Dragonfly CMS logo Server sponsored and hosted by
DedicatedNOW
CVS logo  
.:: Home :: Dev. Resources :: Forums ::.
Dragonfly CMS CVS Repository
 Location: / cvs / html / includes / cmsinit.inc
This is a web interface to the Dragonfly CMS CVS tree. You can browse the file hierarchy by picking directories. If you pick a file, you will see the revision history for that file.
Selecting a revision number will show that revision of the file. There are links at each revision to display diffs, annotate and download.
Note: Info about CVS and our commits can be found at our CVS Info Forum
File name: html/includes/cmsinit.inc
Revision : 1.25 (9 years 7 months 1 weeks 2 days 4 hours 15 minutes 39 seconds ago) by djmaze
Changed : +5 -9 lines
Comment: Added better GFX checker which prevents malicious code constructors of using it for auto account generation


# Author Rev Line
1 djmaze 1.1 <?php
2 djmaze 1.1 /*********************************************
3 djmaze 1.1 CPG-NUKE: Advanced Content Management System
4 djmaze 1.1 ********************************************
5 djmaze 1.1 Copyright (c) 2004 by CPG-Nuke Dev Team
6 djmaze 1.1 http://www.cpgnuke.com
7 djmaze 1.1  
8 djmaze 1.1 CPG-Nuke is released under the terms and conditions
9 djmaze 1.16 of the CPG Open Source License Agreement version 1
10 djmaze 1.1  
11 djmaze 1.1 Last modification notes:
12 djmaze 1.17 $Source: /cvs/html/includes/cmsinit.inc,v $
13 djmaze 1.25 $Revision: 1.24 $
14 djmaze 1.25 $Author: akamu $
15 djmaze 1.25 $Date: 2004/09/16 09:02:05 $
16 djmaze 1.1  
17 djmaze 1.16 ***********************************************************************/
18 djmaze 1.22 // Disable DOS Attacks
19 djmaze 1.22 if (($_SERVER['HTTP_USER_AGENT'] == '' || $_SERVER['HTTP_USER_AGENT'] == '-') && !defined('XMLFEED')) {
20 djmaze 1.22 exit;
21 djmaze 1.22 }
22 djmaze 1.22  
23 djmaze 1.1 set_magic_quotes_runtime(0); // Disable magic_quotes_runtime
24 djmaze 1.20 // we define our own error handler
25 djmaze 1.23 require_once('includes/classes/cpg_debugger.php');
26 djmaze 1.1  
27 djmaze 1.22 $phpver = explode('.', phpversion());
28 djmaze 1.22 $phpver = "$phpver[0]$phpver[1]";
29 djmaze 1.1  
30 djmaze 1.1 // Compress output if server/php config allows
31 djmaze 1.1 $do_gzip_compress = false;
32 djmaze 1.1 $do_zlib_compress = false;
33 djmaze 1.1  
34 djmaze 1.1 if (extension_loaded('zlib')) {
35 djmaze 1.1 if (isset($_SERVER['HTTP_ACCEPT_ENCODING']) && eregi('gzip', $_SERVER['HTTP_ACCEPT_ENCODING'])) {
36 djmaze 1.1 if ($phpver >= 43) { // PHP 4.2.x seems to give memleak
37 djmaze 1.1 ob_start('ob_gzhandler');
38 djmaze 1.1 }
39 djmaze 1.1 else if ($phpver > 40) {
40 djmaze 1.1 $do_gzip_compress = true;
41 djmaze 1.1 ob_start();
42 djmaze 1.1 ob_implicit_flush(0);
43 djmaze 1.1 header('Content-Encoding: gzip');
44 djmaze 1.1 }
45 djmaze 1.1 } else {
46 djmaze 1.1 // Some stupid firewalls don't send the HTTP_ACCEPT_ENCODING
47 djmaze 1.1 // So we still compress in memory for fast page generations
48 djmaze 1.1 // But it will take longer for the visitor to see the page.
49 djmaze 1.1 $do_zlib_compress = true;
50 djmaze 1.1 ob_start();
51 djmaze 1.1 ob_implicit_flush(0);
52 djmaze 1.1 }
53 djmaze 1.1 }
54 djmaze 1.1  
55 djmaze 1.1 if ($phpver >= 41) {
56 djmaze 1.1 $PHP_SELF = $_SERVER['PHP_SELF'];
57 djmaze 1.1 }
58 djmaze 1.1 // Import GET/POST/Cookie variables into the global scope
59 djmaze 1.1 //if (!ini_get("register_globals")) {
60 djmaze 1.20 if (intval(ini_get('register_globals')) == 0) {
61 djmaze 1.22 // import_request_variables('GPC');
62 djmaze 1.1 }
63 djmaze 1.1 // unset any vars set from globals
64 djmaze 1.1 $phpEx = 'php';
65 djmaze 1.19 $pagetitle = $modheader = $adminmenuitems = $adminmail = '';
66 djmaze 1.1 $showblocks = 1;
67 djmaze 1.1 // useless vars but still here to prevent "notice" messages
68 djmaze 1.1 $user = $admin = $cookie = '';
69 djmaze 1.1  
70 djmaze 1.1 if (!isset($file)) $file = NULL;
71 djmaze 1.1 if (!isset($name)) $name = NULL;
72 djmaze 1.1  
73 djmaze 1.1 list($usec, $sec) = explode(' ', microtime());
74 djmaze 1.1 $start_time = ($usec + $sec);
75 djmaze 1.1 if (!defined('CPG_NUKE')) define('CPG_NUKE', true);
76 djmaze 1.1  
77 trevor 1.8 // stops the page creation and shows an error page
78 djmaze 1.1 function nuke_error($message, $title='ERROR', $redirect='') {
