/lib/functions.inc.php

Large files files are truncated, but you can click here to view the full file

<?php
//
// functions.inc.php - Function library and defines for SiT -Support Incident Tracker
//
// SiT (Support Incident Tracker) - Support call tracking system
// Copyright (C) 2010-2014 The Support Incident Tracker Project
// Copyright (C) 2000-2009 Salford Software Ltd. and Contributors
//
// This software may be used and distributed according to the terms
// of the GNU General Public License, incorporated herein by reference.
//
// Authors: Ivan Lucas, <ivan[at]sitracker.org>
//          Tom Gerrard, <tomgerrard[at]users.sourceforge.net> - 2001 onwards
//          Martin Kilcoyne - 2000
//          Paul Heaney, <paul[at]sitracker.org>
//          Kieran Hogg, <kieran[at]sitracker.org>

// Many functions here simply extract various snippets of information from
// Most are legacy and can replaced by improving the pages that call them to
// use SQL joins.

// Prevent script from being run directly (ie. it must always be included
if (realpath(__FILE__) == realpath($_SERVER['SCRIPT_FILENAME']))
{
    exit;
}

include (APPLICATION_LIBPATH . 'classes.inc.php');

include (APPLICATION_LIBPATH . 'group.class.php');
include (APPLICATION_LIBPATH . 'user.class.php');
include (APPLICATION_LIBPATH . 'contact.class.php');
include (APPLICATION_LIBPATH . 'incident.class.php');
include (APPLICATION_LIBPATH . 'status.class.php');
include (APPLICATION_LIBPATH . 'sla.class.php');

include_once (APPLICATION_LIBPATH . 'file.inc.php');
include (APPLICATION_LIBPATH . 'ldap.inc.php');
include (APPLICATION_LIBPATH . 'base.inc.php');
include_once (APPLICATION_LIBPATH . 'array.inc.php');
include_once (APPLICATION_LIBPATH . 'datetime.inc.php');
include_once (APPLICATION_LIBPATH . 'billing.inc.php');
include_once (APPLICATION_LIBPATH . 'billing_unused.inc.php');
include_once (APPLICATION_LIBPATH . 'user.inc.php');
include_once (APPLICATION_LIBPATH . 'sla.inc.php');
include_once (APPLICATION_LIBPATH . 'tags.inc.php');
include_once (APPLICATION_LIBPATH . 'string.inc.php');
include_once (APPLICATION_LIBPATH . 'html_drop_downs.inc.php');
include_once (APPLICATION_LIBPATH . 'html.inc.php');
include_once (APPLICATION_LIBPATH . 'incident_html.inc.php');
include_once (APPLICATION_LIBPATH . 'tasks.inc.php');
include_once (APPLICATION_LIBPATH . 'export.inc.php');
include_once (APPLICATION_LIBPATH . 'contact.inc.php');
include_once (APPLICATION_LIBPATH . 'contract.inc.php');
include_once (APPLICATION_LIBPATH . 'journal.inc.php');
include_once (APPLICATION_LIBPATH . 'kb.inc.php');
include_once (APPLICATION_LIBPATH . 'feedback.inc.php');
include_once (APPLICATION_LIBPATH . 'site.inc.php');
include_once (APPLICATION_LIBPATH . 'configfuncs.inc.php');
include_once (APPLICATION_LIBPATH . 'incident.inc.php');

if (version_compare(PHP_VERSION, "5.1.0", ">="))
{
    date_default_timezone_set($CONFIG['timezone']);
}


/**
 * Authenticate a user
 * @author Lea Anthony
 * @param string $username. Username
 * @param string $password. Password
 * @return an integer to indicate whether the user authenticated against any authentication backends
 * @retval bool false the credentials were wrong or the user was not found.
 * @retval bool true to indicate user is authenticated and allowed to continue.
 */
function authenticate($username, $password)
{
    global $CONFIG, $db;
    $toReturn = false;

    if (!empty($username) AND !empty($password))
    {
        $sql = "SELECT id, password, status, user_source FROM `{$GLOBALS['dbUsers']}` WHERE username = '{$username}'";
        $result = mysqli_query($db, $sql);
        if (mysqli_error($db)) trigger_error(mysqli_error($db), E_USER_WARNING);
        if (mysqli_num_rows($result) == 1)
        {
            // Exist in SiT DB
            $obj = mysqli_fetch_object( $result);
            if ($obj->user_source == 'sit')
            {
                if (md5($password) == $obj->password AND $obj->status != 0) $toReturn = true;
                else $toReturn = false;
            }
            elseif ($obj->user_source == 'ldap')
            {
                // Auth against LDAP and sync
                $toReturn = authenticateLDAP(clean_ldapstring(($username)), $password, $obj->id);
                if ($toReturn === -1)
                {
                    // Communication with LDAP server failed
                    if ($CONFIG['ldap_allow_cached_password'])
                    {
                        // Use cached password
                        if (md5($password) == $obj->password AND $obj->status != 0) $toReturn = true;
                        else $toReturn = false;
                    }
                    else
                    {
                        $toReturn = false;
                    }
                }
                elseif ($toReturn)
                {
                    $toReturn = true;
                }
                else
                {
                    $toReturn = false;
                }
            }
        }
        elseif (mysqli_num_rows($result) > 1)
        {
            // Multiple this should NEVER happen
            trigger_error("Username not unique", E_USER_ERROR);
            $toReturn = false;
        }
        else
        {
            // Don't exist, check LDAP etc
            if ($CONFIG['use_ldap'])
            {
                $toReturn = authenticateLDAP($username, $password);
                if ($toReturn === -1) $toReturn = false;
            }
        }

        if ($toReturn)
        {
            journal(CFG_LOGGING_MAX,'User Authenticated',"{$username} authenticated from " . substr($_SERVER['REMOTE_ADDR'], 0, 15), CFG_JOURNAL_LOGIN, 0);
            debug_log ("Authenticate: User authenticated",TRUE);
        }
        else
        {
            debug_log ("authenticate: User NOT authenticated",TRUE);
        }
    }
    else
    {
        debug_log ("Blank username or password for user thus denying access");
        $toReturn = false;
    }

    return $toReturn;
}


/**
 * Authenticates a contact
 * @param string $username
 * @param string $password
 * @return mixed returns contactID if successful false otherwise
 */
function authenticateContact($username, $password)
{
    debug_log ("authenticateContact called");
    global $CONFIG, $db;
    $toReturn = false;

    if (!empty($username) AND !empty($password))
    {
        $sql = "SELECT id, password, contact_source, active, username FROM `{$GLOBALS['dbContacts']}` WHERE (username = '{$username}' OR email = '{$username}')";

