X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=inc%2Ffunctions.php;h=9a9ea0dfc89080b04fd6617f1cbed14bed1afa8b;hp=021edbe8793423f4caec6d95b793a1c39304244e;hb=f8a2f0c9d334d87fdaf8f010678ca5ad8b95211f;hpb=c7f21c9eb494d8466447c1a199ec5621440d7ac8
diff --git a/inc/functions.php b/inc/functions.php
index 021edbe879..9a9ea0dfc8 100644
--- a/inc/functions.php
+++ b/inc/functions.php
@@ -101,7 +101,7 @@ function OUTPUT_HTML($HTML, $NEW_LINE = true) {
// That's why you don't need any \n at the end of your HTML code... :-)
if (_OB_CACHING == "on") {
// Output into PHP's internal buffer
- echo stripslashes($HTML);
+ OUTPUT_RAW($HTML);
// That's why you don't need any \n at the end of your HTML code... :-)
if ($NEW_LINE) echo "\n";
@@ -116,10 +116,10 @@ function OUTPUT_HTML($HTML, $NEW_LINE = true) {
case "direct":
// If we are switching from render to direct output rendered code
- if ((!empty($OUTPUT)) && (_OB_CACHING != "on")) { echo $OUTPUT; $OUTPUT = ""; }
+ if ((!empty($OUTPUT)) && (_OB_CACHING != "on")) { OUTPUT_RAW($OUTPUT); $OUTPUT = ""; }
// The same as above... ^
- echo stripslashes($HTML);
+ OUTPUT_RAW($HTML);
if ($NEW_LINE) echo "\n";
break;
@@ -146,8 +146,7 @@ function OUTPUT_HTML($HTML, $NEW_LINE = true) {
}
// Output code here, DO NOT REMOVE! ;-)
- echo stripslashes($OUTPUT);
- flush();
+ OUTPUT_RAW($OUTPUT);
} elseif ((OUTPUT_MODE == "render") && (!empty($OUTPUT))) {
// Rewrite links when rewrite extension is active
if ((EXT_IS_ACTIVE("rewrite", true)) && (function_exists('REWRITE_LINKS')) && ($CSS != "1") && ($CSS != "-1")) {
@@ -161,11 +160,24 @@ function OUTPUT_HTML($HTML, $NEW_LINE = true) {
}
// Output code here, DO NOT REMOVE! ;-)
- echo stripslashes($OUTPUT);
- flush();
+ OUTPUT_RAW($OUTPUT);
}
}
+// Output the raw HTML code
+function OUTPUT_RAW ($HTML) {
+ if ((isBooleanConstantAndTrue('mxchange_installed')) && (basename($_SERVER['PHP_SELF']) != "install.php")) {
+ // Not in install-mode so strip slashes away
+ echo stripslashes($HTML);
+ } else {
+ // Output directly in install-mode
+ echo $HTML;
+ }
+
+ // Flush the output
+ flush();
+}
+
// Add a fatal error message to the queue array
function ADD_FATAL ($message, $extra="")
{
@@ -182,11 +194,11 @@ function ADD_FATAL ($message, $extra="")
// Load a template file and return it's content (only it's name; do not use ' or ")
function LOAD_TEMPLATE($template, $return=false, $content="") {
// Add more variables which you want to use in your template files
- global $DATA, $CONFIG, $username;
+ global $DATA, $_CONFIG, $username;
// Count the template load
- if (!isset($CONFIG['num_templates'])) $CONFIG['num_templates'] = 0;
- $CONFIG['num_templates']++;
+ if (!isset($_CONFIG['num_templates'])) $_CONFIG['num_templates'] = 0;
+ $_CONFIG['num_templates']++;
// Init some data
$ACTION = SQL_ESCAPE($GLOBALS['action']);
@@ -261,13 +273,13 @@ function LOAD_TEMPLATE($template, $return=false, $content="") {
}
// Does the special template exists?