79 djmaze 1.1 cpg_error($message, $title, $redirect);
80 djmaze 1.1 }
81 djmaze 1.1 function cpg_error($message, $title='ERROR', $redirect='') {
82 djmaze 1.1 global $userinfo, $SESS;
83 djmaze 1.1 if ($redirect) { header('Refresh: 3; url='.$redirect); }
84 djmaze 1.1 if (defined('THEME_USES_TPL')) {
85 djmaze 1.1 global $pagetitle, $showblocks, $home;
86 djmaze 1.1 $home = $showblocks = 0;
87 djmaze 1.1 $pagetitle = $title;
88 djmaze 1.1 require_once('header.php');
89 djmaze 1.1 OpenTable();
90 djmaze 1.1 echo '<center>'.$message.'<br /><br />'._GOBACK.'</center>';
91 djmaze 1.1 CloseTable();
92 djmaze 1.1 require_once('footer.php');
93 djmaze 1.1 } else {
94 djmaze 1.1 require_once('includes/cpg_page.php');
95 djmaze 1.1 $errorpage = cpg_header($title);
96 djmaze 1.1 $errorpage .= "<center>$message</center>";
97 djmaze 1.1 $errorpage .= cpg_footer();
98 djmaze 1.1 if (isset($SESS)) $SESS->write_close();
99 djmaze 1.1 die($errorpage);
100 djmaze 1.1 }
101 djmaze 1.1 }
102 djmaze 1.1  
103 djmaze 1.1 // include database connection, sql abstraction layer and globally used functions
104 djmaze 1.1 require_once('config.php');
105 djmaze 1.1 require_once('db/db.php');
106 djmaze 1.1 require_once('includes/classes/session.php');
107 djmaze 1.1 require_once('includes/functions/display.php');
108 djmaze 1.1 require_once('includes/functions/linking.php');
109 djmaze 1.1 require_once('includes/classes/template.php');
110 djmaze 1.1 require_once('includes/classes/cpg_member.php');
111 djmaze 1.1 if (defined('INSTALL')) return;
112 djmaze 1.1  
113 djmaze 1.1 if ($file != 'posting' && $name != 'Forums') {
114 djmaze 1.1 foreach ($_POST as $secvalue) {
115 djmaze 1.1 if (eregi("<[^>]*script *\"?[^>]*>", $secvalue)) {
116 trevor 1.13 cpg_error('<strong>The characters that you tried to include in your html request are forbidden...</strong>', 'Security Error');
117 djmaze 1.1 }
118 djmaze 1.1 }
119 djmaze 1.1 }
120 djmaze 1.1  
121 djmaze 1.4 if (!load_cfg('MAIN_CFG')) {
122 djmaze 1.1 if (!($result = $db->sql_query('SELECT * FROM '.$prefix.'_config_custom', true))) {
123 djmaze 1.1 url_redirect('install.php');
124 djmaze 1.1 }
125 djmaze 1.1 while ($row = $db->sql_fetchrow($result)) {
126 djmaze 1.1 $MAIN_CFG[$row['cfg_name']][$row['cfg_field']] = $row['cfg_value'];
127 djmaze 1.1 }
128 djmaze 1.1 save_cfg('MAIN_CFG');
129 djmaze 1.1 $db->sql_freeresult($result);
130 djmaze 1.4 }
131 djmaze 1.5 if (!extension_loaded('gd')) { $MAIN_CFG['global']['gfx_chk'] = 0; }
132 djmaze 1.15 if (substr($MAIN_CFG['global']['nukeurl'], -1) == '/') { $MAIN_CFG['global']['nukeurl'] = substr($MAIN_CFG['global']['nukeurl'], 0, -1); }
133 djmaze 1.5 if (substr($MAIN_CFG['server']['path'], -1) != '/') $MAIN_CFG['server']['path'] .= '/';
134 djmaze 1.5 if ($MAIN_CFG['server']['path'][0] != '/') $MAIN_CFG['server']['path'] = '/'.$MAIN_CFG['server']['path'];
135 djmaze 1.5  
136 djmaze 1.1 if ($phpver >= 43) { // version_compare()
137 djmaze 1.1 extract($MAIN_CFG['global'], EXTR_OVERWRITE | EXTR_REFS);
138 djmaze 1.1 } else {
139 djmaze 1.1 extract($MAIN_CFG['global'], EXTR_OVERWRITE);
140 djmaze 1.1 }
141 djmaze 1.1  
142 djmaze 1.1 if (defined('XMLFEED')) return; // no need to load everything if it's a feed
143 djmaze 1.1  
144 djmaze 1.6 global $CPG_SESS;
145 djmaze 1.6 $SESS =& new cpg_session();
146 djmaze 1.25 if (isset($_GET['name']) && ($_GET['name'] == 'gfx' || (isset($_GET['op']) && $_GET['name'] == 'Your_Account' && $_GET['op'] == 'gfx'))) {
147 djmaze 1.1 require('includes/gfxchk.php');
148 djmaze 1.1 }
149 djmaze 1.1 //$SESS = new cpg_session($dbonly, $name, $time);
150 djmaze 1.1 //register_shutdown_function(array(&$SESS, "write_close"));
151 djmaze 1.18 $CLASS['member'] =& new cpg_member();
152 djmaze 1.1 $userinfo =& $CLASS['member']->members[$CLASS['member']->user_id];
153 djmaze 1.1 $nukeuser =& $CLASS['member']->cookie;
154 djmaze 1.18 if ($CLASS['member']->loadadmin()) {
155 djmaze 1.1 foreach($CLASS['member']->admin as $var => $val) {
156 djmaze 1.4 if (ereg('radmin',$var)) { $$var =& $val; }
157 djmaze 1.1 }
158 djmaze 1.25 // $MAIN_CFG['debug']['error_level'] = E_WARNING | E_NOTICE | E_USER_WARNING | E_USER_NOTICE;
159 djmaze 1.23 } else if (!CPG_DEBUG) {
160 djmaze 1.23 $cpgdebugger->stop();
161 djmaze 1.23 error_reporting(0);