        $result = mysqli_query($db, $sql);
        if (mysqli_error($db)) trigger_error(mysqli_error($db), E_USER_WARNING);
        if (mysqli_num_rows($result) == 1)
        {
            debug_log ("Authenticate: Just one contact in db");

            // Exists in SiT DB
            $obj = mysqli_fetch_object( $result);
            if ($obj->contact_source == 'sit')
            {
                if ((md5($password) == $obj->password OR $password == $obj->password) AND $obj->active == 'true') $toReturn = $obj->id;
                else $toReturn = false;
            }
            elseif ($obj->contact_source == 'ldap')
            {
                // Auth against LDAP and sync
                $toReturn =  authenticateLDAP($username, $password, $obj->id, false);
                if ($toReturn === -1)
                {
                    // Communication with LDAP server failed
                    if ($CONFIG['ldap_allow_cached_password'])
                    {
                        debug_log ("LDAP connection failed, using cached password");
                        // Use cached password
                        if ((md5($password) == $obj->password OR $password == $obj->password) AND $obj->active == 'true') $toReturn = $obj->id;
                        else $toReturn = false;
                        debug_log ("Cached contact {$toReturn} {$password}");
                    }
                    else
                    {
                        debug_log ("Cached passwords are not enabled");
                        $toReturn = false;
                    }
                }
                elseif ($toReturn)
                {
                    $toReturn = $obj->id;
                }
                else
                {
                    $toReturn = false;
                }
            }
            else
            {
                debug_log ("Source SOMETHING ELSE this shouldn't happen'");
                $toReturn = false;
            }
        }
        elseif (mysqli_num_rows($result) > 1)
        {
            debug_log ("Multiple");
            // Multiple this should NEVER happen
            trigger_error($GLOBALS['strUsernameNotUnique'], E_USER_ERROR);
            $toReturn = false;
        }
        else
        {
            debug_log ("Authenticate: No matching contact '{$username}' found in db");
            // Don't exist, check LDAP etc
            if ($CONFIG['use_ldap'] AND !empty($CONFIG['ldap_customer_group']))
            {
                $toReturn = authenticateLDAP($username, $password, 0, false);
                if ($toReturn === -1) $toReturn = false;
            }
        }
    }
    else
    {
        debug_log ("Blank username or password for user thus denying access");
        $toReturn = false;
    }

    debug_log ("authenticateContact returning {$toReturn}");
    return $toReturn;
}

/**
 * Authenticates a user when trusted server mode is enabled
 * @author Paul Heaney
 * @return mixed username if valid, false otherwise
 */
function authenticateTrustedServerMode()
{
    global $CONFIG, $db;

    $toReturn = false;

    if ($CONFIG['trusted_server'])
    {
        if (trustedServerValidateBasicAuth())
        {
            $username = $_SERVER["HTTP_".strtoupper($CONFIG['trusted_server_username_header'])];
            debug_log("Headers received ".print_r($_SERVER, true));
            $sql = "SELECT id, password, status, user_source, username FROM `{$GLOBALS['dbUsers']}` WHERE username = '{$username}'";
            $result = mysqli_query($db, $sql);
            if (mysqli_error($db)) trigger_error(mysqli_error($db), E_USER_WARNING);
            if (mysqli_num_rows($result) == 1)
            {
                // Exists in SiT DB
                $obj = mysqli_fetch_object( $result);
                $toReturn = $obj->username;
            }

            if ($toReturn)
            {
                debug_log ("authenticateTrustedServerMode: User authenticated via trusted server", TRUE);
            }
            else
            {
                debug_log ("authenticateTrustedServerMode: User NOT authenticated via trusted server", TRUE);
            }
        }
        else
        {
            debug_log("authenticateTrustedServerMode: credentials used to identify trusted server invalid");
            $toReturn = false;
        }
    }
    else
    {
        debug_log("authenticateTrustedServerModeContact called and trusted_server mode disabled");
        $toReturn = false;
    }

    return $toReturn;
}


/**
 * Authenticates a contact when trusted server mode is enabled
 * @author Paul Heaney
 * @return mixed contact id if valid, false otherwise
 */
function authenticateTrustedServerModeContact()
{
    global $CONFIG, $db;

    $toReturn = false;

    if ($CONFIG['trusted_server'])
    {
        if (trustedServerValidateBasicAuth())
        {
            $username = $_SERVER["HTTP_".strtoupper($CONFIG['trusted_server_username_header'])];

            $sql = "SELECT id, password, contact_source, active, username FROM `{$GLOBALS['dbContacts']}` WHERE (username = '{$username}' OR email = '{$username}')";
            $result = mysqli_query($db, $sql);
            if (mysqli_error($db)) trigger_error(mysqli_error($db), E_USER_WARNING);
            if (mysqli_num_rows($result) == 1)
            {
                // Exists in SiT DB
                $obj = mysqli_fetch_object( $result);
                $toReturn = $obj->id;

                if ($CONFIG['contact_jit_provision'])
                {
                    // Then we need to update
                    $contact = new Contact($toReturn);
                    foreach ($CONFIG['contact_jit_mapping'] AS $header => $field)
                    {
                        $value = $_SERVER["HTTP_".strtoupper($header)];
                        debug_log("Setting field '" . $field . "' to '" . $value . "'");
                        $contact->$field = $value;
                    }
                    
                    // Don't need to ensure valid fields as contact class does that
                    debug_log("Updating contact '" . $toReturn . "'");
                    $contact->edit();
                }
            }
            else if (mysqli_num_rows($result) == 0 AND $CONFIG['contact_jit_provision'])
            {
                // we can create
                debug_log("Contact mapping headers are: " . print_r($CONFIG['contact_jit_mapping'], true));
                $contracts = null;
                $contact = new Contact();
                foreach ($CONFIG['contact_jit_mapping'] AS $header => $field)
                {
                    $value = $_SERVER["HTTP_".strtoupper($header)];
                    debug_log("Setting field '" . $field . "' to '" . $value . "'");
                    if ($header == 'contractids') $contracts = $value;
                    else $contact->$field = $value;
                }
                $contact->source = "jit";
                // Don't need to ensure valid fields as contact class does that
                debug_log("Adding contact");
                $toReturn = $contact->add();
                