- if (!file_exists($file)) {
+ if ((!file_exists($file)) || (!is_readable($file))) {
// Reset to default template
$file = $BASE.$template.".tpl";
}
// Now does the final template exists?
- if (file_exists($file)) {
+ if ((file_exists($file)) && (is_readable($file))) {
// The local file does exists so we load it. :)
$tmpl_file = implode("", file($file));
@@ -286,7 +298,7 @@ function LOAD_TEMPLATE($template, $return=false, $content="") {
// Add surrounding HTML comments to help finding bugs faster
$ret = "\n".$ret."\n";
- } elseif ((IS_ADMIN()) || ((mxchange_installing) && (!mxchange_installed))) {
+ } elseif ((IS_ADMIN()) || ((isBooleanConstantAndTrue('mxchange_installing')) && (!isBooleanConstantAndTrue('mxchange_installed')))) {
// Only admins shall see this warning or when installation mode is active
$ret = "
".TEMPLATE_404."
(".basename($file).")
@@ -308,7 +320,7 @@ function LOAD_TEMPLATE($template, $return=false, $content="") {
// Output direct
OUTPUT_HTML($ret);
}
- } elseif (DEBUG_MODE) {
+ } elseif (isBooleanConstantAndTrue('DEBUG_MODE')) {
// Warning, empty output!
return "E:".$template."
\n";
}
@@ -343,7 +355,7 @@ function SEND_EMAIL($TO, $SUBJECT, $MSG, $HTML='N', $FROM="") {
// Append header
$FROM .= LOAD_EMAIL_TEMPLATE("header");
}
- } elseif (DEBUG_MODE) {
+ } elseif (isBooleanConstantAndTrue('DEBUG_MODE')) {
if (empty($FROM)) {
// Load email header template
$FROM = LOAD_EMAIL_TEMPLATE("header");
@@ -355,7 +367,7 @@ function SEND_EMAIL($TO, $SUBJECT, $MSG, $HTML='N', $FROM="") {
// Fix HTML parameter (default is no!)
if (empty($HTML)) $HTML = 'N';
- if (DEBUG_MODE) {
+ if (isBooleanConstantAndTrue('DEBUG_MODE')) {
// In debug mode we want to display the mail instead of sending it away so we can debug this part
echo "
".htmlentities(trim($FROM))." @@ -371,10 +383,10 @@ Message : ".$MSG." $TO = COMPILE_CODE($TO); // Send Mail away - SEND_RAW_EMAIL(stripslashes($TO), COMPILE_CODE($SUBJECT), stripslashes($MSG), $FROM); + SEND_RAW_EMAIL($TO, COMPILE_CODE($SUBJECT), COMPILE_CODE($MSG), $FROM); } elseif ($HTML == 'N') { // Problem found! - SEND_RAW_EMAIL(WEBMASTER, COMPILE_CODE($SUBJECT), stripslashes($MSG), $FROM); + SEND_RAW_EMAIL(WEBMASTER, COMPILE_CODE($SUBJECT), COMPILE_CODE($MSG), $FROM); } } @@ -429,8 +441,8 @@ function SEND_RAW_EMAIL ($to, $subject, $msg, $from) { // Generate a password in a specified length or use default password length function GEN_PASS($LEN = 0) { - global $CONFIG; - if ($LEN == 0) $LEN = $CONFIG['pass_len']; + global $_CONFIG; + if ($LEN == 0) $LEN = $_CONFIG['pass_len']; // Initialize array with all allowed chars $ABC = explode(",", "a,b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z,A,B,C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,X,Y,Z,0,1,2,3,4,5,6,7,8,9,-,+,_,/"); @@ -491,10 +503,10 @@ function MAKE_DATETIME($time, $mode="0") // Translates the american decimal dot into a german comma function TRANSLATE_COMMA($dotted, $cut=true) { - global $CONFIG; + global $_CONFIG; // Default is 3 you can change this in admin area "Misc -> Misc Options" - if (empty($CONFIG['max_comma'])) $CONFIG['max_comma'] = "3"; - if (!ereg("\.", $dotted)) $dotted .= ".".str_repeat("0", $CONFIG['max_comma']); + if (empty($_CONFIG['max_comma'])) $_CONFIG['max_comma'] = "3"; + if (!ereg("\.", $dotted)) $dotted .