X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=inc%2Ffunctions.php;h=eb0ba63455b268642061309e2d03b24b16963fac;hp=b61e863c5c92b49555f5040b6d994438084ab582;hb=2c0f5aabd4c866f67705f36f7878dbc223daa9d8;hpb=8b4478db59f4631cae077d87cc40aa8a56bfba0c diff --git a/inc/functions.php b/inc/functions.php index b61e863c5c..eb0ba63455 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -18,6 +18,7 @@ * svn:keywords Date Revision" (autoprobset!) at least!!!!!! * * -------------------------------------------------------------------- * * Copyright (c) 2003 - 2009 by Roland Haeder * + * Copyright (c) 2009, 2010 by Mailer Developer Team * * For more information visit: http://www.mxchange.org * * * * This program is free software; you can redistribute it and/or modify * @@ -442,25 +443,25 @@ function loadEmailTemplate ($template, $content = array(), $userid = '0') { } // END - if // Load user's data - //* DEBUG: */ outputHtml(__FUNCTION__."(".__LINE__."):UID={$userid},template={$template},content[]=".gettype($content).'
'); + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, "UID={$userid},template={$template},content[]=".gettype($content).'
'); if (($userid > 0) && (is_array($content))) { // If nickname extension is installed, fetch nickname as well if ((isExtensionActive('nickname')) && (isNicknameUsed($userid))) { - //* DEBUG: */ outputHtml(__FUNCTION__."(".__LINE__."):NICKNAME!
"); + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, "NICKNAME!
"); // Load by nickname fetchUserData($userid, 'nickname'); } else { - //* DEBUG: */ outputHtml(__FUNCTION__."(".__LINE__."):NO-NICK!
"); + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, "NO-NICK!
"); /// Load by userid fetchUserData($userid); } // Merge data if valid - //* DEBUG: */ outputHtml(__FUNCTION__."(".__LINE__."):content()=".count($content)." - PRE
"); + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, "content()=".count($content)." - PRE
"); if (isUserDataValid()) { $content = merge_array($content, getUserDataArray()); } // END - if - //* DEBUG: */ outputHtml(__FUNCTION__."(".__LINE__."):content()=".count($content)." - AFTER
"); + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, "content()=".count($content)." - AFTER
"); } // END - if // Translate M to male or F to female if present @@ -469,7 +470,7 @@ function loadEmailTemplate ($template, $content = array(), $userid = '0') { // Overwrite email from data if present if (isset($content['email'])) $email = $content['email']; - // Store email for some functions in global data array + // Store email for some functions in global $DATA array // @TODO Do only use $content, not $DATA or raw variables $DATA['email'] = $email; @@ -532,13 +533,13 @@ function loadEmailTemplate ($template, $content = array(), $userid = '0') { // Send mail out to an email address function sendEmail ($toEmail, $subject, $message, $isHtml = 'N', $mailHeader = '') { - //* DEBUG: */ outputHtml(__FUNCTION__."(".__LINE__."):TO={$toEmail},SUBJECT={$subject}
"); + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, "TO={$toEmail},SUBJECT={$subject}
"); // Compile subject line (for POINTS constant etc.) eval("\$subject = decodeEntities(\"".compileRawCode(escapeQuotes($subject))."\");"); // Set from header - if ((!eregi('@', $toEmail)) && ($toEmail > 0)) { + if ((!isInStringIgnoreCase('@', $toEmail)) && ($toEmail > 0)) { // Value detected, is the message extension installed? // @TODO Extension 'msg' does not exist if (isExtensionActive('msg')) { @@ -558,7 +559,7 @@ function sendEmail ($toEmail, $subject, $message, $isHtml = 'N', $mailHeader = ' // Is the webmaster! $toEmail = getConfig('WEBMASTER'); } - //* DEBUG: */ outputHtml(__FUNCTION__."(".__LINE__."):TO={$toEmail}
"); + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, "TO={$toEmail}
"); // Check for PHPMailer or debug-mode if (!checkPhpMailerUsage()) { @@ -598,13 +599,13 @@ Message : ' . htmlentities(utf8_decode($message)) . ' '); } elseif (($isHtml == 'Y') && (isExtensionActive('html_mail'))) { // Send mail as HTML away - sendHtmlEmail($toEmail, $subject, $message, $mailHeader); + return sendHtmlEmail($toEmail, $subject, $message, $mailHeader); } elseif (!empty($toEmail)) { // Send Mail away - sendRawEmail($toEmail, $subject, $message, $mailHeader); + return sendRawEmail($toEmail, $subject, $message, $mailHeader); } elseif ($isHtml != 'Y') { // Problem found! - sendRawEmail(getConfig('WEBMASTER'), '[PROBLEM:]' . $subject, $message, $mailHeader); + return sendRawEmail(getConfig('WEBMASTER'), '[PROBLEM:]' . $subject, $message, $mailHeader); } } @@ -633,7 +634,7 @@ function sendRawEmail ($toEmail, $subject, $message, $from) { $mail = new PHPMailer(); // Set charset to UTF-8 - $mail->CharSet('UTF-8'); + $mail->CharSet = 'UTF-8'; // Path for PHPMailer $mail->PluginDir = sprintf("%sinc/phpmailer/", getConfig('PATH')); @@ -664,9 +665,21 @@ function sendRawEmail ($toEmail, $subject, $message, $from) { $mail->AddCustomHeader('Errors-To:' . getConfig('WEBMASTER')); $mail->AddCustomHeader('X-Loop:' . getConfig('WEBMASTER')); $mail->Send(); + + // Has an error occured? + if (!empty($mail->ErrorInfo)) { + // Log message + logDebugMessage(__FUNCTION__, __LINE__, 'Error while sending mail: ' . $mail->ErrorInfo); + + // Raise an error + return false; + } else { + // All fine! + return true; + } } else { // Use legacy mail() command - mail($toEmail, $subject, decodeEntities($message), $from); + return mail($toEmail, $subject, decodeEntities($message), $from); } } @@ -820,10 +833,10 @@ function translateGender ($gender) { case 'F': $ret = getMessage('GENDER_F'); break; case 'C': $ret = getMessage('GENDER_C'); break; default: - // Log unknown gender - logDebugMessage(__FUNCTION__, __LINE__, sprintf("Unknown gender %s detected.", $gender)); + // Please report bugs on unknown genders + debug_report_bug(sprintf("Unknown gender %s detected.", $gender)); break; - } + } // END - switch // Return translated gender return $ret; @@ -845,8 +858,8 @@ function