                if (!empty($contracts) AND !empty($toReturn))
                {
                    $contractids = explode(",", $contracts);
                    foreach ($contractids AS $id)
                    {
                        $id = clean_int($id);
                        $sql  = "INSERT INTO `{$GLOBALS['dbSupportContacts']}` (maintenanceid, contactid) VALUES ({$id}, {$toReturn})";
                        $result = mysqli_query($db, $sql);
                        if (mysqli_error($db)) trigger_error("MySQL Query Error ".mysqli_error($db), E_USER_ERROR);
                    }
                }
            }

            if ($toReturn)
            {
                journal(CFG_LOGGING_MAX,'Contact Authenticated',"{$username} authenticated from " . substr($_SERVER['REMOTE_ADDR']." via trusted server", 0, 15), CFG_JOURNAL_LOGIN, 0);
                debug_log ("authenticateTrustedServerModeContact: User authenticated via trusted server", TRUE);
            }
            else
            {
                debug_log ("authenticateTrustedServerModeContact: Contact NOT authenticated via trusted server", TRUE);
            }
        }
        else
        {
            debug_log("authenticateTrustedServerModeContact: credentials used to identify trusted server invalid");
            $toReturn = false;
        }
    }
    else
    {
        debug_log("authenticateTrustedServerModeContact called and trusted_server mode disabled");
        $toReturn = false;
    }

    return $toReturn;
}


/**
 * Creates valid user session within SiT!
 * @param string $username The username to create a session for
 */
function createUserSession($username)
{
    global $CONFIG, $db;

    $_SESSION['auth'] = TRUE;

    // Retrieve users profile
    $sql = "SELECT id, username, realname, email, groupid, user_source FROM `{$GLOBALS['dbUsers']}` WHERE username='{$username}' LIMIT 1";
    $result = mysqli_query($db, $sql);
    if (mysqli_error($db)) trigger_error(mysqli_error($db), E_USER_WARNING);
    if (mysqli_num_rows($result) < 1)
    {
        $_SESSION['auth'] = FALSE;
        trigger_error("No such user", E_USER_ERROR);
    }
    $user = mysqli_fetch_object( $result);
    // Profile
    $_SESSION['userid'] = $user->id;
    $_SESSION['username'] = $user->username;
    $_SESSION['realname'] = $user->realname;
    $_SESSION['email'] = $user->email;
    $_SESSION['groupid'] = is_null($user->groupid) ? 0 : $user->groupid;
    $_SESSION['portalauth'] = FALSE;
    $_SESSION['user_source'] = $user->user_source;
    if (!is_null($_SESSION['startdate'])) $_SESSION['startdate'] = $user->user_startdate;

    // Read user config from database
    $_SESSION['userconfig'] = get_user_config_vars($user->id);

    // Make sure utc_offset cannot be blank
    if ($_SESSION['userconfig']['utc_offset'] == '')
    {
        $_SESSION['userconfig']['utc_offset'] == 0;
    }
    // Defaults
    if (empty($_SESSION['userconfig']['theme']))
    {
        $_SESSION['userconfig']['theme'] = $CONFIG['default_interface_style'];
    }
    if (empty($_SESSION['userconfig']['iconset']))
    {
        $_SESSION['userconfig']['iconset'] = $CONFIG['default_iconset'];
    }

    // Delete any old session user notices
    $sql = "DELETE FROM `{$GLOBALS['dbNotices']}` WHERE durability='session' AND userid = {$_SESSION['userid']}";
    mysqli_query($db, $sql);
    if (mysqli_error($db)) trigger_error(mysqli_error($db), E_USER_ERROR);

    //check if the session lang is different the their profiles
    if ($_SESSION['lang'] != '' AND !empty($_SESSION['userconfig']['language']) AND
    $_SESSION['lang'] != $_SESSION['userconfig']['language'])
    {
        $t = new TriggerEvent('TRIGGER_LANGUAGE_DIFFERS', array('profilelang' => $_SESSION['userconfig']['language'],
                'currentlang' => $_SESSION['lang'], 'user' => $_SESSION['userid']));
    }

    if ($_SESSION['userconfig']['language'] != $CONFIG['default_i18n'] AND $_SESSION['lang'] == '')
    {
        $_SESSION['lang'] = is_null($_SESSION['userconfig']['language']) ? '' : $_SESSION['userconfig']['language'];
    }

    // Make an array full of users permissions
    // The zero permission is added to all users, zero means everybody can access
    $userpermissions[] = 0;
    // First lookup the role permissions
    $sql = "SELECT * FROM `{$GLOBALS['dbUsers']}` AS u, `{$GLOBALS['dbRolePermissions']}` AS rp WHERE u.roleid = rp.roleid ";
    $sql .= "AND u.id = '{$_SESSION['userid']}' AND granted='true'";
    $result = mysqli_query($db, $sql);
    if (mysqli_error($db))
    {
        $_SESSION['auth'] = FALSE;
        trigger_error(mysqli_error($db), E_USER_ERROR);
    }
    if (mysqli_num_rows($result) >= 1)
    {
        while ($perm = mysqli_fetch_object( $result))
        {
            $userpermissions[] = $perm->permissionid;
        }
    }

    // Next lookup the individual users permissions
    $sql = "SELECT * FROM `{$GLOBALS['dbUserPermissions']}` WHERE userid = '{$_SESSION['userid']}' AND granted='true' ";
    $result = mysqli_query($db, $sql);
    if (mysqli_error($db))
    {
        $_SESSION['auth'] = FALSE;
        trigger_error(mysqli_error($db), E_USER_ERROR);
    }

    if (mysqli_num_rows($result) >= 1)
    {
        while ($perm = mysqli_fetch_object( $result))
        {
            $userpermissions[] = $perm->permissionid;
        }
    }

    $_SESSION['permissions'] = array_unique($userpermissions);
}


/**
 * Creates valid contact session within SiT!
 * @param int $contactid The ID of the contact
 */
function createContactSession($contactid)
{
    global $CONFIG, $db;

    debug_log("PORTAL AUTH SUCESSFUL");
    $_SESSION['portalauth'] = TRUE;

    $sql = "SELECT * FROM `{$GLOBALS['dbContacts']}` WHERE id = '{$contactid}'";
    $result = mysqli_query($db, $sql);
    if (mysqli_error($db)) trigger_error(mysqli_error($db), E_USER_WARNING);
    if (mysqli_num_rows($result) < 1)
    {
        $_SESSION['portalauth'] = FALSE;
        trigger_error("No such user", E_USER_ERROR);
    }
    $contact = mysqli_fetch_object( $result);

    // Customer session
    // Valid user
    $_SESSION['contactid'] = $contact->id;
    $_SESSION['siteid'] = $contact->siteid;
    $_SESSION['userconfig']['theme'] = $CONFIG['portal_interface_style'];
    $_SESSION['userconfig']['iconset'] = $CONFIG['portal_iconset'];
    $_SESSION['contracts'] = array();
    $_SESSION['auth'] = FALSE;
    $_SESSION['contact_source'] = $contact->contact_source;