= ".".str_repeat("0", $_CONFIG['max_comma']); if ($cut) { // Remove trailing zeros $dot = str_replace(".", "x", $dotted); @@ -518,16 +530,16 @@ function TRANSLATE_COMMA($dotted, $cut=true) if ($pos > 0) { if ($cut) { // Cut x numbers behind comma - $dotted = str_replace(".", ",", substr($dotted, 0, ($pos + $CONFIG['max_comma'] + 1))); + $dotted = str_replace(".", ",", substr($dotted, 0, ($pos + $_CONFIG['max_comma'] + 1))); } else { // Replace comma with dot $dotted = str_replace(".", ",", $dotted); } } elseif (!$cut) { if (empty($pos)) { - $dotted = "0,".str_repeat("0", $CONFIG['max_comma']); + $dotted = "0,".str_repeat("0", $_CONFIG['max_comma']); } else { - $dotted .= ",".str_repeat("0", $CONFIG['max_comma']); + $dotted .= ",".str_repeat("0", $_CONFIG['max_comma']); } } break; @@ -535,9 +547,9 @@ function TRANSLATE_COMMA($dotted, $cut=true) default: if (!$cut) { if ($pos > 0) { - $dotted = substr($dotted, 0, ($pos + $CONFIG['max_comma'] + 1)); + $dotted = substr($dotted, 0, ($pos + $_CONFIG['max_comma'] + 1)); } else { - $dotted .= ".".str_repeat("0", $CONFIG['max_comma']); + $dotted .= ".".str_repeat("0", $_CONFIG['max_comma']); } } break; @@ -626,17 +638,11 @@ function TRANSLATE_STATUS($status) return $ret; } // -function GET_LANGUAGE() -{ - global $_COOKIE, $_GET; - - if (!empty($_GET['mx_lang'])) - { +function GET_LANGUAGE() { + if (!empty($_GET['mx_lang'])) { // Accept only first 2 chars $lang = substr($_GET['mx_lang'], 0, 2); - } - else - { + } else { // Do nothing $lang = ""; } @@ -645,40 +651,31 @@ function GET_LANGUAGE() $ret = DEFAULT_LANG; // Check GET variable and cookie - if (!empty($lang)) - { + if (!empty($lang)) { // Check if main language file does exist - if (file_exists(PATH."inc/language/".$lang.".php")) - { + if (file_exists(PATH."inc/language/".$lang.".php")) { // Okay found, so let's update cookies SET_LANGUAGE($lang); } - } - elseif (!empty($_COOKIE['mx_lang'])) - { + } elseif (!isSessionVariableSet('mx_lang')) { // Return stored value from cookie - $ret = $_COOKIE['mx_lang']; + $ret = get_session('mx_lang'); } return $ret; } // -function SET_LANGUAGE($lang) -{ - global $CONFIG; +function SET_LANGUAGE($lang) { + global $_CONFIG; // Accept only first 2 chars! $lang = substr(SQL_ESCAPE(strip_tags($lang)), 0, 2); // Set cookie - @setcookie("mx_lang", $lang, (time() + $CONFIG['online_timeout']), COOKIE_PATH); - - // Set array - $_COOKIE['mx_lang'] = $lang; + set_session("mx_lang", $lang); } // -function LOAD_EMAIL_TEMPLATE($template, $content="", $UID="0") -{ - global $DATA, $CONFIG, $REPLACER; +function LOAD_EMAIL_TEMPLATE($template, $content="", $UID="0") { + global $DATA, $_CONFIG, $REPLACER; // Keept for backward-compatiblity (please replace these variables against our new {--CONST--} syntax!) $MAIN_TITLE = MAIN_TITLE; $URL = URL; $WEBMASTER = WEBMASTER; @@ -689,37 +686,32 @@ function LOAD_EMAIL_TEMPLATE($template, $content="", $UID="0") $HTTP_USER_AGENT = getenv('HTTP_USER_AGENT'); $ADMIN = MAIN_TITLE; - if (!empty($_COOKIE['admin_login'])) - { + if (isSessionVariableSet('admin_login')) { // Load Admin data $result = SQL_QUERY_ESC("SELECT email FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1", - array(SQL_ESCAPE($_COOKIE['admin_login'])), __FILE__, __LINE__); + array(SQL_ESCAPE(get_session('admin_login'))), __FILE__, __LINE__); list($ADMIN) = SQL_FETCHROW($result); SQL_FREERESULT($result); } // Expiration in a nice output format - if ($CONFIG['auto_purge'] == 0) - { + if ($_CONFIG['auto_purge'] == 0) { // Will never expire! $EXPIRATION = MAIL_WILL_NEVER_EXPIRE; - } - elseif (function_exists('CREATE_FANCY_TIME')) - { + } elseif (function_exists('CREATE_FANCY_TIME')) { // Create nice date string - $EXPIRATION = CREATE_FANCY_TIME($CONFIG['auto_purge']); - } - else - { + $EXPIRATION = CREATE_FANCY_TIME($_CONFIG['auto_purge']); + } else { // Display days only - $EXPIRATION = round($CONFIG['auto_purge']/60/60/24)." "._DAYS; + $EXPIRATION = round($_CONFIG['auto_purge']/60/60/24)." "._DAYS; } + switch ($template) { case "bonus-mail": // Load data for the bonus mail $BONUSID = $DATA[0]; $content = $DATA[2]; - $POINTS = TRANSLATE_COMMA($DATA[4]); + $points = TRANSLATE_COMMA($DATA[4]); $TIME = $DATA[5]; $TARGET_URL = $DATA[8]; $CATEGORY = GET_CATEGORY($DATA[9]); @@ -734,7 +726,7 @@ function LOAD_EMAIL_TEMPLATE($template, $content="", $UID="0") case "order-admin": case "order-member": - $BLOCKS = $CONFIG['max_send']; + $BLOCKS = $_CONFIG['max_send']; $SUBJECT = $DATA[0]; $content = $DATA[1]; $PAYMENT = GET_PAYMENT($DATA[3]); @@ -756,13 +748,13 @@ function LOAD_EMAIL_TEMPLATE($template, $content="", $UID="0") break; case "confirm-member": - $POINTS = $CONFIG['points_register']; + $points = $_CONFIG['points_register']; break; case "confirm-referral": $PERCENT = $DATA[0]; $LEVEL = $DATA[1]; - $POINTS = $DATA[2]; + $points = $DATA[2]; $REFID = $DATA[3]; break; @@ -771,7 +763,7 @@ function LOAD_EMAIL_TEMPLATE($template, $content="", $UID="0") $CATEGORY = GET_CATEGORY($DATA[9]); $TIME = GET_PAY_POINTS($DATA[5], "time"); $TARGET_URL = $DATA[7]; - $POINTS = TRANSLATE_COMMA(GET_PAY_POINTS($DATA[5], "payment")); + $points = TRANSLATE_COMMA(GET_PAY_POINTS($DATA[5], "payment")); // Warning! This ID has changed from 10 to 11! $MAILID = $DATA[11]; @@ -791,11 +783,11 @@ function LOAD_EMAIL_TEMPLATE($template, $content="", $UID="0") case "back-admin": case "back-member": - $POINTS = TRANSLATE_COMMA($DATA[10]); + $points = TRANSLATE_COMMA($DATA[10]); break; case "add-points": - $POINTS = $_POST['points']; + $points = bigintval($_POST['points']); break; case "guest_request_confirm": @@ -804,18 +796,14 @@ function LOAD_EMAIL_TEMPLATE($template, $content="", $UID="0") } // Load user's data - if ($UID > 0) - { - if (EXT_IS_ACTIVE("nickname")) - { + if ($UID > 0) { + if (EXT_IS_ACTIVE("nickname")) { // Load nickname $result = SQL_QUERY_ESC("SELECT surname, family, sex, email, nickname FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", array(bigintval($UID)), __FILE__, __LINE__); list($surname, $family, $sex, $email, $nick) = SQL_FETCHROW($result); SQL_FREERESULT($result); - } - else - { + } else { // Load normal data $result = SQL_QUERY_ESC("SELECT surname, family, sex, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1", array(bigintval($UID)), __FILE__, __LINE__); @@ -823,9 +811,7 @@ function LOAD_EMAIL_TEMPLATE($template, $content="", $UID="0") SQL_FREERESULT($result); $nick = "---"; } - } - else - { + } else { // Neutral sex and email address is default $sex = 'N'; $email = WEBMASTER; @@ -841,40 +827,29 @@ function LOAD_EMAIL_TEMPLATE($template, $content="", $UID="0") $BASE = PATH."templates/".GET_LANGUAGE()."