translateUserStatus ($status) { break; default: - logDebugMessage(__FUNCTION__, __LINE__, sprintf("Unknown status %s detected.", $status)); - $ret = getMaskedMessage('UNKNOWN_STATUS', $status); + // Please report all unknown status + debug_report_bug(sprintf("Unknown status %s detected.", $status)); break; } // END - switch @@ -922,7 +935,7 @@ function makeTime ($hours, $minutes, $seconds, $stamp) { } // Redirects to an URL and if neccessarry extends it with own base URL -function redirectToUrl ($URL) { +function redirectToUrl ($URL, $allowSpider = true) { // Compile out codes eval('$URL = "' . compileRawCode(encodeUrl($URL)) . '";'); @@ -941,10 +954,13 @@ function redirectToUrl ($URL) { //* DEBUG: */ die($URL); // Simple probe for bots/spiders from search engines - if (isSpider()) { + if ((isSpider()) && ($allowSpider === true)) { // Secure the URL against bad things such als HTML insertions and so on... $URL = secureString($URL); + // Set content-type here to fix a missing array element + setContentType('text/html'); + // Output new location link as anchor outputHtml('' . $URL . ''); } elseif (!headers_sent()) { @@ -1056,10 +1072,10 @@ function compileRawCode ($code, $simple = false, $constants = true, $full = true $test = substr($found, 0, strlen($match)); // Does this entry exist? - //* DEBUG: */ outputHtml(__FUNCTION__."(".__LINE__."):found={$found},match={$match},set={$set}
"); + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, "found={$found},match={$match},set={$set}
"); if ($test == $match) { // Match found! - //* DEBUG: */ outputHtml(__FUNCTION__."(".__LINE__."):fuzzyFound!
"); + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, "fuzzyFound!
"); $fuzzyFound = true; break; } // END - if @@ -1071,14 +1087,14 @@ function compileRawCode ($code, $simple = false, $constants = true, $full = true // Take all string elements if ((is_string($matches[4][$key])) && (!isset($matchesFound[$match])) && (!isset($matchesFound[$key."_" . $matches[4][$key]]))) { // Replace it in the code - //* DEBUG: */ outputHtml(__FUNCTION__."(".__LINE__."):key={$key},match={$match}
"); + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, "key={$key},match={$match}
"); $newMatch = str_replace('[', "['", str_replace(']', "']", $match)); $code = str_replace($match, '".' . $newMatch . '."', $code); $matchesFound[$key . '_' . $matches[4][$key]] = 1; $matchesFound[$match] = 1; } elseif (!isset($matchesFound[$match])) { // Not yet replaced! - //* DEBUG: */ outputHtml(__FUNCTION__."(".__LINE__."):match={$match}
"); + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, "match={$match}
"); $code = str_replace($match, '".' . $match . '."', $code); $matchesFound[$match] = 1; } @@ -1260,7 +1276,7 @@ function addSelectionBox ($type, $default, $prefix = '', $id = '0', $class = 're // function generateRandomCode ($length, $code, $userid, $DATA = '') { // Build server string - $server = $_SERVER['PHP_SELF'] . getConfig('ENCRYPT_SEPERATOR') . detectUserAgent() . getConfig('ENCRYPT_SEPERATOR') . getenv('SERVER_SOFTWARE') . getConfig('ENCRYPT_SEPERATOR') . detectRemoteAddr().":'.':".filemtime(getConfig('PATH').'inc/databases.php'); + $server = $_SERVER['PHP_SELF'] . getConfig('ENCRYPT_SEPERATOR') . detectUserAgent() . getConfig('ENCRYPT_SEPERATOR') . getenv('SERVER_SOFTWARE') . getConfig('ENCRYPT_SEPERATOR') . detectRemoteAddr(); // Build key string $keys = getConfig('SITE_KEY') . getConfig('ENCRYPT_SEPERATOR') . getConfig('DATE_KEY'); @@ -1311,7 +1327,7 @@ function generateRandomCode ($length, $code, $userid, $DATA = '') { } // Does only allow numbers -function bigintval ($num, $castValue = true) { +function bigintval ($num, $castValue = true, $abortOnMismatch = true) { // Filter all numbers out $ret = preg_replace('/[^0123456789]/', '', $num); @@ -1319,7 +1335,7 @@ function bigintval ($num, $castValue = true) { if ($castValue === true) $ret = (double)$ret; // Has the whole value changed? - if ('' . $ret . '' != '' . $num . '') { + if (('' . $ret . '' != '' . $num . '') && ($abortOnMismatch === true)) { // Log the values debug_report_bug('Problem with number found. ret=' . $ret . ', num='. $num); } // END - if @@ -1458,38 +1474,38 @@ function createTimeSelections ($timestamp, $prefix = '', $display = '', $align = $OUT .= "\n"; $OUT .= "\n"; - if (ereg('Y', $display) || (empty($display))) { + if (isInString('Y', $display) || (empty($display))) { $OUT .= " \n"; } - if (ereg('M', $display) || (empty($display))) { + if (isInString('M', $display) || (empty($display))) { $OUT .= " \n"; } - if (ereg('W', $display) || (empty($display))) { + if (isInString('W', $display) || (empty($display))) { $OUT .= " \n"; } - if (ereg('D', $display) || (empty($display))) { + if (isInString('D', $display) || (empty($display))) { $OUT .= " \n"; } - if (ereg('h', $display) || (empty($display))) { + if (isInString('h', $display) || (empty($display))) { $OUT .= " \n"; } - if (ereg('m', $display) || (empty($display))) { + if (isInString('m', $display) || (empty($display))) { $OUT .= " \n"; } - if (ereg('s', $display) || (empty($display))) { + if (isInString('s', $display) || (empty($display))) { $OUT .= " \n"; } $OUT .= "\n"; $OUT .= "\n"; - if (ereg('Y', $display) || (empty($display))) { + if (isInString('Y', $display) || (empty($display))) { // Generate year selection $OUT .= " "; } $NAV = ''; @@ -1684,7 +1699,6 @@ function addEmailNavigation ($PAGES, $offset, $show_form, $colspan, $return=fals $content['nav'] = $NAV; $content['span'] = $colspan; $content['top'] = $TOP; - $content['sep'] = $SEP; // Load navigation template $OUT = loadTemplate('admin_email_nav_row', true, $content); @@ -1714,7 +1728,7 @@ function extractHostnameFromUrl (&$script) { // Extract host name $host = str_replace('http://', '', $url); - if (ereg('/', $host)) $host = substr($host, 0, strpos($host, '/')); + if (isInString('/', $host)) $host = substr($host, 0, strpos($host, '/')); // Generate relative URL //* DEBUG: */ print("SCRIPT=" . $script.'