    //get admin contracts
    if (admin_contact_contracts($_SESSION['contactid'], $_SESSION['siteid']) != NULL)
    {
        $admincontracts = admin_contact_contracts($_SESSION['contactid'], $_SESSION['siteid']);
        $_SESSION['usertype'] = 'admin';
    }

    //get named contact contracts
    if (contact_contracts($_SESSION['contactid'], $_SESSION['siteid'], false) != NULL)
    {
        $contactcontracts = contact_contracts($_SESSION['contactid'], $_SESSION['siteid'], false);
        if (!isset($_SESSION['usertype']))
        {
            $_SESSION['usertype'] = 'contact';
        }
    }

    //get other contracts
    if (all_contact_contracts($_SESSION['siteid']) != NULL)
    {
        $allcontracts = all_contact_contracts($_SESSION['siteid']);
        if (!isset($_SESSION['usertype']))
        {
            $_SESSION['usertype'] = 'user';
        }
    }

    $_SESSION['contracts'] = array_merge((array)$admincontracts, (array)$contactcontracts, (array)$allcontracts);

    load_entitlements($_SESSION['contactid'], $_SESSION['siteid']);
    header("Location: portal/");
}


/**
 * Validates the credentials password when doing a basic authentication for trusted server mode
 * @author Paul Heaney
 * @return boolean - True if successful, false otherwise
 */
function trustedServerValidateBasicAuth()
{
    global $CONFIG;

    $username = $_SERVER['PHP_AUTH_USER'];
    $secret = $_SERVER['PHP_AUTH_PW'];
    if (isset($CONFIG['trusted_server_client_id']))
    {
        if ($username == $CONFIG['trusted_server_client_id'] AND $secret == $CONFIG['trusted_server_client_secret'])
        {
            return true;
        }
    }
    else
    {
        // We don't have basic auth enabled
        return true;
    }
    
    return false;
}

/**
* Returns a specified column from a specified table in the database given an ID primary key
* @author Ivan Lucas
* @param string $column a database column
* @param string $table a database table
* @param int $id the primary key / id column
* @return A column from the database
* @note it's not always efficient to read a single column at a time, but when you only need
*  one column, this is handy
*/
function db_read_column($column, $table, $id)
{
    global $db;
    $sql = "SELECT `{$column}` FROM `{$table}` WHERE id ='$id' LIMIT 1";
    $result = mysqli_query($db, $sql);
    if (mysqli_error($db)) trigger_error("MySQL Query Error ".mysqli_error($db), E_USER_WARNING);
    if (mysqli_num_rows($result) == 0)
    {
        $column = FALSE;
    }
    else
    {
        list($column) = mysqli_fetch_row($result);
    }
    return $column;
}


/**
 * @author Ivan Lucas
 * @note: Requires permission names to be i18n strings in the database table
 */
function permission_name($permissionid)
{
    global $dbPermissions;
    $name = db_read_column('name', $dbPermissions, $permissionid);
    if (empty($name)) $name = $GLOBALS['strUnknown'];
    else $name = $GLOBALS["{$name}"];
    return $name;
}


/**
 * Get the name associated with software ID / skill ID
 * @author Ivan Lucas
 * @param int $softwareid
 * @return string. Skill/Software Name
 * @note Software was renamed skills for v3.30
 */
function software_name($softwareid)
{
    global $now, $dbSoftware, $strEOL, $strEndOfLife, $db;

    $sql = "SELECT * FROM `{$dbSoftware}` WHERE id = '{$softwareid}'";
    $result = mysqli_query($db, $sql);
    if (mysqli_num_rows($result) >= 1)
    {
        $software = mysqli_fetch_object($result);
        $lifetime_end = mysql2date($software->lifetime_end);
        if ($lifetime_end > 0 AND $lifetime_end < $now)
        {
            $name = "<span class='deleted'>{$software->name}</span> (<abbr title='{$strEndOfLife}'>{$strEOL}</abbr>)";
        }
        else
        {
            $name = $software->name;
        }
    }
    else
    {
        $name = $GLOBALS['strUnknown'];
    }

    return $name;
}


/**
 * Returns a string representing the name of the given product.
 * @return Returns an empty string if the product does not exist.
 */
function product_name($id)
{
    return db_read_column('name', $GLOBALS['dbProducts'], $id);
}


/**
 * Handle a PHP triggered error
 * @author Ivan Lucas
 * @note Not called directly but triggered by PHP's own error handling
 *       and the trigger_error function.
 * @note Parameters as per http://www.php.net/set_error_handler
 * @note This function is not internationalised in order that bugs can
 *       be reported to developers and still be sure that they will be
 *       understood
 */
function sit_error_handler($errno, $errstr, $errfile, $errline, $errcontext)
{
    global $CONFIG, $sit, $siterrors;

    // if error has been supressed with an @
    if (error_reporting() == 0)
    {
        return;
    }

    $errortype = array(
    E_ERROR           => 'Fatal Error',
    E_WARNING         => 'Warning',
    E_PARSE           => 'Parse Error',
    E_NOTICE          => 'Notice',
    E_CORE_ERROR      => 'Core Error',
    E_CORE_WARNING    => 'Core Warning',
    E_COMPILE_ERROR   => 'Compile Error',
    E_COMPILE_WARNING => 'Compile Warning',
    E_USER_ERROR      => 'Application Error',
    E_USER_WARNING    => 'Application Warning',
    E_USER_NOTICE     => 'Application Notice');

    if (defined('E_STRICT')) $errortype[E_STRICT] = 'Strict Runtime notice';

    $trace_errors = array(E_ERROR, E_USER_ERROR);
    if ($CONFIG['debug'] != TRUE)
    {
        $errfile = basename($errfile);
    }

    $user_errors = E_USER_ERROR | E_USER_WARNING | E_USER_NOTICE;
    $system_errors = E_ERROR | E_WARNING | E_CORE_ERROR | E_CORE_WARNING | E_COMPILE_ERROR | E_COMPILE_WARNING;
    $warnings = E_WARNING | E_USER_WARNING | E_CORE_WARNING | E_COMPILE_WARNING;
    $notices = E_NOTICE | E_USER_NOTICE;

    if (($errno & $user_errors) OR ($errno & $system_errors))
    {
        if (empty($CONFIG['error_logfile']) === FALSE AND is_writable($CONFIG['error_logfile']) === TRUE)
        {
            $displayerrors = FALSE;
        }
        else
        {
            $displayerrors = TRUE;
        }

        if ($errno & $notices) $class = 'info';
        elseif ($errno & $warnings) $class = 'warning';
        else $class = 'error';