/emails/"; // Check for admin/guest/member templates - if (strpos($template, "admin_") > -1) - { + if (strpos($template, "admin_") > -1) { // Admin template found $file = $BASE."admin/".$template.".tpl"; - } - elseif (strpos($template, "guest_") > -1) - { + } elseif (strpos($template, "guest_") > -1) { // Guest template found $file = $BASE."guest/".$template.".tpl"; - } - elseif (strpos($template, "member_") > -1) - { + } elseif (strpos($template, "member_") > -1) { // Member template found $file = $BASE."member/".$template.".tpl"; - } - else - { + } else { // Test for extension $test = substr($template, 0, strpos($template, "_")); - if (EXT_IS_ACTIVE($test)) - { + if (EXT_IS_ACTIVE($test)) { // Set extra path to extension's name $file = $BASE.$test."/".$template.".tpl"; - } - else - { + } else { // No special filename $file = $BASE.$template.".tpl"; } } // Does the special template exists? - if (!@file_exists($file)) - { + if ((!@file_exists($file)) || (!is_readable($file))) { // Reset to default template $file = $BASE.$template.".tpl"; } @@ -929,6 +904,14 @@ function MAKE_TIME($H, $M, $S, $stamp) } // function LOAD_URL($URL, $addUrlData=true) { + global $CSS, $_CONFIG, $link, $db, $footer; + + // Check if http(s):// is there + if ((substr($URL, 0, 7) != "http://") && (substr($URL, 0, 8) != "https://")) { + // Make all URLs full-qualified + $URL = URL."/".$URL; + } + // Compile out URI codes $URL = COMPILE_CODE($URL); @@ -1191,36 +1174,36 @@ function TRANSLATE_YESNO($yn) // function GEN_RANDOM_CODE($length, $code, $uid, $DATA="") { - global $CONFIG; + global $_CONFIG; // Build server string $server = $_SERVER['PHP_SELF'].":".getenv('HTTP_USER_AGENT').":".getenv('SERVER_SOFTWARE').":".getenv('REMOTE_ADDR').":".":".filemtime(PATH."inc/databases.php"); // Build key string - $keys = SITE_KEY.":".DATE_KEY.":".$CONFIG['secret_key'].":".$CONFIG['file_hash'].":".date("d-m-Y (l-F-T)", $CONFIG['patch_ctime']).":".$CONFIG['master_salt']; + $keys = SITE_KEY.":".DATE_KEY.":".$_CONFIG['secret_key'].":".$_CONFIG['file_hash'].":".date("d-m-Y (l-F-T)", $_CONFIG['patch_ctime']).":".$_CONFIG['master_salt']; // Build string from misc data $data = $code.":".$uid.":".$DATA; // Add more additional data - if (isset($_COOKIE['u_hash'])) $data .= ":".$_COOKIE['u_hash']; - if (isset($GLOBALS['userid'])) $data .= ":".$GLOBALS['userid']; - if (isset($_COOKIE['lifetime'])) $data .= ":".$_COOKIE['lifetime']; - if (isset($_COOKIE['mxchange_theme'])) $data .= ":".$_COOKIE['mxchange_theme']; - if (isset($_COOKIE['mx_lang'])) $data .= ":".$_COOKIE['mx_lang']; - if (isset($GLOBALS['refid'])) $data .= ":".$GLOBALS['refid']; + if (isSessionVariableSet('u_hash')) $data .= ":".get_session('u_hash'); + if (isset($GLOBALS['userid'])) $data .= ":".$GLOBALS['userid']; + if (isSessionVariableSet('lifetime')) $data .= ":".get_session('lifetime'); + if (isSessionVariableSet('mxchange_theme')) $data .= ":".get_session('mxchange_theme'); + if (isSessionVariableSet('mx_lang')) $data .