162 djmaze 1.1 }
163 djmaze 1.1 if (($MAIN_CFG['global']['maintenance']==1) && !is_admin() && !defined('ADMIN_PAGES') && !defined('INSTALL')) {
164 trevor 1.12 cpg_error('<strong>'.$MAIN_CFG['global']['maintenance_text'].'</strong>', 'Maintenance');
165 djmaze 1.1 }
166 djmaze 1.1 $SESS->init_info();
167 djmaze 1.1 /************************************************************************************/
168 djmaze 1.3 /* Include language to detect languages from browser setting and user preferences */
169 djmaze 1.1 /* Join the nuke language initiative (NLI) http://cpgnuke.com */
170 djmaze 1.1 /************************************************************************************/
171 djmaze 1.1 require_once('includes/functions/language.php');
172 djmaze 1.1  
173 djmaze 1.1 // Load cache handler
174 djmaze 1.1 if (isset($MAIN_CFG['cache']['handler'])) {
175 djmaze 1.1 // mmcache.php
176 djmaze 1.1 }
177 djmaze 1.1  
178 djmaze 1.3 /************************************************************************************/
179 djmaze 1.7 /* Load the theme template system and check if the current theme uses the system */
180 djmaze 1.7 /************************************************************************************/
181 djmaze 1.7 $ThemeSel = get_theme();
182 djmaze 1.7 define('THEME_USES_TPL', file_exists('themes/'.$ThemeSel.'/template/header.html'));
183 djmaze 1.7 // Load template handler
184 djmaze 1.7 $cpgtpl =& new cpg_template();
185 djmaze 1.7 $cpgtpl->set_template(); // dynamic language
186 djmaze 1.7 //$cpgtpl->set_template(true); // static language
187 djmaze 1.7 //$cpgtpl->cachepath = '';
188 djmaze 1.7 if (THEME_USES_TPL) { $template =& $cpgtpl; }
189 djmaze 1.7  
190 djmaze 1.7 header('Content-Type: text/html; charset='._CHARSET);
191 djmaze 1.7 header('Content-language: ' . get_langcode($currentlang, 1));
192 djmaze 1.7 // standard privacy header change to yours
193 djmaze 1.7 header('P3P: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"');
194 djmaze 1.7 //header("P3P: CP=\"ALL DSP COR NID CURa OUR STP PUR\"");
195 djmaze 1.7 // Notify server time
196 djmaze 1.7 header('Date: '.date('D, d M Y H:i:s', gmtime()).' GMT');
197 djmaze 1.7  
198 djmaze 1.7 ini_set('sendmail_from', $adminmail);
199 djmaze 1.7  
200 djmaze 1.7 /************************************************************************************/
201 djmaze 1.3 /* Check if the <form> POST is comming from this server */
202 djmaze 1.3 /************************************************************************************/
203 djmaze 1.3 if ($_SERVER['REQUEST_METHOD'] == 'POST') {
204 djmaze 1.9 // if (isset($_SERVER['HTTP_REFERER'])) {
205 djmaze 1.3 if (!isset($CPG_SESS['user']['uri']) || empty($CPG_SESS['user']['uri'])) {
206 djmaze 1.3 // if (!ereg("(http://$_SERVER[HTTP_HOST])", $_SERVER['HTTP_REFERER']) && !ereg("(https://$_SERVER[HTTP_HOST])", $_SERVER['HTTP_REFERER'])&& !ereg("(http://www.$_SERVER[HTTP_HOST])", $_SERVER['HTTP_REFERER'])) {
207 djmaze 1.3 $errorpage = '<html><body><center><h1>ERROR</h1>';
208 djmaze 1.3 $the_error = "Someone with IP $_SERVER[REMOTE_ADDR]<br />\n"
209 djmaze 1.3 ."tried to send information thru a POST from the following url: $_SERVER[HTTP_REFERER]<br />\n<br />\n"
210 djmaze 1.3 ."The website he tried it on is: $_SERVER[HTTP_HOST]<br />\n"
211 djmaze 1.3 ."And to the following page: $_SERVER[REQUEST_URI]<br />";
212 djmaze 1.3 $the_error = $errorpage . '<form><textarea rows="8" cols="60">' . htmlspecialchars($the_error) . '</textarea></form></body></html>';
213 djmaze 1.3 if (is_admin()) {
214 djmaze 1.3 die($the_error);
215 djmaze 1.7 } else if (isset($adminmail) && $adminmail != '') {
216 djmaze 1.3 $subject = "POST Error on $sitename";
217 djmaze 1.3 if(!send_mail($mailer_message,$the_error, 1, $subject)) {
218 djmaze 1.3 echo $mailer_message;
219 djmaze 1.3 }
220 djmaze 1.3 }
221 akamu 1.24 die('Please enable cookies to post on this site. If you feel you have reached this message in error please refresh the page once!');
222 djmaze 1.3 }
223 djmaze 1.9 // }
224 djmaze 1.3 /* problems when using some firewalls and proxy servers
225 djmaze 1.3 else {
226 djmaze 1.3 die("Warning you didn't send the HTTP_REFERER header to this website.
227 djmaze 1.3 This can be caused due to your browser, using a proxy server or firewall.