'); @@ -1792,7 +1806,7 @@ function sendPostRequest ($script, $postData) { // Extract host name from script $host = extractHostnameFromUrl($script); - // Construct request + // Construct request body $body = http_build_query($postData, '', '&'); // Generate POST request header @@ -1800,8 +1814,11 @@ function sendPostRequest ($script, $postData) { $request .= 'Host: ' . $host . getConfig('HTTP_EOL'); $request .= 'Referer: ' . getConfig('URL') . '/admin.php' . getConfig('HTTP_EOL'); $request .= 'User-Agent: ' . getConfig('TITLE') . '/' . getConfig('FULL_VERSION') . getConfig('HTTP_EOL'); + $request .= 'Accept: text/plain;q=0.8' . getConfig('HTTP_EOL'); + $request .= 'Accept-Charset: UTF-8,*' . getConfig('HTTP_EOL'); $request .= 'Cache-Control: no-cache' . getConfig('HTTP_EOL'); $request .= 'Content-Type: application/x-www-form-urlencoded' . getConfig('HTTP_EOL'); + $request .= 'Content-Length: ' . strlen($body) . getConfig('HTTP_EOL'); $request .= 'Connection: close' . getConfig('HTTP_EOL'); $request .= getConfig('HTTP_EOL'); @@ -1832,14 +1849,26 @@ function sendRawRequest ($host, $request) { $useProxy = true; } // END - if + // Load include + loadIncludeOnce('inc/classes/resolver.class.php'); + + // Get resolver instance + $resolver = new HostnameResolver(); + // Open connection //* DEBUG: */ die("SCRIPT=" . $script.'
'); if ($useProxy === true) { + // Resolve hostname into IP address + $ip = $resolver->resolveHostname(compileRawCode(getConfig('proxy_host'))); + // Connect to host through proxy connection - $fp = fsockopen(compileRawCode(getConfig('proxy_host')), bigintval(getConfig('proxy_port')), $errno, $errdesc, 30); + $fp = fsockopen($ip, bigintval(getConfig('proxy_port')), $errno, $errdesc, 30); } else { + // Resolve hostname into IP address + $ip = $resolver->resolveHostname($host); + // Connect to host directly - $fp = fsockopen($host, 80, $errno, $errdesc, 30); + $fp = fsockopen($ip, 80, $errno, $errdesc, 30); } // Is there a link? @@ -1855,35 +1884,13 @@ function sendRawRequest ($host, $request) { // Do we use proxy? if ($useProxy === true) { - // Generate CONNECT request header - $proxyTunnel = 'CONNECT ' . $host . ':80 HTTP/1.1' . getConfig('HTTP_EOL'); - $proxyTunnel .= 'Host: ' . $host . getConfig('HTTP_EOL'); - - // Use login data to proxy? (username at least!) - if (getConfig('proxy_username') != '') { - // Add it as well - $encodedAuth = base64_encode(compileRawCode(getConfig('proxy_username')) . getConfig('ENCRYPT_SEPERATOR') . compileRawCode(getConfig('proxy_password'))); - $proxyTunnel .= 'Proxy-Authorization: Basic ' . $encodedAuth . getConfig('HTTP_EOL'); - } // END - if - - // Add last new-line - $proxyTunnel .= getConfig('HTTP_EOL'); - //* DEBUG: */ print('proxyTunnel=
' . $proxyTunnel.'
'); - - // Write request - fwrite($fp, $proxyTunnel); - - // Got response? - if (feof($fp)) { - // No response received - return $response; - } // END - if + // Setup proxy tunnel + $response = setupProxyTunnel($host, $fp); - // Read the first line - $resp = trim(fgets($fp, 10240)); - $respArray = explode(' ', $resp); - if ((strtolower($respArray[0]) !== 'http/1.0') || ($respArray[1] != '200')) { + // If the response is invalid, abort + if ((count($response) == 3) && (empty($response[0])) && (empty($response[1])) && (empty($response[2]))) { // Invalid response! + logDebugMessage(__FUNCTION__, __LINE__, 'Proxy tunnel not working?'); return $response; } // END - if } // END - if @@ -1930,7 +1937,7 @@ function sendRawRequest ($host, $request) { // Time request if debug-mode is enabled if (isDebugModeEnabled()) { // Add debug message... - logDebugMessage(__FUNCTION__, __LINE__, 'Request took ' . (microtime(true) - $start) . ' seconds.'); + logDebugMessage(__FUNCTION__, __LINE__, 'Request took ' . (microtime(true) - $start) . ' seconds and returned ' . count($response) . ' line(s).'); } // END - if // Skip first empty lines @@ -1949,12 +1956,14 @@ function sendRawRequest ($host, $request) { } } // END - foreach + //* DEBUG: */ print('Request:
'.print_r($request, true).'