= ":".GET_LANGUAGE(); + if (isset($GLOBALS['refid'])) $data .= ":".$GLOBALS['refid']; // Calculate number for generating the code $a = $code + _ADD - 1; // Generate hash with master salt from modula of number with the prime number and other data - $saltedHash = generateHash(($a % _PRIME).":".$server.":".$keys.":".$data.":".date("d-m-Y (l-F-T)", time()).":".$a, $CONFIG['master_salt']); + $saltedHash = generateHash(($a % _PRIME).":".$server.":".$keys.":".$data.":".date("d-m-Y (l-F-T)", time()).":".$a, $_CONFIG['master_salt']); // Create number from hash - $rcode = hexdec(substr($saltedHash, strlen($CONFIG['master_salt']), 9)) / abs(_MAX - $a + sqrt(_ADD)) / pi(); + $rcode = hexdec(substr($saltedHash, strlen($_CONFIG['master_salt']), 9)) / abs(_MAX - $a + sqrt(_ADD)) / pi(); // At least 10 numbers shall be secure enought! - $len = $CONFIG['code_length']; + $len = $_CONFIG['code_length']; if ($len == 0) $len = 10; // Cut off requested counts of number @@ -1238,8 +1221,8 @@ function bigintval($num) // Insert the code in $img_code into jpeg or PNG image function GENERATE_IMAGE($img_code, $header=true) { - global $CONFIG; - if ((strlen($img_code) > 6) || (empty($img_code)) || ($CONFIG['code_length'] == 0)) + global $_CONFIG; + if ((strlen($img_code) > 6) || (empty($img_code)) || ($_CONFIG['code_length'] == 0)) { // Stop execution of function here because of over-sized code length return; @@ -1250,7 +1233,7 @@ function GENERATE_IMAGE($img_code, $header=true) return "\n"; } - switch ($CONFIG['img_type']) + switch ($_CONFIG['img_type']) { case "jpg": // Loads JPEG image @@ -1290,10 +1273,10 @@ function GENERATE_IMAGE($img_code, $header=true) imagestring($image, 5, 14, 2, $img_code, $text_color); // Return to browser - header ("Content-Type: image/".$CONFIG['img_type']); + header ("Content-Type: image/".$_CONFIG['img_type']); // Output image with matching image factory - switch ($CONFIG['img_type']) + switch ($_CONFIG['img_type']) { case "jpg": imagejpeg($image); break; case "png": imagepng($image); break; @@ -1815,7 +1798,7 @@ function CREATE_EMAIL_LINK($email, $table="admins") { } // Generate a hash for extra-security for all passwords function generateHash($plainText, $salt = "") { - global $CONFIG, $_SERVER; + global $_CONFIG, $_SERVER; // Is the required extension "sql_patches" there? if ((GET_EXT_VERSION("sql_patches") < "0.3.6") || (GET_EXT_VERSION("sql_patches") == "")) { @@ -1829,7 +1812,7 @@ function generateHash($plainText, $salt = "") { $server = $_SERVER['PHP_SELF'].":".getenv('HTTP_USER_AGENT').":".getenv('SERVER_SOFTWARE').":".getenv('REMOTE_ADDR').":".":".filemtime(PATH."inc/databases.php"); // Build key string - $keys = SITE_KEY.":".DATE_KEY.":".$CONFIG['secret_key'].":".$CONFIG['file_hash'].":".date("d-m-Y (l-F-T)", $CONFIG['patch_ctime']).":".$CONFIG['master_salt']; + $keys = SITE_KEY.":".DATE_KEY.":".$_CONFIG['secret_key'].":".$_CONFIG['file_hash'].":".date("d-m-Y (l-F-T)", $_CONFIG['patch_ctime']).":".$_CONFIG['master_salt']; // Additional data $data = $plainText.":".uniqid(rand(), true).":".time(); @@ -1846,12 +1829,12 @@ function generateHash($plainText, $salt = "") { //* DEBUG: */ echo "Descrambled=".$sha1b." (".strlen($sha1b).")