228 djmaze 1.3 Please change browser or turn off the use of a proxy or turn off the \"Deny servers to trace web browsing\" in your firewall
229 djmaze 1.3 and you shouldn't have problems when sending a POST on this website.");
230 djmaze 1.3 }*/
231 djmaze 1.3 }
232 djmaze 1.3  
233 djmaze 1.1 // Function which removes \015\012 which causes linebreaks in SMTP email
234 djmaze 1.1 function removecrlf($str) {
235 djmaze 1.1 return strtr($str, "\015\012", ' ');
236 djmaze 1.1 }
237 djmaze 1.1 /***********************************************************************************
238 djmaze 1.1  
239 djmaze 1.1 bool send_mail(&$mailer_message, $message, $html=0, $subject="", $to="", $to_name="", $from="",$from_name="" )
240 djmaze 1.1  
241 djmaze 1.1 Sends a email thru PHP or SMTP using plain text or html formatted
242 djmaze 1.1 $mailer_message: returns info about the send mail or the error message
243 djmaze 1.1 $message : the message that you want to send
244 djmaze 1.1 $html : send message as html or text 1 = html, 0 = text(default)
245 djmaze 1.1 $subject : the subject of the message, default = _FEEDBACK
246 djmaze 1.1 $to : emailaddress of person to send to, default = admin mailaddress
247 djmaze 1.1 $to_name : name of person to send to, default = sitename
248 djmaze 1.1 $from : emailaddress of person who sends the message, default = admin mailaddress
249 djmaze 1.1 $from_name: name of person who sends the message, default = sitename
250 djmaze 1.1  
251 djmaze 1.1 ************************************************************************************/
252 djmaze 1.1 function send_mail(&$mailer_message, $message, $html=0, $subject='', $to='', $to_name='', $from='', $from_name='') {
253 djmaze 1.17 global $MAIN_CFG, $module_name, $PHPMAILER_LANG;
254 djmaze 1.17 $PHPMAILER_LANG['from_failed'] = 'The following From address failed: ';
255 djmaze 1.17 $PHPMAILER_LANG['recipients_failed'] = 'SMTP Error: The following recipients failed: ';
256 alexm 1.14  
257 djmaze 1.1 if ($module_name != 'Contact' && function_exists('get_lang')) {
258 djmaze 1.1 get_lang('Contact');
259 djmaze 1.1 }
260 djmaze 1.7 if ($to == '') $to = $MAIN_CFG['global']['adminmail'];
261 djmaze 1.17 if ($from == '') $from = $MAIN_CFG['global']['adminmail'];
262 djmaze 1.17 if (is_email($from) < 1) {
263 djmaze 1.17 $mailer_message = $PHPMAILER_LANG['from_failed'].$from;
264 djmaze 1.17 return false;
265 djmaze 1.17 }
266 djmaze 1.17 if (is_email($to) < 1) {
267 djmaze 1.17 $mailer_message = $PHPMAILER_LANG['recipients_failed'].$to;
268 djmaze 1.17 return false;
269 djmaze 1.17 }
270 djmaze 1.17  
271 djmaze 1.1 require_once('includes/classes/phpmailer.php');
272 djmaze 1.1 $mail = new PHPMailer();
273 djmaze 1.1 $mail->SetLanguage();
274 djmaze 1.1 if ($MAIN_CFG['email']['smtp_on']) {
275 djmaze 1.1 $mail->IsSMTP(); // set mailer to use SMTP
276 djmaze 1.1 $mail->Host = $MAIN_CFG['email']['smtphost'];
277 djmaze 1.1 if ($MAIN_CFG['email']['smtp_auth']) {
278 djmaze 1.1 $mail->SMTPAuth = true; // turn on SMTP authentication
279 djmaze 1.1 $mail->Username = $MAIN_CFG['email']['smtp_uname']; // SMTP username
280 djmaze 1.1 $mail->Password = $MAIN_CFG['email']['smtp_pass']; // SMTP password
281 djmaze 1.1 }
282 djmaze 1.1 } else {
283 djmaze 1.1 $mail->IsMail();
284 djmaze 1.1 }
285 djmaze 1.17 $mail->From = removecrlf($from);
286 djmaze 1.7 $mail->FromName = ($from_name!='') ? removecrlf($from_name) : $MAIN_CFG['global']['sitename'];
287 djmaze 1.1 if ($to_name != ''){
288 djmaze 1.1 $mail->AddAddress(removecrlf($to), removecrlf($to_name));
289 djmaze 1.1 } else {
290 djmaze 1.1 $mail->AddAddress(removecrlf($to));
291 djmaze 1.1 }
292 djmaze 1.1 $mail->Priority = 3;
293 djmaze 1.1 $mail->Encoding = '8bit';
294 djmaze 1.1 $mail->CharSet = _CHARSET;
295 djmaze 1.1 $mail->Subject = ($subject!='') ? removecrlf($subject) : _FEEDBACK;
296 djmaze 1.1 if ($MAIN_CFG['email']['allow_html_email'] && $html) {
297 djmaze 1.1 require_once('includes/nbbcode.php');
298 djmaze 1.1 $message = decode_bbcode($message);
299 djmaze 1.1 $mail->IsHTML(true);
300 djmaze 1.1 $mail->AltBody = strip_tags($message);
301 djmaze 1.1 $mail->Body = $message;
302 djmaze 1.1 } else {
303 djmaze 1.1 $mail->Body = strip_tags($message);
304 djmaze 1.1 }
305 djmaze 1.1 $mailer_message ='';
306 djmaze 1.1 if (!$mail->Send()) {
307 djmaze 1.1 $mailer_message .= 'Message could not be sent.<p>';
308 djmaze 1.1 $mailer_message .= 'Mailer Error: ' . $mail->ErrorInfo;
309 djmaze 1.1 return false;
310 djmaze 1.1 } else {
311 djmaze 1.1 $mailer_message .= '<p align="center">'._SUCCESS_MESSAGE_SENT.'<br />';