'); //* DEBUG: */ print('Response:
'.print_r($response, true).'
'); // Proxy agent found or something went wrong? if (!isset($response[0])) { // No response, maybe timeout $response = array('', '', ''); + logDebugMessage(__FUNCTION__, __LINE__, 'Invalid empty response array, maybe timed out?'); } elseif ((substr(strtolower($response[0]), 0, 11) == 'proxy-agent') && ($useProxy === true)) { // Proxy header detected, so remove two lines array_shift($response); @@ -1962,8 +1971,9 @@ function sendRawRequest ($host, $request) { } // END - if // Was the request successfull? - if ((!eregi('200 OK', $response[0])) || (empty($response[0]))) { + if ((!isInStringIgnoreCase('200 OK', $response[0])) || (empty($response[0]))) { // Not found / access forbidden + logDebugMessage(__FUNCTION__, __LINE__, 'Unexpected status code ' . $response[0] . ' detected. "200 OK" was expected.'); $response = array('', '', ''); } // END - if @@ -1971,7 +1981,48 @@ function sendRawRequest ($host, $request) { return $response; } -// Taken from www.php.net eregi() user comments +// Sets up a proxy tunnel for given hostname and through resource +function setupProxyTunnel ($host, $resource) { + // Initialize array + $response = array('', '', ''); + + // Generate CONNECT request header + $proxyTunnel = 'CONNECT ' . $host . ':80 HTTP/1.1' . getConfig('HTTP_EOL'); + $proxyTunnel .= 'Host: ' . $host . getConfig('HTTP_EOL'); + + // Use login data to proxy? (username at least!) + if (getConfig('proxy_username') != '') { + // Add it as well + $encodedAuth = base64_encode(compileRawCode(getConfig('proxy_username')) . ':' . compileRawCode(getConfig('proxy_password'))); + $proxyTunnel .= 'Proxy-Authorization: Basic ' . $encodedAuth . getConfig('HTTP_EOL'); + } // END - if + + // Add last new-line + $proxyTunnel .= getConfig('HTTP_EOL'); + //* DEBUG: */ print('proxyTunnel=
' . $proxyTunnel.'
'); + + // Write request + fwrite($fp, $proxyTunnel); + + // Got response? + if (feof($fp)) { + // No response received + return $response; + } // END - if + + // Read the first line + $resp = trim(fgets($fp, 10240)); + $respArray = explode(' ', $resp); + if ((strtolower($respArray[0]) !== 'http/1.0') || ($respArray[1] != '200')) { + // Invalid response! + return $response; + } // END - if + + // All fine! + return $respArray; +} + +// Taken from www.php.net isInStringIgnoreCase() user comments function isEmailValid ($email) { // Check first part of email address $first = '[-a-z0-9!#$%&\'*+/=?^_<{|}~]+(\.[-a-zA-Z0-9!#$%&\'*+/=?^_<{|}~]+)*'; @@ -1986,7 +2037,7 @@ function isEmailValid ($email) { return preg_match($regex, $email); } -// Function taken from user comments on www.php.net / function eregi() +// Function taken from user comments on www.php.net / function isInStringIgnoreCase() function isUrlValid ($URL, $compile=true) { // Trim URL a little $URL = trim(urldecode($URL)); @@ -2071,11 +2122,21 @@ function generateEmailLink ($email, $table = 'admins') { } // Generate a hash for extra-security for all passwords -function generateHash ($plainText, $salt = '') { +function generateHash ($plainText, $salt = '', $hash = true) { + // Debug output + //* DEBUG: */ outputHtml('plainText=' . $plainText . ',salt=' . $salt . ',hash='.intval($hash).'
'); + // Is the required extension 'sql_patches' there and a salt is not given? - if (((isExtensionInstalledAndOlder('sql_patches', '0.3.6')) || (!isExtensionActive('sql_patches')) || (!isExtensionInstalledAndNewer('other', '0.2.5'))) && (empty($salt))) { + // 0123 4 43 3 4 432 2 3 32 2 3 3210 + if ((((isExtensionInstalledAndOlder('sql_patches', '0.3.6')) && (empty($salt))) || (!isExtensionActive('sql_patches')) || (!isExtensionInstalledAndNewer('other', '0.2.5')))) { // Extension sql_patches is missing/outdated so we hash the plain text with MD5 - return md5($plainText); + if ($hash === true) { + // Is plain password + return md5($plainText); + } else { + // Is already a hash + return $plainText; + } } // END - if // Do we miss an arry element here? @@ -2086,7 +2147,7 @@ function generateHash ($plainText, $salt = '') { // When the salt is empty build a new one, else use the first x configured characters as the salt if (empty($salt)) { - // Build server string (inc/databases.php is no longer updated with every commit) + // Build server string for more entropy $server = $_SERVER['PHP_SELF'] . getConfig('ENCRYPT_SEPERATOR') . detectUserAgent() . getConfig('ENCRYPT_SEPERATOR') . getenv('SERVER_SOFTWARE') . getConfig('ENCRYPT_SEPERATOR') . detectRemoteAddr(); // Build key string @@ -2111,9 +2172,9 @@ function generateHash ($plainText, $salt = '') { //* DEBUG: */ outputHtml($salt.' ('.strlen($salt).')