        $backtrace = debug_backtrace();
        if (php_sapi_name() != 'cli')
        {
            $tracelog = '';
            if ($displayerrors)
            {
                echo "<p class='{$class}'><strong>{$errortype[$errno]} [{$errno}]</strong><br />";
                if ($errno != E_USER_NOTICE)
                {
                    echo "{$errstr} in {$errfile} @ line {$errline}";
                }
                else
                {
                    echo "{$errstr}";
                }
                if ($CONFIG['debug']) echo "<br /><strong>Backtrace</strong>:";
            }

            foreach ($backtrace AS $trace)
            {
                if (!empty($trace['file']))
                {
                    if ($CONFIG['debug'] AND $displayerrors)
                    {
                        echo "<br />{$trace['file']} @ line {$trace['line']}";
                    }

                    $tracelog .= "{$trace['file']} @ line {$trace['line']}";
                    if (!empty($trace['function']))
                    {
                        $tracelog .= " {$trace['function']}()";
                        if ($displayerrors) echo " {$trace['function']}() ";
//                         foreach ($trace['args'] AS $arg)
//                         {
//                             echo "$arg &bull; ";
//                         }
                    }
                    $tracelog .= "\n";
                }
            }
            if ($errno != E_NOTICE)
            {
                $logentry = " {$errortype[$errno]} [{$errno}] {$errstr} (in line {$errline} of file {$errfile})\n";
            }

            if ($errno == E_ERROR
                || $errno == E_USER_ERROR
                || $errno == E_CORE_ERROR
                || $errno == E_CORE_WARNING
                || $errno == E_COMPILE_ERROR
                || $errno == E_COMPILE_WARNING)
            {
                $logentry .= "\n[CONTEXT-BEGIN]\n".print_r($errcontext, TRUE)."\n[CONTEXT-END]\n----------\n\n";
                $siterrors++;
            }

            debug_log($logentry);
            if ($displayerrors)
            {
                echo "</p>";
                // Tips, to help diagnose errors
                if (strpos($errstr, 'Unknown column') !== FALSE OR
                    preg_match("/Table '(.*)' doesn't exist/", $errstr))
                {
                    echo "<p class='tip'>The SiT schema may need updating to fix this problem.";
                    if (user_permission($sit[2], PERM_ADMIN)) echo "Visit <a href='setup.php'>Setup</a>"; // Only show this to admin
                    echo "</p>";
                }

                if (strpos($errstr, 'headers already sent') !== FALSE)
                {
                    echo "<p class='tip'>This warning may be caused by a problem that occurred before the ";
                    echo "page was displayed, or sometimes by a syntax error or ";
                    echo "extra whitespace in your config file.</p>";
                }

                if (strpos($errstr, 'You have an error in your SQL syntax') !== FALSE OR
                    strpos($errstr, 'Query Error Incorrect table name') !== FALSE)
                {
                    echo "<p class='tip'>You may have found a bug in SiT, please <a href=\"{$CONFIG['bugtracker_url']}\">report it</a>.</p>";
                }
            }
        }
        else
        {
            debug_log("ERROR: {$errortype[$errno]} {$errstr} in {$errfile} at line {$errline}\n");
            if (!empty($tracelog)) debug_log("ERROR: Backtrace:\n{$tracelog}\n");
        }
    }
}


/**
 * Write an entry to the configured error logfile
 * @author Ivan Lucas
 * @param string $logentry. A line, or lines to write to the log file
 * (with newlines \n)
 * @param bool $debugmodeonly. Only write an entry if debug mode is TRUE
 * @retval bool TRUE log entry written
 * @retval bool FALSE log entry not written
 */
function debug_log($logentry, $debugmodeonly = FALSE)
{
    global $CONFIG;
    if ($debugmodeonly === FALSE
        OR ($debugmodeonly === TRUE AND $CONFIG['debug'] == TRUE))
    {
        if ($CONFIG['debug'] == TRUE)
        {
            $scriptname = $_SERVER["SCRIPT_NAME"];
        }
        else
        {
            $scriptname = basename($_SERVER["SCRIPT_NAME"]);
        }
        $logentry = $scriptname . ' ' .$logentry;

        if (substr($logentry, -1) != "\n") $logentry .= "\n";
        if (!empty($CONFIG['error_logfile']))
        {
            if (file_exists($CONFIG['error_logfile']))
            {
                if (is_writable($CONFIG['error_logfile']))
                {
                    $fp = fopen(clean_fspath($CONFIG['error_logfile']), 'a+');
                    if ($fp)
                    {
                        fwrite($fp, date('c').' '.$logentry);
                        fclose($fp);
                    }
                    else
                    {
                        echo "<p class='error'>Could not log message to error_logfile</p>";
                        trigger_error("Could not log message to error_logfile", E_USER_NOTICE);
                        return FALSE;
                    }
                    return TRUE;
                }
                else
                {
                    trigger_error("Debug log file (error_logfile) [{$CONFIG['error_logfile']}] not writable", E_USER_WARNING);
                }
            }
            else
            {
                trigger_error("Debug log file (error_logfile) [{$CONFIG['error_logfile']}] not found", E_USER_WARNING);
            }
        }
        else
        {
            return FALSE;
        }
    }
    else return TRUE;
}


/**
 * Send an email from SiT
 * @param string $to. Destination email address
 * @param string $from. Source email address
 * @param string $subject. Email subject line
 * @param string $body. Email body text
 * @param string $replyto. (optional) Address to send reply to
 * @param string $cc. (optional) Carbon copy address
 * @param string $bcc. (optional) Blind carbon copy address
 * @return The return value from PHP mail() function or TRUE when in Demo mode
 * @note Returns TRUE but does not actually send mail when SiT is in Demo mode
 */
function send_email($to, $from, $subject, $body, $replyto='', $cc='', $bcc='')
{
    global $CONFIG, $application_version_string;

    if ($CONFIG['outbound_email_newline'] == 'CRLF')
    {
        $crlf = "\r\n";
    }
    else
    {
        $crlf = "\n";
    }

    if (empty($to)) trigger_error('Empty TO address in email', E_USER_WARNING);