312 djmaze 1.1 $mailer_message .= "<code>$message</code><br />";
313 djmaze 1.1 $mailer_message .= '<p align="center">'._MAHALO.'</center></p>';
314 djmaze 1.1 return true;
315 djmaze 1.1 }
316 djmaze 1.1 //return $mailer_message;
317 djmaze 1.1 }
318 djmaze 1.1  
319 djmaze 1.1 /***********************************************************************************
320 djmaze 1.1 Returns if the emailaddress is valid or not
321 djmaze 1.1 ************************************************************************************/
322 djmaze 1.1 function is_email(&$email) {
323 djmaze 1.10 global $DeniedEmailDomains;
324 djmaze 1.1 if (strlen($email) < 5) return 0;
325 djmaze 1.1 $email = strtolower($email);
326 djmaze 1.1 if (!ereg('^[_\.\+0-9a-z-]+@([0-9a-z][0-9a-z-]+\.)+[a-z]{2,6}$',$email)) {
327 djmaze 1.1 return -1;
328 djmaze 1.1 }
329 djmaze 1.1 $email = explode('@', $email);
330 djmaze 1.10 $DeniedEmailDomains[] = 'mydomain.com';
331 djmaze 1.10 $domains = implode('|', $DeniedEmailDomains);
332 djmaze 1.10 if (eregi("($domains)", $email[1])) {
333 djmaze 1.1 return -2;
334 djmaze 1.1 }
335 djmaze 1.1 $email = implode('@', $email);
336 djmaze 1.1 return 1;
337 djmaze 1.1 }
338 djmaze 1.1  
339 djmaze 1.1 /***********************************************************************************
340 djmaze 1.1 Returns admin name if the user is an administrator, otherwise false
341 djmaze 1.1 ************************************************************************************/
342 djmaze 1.1 function is_admin() {
343 djmaze 1.1 global $CLASS;
344 djmaze 1.1 return is_object($CLASS['member']) ? $CLASS['member']->admin_id : false;
345 djmaze 1.1 }
346 djmaze 1.1 function can_admin($module='') {
347 djmaze 1.7 global $CLASS;
348 djmaze 1.7 $adminfo =& $CLASS['member']->admin;
349 djmaze 1.1 return is_array($adminfo) ? ($adminfo['radminsuper'] || (isset($adminfo['radmin'.$module]) ? $adminfo['radmin'.$module] : false)) : false;
350 djmaze 1.1 }
351 djmaze 1.1 /***********************************************************************************
352 djmaze 1.1 Returns member ID if the user is an registered member, otherwise false
353 djmaze 1.1 ************************************************************************************/
354 djmaze 1.1 function is_user() {
355 djmaze 1.1 global $CLASS;
356 djmaze 1.1 return ($CLASS['member']->user_id > 1) ? $CLASS['member']->user_id : false;
357 djmaze 1.1 }
358 djmaze 1.1 function is_group() {
359 djmaze 1.1 // Function does not exist; here for compatibility with PHP-Nuke 7 modules
360 djmaze 1.1 }
361 djmaze 1.1 function update_points() {
362 djmaze 1.1 // Function does not exist; here for compatibility with PHP-Nuke 7 modules
363 djmaze 1.1 }
364 djmaze 1.1 /***********************************************************************************
365 djmaze 1.1 Useless unless you don't want to convert PHP-Nuke modules
366 djmaze 1.1 NOT RECOMENDED to use, the global $nukeuser already contains all the info
367 djmaze 1.1 ************************************************************************************/
368 djmaze 1.1 function cookiedecode() {
369 djmaze 1.1 global $nukeuser;
370 djmaze 1.1 return $nukeuser;
371 djmaze 1.1 }
372 djmaze 1.1 /***********************************************************************************
373 djmaze 1.1 Useless unless you don't want to convert PHP-Nuke modules
374 djmaze 1.1 NOT RECOMENDED to use, the global $userinfo already contains all the info
375 djmaze 1.1 ************************************************************************************/
376 djmaze 1.1 function getusrinfo() {
377 djmaze 1.1 global $userinfo;
378 djmaze 1.1 return $userinfo;
379 djmaze 1.1 }
380 djmaze 1.1 /***********************************************************************************
381 djmaze 1.1 See includes/classes/cpg_member -> getmemdata() for details
382 djmaze 1.1 ************************************************************************************/
383 djmaze 1.1 function getusrdata($user, $data='*') {
384 djmaze 1.1 global $CLASS;
385 djmaze 1.1 return $CLASS['member']->getmemdata($user, $data);
386 djmaze 1.1 }
387 djmaze 1.1 /***********************************************************************************
388 djmaze 1.1  
389 djmaze 1.1 bool is_active($module)
390 djmaze 1.1  
391 djmaze 1.1 Checks if the module with 'modulename' is active
392 djmaze 1.1 $module: the name of the module which you wanna check; example: 'Your_Account'
393 djmaze 1.1  
394 djmaze 1.1 ************************************************************************************/
395 djmaze 1.1 function is_active($module) {