'); } else { // Use given salt - //* DEBUG: */ print 'salt=' . $salt . '
'; + //* DEBUG: */ outputHtml('salt=' . $salt . '
'); $salt = substr($salt, 0, getConfig('salt_length')); - //* DEBUG: */ print 'salt=' . $salt . '(' . strlen($salt) . '/' . getConfig('salt_length') . ')
'; + //* DEBUG: */ outputHtml('salt=' . $salt . '(' . strlen($salt) . '/' . getConfig('salt_length') . ')
'); // Sanity check on salt if (strlen($salt) != getConfig('salt_length')) { @@ -2122,8 +2183,14 @@ function generateHash ($plainText, $salt = '') { } // END - if } + // Generate final hash (for debug output) + $finalHash = $salt . sha1($salt . $plainText); + + // Debug output + //* DEBUG: */ outputHtml('finalHash=' . $finalHash); + // Return hash - return $salt.sha1($salt . $plainText); + return $finalHash; } // Scramble a string @@ -2210,42 +2277,47 @@ function genScrambleString ($len) { } // Generate an PGP-like encrypted hash of given hash for e.g. cookies -function generatePassString ($passHash) { +function encodeHashForCookie ($passHash) { // Return vanilla password hash $ret = $passHash; // Is a secret key and master salt already initialized? - if ((isExtensionInstalled('sql_patches')) && (isExtensionInstalledAndNewer('other', '0.2.5')) && (isConfigEntrySet('_PRIME')) && (isConfigEntrySet('secret_key')) && (isConfigEntrySet('master_salt'))) { + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, intval(isExtensionInstalled('sql_patches')) . '/' . intval(isConfigEntrySet('_PRIME')) . '/' . intval(isConfigEntrySet('secret_key')) . '/' . intval(isConfigEntrySet('master_salt'))); + if ((isExtensionInstalled('sql_patches')) && (isConfigEntrySet('_PRIME')) && (isConfigEntrySet('secret_key')) && (isConfigEntrySet('master_salt'))) { // Only calculate when the secret key is generated + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, strlen($passHash) . '/' . strlen(getConfig('secret_key'))); + if ((strlen($passHash) != 49) || (strlen(getConfig('secret_key')) != 40)) { + // Both keys must have same length so return unencrypted + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, strlen($passHash) . '!=49/' . strlen(getConfig('secret_key')) . '!=40'); + return $ret; + } // END - if + $newHash = ''; $start = 9; - for ($idx = '0'; $idx < 10; $idx++) { - $part1 = hexdec(substr($passHash, $start, 4)); - $part2 = hexdec(substr(getConfig('secret_key'), $start, 4)); + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'passHash=' . $passHash . '(' . strlen($passHash) . ')'); + for ($idx = 0; $idx < 20; $idx++) { + $part1 = hexdec(substr($passHash, ($idx * 2) + (strlen($passHash) - strlen(getConfig('secret_key'))), 2)); + $part2 = hexdec(substr(getConfig('secret_key'), $start, 2)); + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'part1=' . $part1 . '/part2=' . $part2); $mod = dechex($idx); if ($part1 > $part2) { $mod = dechex(sqrt(($part1 - $part2) * getConfig('_PRIME') / pi())); } elseif ($part2 > $part1) { $mod = dechex(sqrt(($part2 - $part1) * getConfig('_PRIME') / pi())); } - $mod = substr($mod, 0, 4); - //* DEBUG: */ outputHtml('part1='.$part1.'/part2='.$part2.'/mod=' . $mod . '('.strlen($mod).')
'); - $mod = str_repeat(0, (4 - strlen($mod))) . $mod; - //* DEBUG: */ outputHtml('*' . $start . '=' . $mod . '*
'); - $start += 4; + $mod = substr($mod, 0, 2); + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'part1=' . $part1 . '/part2=' . $part2 . '/mod=' . $mod . '(' . strlen($mod) . ')'); + $mod = str_repeat(0, (2 - strlen($mod))) . $mod; + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'mod(' . ($idx * 2) . ')=' . $mod . '*'); + $start += 2; $newHash .= $mod; } // END - for - //* DEBUG: */ print($passHash.'
' . $newHash." (".strlen($newHash).')
'); + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, $passHash . ',' . $newHash . ' (' . strlen($newHash) . ')'); $ret = generateHash($newHash, getConfig('master_salt')); - //* DEBUG: */ print('ret='.$ret.'
'); - } else { - // Hash it simple - //* DEBUG: */ outputHtml("--" . $passHash."--
"); - $ret = md5($passHash); - //* DEBUG: */ outputHtml("++" . $ret."++
"); - } + } // END - if // Return result + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'ret=' . $ret . ''); return $ret; } @@ -2270,6 +2342,9 @@ function app_die ($F, $L, $message) { // Make sure, that the script realy realy diese here and now $GLOBALS['app_died'] = true; + // Set content type as text/html + setContentType('text/html'); + // Load header loadIncludeOnce('inc/header.php'); @@ -2326,14 +2401,14 @@ function isBooleanConstantAndTrue ($constName) { // : Boolean // In cache? if (isset($GLOBALS['cache_array']['const'][$constName])) { // Use cache - //* DEBUG: */ outputHtml(__FUNCTION__."(".__LINE__."): " . $constName."-CACHE!
"); + //* DEBUG: */ outputHtml(__FUNCTION__ . '(' . __LINE__ . '): ' . $constName."-CACHE!
"); $res = ($GLOBALS['cache_array']['const'][$constName] === true); } else { // Check constant - //* DEBUG: */ outputHtml(__FUNCTION__."(".__LINE__."): " . $constName."-RESOLVE!
"); + //* DEBUG: */ outputHtml(__FUNCTION__ . '(' . __LINE__ . '): ' . $constName."-RESOLVE!