    $extra_headers  = '';
    if (!empty($replyto)) $extra_headers .= "Reply-To: {$replyto}" . $crlf;
    if (!empty($cc))
    {
        $extra_headers .= "CC: {$cc}" . $crlf;
    }
    if (!empty($bcc))
    {
        $extra_headers .= "BCC: {$bcc}" . $crlf;
    }
    if (!empty($CONFIG['support_email']))
    {
        $extra_headers .= "Errors-To: {$CONFIG['support_email']}" . $crlf;
    }
    $extra_headers .= "X-Mailer: {$CONFIG['application_shortname']} {$application_version_string}/PHP " . phpversion() . $crlf;
    if ($CONFIG['outbound_email_send_xoriginatingip']) $extra_headers .= "X-Originating-IP: " . substr($_SERVER['REMOTE_ADDR'], 0, 15) . $crlf;
    // $extra_headers .= "\r\n";

    if ($CONFIG['demo'])
    {
        $rtnvalue = TRUE;
    }
    elseif ($CONFIG['enable_outbound_email'] == false)
    {
        $rtnvalue = TRUE;
        debug_log("Outgoing email disabled, no mail is sent");
    }
    else
    {
        // $rtnvalue = mail($to, $subject, $body, $extra_headers);

        $mime = new MIME_mail($from, $to, html_entity_decode($subject), '', $extra_headers, $mailerror);
        $mime -> attach($body, '', "text/plain; charset={$GLOBALS['i18ncharset']}", $CONFIG['outbound_email_encoding'], 'inline');

        // actually send the email
        $rtnvalue = $mime -> send_mail();
        if (!empty($mailerror)) debug_log("Outoing email error: {$mailerror}");
    }

    return $rtnvalue;
}


/**
 * Return a global signature chosen at random
 *
 * @author Ivan Lucas
 * @note This is inefficient SQL but shouldn't be too much of a problem since
 * there are usually a low number records in this table.
*/
function global_signature()
{
    global $db;
    $sql = "SELECT signature FROM `{$GLOBALS['dbEmailSig']}` ORDER BY RAND() LIMIT 1";
    $result = mysqli_query($db, $sql);
    list($signature) = mysqli_fetch_row($result);
    mysqli_free_result($result);
    return $signature;
}


/**
 * Wrapper function to call dashboard_*_do() within a dashlet plugin
 * See dashlet() for more information
 * @author Ivan Lucas
 * @param string $context
 * @param string $row
 * @param string $dashboardid
 */
function dashboard_do($context, $row=0, $dashboardid=0)
{
    global $DASHBOARDCOMP;
    $dashletid = "{$row}-{$dashboardid}";
    $action = $DASHBOARDCOMP[$context];
    if ($action != NULL || $action != '')
    {
        if (function_exists($action)) $action($dashletid);
    }
}


/**
 * Output a dashboard component
 * @author Ivan Lucas
 * @param string $row
 * @param string $dashboardid
 */
function show_dashboard_component($row, $dashboardid)
{
    global $dbDashboard, $db;
    $sql = "SELECT name FROM `{$dbDashboard}` WHERE enabled = 'true' AND id = '$dashboardid'";
    $result = mysqli_query($db, $sql);
    if (mysqli_error($db)) trigger_error(mysqli_error($db), E_USER_WARNING);

    if (mysqli_num_rows($result) == 1)
    {
        $obj = mysqli_fetch_object($result);
        dashboard_do("dashboard_".$obj->name, 'db_'.$row, $dashboardid);
    }
}


/**
 * Checks to see if a dashlet is installed
 * @author Paul Heaney
 * @param String $dashlet The name of the dashlet
 * @retval bool TRUE installed
 * @retval bool FALSE not installed
 */
function is_dashlet_installed($dashlet)
{
    global $db;
    $sql = "SELECT id FROM `{$GLOBALS['dbDashboard']}` WHERE name = '{$dashlet}'";
    $result = mysqli_query($db, $sql);
    if (mysqli_error($db)) trigger_error("MySQL Query Error ".mysqli_error($db), E_USER_WARNING);
    if (mysqli_num_rows($result) == 1)
    {
        return TRUE;
    }
    else
    {
        return FALSE;
    }
}


/**
 * Shows errors from a form, if any
 * @author Kieran Hogg
 * @return string. HTML of the form errors stored in the users session
 */
function show_form_errors($formname)
{
    if ($_SESSION['formerrors'][$formname])
    {
        foreach ($_SESSION['formerrors'][$formname] as $error)
        {

            if (mb_substr(trim($error), 0, 1) != "<")
            {
                $html .= user_alert($error, E_USER_ERROR);
            }
            else
            {
                $html .= $error;
            }
        }
    }

    return $html;
}


/**
 * Cleans form errors by clearing the formerrors array in the users session
 * @author Kieran Hogg
 * @param string $formname. The form name to clear.
 * @return nothing
 */
function clear_form_errors($formname)
{
    unset($_SESSION['formerrors'][$formname]);
}


/**
 * Cleans form data by clearing the formdata array in the users session
 * @author Kieran Hogg
 * @param string $formname. The form name to clear.
 * @return nothing
 */
function clear_form_data($formname)
{
    unset($_SESSION['formdata'][$formname]);
}


/**
 * Returns the value for a form returned from either the session or the default value 
 * Useful in conjunction with show_form_errors where you wish to restore values from the session to aid data input
 * @author Paul Heaney
 * @param String $formname form name from _SESSION['formdata'][FORMNAME]
 * @param String $fieldvalue The field in the form to show the value for
 * @param String $defaultvalue The default avlue to show if not set
 * @return String - The String to display
 */
function show_form_value($formname, $fieldvalue, $defaultvalue='')
{
    if (isset($_SESSION['formdata'][$formname][$fieldvalue]))
    {
        return $_SESSION['formdata'][$formname][$fieldvalue];
    }
    else
    {
        return $defaultvalue;
    }
}

/**
 * Generates a form token and timeout value and stores them in the session
 * @author Ivan Lucas
 * @retval string MD5 form token
 */
function gen_form_token()
{
    $formtoken = sha1(uniqid(rand(), true));
    $_SESSION['formtoken'] = $formtoken;
    $_SESSION['formtime'] = time();

    return $formtoken;
}


/**
 * Checks a form token matches the one stored in the session and that the form
 * hasn't timed out
 * @author Ivan Lucas
 * @param string a SHA1 form token
 * @retval bool TRUE - Form token is valid
 * @retval bool FALSE - Form token is invalid
 * @see gen_form_token()
 * @note Also clears the form token and timeout stored in the session
 */
function check_form_token($formtoken)
{
    // Time allowed to complete the form (in seconds)
    $min_time = 3;
    $max_time = 120;