396 djmaze 1.1 global $prefix, $db;
397 djmaze 1.1 static $save; // Added by steven111
398 djmaze 1.1 if (is_array($save)) {
399 djmaze 1.1 if (isset($save[$module])) return ($save[$module]);
400 djmaze 1.1 return 0;
401 djmaze 1.1 }
402 djmaze 1.1 $result = $db->sql_query('SELECT title FROM '.$prefix.'_modules WHERE active=1');
403 djmaze 1.1 while ($row = $db->sql_fetchrow($result)) {
404 djmaze 1.1 $save[$row[0]] = 1;
405 djmaze 1.1 }
406 djmaze 1.1 $db->sql_freeresult($result);
407 djmaze 1.1 if (isset($save[$module])) return ($save[$module]);
408 djmaze 1.1 return 0;
409 djmaze 1.1 }
410 djmaze 1.1 /***********************************************************************************
411 djmaze 1.1  
412 djmaze 1.1 string Fix_Quotes(&$str, $nohtml=0)
413 djmaze 1.1  
414 djmaze 1.1 Adds slashes to string and strips PHP+HTML for SQL insertion and hack prevention
415 djmaze 1.1 $str : the string to modify
416 djmaze 1.1 $nohtml: strip PHP+HTML tags, 0 = no, 1 = yes, default = 0
417 djmaze 1.1  
418 djmaze 1.1 ************************************************************************************/
419 djmaze 1.1 function Fix_Quotes(&$str, $nohtml=false, $spchar=false) {
420 djmaze 1.1 global $db;
421 djmaze 1.1 $str = $db->sql_escape_string(trim($str));
422 djmaze 1.1 if ($nohtml) { $str = strip_tags($str); }
423 djmaze 1.1 if ($spchar) { $str = htmlspecialchars($str,ENT_NOQUOTES,'UTF-8'); }
424 djmaze 1.1 return $str;
425 djmaze 1.1 }
426 djmaze 1.1  
427 djmaze 1.1 /***********************************************************************************
428 djmaze 1.1  
429 djmaze 1.1 string FixQuotes ($what = "")
430 djmaze 1.1  
431 djmaze 1.1 Old PHP-Nuke function to stay compatible, use the advanced Fix_Quotes instead
432 djmaze 1.1  
433 djmaze 1.1 ************************************************************************************/
434 djmaze 1.1 function FixQuotes($what = "") {
435 djmaze 1.1 $what = ereg_replace("'","''",$what);
436 djmaze 1.1 while (eregi("\\\\'", $what)) {
437 djmaze 1.1 $what = ereg_replace("\\\\'","'",$what);
438 djmaze 1.1 }
439 djmaze 1.1 return $what;
440 djmaze 1.1 }
441 djmaze 1.1  
442 djmaze 1.1 /*********************************************************/
443 djmaze 1.1 /* text filterering */
444 djmaze 1.1 /*********************************************************/
445 djmaze 1.1  
446 djmaze 1.1 function check_words(&$Message) {
447 djmaze 1.1 global $CensorList, $CensorReplace, $CensorMode;
448 djmaze 1.1 if ($CensorMode != 0) {
449 djmaze 1.1 if (is_array($CensorList)) {
450 djmaze 1.1 if ($CensorMode == 1) {
451 djmaze 1.1 for ($i = 0; $i < count($CensorList); $i++) {
452 djmaze 1.1 $Message = eregi_replace("$CensorList[$i]([^a-zA-Z0-9])","$CensorReplace\\1",$Message);
453 djmaze 1.1 }
454 djmaze 1.1 } elseif ($CensorMode == 2) {
455 djmaze 1.1 for ($i = 0; $i < count($CensorList); $i++) {
456 djmaze 1.1 $Message = eregi_replace("(^|[^[:alnum:]])$CensorList[$i]","\\1$CensorReplace",$Message);
457 djmaze 1.1 }
458 djmaze 1.1 } elseif ($CensorMode == 3) {
459 djmaze 1.1 for ($i = 0; $i < count($CensorList); $i++) {
460 djmaze 1.1 $Message = eregi_replace($CensorList[$i],$CensorReplace,$Message);
461 djmaze 1.1 }
462 djmaze 1.1 }
463 djmaze 1.1 }
464 djmaze 1.1 }
465 djmaze 1.1 return $Message;
466 djmaze 1.1 }
467 djmaze 1.1  
468 djmaze 1.1 function delQuotes($string){
469 djmaze 1.1 /* no recursive function to add quote to an HTML tag if needed */
470 djmaze 1.1 /* and delete duplicate spaces between attribs. */
471 djmaze 1.1 $tmp = ""; # string buffer
472 djmaze 1.1 $result = ""; # result string
473 djmaze 1.1 $i = 0;
474 djmaze 1.1 $attrib = -1; # Are us in an HTML attrib ? -1: no attrib 0: name of the attrib 1: value of the atrib
475 djmaze 1.1 $quote = 0; # Is a string quote delimited opened ? 0=no, 1=yes
476 djmaze 1.1 $len = strlen($string);
477 djmaze 1.1 while ($i < $len) {
478 djmaze 1.1 switch($string[$i]) { # What car is it in the buffer ?
479 djmaze 1.1 case '"': #" # a quote.
480 djmaze 1.1 if ($quote == 0) {
481 djmaze 1.1 $quote = 1;
482 djmaze 1.1 } else {
483 djmaze 1.1 $quote = 0;
484 djmaze 1.1 if (($attrib > 0) && ($tmp != '')) { $result .= "=\"$tmp\""; }
485 djmaze 1.1 $tmp = '';
486 djmaze 1.1 $attrib = -1;
487 djmaze 1.1 }
488 djmaze 1.1 break;
489 djmaze 1.1 case '=': # an equal - attrib delimiter
490 djmaze 1.1 if ($quote == 0) { # Is it found in a string ?
491 djmaze 1.1 $attrib = 1;
492 djmaze 1.1 if ($tmp != '') $result.=" $tmp";
493 djmaze 1.1 $tmp = '';
494 djmaze 1.1 } else $tmp .= '=';
495 djmaze 1.1 break;
496 djmaze 1.1 case ' ': # a blank ?