"); if (defined($constName)) { // Found! - //* DEBUG: */ outputHtml(__FUNCTION__."(".__LINE__."): " . $constName."-FOUND!
"); + //* DEBUG: */ outputHtml(__FUNCTION__ . '(' . __LINE__ . '): ' . $constName."-FOUND!
"); $res = (constant($constName) === true); } // END - if @@ -2394,183 +2469,6 @@ function generateErrorCodeFromUserStatus ($status='') { return $errorCode; } -// Function to search for the last modifified file -function searchDirsRecursive ($dir, &$last_changed) { - // Get dir as array - //* DEBUG: */ outputHtml(__FUNCTION__."(".__LINE__."):dir=" . $dir.'
'); - // Does it match what we are looking for? (We skip a lot files already!) - // RegexPattern to exclude ., .., .revision, .svn, debug.log or .cache in the filenames - $excludePattern = '@(\.revision|debug\.log|\.cache|config\.php)$@'; - $ds = getArrayFromDirectory($dir, '', true, false, array(), '.php', $excludePattern); - //* DEBUG: */ outputHtml(__FUNCTION__."(".__LINE__."):ds[]=".count($ds).'
'); - - // Walk through all entries - foreach ($ds as $d) { - // Generate proper FQFN - $FQFN = str_replace('//', '/', getConfig('PATH') . $dir. '/'. $d); - - // Is it a file and readable? - //* DEBUG: */ outputHtml(__FUNCTION__."(".__LINE__."):FQFN={$FQFN}
"); - if (isDirectory($FQFN)) { - // $FQFN is a directory so also crawl into this directory - $newDir = $d; - if (!empty($dir)) $newDir = $dir . '/'. $d; - //* DEBUG: */ outputHtml(__FUNCTION__."(".__LINE__."):DESCENT: " . $newDir.'
'); - searchDirsRecursive($newDir, $last_changed); - } elseif (isFileReadable($FQFN)) { - // $FQFN is a filename and no directory - $time = filemtime($FQFN); - //* DEBUG: */ outputHtml(__FUNCTION__."(".__LINE__."):File: " . $d." found. (".($last_changed['time'] - $time).")
"); - if ($last_changed['time'] < $time) { - // This file is newer as the file before - //* DEBUG: */ outputHtml(__FUNCTION__."(".__LINE__.") - NEWER!
"); - $last_changed['path_name'] = $FQFN; - $last_changed['time'] = $time; - } // END - if - } - } // END - foreach -} - -// "Getter" for revision/version data -function getActualVersion ($type = 'Revision') { - // By default nothing is new... ;-) - $new = false; - - // Is the cache entry there? - if (isset($GLOBALS['cache_array']['revision'][$type])) { - // Found so increase cache hit - incrementStatsEntry('cache_hits'); - - // Return it - return $GLOBALS['cache_array']['revision'][$type][0]; - } else { - // FQFN of revision file - $FQFN = sprintf("%s/.revision", getConfig('CACHE_PATH')); - - // Check if 'check_revision_data' is setted (switch for manually rewrite the .revision-File) - if ((isGetRequestParameterSet('check_revision_data')) && (getRequestParameter('check_revision_data') == 'yes')) { - // Forced rebuild of .revision file - $new = true; - } else { - // Check for revision file - if (!isFileReadable($FQFN)) { - // Not found, so we need to create it - $new = true; - } else { - // Revision file found - $ins_vers = explode("\n", readFromFile($FQFN)); - - // Get array for mapping information - $mapper = array_flip(getSearchFor()); - //* DEBUG: */ print('
mapper='.print_r($mapper, true).'
ins_vers=
'.print_r($ins_vers, true).'
'); - - // Is the content valid? - if ((!is_array($ins_vers)) || (count($ins_vers) <= 0) || (!isset($ins_vers[$mapper[$type]])) || (trim($ins_vers[$mapper[$type]]) == '') || ($ins_vers[0]) == 'new') { - // File needs update! - $new = true; - } else { - // Generate fake cache entry - foreach ($mapper as $map => $idx) { - $GLOBALS['cache_array']['revision'][$map][0] = $ins_vers[$idx]; - } // END - foreach - - // Return found value - return trim($ins_vers[$mapper[$type]]); - } - } - } - - // Has it been updated? - if ($new === true) { - // Write it - writeToFile($FQFN, implode("\n", getArrayFromActualVersion())); - - // ... and call recursive - return getActualVersion($type); - } // END - if - } -} - -// Repares an array we are looking for -// The returned Array is needed twice (in getArrayFromActualVersion() and in getActualVersion() in the old .revision-fallback) so I puted it in an extra function to not polute the global namespace -function getSearchFor () { - // Add Revision, Date, Tag and Author - $searchFor = array('Revision', 'Date', 'Tag', 'Author', 'File'); - - // Return the created array - return $searchFor; -} - -// @TODO Please describe this function -function getArrayFromActualVersion () { - // Init variables - $next_dir = ''; - - // Directory to start with search - $last_changed = array( - 'path_name' => '', - 'time' => 0 - ); - - // Init return array - $akt_vers = array(); - - // Init value for counting the founded keywords - $res = '0'; - - // Searches all Files and there date of the last modifikation and puts the newest File in $last_changed. - searchDirsRecursive($next_dir, $last_changed); // @TODO small change to API to $last_changed = searchDirsRecursive($next_dir, $time); - - // Get file - $last_file = readFromFile($last_changed['path_name']); - - // Get all the keywords to search for - $searchFor = getSearchFor(); - - // This foreach loops the $searchFor-Tags (array('Revision', 'Date', 'Tag', 'Author') --> could easaly extended in the future) - foreach ($searchFor as $search) { - // Searches for "$search-tag:VALUE$" or "$search-tag::VALUE$"(the stylish keywordversion ;-)) in the lates modified file - $res += preg_match('@\$' . $search.'(:|::) (.