		// List for editing
-		memberListBuilder('edit', $tableName, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn);
+		memberListBuilder('edit', $tableName, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn, $rawUserId, $content);
 	}
 }
 
 // Delete rows by given id numbers
-function memberDeleteEntriesConfirm ($tableName, $columns = array(), $filterFunctions = array(), $extraValues = array(), $deleteNow = array(FALSE), $idColumn = array('id'), $userIdColumn = array('userid'), $rawUserId = array('userid'), $cacheFiles = array()) {
+function memberDeleteEntriesConfirm ($tableName, $columns = array(), $filterFunctions = array(), $extraValues = array(), $deleteNow = array(FALSE), $idColumn = array('id'), $userIdColumn = array('userid'), $rawUserId = array('userid'), $cacheFiles = array(), $content = array()) {
 	// Do this only for members
 	assert(isMember());
 
@@ -2437,17 +2465,18 @@ function memberDeleteEntriesConfirm ($tableName, $columns = array(), $filterFunc
 		}
 	} else {
 		// List for deletion confirmation
-		memberListBuilder('delete', $tableName, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn);
+		memberListBuilder('delete', $tableName, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn, $rawUSerId, $content);
 	}
 }
 
 // Build a special template list
-function memberListBuilder ($listType, $tableName, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn, $rawUserId = array('userid')) {
+// @TODO cacheFiles is not yet supported
+function memberListBuilder ($listType, $tableName, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn, $rawUserId = array('userid'), $content = array()) {
 	// Do this only for logged in member
 	assert(isMember());
 
 	// Call inner (general) function
-	doGenericListBuilder('member', $listType, $tableName, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn, $rawUserId);
+	doGenericListBuilder('member', $listType, $tableName, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn, $rawUserId, $content);
 }
 
 // Checks whether given address is IPv4