    $val = FALSE;
    if ($formtoken != $_SESSION['formtoken'])
    {
        trigger_error('Invalid form token', E_USER_WARNING);
    }
    else
    {
        $val = TRUE;
    }

    if ($val === TRUE AND (time() - $_SESSION['formtime']) < $min_time)
    {
        trigger_error('Invalid form. Submitted too quickly', E_USER_WARNING);
        $val = FALSE;
    }
    if ($val === TRUE AND (time() - $_SESSION['formtime']) > $max_time)
    {
        trigger_error('Invalid form. Form expired before submission', E_USER_WARNING);
        $val = FALSE;
    }
    unset($_SESSION['formtoken']);
    unset($_SESSION['formtime']);

    return $val;
}


/**
 * Finds out which scheduled tasks should be run right now
 * Ensures that a task cannot start until the previous iteration has completed
 * @author Ivan Lucas, Paul Heaney
 * @return array
 */
function schedule_actions_due()
{
    global $dbScheduler, $now, $db;

    $actions = FALSE;
    // Interval
    $sql = "SELECT * FROM `{$dbScheduler}` WHERE `status` = 'enabled' AND type = 'interval' ";
    $sql .= "AND UNIX_TIMESTAMP(start) <= {$now} AND (UNIX_TIMESTAMP(end) >= {$now} OR UNIX_TIMESTAMP(end) = 0 OR UNIX_TIMESTAMP(end) is NULL) ";
    $sql .= "AND IF(UNIX_TIMESTAMP(lastran) > 0, UNIX_TIMESTAMP(lastran) + `interval`, 0) <= {$now} ";
    $sql .= "AND IF(UNIX_TIMESTAMP(laststarted) > 0, UNIX_TIMESTAMP(lastran), -1) <= IF(UNIX_TIMESTAMP(laststarted) > 0, UNIX_TIMESTAMP(laststarted), 0)";
    $result = mysqli_query($db, $sql);
    if (mysqli_error($db)) trigger_error(mysqli_error($db), E_USER_WARNING);
    if (mysqli_num_rows($result) > 0)
    {
        while ($action = mysqli_fetch_object($result))
        {
            $actions[$action->action] = $actions->params;
        }
    }

    // Month
    $sql = "SELECT * FROM `{$dbScheduler}` WHERE `status` = 'enabled' AND type = 'date' ";
    $sql .= "AND UNIX_TIMESTAMP(start) <= {$now} AND (UNIX_TIMESTAMP(end) >= {$now} OR UNIX_TIMESTAMP(end) = 0 OR UNIX_TIMESTAMP(end) is NULL) ";
    $sql .= "AND ((date_type = 'month' AND (DAYOFMONTH(CURDATE()) > date_offset OR (DAYOFMONTH(CURDATE()) = date_offset AND CURTIME() >= date_time)) ";
    $sql .= "AND DATE_FORMAT(CURDATE(), '%Y-%m') != DATE_FORMAT(lastran, '%Y-%m') ) ) ";  // not run this month
    $sql .= "AND IF(UNIX_TIMESTAMP(lastran) > 0, UNIX_TIMESTAMP(lastran) + `interval`, 0) <= {$now} ";
    $sql .= "AND IF(UNIX_TIMESTAMP(laststarted) > 0, UNIX_TIMESTAMP(lastran), -1) <= IF(UNIX_TIMESTAMP(laststarted) > 0, UNIX_TIMESTAMP(laststarted), 0)";
    $result = mysqli_query($db, $sql);
    if (mysqli_error($db)) trigger_error(mysqli_error($db), E_USER_WARNING);
    if (mysqli_num_rows($result) > 0)
    {
        while ($action = mysqli_fetch_object($result))
        {
            $actions[$action->action] = $actions->params;
        }
    }

    // Year TODO CHECK
    $sql = "SELECT * FROM `{$dbScheduler}` WHERE `status` = 'enabled' ";
    $sql .= "AND type = 'date' AND UNIX_TIMESTAMP(start) <= {$now} ";
    $sql .= "AND (UNIX_TIMESTAMP(end) >= {$now} OR UNIX_TIMESTAMP(end) = 0 OR UNIX_TIMESTAMP(end) is NULL) ";
    $sql .= "AND ((date_type = 'year' AND (DAYOFYEAR(CURDATE()) > date_offset ";
    $sql .= "OR (DAYOFYEAR(CURDATE()) = date_offset AND CURTIME() >= date_time)) ";
    $sql .= "AND DATE_FORMAT(CURDATE(), '%Y') != DATE_FORMAT(lastran, '%Y') ) ) ";  // not run this year
    $sql .= "AND IF(UNIX_TIMESTAMP(lastran) > 0, UNIX_TIMESTAMP(lastran) + `interval`, 0) <= {$now} ";
    $sql .= "AND IF(UNIX_TIMESTAMP(laststarted) > 0, UNIX_TIMESTAMP(lastran), -1) <= IF(UNIX_TIMESTAMP(laststarted) > 0, UNIX_TIMESTAMP(laststarted), 0)";
    $result = mysqli_query($db, $sql);
    if (mysqli_error($db)) trigger_error(mysqli_error($db), E_USER_WARNING);
    if (mysqli_num_rows($result) > 0)
    {
        while ($action = mysqli_fetch_object($result))
        {
            $actions[$action->action] = $actions->params;
        }
    }

    if (is_array($actions)) debug_log('Scheduler actions due: '.implode(', ', array_keys($actions)));

    return $actions;
}


/**
 * Marks a schedule action as started
 * @author Paul Heaney
 * @param string $action. Name of scheduled action
 * @return boolean Success of update
 */
function schedule_action_started($action)
{
    global $now, $db;

    $nowdate = date('Y-m-d H:i:s', $now);

    $sql = "UPDATE `{$GLOBALS['dbScheduler']}` SET laststarted = '{$nowdate}' ";
    $sql .= "WHERE action = '{$action}'";
    mysqli_query($db, $sql);
    if (mysqli_error($db))
    {
        trigger_error(mysqli_error($db), E_USER_ERROR);
        return FALSE;
    }
    if (mysqli_affected_rows($db) > 0) return TRUE;
    else return FALSE;
}


/**
 * Mark a schedule action as done
 * @author Ivan Lucas
 * @param string $doneaction. Name of scheduled action
 * @param bool $success. Was the run successful, TRUE = Yes, FALSE = No
 */
function schedule_action_done($doneaction, $success = TRUE)
{
    global $dbScheduler, $now, $db;

    if ($success != TRUE)
    {
        $t = new TriggerEvent('TRIGGER_SCHEDULER_TASK_FAILED', array('schedulertask' => $doneaction));
    }