*) \$@U', $last_file, $t); - // This trimms the search-result and puts it in the $GLOBALS['cache_array']['revision']-return array - if (isset($t[2])) $GLOBALS['cache_array']['revision'][$search] = trim($t[2]); - } // END - foreach - - // Save the last-changed filename for debugging - $GLOBALS['cache_array']['revision']['File'] = $last_changed['path_name']; - - // at least 3 keyword-Tags are needed for propper values - if ($res && $res >= 3 - && isset($GLOBALS['cache_array']['revision']['Revision']) && $GLOBALS['cache_array']['revision']['Revision'] != '' - && isset($GLOBALS['cache_array']['revision']['Date']) && $GLOBALS['cache_array']['revision']['Date'] != '' - && isset($GLOBALS['cache_array']['revision']['Tag']) && $GLOBALS['cache_array']['revision']['Tag'] != '') { - // Prepare content witch need special treadment - - // Prepare timestamp for date - preg_match('@(....)-(..)-(..) (..):(..):(..)@', $GLOBALS['cache_array']['revision']['Date'], $match_d); - $GLOBALS['cache_array']['revision']['Date'] = mktime($match_d[4], $match_d[5], $match_d[6], $match_d[2], $match_d[3], $match_d[1]); - - // Add author to the Tag if the author is set and is not quix0r (lead coder) - if ((isset($GLOBALS['cache_array']['revision']['Author'])) && ($GLOBALS['cache_array']['revision']['Author'] != 'quix0r')) { - $GLOBALS['cache_array']['revision']['Tag'] .= '-'.strtoupper($GLOBALS['cache_array']['revision']['Author']); - } // END - if - - } else { - // No valid Data from the last modificated file so read the Revision from the Server. Fallback-solution!! Should not be removed I think. - $version = sendGetRequest('check-updates3.php'); - - // Prepare content - // Only sets not setted or not proper values to the Online-Server-Fallback-Solution - if (!isset($GLOBALS['cache_array']['revision']['Revision']) || $GLOBALS['cache_array']['revision']['Revision'] == '') $GLOBALS['cache_array']['revision']['Revision'] = trim($version[10]); - if (!isset($GLOBALS['cache_array']['revision']['Date']) || $GLOBALS['cache_array']['revision']['Date'] == '') $GLOBALS['cache_array']['revision']['Date'] = trim($version[9]); - if (!isset($GLOBALS['cache_array']['revision']['Tag']) || $GLOBALS['cache_array']['revision']['Tag'] == '') $GLOBALS['cache_array']['revision']['Tag'] = trim($version[8]); - if (!isset($GLOBALS['cache_array']['revision']['Author']) || $GLOBALS['cache_array']['revision']['Author'] == '') $GLOBALS['cache_array']['revision']['Author'] = 'quix0r'; - if (!isset($GLOBALS['cache_array']['revision']['File']) || $GLOBALS['cache_array']['revision']['File'] == '') $GLOBALS['cache_array']['revision']['File'] = trim($version[11]); - } - - // Return prepared array - return $GLOBALS['cache_array']['revision']; -} - // Back-ported from the new ship-simu engine. :-) function debug_get_printable_backtrace () { // Init variable @@ -2695,6 +2593,7 @@ function getMessageFromErrorCode ($code) { case getCode('MORE_RECEIVERS2') : $message = getMessage('MEMBER_NO_MORE_RECEIVERS_FOUND'); break; case getCode('MORE_RECEIVERS3') : $message = getMessage('MEMBER_ENTER_MORE_MIN_RECEIVERS'); break; case getCode('INVALID_URL') : $message = getMessage('MEMBER_ENTER_INVALID_URL'); break; + case getCode('NO_MAIL_TYPE') : $message = getMessage('MEMBER_NO_MAIL_TYPE_SELECTED'); break; case getCode('UNKNOWN_ERROR') : $message = getMessage('LOGIN_UNKNOWN_ERROR'); break; case getCode('UNKNOWN_STATUS') : $message = getMessage('LOGIN_UNKNOWN_STATUS'); break; @@ -2779,7 +2678,7 @@ function compileUriCode ($code, $simple = true) { return $code; } -// Function taken from user comments on www.php.net / function eregi() +// Function taken from user comments on www.php.net / function isInStringIgnoreCase() function isUrlValidSimple ($url) { // Prepare URL $url = secureString(str_replace("\\", '', compileRawCode(urldecode($url)))); @@ -3036,19 +2935,19 @@ function convertCommaToDot ($str) { } // Handle menu-depending failed logins and return the rendered content -function handleLoginFailtures ($accessLevel) { +function handleLoginFailures ($accessLevel) { // Default output is empty ;-) $OUT = ''; // Is the session data set? - if ((isSessionVariableSet('mxchange_' . $accessLevel.'_failures')) && (isSessionVariableSet('mxchange_' . $accessLevel.'_last_fail'))) { + if ((isSessionVariableSet('mxchange_' . $accessLevel . '_failures')) && (isSessionVariableSet('mxchange_' . $accessLevel . '_last_failure'))) { // Ignore zero values - if (getSession('mxchange_' . $accessLevel.'_failures') > 0) { + if (getSession('mxchange_' . $accessLevel . '_failures') > 0) { // Non-guest has login failures found, get both data and prepare it for template - //* DEBUG: */ outputHtml(__FUNCTION__."(".__LINE__."):accessLevel={$accessLevel}
"); + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, "accessLevel={$accessLevel}
"); $content = array( - 'login_failures' => getSession('mxchange_' . $accessLevel.'_failures'), - 'last_failure' => generateDateTime(getSession('mxchange_' . $accessLevel.'_last_fail'), 2) + 'login_failures' => getSession('mxchange_' . $accessLevel . '_failures'), + 'last_failure' => generateDateTime(getSession('mxchange_' . $accessLevel . '_last_failure'), 2) ); // Load template @@ -3056,8 +2955,8 @@ function handleLoginFailtures ($accessLevel) { } // END - if // Reset session data - setSession('mxchange_' . $accessLevel.'_failures', ''); - setSession('mxchange_' . $accessLevel.'_last_fail', ''); + setSession('mxchange_' . $accessLevel . '_failures', ''); + setSession('mxchange_' . $accessLevel . '_last_failure', ''); } // END - if // Return rendered content @@ -3065,7 +2964,7 @@ function handleLoginFailtures ($accessLevel) { } // Rebuild cache -function rebuildCacheFile ($cache, $inc = '', $force = false) { +function rebuildCache ($cache, $inc = '', $force = false) { // Debug message /* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, sprintf("cache=%s, inc=%s, force=%s", $cache, $inc, intval($force))); @@ -3085,7 +2984,7 @@ function rebuildCacheFile ($cache, $inc = '', $force = false) { // Is the include there? if (isIncludeReadable($inc)) { // And rebuild it from scratch - //* DEBUG: */ outputHtml(__FUNCTION__."(".__LINE__."): inc={$inc} - LOADED!
"); + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, "inc={$inc} - LOADED!
"); loadInclude($inc); } else { // Include not found! @@ -3659,7 +3558,7 @@ function isTemplateCached ($template) { // Do we have cached this result? if (!isset($GLOBALS['template_cache'][$template])) { // Generate FQFN - $FQFN = sprintf("%s_compiled/templates/%s.tpl.cache", getConfig('CACHE_PATH'), $template); + $FQFN = generateCacheFqfn($template); // Is it there? $GLOBALS['template_cache'][$template] = isFileReadable($FQFN); @@ -3674,7 +3573,7 @@ function flushTemplateCache ($template, $eval) { // Is this cache flushed? if ((isDebuggingTemplateCache() === false) && (isTemplateCached($template) === false) && ($eval != '404')) { // Generate FQFN - $FQFN = sprintf("%s_compiled/templates/%s.tpl.cache", getConfig('CACHE_PATH'), $template); + $FQFN = generateCacheFqfn($template); // Replace username with a call $eval = str_replace('$username', '".getUsername()."', $eval); @@ -3689,7 +3588,7 @@ function readTemplateCache ($template) { // Check it again if ((isDebuggingTemplateCache() === false) && (isTemplateCached($template))) { // Generate FQFN - $FQFN = sprintf("%s_compiled/templates/%s.tpl.cache", getConfig('CACHE_PATH'), $template); + $FQFN = generateCacheFqfn($template); // And read from it $GLOBALS['template_eval'][$template] = readFromFile($FQFN); @@ -3732,7 +3631,7 @@ function sendModeMails ($mod, $modes) { $salt = substr(getSession('u_hash'), 0, -40); // Now let's compare passwords - $hash = generatePassString(getUserData('password')); + $hash = encodeHashForCookie(getUserData('password')); // Does the hash match or should we change it? if (($hash == getSession('u_hash')) || (postRequestParameter('pass1') == postRequestParameter('pass2'))) { @@ -3792,21 +3691,21 @@ function sendModeMails ($mod, $modes) { $sub_mem = getMessage('MEMBER_CHANGED_DATA'); // Output success message - $content = "{--MYDATA_MAIL_SENT--}"; + $content = '{--MYDATA_MAIL_SENT--}'; break; default: // Unsupported module! logDebugMessage(__FUNCTION__, __LINE__, sprintf("Unsupported module %s detected.", $mod)); - $content = "{--UNKNOWN_MODULE--}"; + $content = '{--UNKNOWN_MODULE--}'; break; } // END - switch } else { // Passwords mismatch - $content = "{--MEMBER_PASSWORD_ERROR--}"; + $content = '{--MEMBER_PASSWORD_ERROR--}'; } } else { // Could not load profile - $content = "{--MEMBER_CANNOT_LOAD_PROFILE--}"; + $content = '{--MEMBER_CANNOT_LOAD_PROFILE--}'; } // Send email to user if required @@ -3825,7 +3724,7 @@ function sendModeMails ($mod, $modes) { $content = getMessage('CANNOT_SEND_ADMIN_MAILS'); } else { // No mail to admin - $content = "{--MYDATA_MAIL_SENT--}"; + $content = '{--MYDATA_MAIL_SENT--}'; } } // END - if @@ -3834,7 +3733,7 @@ function sendModeMails ($mod, $modes) { } // Generates a 'selection box' from given array -function generateSelectionBoxFromArray ($options, $name, $optionValue, $optionContent) { +function generateSelectionBoxFromArray ($options, $name, $optionValue, $optionContent='') { // Start the output $OUT = '
{--_YEARS--}
{--_MONTHS--}
{--_WEEKS--}
{--_DAYS--}
{--_HOURS--}
{--_MINUTES--}
{--_SECONDS--}
'; } - if (ereg('M', $display) || (empty($display))) { + if (isInString('M', $display) || (empty($display))) { // Generate month selection $OUT .= " '; } - if (ereg('W', $display) || (empty($display))) { + if (isInString('W', $display) || (empty($display))) { // Generate week selection $OUT .= " '; } - if (ereg('D', $display) || (empty($display))) { + if (isInString('D', $display) || (empty($display))) { // Generate day selection $OUT .= " '; } - if (ereg('h', $display) || (empty($display))) { + if (isInString('h', $display) || (empty($display))) { // Generate hour selection $OUT .= " '; } - if (ereg('m', $display) || (empty($display))) { + if (isInString('m', $display) || (empty($display))) { // Generate minute selection $OUT .= " '; } - if (ereg('s', $display) || (empty($display))) { + if (isInString('s', $display) || (empty($display))) { // Generate second selection $OUT .= "