"; // Generate the password salt string - $salt = substr($sha1, 0, $CONFIG['salt_length']); + $salt = substr($sha1, 0, $_CONFIG['salt_length']); //* DEBUG: */ echo $salt." (".strlen($salt).")
"; } else { - $salt = substr($salt, 0, $CONFIG['salt_length']); + $salt = substr($salt, 0, $_CONFIG['salt_length']); } // Return hash @@ -1859,7 +1842,7 @@ function generateHash($plainText, $salt = "") { } // function scrambleString($str) { - global $CONFIG; + global $_CONFIG; // Init $scrambled = ""; @@ -1870,7 +1853,7 @@ function scrambleString($str) { return $str; } elseif (strlen($str) == 40) { // From database - $scrambleNums = explode(":", $CONFIG['pass_scramble']); + $scrambleNums = explode(":", $_CONFIG['pass_scramble']); } else { // Generate new numbers $scrambleNums = explode(":", genScrambleString(strlen($str))); @@ -1893,12 +1876,12 @@ function scrambleString($str) { // function descrambleString($str) { - global $CONFIG; + global $_CONFIG; // Scramble only 40 chars long strings if (strlen($str) != 40) return $str; // Load numbers from config - $scrambleNums = explode(":", $CONFIG['pass_scramble']); + $scrambleNums = explode(":", $_CONFIG['pass_scramble']); // Validate numbers if (count($scrambleNums) != 40) return $str; @@ -1944,7 +1927,7 @@ function genScrambleString($len) { // normally be stored in cookies function ADD_URL_DATA($URL) { - global $_GET, $CONFIG; + global $_CONFIG; $ADD = ""; // Determine URL binder @@ -1956,9 +1939,9 @@ function ADD_URL_DATA($URL) if ((!empty($_GET['refid'])) && (strpos($URL, "refid=") == 0)) { // Cookie found in URL $ADD .= $BIND."refid=".bigintval($_GET['refid']); - } elseif ((GET_EXT_VERSION("sql_patches") != "") && ($CONFIG['def_refid'] > 0)) { + } elseif ((GET_EXT_VERSION("sql_patches") != "") && ($_CONFIG['def_refid'] > 0)) { // Not found! So let's set default here - $ADD .= $BIND."refid=".$CONFIG['def_refid']; + $ADD .= $BIND."refid=".$_CONFIG['def_refid']; } // Is there already added data? Then change the binder @@ -1979,16 +1962,18 @@ function ADD_URL_DATA($URL) } // function generatePassString($passHash) { - global $CONFIG; - $ret = "*FAILED*"; + global $_CONFIG; + + // Return vanilla password hash + $ret = $passHash; // Is a secret key and master salt already initialized? - if ((!empty($CONFIG['secret_key'])) && (!empty($CONFIG['master_salt']))) { + if ((!empty($_CONFIG['secret_key'])) && (!empty($_CONFIG['master_salt']))) { // Only calculate when the secret key is generated $newHash = ""; $start = 9; for ($idx = 0; $idx < 10; $idx++) { $part1 = hexdec(substr($passHash, $start, 4)); - $part2 = hexdec(substr($CONFIG['secret_key'], $start, 4)); + $part2 = hexdec(substr($_CONFIG['secret_key'], $start, 4)); $mod = dechex($idx); if ($part1 > $part2) { $mod = dechex(sqrt(($part1 - $part2) * _PRIME / pi())); @@ -2001,8 +1986,9 @@ function generatePassString($passHash) { $start += 4; $newHash .= $mod; } + //* DEBUG: */ die($passHash."