497 djmaze 1.1 if ($attrib > 0) { # add it to the string, if one opened.
498 djmaze 1.1 $tmp .= $string[$i];
499 djmaze 1.1 }
500 djmaze 1.1 break;
501 djmaze 1.1 default: # Other
502 djmaze 1.1 if ($attrib < 0) # If we weren't in an attrib, set attrib to 0
503 djmaze 1.1 $attrib = 0;
504 djmaze 1.1 $tmp .= $string[$i];
505 djmaze 1.1 break;
506 djmaze 1.1 }
507 djmaze 1.1 $i++;
508 djmaze 1.1 }
509 djmaze 1.1 if (($quote != 0) && ($tmp != '')) {
510 djmaze 1.1 if ($attrib == 1) $result .= '=';
511 djmaze 1.1 /* If it is the value of an atrib, add the '=' */
512 djmaze 1.1 $result .= "\"$tmp\""; /* Add quote if needed (the reason of the function ;-) */
513 djmaze 1.1 }
514 djmaze 1.1 return $result;
515 djmaze 1.1 }
516 djmaze 1.1  
517 djmaze 1.1 function convert_html($message, $tohtml=0) {
518 djmaze 1.1 if ($tohtml) {
519 djmaze 1.1 $html_entities_match = array('#&gt;#', '#&lt;#', '#&quot;#', '#&amp;#');
520 djmaze 1.1 $html_entities_replace = array('>', '<', '"', '&');
521 djmaze 1.1 } else {
522 djmaze 1.1 $html_entities_match = array('#&(?!\(\#[0-9]+)#', '#<#', '#>#', '#"#');
523 djmaze 1.1 $html_entities_replace = array('&amp;', '&lt;', '&gt;', '&quot;');
524 djmaze 1.1 }
525 djmaze 1.1 return preg_replace($html_entities_match, $html_entities_replace, $message);
526 djmaze 1.1 }
527 djmaze 1.1  
528 djmaze 1.1 function check_html($str, $strip="") {
529 djmaze 1.1 /* The core of this code has been lifted from phpslash */
530 djmaze 1.1 /* which is licenced under the GPL. */
531 djmaze 1.1 global $AllowableHTML;
532 djmaze 1.1 if ($strip == 'nohtml') { $HTML=array(''); }
533 djmaze 1.1 else { $HTML = $AllowableHTML; }
534 djmaze 1.1 $str = stripslashes($str);
535 djmaze 1.1 $str = eregi_replace('<[[:space:]]*([^>]*)[[:space:]]*>','<\\1>', $str);
536 djmaze 1.1 // Delete all spaces from html tags .
537 djmaze 1.1 $str = eregi_replace('<a[^>]*href[[:space:]]*=[[:space:]]*"?[[:space:]]*([^" >]*)[[:space:]]*"?[^>]*>','<a href="\\1">', $str);
538 djmaze 1.1 // Delete all attribs from Anchor, except an href, double quoted.
539 djmaze 1.1 $str = eregi_replace('<[[:space:]]* img[[:space:]]*([^>]*)[[:space:]]*>', '', $str);
540 djmaze 1.1 // Delete all img tags
541 djmaze 1.1 $str = eregi_replace('<a[^>]*href[[:space:]]*=[[:space:]]*"?javascript[[:punct:]]*"?[^>]*>', '', $str);
542 djmaze 1.1 // Delete javascript code from a href tags -- Zhen-Xjell @ http://nukecops.com
543 djmaze 1.1 $tmp = "";
544 djmaze 1.1 while (ereg('<(/?[[:alpha:]]*)[[:space:]]*([^>]*)>',$str,$reg)) {
545 djmaze 1.1 $i = strpos($str,$reg[0]);
546 djmaze 1.1 $l = strlen($reg[0]);
547 djmaze 1.1 if ($reg[1][0] == '/') $tag = strtolower(substr($reg[1],1));
548 djmaze 1.1 else $tag = strtolower($reg[1]);
549 djmaze 1.1 if ($a = $HTML[$tag]) {
550 djmaze 1.1 if ($reg[1][0] == '/') $tag = "</$tag>";
551 djmaze 1.1 elseif ($a == 1 || $reg[2] == '') $tag = "<$tag>";
552 djmaze 1.1 else {
553 djmaze 1.1 # Place here the double quote fix function.