    $nowdate = date('Y-m-d H:i:s', $now);
    $sql = "UPDATE `{$dbScheduler}` SET lastran = '{$nowdate}' ";
    if ($success == FALSE) $sql .= ", success=0, status='disabled' ";
    else $sql .= ", success=1 ";
    $sql .= "WHERE action = '{$doneaction}'";
    mysqli_query($db, $sql);
    if (mysqli_error($db))
    {
        trigger_error(mysqli_error($db), E_USER_ERROR);
        return FALSE;
    }
    if (mysqli_affected_rows($db) > 0) return TRUE;
    else return FALSE;
}


/**
 * Update the current session id with a newly generated one
 * @author Ivan Lucas
 * @note Wrap the php function for different versions of php
 */
function session_regenerate()
{
    if (function_exists('session_regenerate_id'))
    {
        if (!version_compare(phpversion(), "5.1.0", ">=")) session_regenerate_id(FALSE);
        else session_regenerate_id();
    }
}


/**
 * Outputs the full base url of the install, e.g. http://www.example.com/
 *
 * @return string base url of the install
 * @author Kieran Hogg
 */
function application_url()
{
    global $CONFIG;
    if (empty($CONFIG['application_uriprefix']))
    {
        $url = parse_url($_SERVER['HTTP_REFERER']);
        if ($_SERVER['HTTPS'] == 'off' OR empty($_SERVER['HTTPS']))
        {
            $baseurl = "http://";
        }
        else
        {
            $baseurl = "https://";
        }
        $baseurl .= htmlspecialchars(substr($_SERVER['HTTP_HOST'], 0, 255), ENT_QUOTES, 'utf-8');
    }
    else
    {
        $baseurl = "{$CONFIG['application_uriprefix']}";
    }
    $baseurl .= "{$CONFIG['application_webpath']}";

    return $baseurl;
}


/**
 * Sets up default triggers for new users or upgraded users
 *
 * @param int $userid ID of the user
 * @return bool TRUE on success, FALSE if not
 * @author Kieran Hogg
 */
function setup_user_triggers($userid)
{
    global $db;
    $return = TRUE;
    $userid = intval($userid);
    if ($userid != 0)
    {
        $sqls[] = "INSERT INTO `{$GLOBALS['dbTriggers']}` (`triggerid`, `userid`, `action`, `template`, `parameters`, `checks`)
                VALUES('TRIGGER_INCIDENT_ASSIGNED', {$userid}, 'ACTION_NOTICE', 'NOTICE_INCIDENT_ASSIGNED', '', '{userid} == {$userid}');";
        $sqls[] = "INSERT INTO `{$GLOBALS['dbTriggers']}` (`triggerid`, `userid`, `action`, `template`, `parameters`, `checks`)
                VALUES('TRIGGER_SIT_UPGRADED', {$userid}, 'ACTION_NOTICE', 'NOTICE_SIT_UPGRADED', '', '');";
        $sqls[] = "INSERT INTO `{$GLOBALS['dbTriggers']}` (`triggerid`, `userid`, `action`, `template`, `parameters`, `checks`)
                VALUES('TRIGGER_INCIDENT_CLOSED', {$userid}, 'ACTION_NOTICE', 'NOTICE_INCIDENT_CLOSED', '', '{userid} == {$userid}');";
        $sqls[] = "INSERT INTO `{$GLOBALS['dbTriggers']}` (`triggerid`, `userid`, `action`, `template`, `parameters`, `checks`)
                VALUES('TRIGGER_INCIDENT_NEARING_SLA', {$userid}, 'ACTION_NOTICE', 'NOTICE_INCIDENT_NEARING_SLA', '',
                '{ownerid} == {$userid} OR {townerid} == {$userid}');";
        $sqls[] = "INSERT INTO `{$GLOBALS['dbTriggers']}` (`triggerid`, `userid`, `action`, `template`, `parameters`, `checks`)
                VALUES('TRIGGER_LANGUAGE_DIFFERS', {$userid}, 'ACTION_NOTICE', 'NOTICE_LANGUAGE_DIFFERS', '', '');";


        foreach ($sqls AS $sql)
        {
            mysqli_query($db, $sql);
            if (mysqli_error($db))
            {
                trigger_error("MySQL Query Error ".mysqli_error($db), E_USER_ERROR);
                $return = FALSE;
            }
        }
    }
    else
    {
        trigger_error("setup_user_triggers() Invalid userid '{$userid}' specified", E_USER_NOTICE);
        $return = FALSE;
    }

    return $return;
}


/**
 * Function to return currently running SiT! version
 * @return String - Currently running application version
 */
function application_version_string()
{
    global $application_version_string;
    return $application_version_string;
}


/**
 * Returns the currently running schema version
 * @author Paul Heaney
 * @return String - currently running schema version
 */
function database_schema_version()
{
    global $db;
    $return = '';
    $sql = "SELECT `schemaversion` FROM `{$GLOBALS['dbSystem']}` WHERE id = 0";
    $result = mysqli_query($db, $sql);
    if (mysqli_error($db))
    {
        trigger_error("MySQL Query Error ".mysqli_error($db), E_USER_WARNING);
        $return = FALSE;
    }

    if (mysqli_num_rows($result) > 0)
    {
        list($return) = mysqli_fetch_row($result);
    }

    return $return;
}


/**
 * Populates $_SESSION['syslang], system language strings
 *
 * @author Kieran Hogg
 * @sa See also populate_syslang2() which is a copy of this function
 */
function populate_syslang()
{
    global $CONFIG;

    // Populate $SYSLANG with first the native lang and then the system lang
    // This is so that we have a complete language file
    $nativefile = APPLICATION_I18NPATH . "en-GB.inc.php";
    $file = APPLICATION_I18NPATH . "{$CONFIG['default_i18n']}.inc.php";

    if (file_exists($nativefile))
    {
        $nativefile = clean_fspath($nativefile);
        $fh = fopen($nativefile, "r");

        $theData = fread($fh, filesize($nativefile));
        fclose($fh);
        $nativelines = explode("\n", $theData);

        if (file_exists($file))
        {
            $file = clean_fspath($file);
            $fh = fopen($file, "r");
            $theData = fread($fh, filesize($file));
            fclose($fh);
            $lines = explode("\n", $theData);
        }
        else
        {
            trigger_error("Language file specified in \$CONFIG['default_i18n'] can't be found", E_USER_ERROR);
            $lines = $nativelines;
        }

       foreach ($nativelines as $values)
        {
            $badchars = array("$", "\"…