".$newHash." (".strlen($newHash).")"); - $ret = generateHash($newHash, $CONFIG['master_salt']); + $ret = generateHash($newHash, $_CONFIG['master_salt']); } // Return result @@ -2015,8 +2001,8 @@ function FIX_DELETED_COOKIES ($cookies) { // Then check all cookies if they are marked as deleted! foreach ($cookies as $cookieName) { // Is the cookie set to "deleted"? - if ((isset($_COOKIE[$cookieName])) && ($_COOKIE[$cookieName] == "deleted")) { - unset($_COOKIE[$cookieName]); + if (get_session($cookieName) == "deleted") { + set_session($cookieName, ""); } } } @@ -2037,7 +2023,7 @@ function mxchange_die ($msg) { // Display parsing time and number of SQL queries in footer function DISPLAY_PARSING_TIME_FOOTER() { - global $startTime, $CONFIG; + global $startTime, $_CONFIG; $endTime = microtime(true); // Is the timer started? @@ -2056,14 +2042,71 @@ function DISPLAY_PARSING_TIME_FOOTER() { // Prepare output $content = array( 'runtime' => $runTime, - 'numSQLs' => ($CONFIG['sql_count'] + 1), - 'numTemplates' => ($CONFIG['num_templates'] + 1) + 'numSQLs' => ($_CONFIG['sql_count'] + 1), + 'numTemplates' => ($_CONFIG['num_templates'] + 1) ); // Load the template LOAD_TEMPLATE("footer_stats", false, $content); } +// Unset/set session variables +function set_session ($var, $value) { + global $CSS; + // Abort in CSS mode here + if ($CSS == 1) return true; + + // Trim value and session variable + $var = trim(SQL_ESCAPE($var)); $value = trim($value); + + // Is the session variable set? + if (("".$value."" == "") && (isSessionVariableSet($var))) { + // Remove the session + //* DEBUG: */ echo "UNSET:".$var."=".get_session($var)."
\n"; + unset($_SESSION[$var]); + return session_unregister($var); + } elseif (("".$value."" != "") && (!isSessionVariableSet($var))) { + // Set session + //* DEBUG: */ echo "SET:".$var."=".$value."
\n"; + $_SESSION[$var] = $value; + return session_register($var); + } + + // Return always true if the session variable is already set. + // Keept me busy for a longer while... + //* DEBUG: */ echo "IGNORED:".$var."=".$value."
\n"; + return true; +} +// Check wether a boolean constant is set +// Taken from user comments in PHP documentation for function constant() +function isBooleanConstantAndTrue($constname) { // : Boolean + $res = false; + if (defined($constname)) $res = (constant($constname) === true); + return($res); +} + +// Check wether a session variable is set +function isSessionVariableSet($var) { + return (isset($_SESSION[$var])); +} + +// Returns wether the value of the session variable or NULL if not set +function get_session($var) { + if (!isset($_SESSION)) session_start(); + + // Default is not found! ;-) + $value = null; + + // Is the variable there? + if (isSessionVariableSet($var)) { + // Then get it secured! + $value = SQL_ESCAPE($_SESSION[$var]); + } + + // Return the value + return $value; +} + // ////////////////////////////////////////////// // //