554 djmaze 1.1 $attrb_list=delQuotes($reg[2]);
555 djmaze 1.1 // A VER
556 djmaze 1.1 $attrb_list = ereg_replace('&','&amp;',$attrb_list);
557 djmaze 1.1 $tag = "<$tag" . $attrb_list . ">";
558 djmaze 1.1 }
559 djmaze 1.1 } # Attribs in tag allowed
560 djmaze 1.1 else $tag = '';
561 djmaze 1.1 $tmp .= substr($str,0,$i) . $tag;
562 djmaze 1.1 $str = substr($str,$i+$l);
563 djmaze 1.1 }
564 djmaze 1.1 $str = $tmp . $str;
565 djmaze 1.1 $str = addslashes($str);
566 djmaze 1.1 return $str;
567 djmaze 1.1 // exit;
568 djmaze 1.1 /* Squash PHP tags unconditionally */
569 djmaze 1.1 // $str = ereg_replace("<\?","",$str);
570 djmaze 1.1 // return $str;
571 djmaze 1.1 }
572 djmaze 1.1  
573 djmaze 1.1 function filter_text($Message, $strip="") {
574 djmaze 1.1 check_words($Message);
575 djmaze 1.1 $Message = check_html($Message, $strip);
576 djmaze 1.1 return $Message;
577 djmaze 1.1 }
578 djmaze 1.1  
579 djmaze 1.1 /*********************************************************/
580 djmaze 1.1 /* Time formatting */
581 djmaze 1.1 /*********************************************************/
582 djmaze 1.1  
583 djmaze 1.1 function gmtime() {
584 djmaze 1.1 static $time;
585 djmaze 1.1 if (!$time) { $time = (time() - date('Z')); }
586 djmaze 1.1 return $time;
587 djmaze 1.1 }
588 djmaze 1.1 function formatTimestamp($time) {
589 djmaze 1.1 return formatDateTime($time, _DATESTRING);
590 djmaze 1.1 }
591 djmaze 1.1 function formatDateTime($time, $format) {
592 djmaze 1.1 global $locale, $userinfo;
593 djmaze 1.1 // setlocale(LC_TIME, $locale);
594 djmaze 1.1 if (!is_numeric($time)) {
595 djmaze 1.1 ereg('([0-9]{4})-([0-9]{1,2})-([0-9]{1,2}) ([0-9]{1,2}):([0-9]{1,2}):([0-9]{1,2})', $time, $datetime);
596 djmaze 1.1 $time = mktime($datetime[4],$datetime[5],$datetime[6],$datetime[2],$datetime[3],$datetime[1]);
597 djmaze 1.1 }
598 djmaze 1.1 if (is_user() && intval($userinfo['user_timezone']) != 0) {
599 djmaze 1.1 $time = $time+(3600*intval($userinfo['user_timezone']));
600 djmaze 1.1 }
601 djmaze 1.1 return utf8_encode(ucfirst(strftime($format, $time)));
602 djmaze 1.1 }
603 djmaze 1.1  
604 djmaze 1.1 function formatAidHeader($aid) {
605 djmaze 1.1 echo $aid;
606 djmaze 1.1 }
607 djmaze 1.1  
608 djmaze 1.1 function get_author($aid) {
609 djmaze 1.1 return $aid;
610 djmaze 1.1 }
611 djmaze 1.1  
612 djmaze 1.1 function encode_ip($dotquad_ip) {
613 djmaze 1.1 $ip_sep = explode('.', $dotquad_ip);
614 djmaze 1.1 return (count($ip_sep) == 4) ? sprintf('%02x%02x%02x%02x', $ip_sep[0], $ip_sep[1], $ip_sep[2], $ip_sep[3]) : '';
615 djmaze 1.1 }
616 djmaze 1.1 function decode_ip($int_ip) {
617 djmaze 1.1 $hexipbang = explode('.', chunk_split($int_ip, 2, '.'));
618 djmaze 1.1 return hexdec($hexipbang[0]). '.' . hexdec($hexipbang[1]) . '.' . hexdec($hexipbang[2]) . '.' . hexdec($hexipbang[3]);
619 djmaze 1.1 }
620 djmaze 1.1  
621 djmaze 1.1 function save_cfg($name) {
622 djmaze 1.1 $cache_dir = 'cache';
623 djmaze 1.1 $filename = $cache_dir."/config_$name.php";
624 djmaze 1.1 if (is_dir($cache_dir) && is_writable($cache_dir)) {
625 djmaze 1.1 if ($fp = @fopen($filename, 'wb')) {
626 djmaze 1.1 @flock($fp, LOCK_EX);
627 djmaze 1.1 $data = "<?php\nif (!defined('CPG_NUKE')) { header('Location: index.php'); exit; }\n";
628 djmaze 1.1 global $$name;
629 djmaze 1.1 $config =& $$name;
630 djmaze 1.1 if (is_array($config)) {
631 djmaze 1.1 @reset($config);
632 djmaze 1.1 while (list($key, $value) = @each($config) ) {
633 djmaze 1.1 if (is_array($value)) {
634 djmaze 1.1 while (list($subkey, $subvalue) = @each($value) ) {
635 djmaze 1.1 $data .= '$'.$name.'[\''.$key.'\'][\''.$subkey.'\'] = \''.ereg_replace('\'', '\\\'', trim($subvalue))."';\n";
636 djmaze 1.1 }
637 djmaze 1.1 } else {
638 djmaze 1.1 $data .= '$'.$name.'[\''.$key.'\'] = \''.trim($value).'\';'."\n";
639 djmaze 1.1 }
640 djmaze 1.1 }
641 djmaze 1.1 }
642 djmaze 1.1 @fwrite ($fp, $data.'?>');
643 djmaze 1.1 @flock($fp, LOCK_UN);
644 djmaze 1.1 @fclose($fp);
645 djmaze 1.1 @umask(0);
646 djmaze 1.1 }
647 djmaze 1.1 }
648 djmaze 1.1 }
649 djmaze 1.1 function load_cfg($name) {
650 djmaze 1.1 global $$name;
651 djmaze 1.1 if (file_exists("cache/config_$name.php")) {
652 djmaze 1.1 include("cache/config_$name.php");
653 djmaze 1.1 return true;
654 djmaze 1.1 } else {
655 djmaze 1.1 return false;
656 djmaze 1.1 }
657 djmaze 1.1 }
658 djmaze 1.1 function delete_cfg($name) {
659 djmaze 1.1 $cache_dir = 'cache';
660 djmaze 1.1 $filename = $cache_dir."/config_$name.php";
661 djmaze 1.1 if (is_dir($cache_dir) && is_writable($cache_dir)) {
662 djmaze 1.1 if (file_exists($filename)) {
663 djmaze 1.1 @unlink($filename);
664 djmaze 1.1 }
665 djmaze 1.1 }
666 djmaze 1.15 }


Code Credits - Privacy Policy