/system/core/core.functions.php

Large files files are truncated, but you can click here to view the full file

<?php

/*
=====================================================
 ExpressionEngine - by EllisLab
-----------------------------------------------------
 http://expressionengine.com/
-----------------------------------------------------
 Copyright (c) 2003 - 2010 EllisLab, Inc.
=====================================================
 THIS IS COPYRIGHTED SOFTWARE
 PLEASE READ THE LICENSE AGREEMENT
 http://expressionengine.com/docs/license.html
=====================================================
 File: core.functions.php
-----------------------------------------------------
 Purpose: Shared system functions.
=====================================================
*/



if ( ! defined('EXT'))
{
    exit('Invalid file request');
}


class Functions {  
   
    var $seed 			= FALSE; // Whether we've seeded our rand() function.  We only seed once per script execution
    var $cached_url		= array();
    var $cached_path	= array();
    var $cached_index	= array();
    var $cached_captcha	= '';
    var $template_map	= array();
    var $template_type	= '';
    var $action_ids		= array();
    var $file_paths     = array();
    var $conditional_debug = FALSE;
  
  
    /** ----------------------------------------
    /**  Set Full server path 
    /** ----------------------------------------*/
   
	function set_realpath($path)
	{
        if (@realpath($path) !== FALSE)
        {
            $path = realpath($path).'/';
        }
    
		return str_replace("\\", "/", $path);	
	}
	/* END */
	
   
    /** ----------------------------------------
    /**  Fetch base site index
    /** ----------------------------------------*/
 
    function fetch_site_index($add_slash = 0, $sess_id = 1)
    {
        global $PREFS, $TMPL, $SESS;
        
        if (isset($this->cached_index[$add_slash.$sess_id.$this->template_type]))
        {
        	return $this->cached_index[$add_slash.$sess_id.$this->template_type];
        }
                
        $url = $PREFS->ini('site_url', 1);
                
        if (USER_BLOG !== FALSE)
        {
            $url .= USER_BLOG.'/';
        }
        
        $url .= $PREFS->ini('site_index');
                
        if ($PREFS->ini('force_query_string') == 'y')
        {
        	$url .= '?';
        }        

		if (is_object($SESS) && ! empty($SESS->userdata['session_id']) && REQ != 'CP' && $sess_id == 1 && 
			$PREFS->ini('user_session_type') != 'c' && $this->template_type == 'webpage')
		{ 
			$url .= "/S=".$SESS->userdata('session_id')."/";
		}
        
        if ($add_slash == 1)
        {
            if (substr($url, -1) != '/')
            {
                $url .= "/";
            }
        }
        
		$this->cached_index[$add_slash.$sess_id.$this->template_type] = $url;
        return $url;
    } 
    /* END */
        

    /** ----------------------------------------
    /**  Create a custom URL
    /** ----------------------------------------*/
    
    // The input to this function is parsed and added to the
    // full site URL to create a full URL/URI
    
    function create_url($segment, $trailing_slash = true, $sess_id = 1)
    {
        global $PREFS, $REGX, $SESS;
                
        // Since this function can be used via a callback
        // we'll fetch the segiment if it's an array
        
        if (is_array($segment))
        {
            $segment = $segment['1'];
        }
        
        if (isset($this->cached_url[$segment]))
        {
        	return $this->cached_url[$segment];
        }

		$full_segment = $segment;         
		$segment = str_replace(array("'", '"'), '', $segment);
		$segment = preg_replace("/(.+?(&#47;|\/))index(&#47;|\/)(.*?)/", "\\1\\2", $segment);       
		$segment = preg_replace("/(.+?(&#47;|\/))index$/", "\\1", $segment);
		        
        /** --------------------------
        /**  Specials
        /** --------------------------*/
        
        // These are exceptions to the normal path rules
        
        if (strtolower($segment) == 'site_index')
        {
            return $this->fetch_site_index();
        }
        
        if (strtolower($segment)  == 'logout')
        {
            $qs = ($PREFS->ini('force_query_string') == 'y') ? '' : '?';        
            return $this->fetch_site_index(0, 0).$qs.'ACT='.$this->fetch_action_id('Member', 'member_logout');
        }
                
        // END Specials
                  
        $base = $this->fetch_site_index(0, $sess_id).'/'.$REGX->trim_slashes($segment);
        
        if (substr($base, -1) != '/' && $trailing_slash == TRUE)
        {
            $base .= '/';
        }
        
		$out = $this->remove_double_slashes($base);           
                       
		$this->cached_url[$full_segment] = $out;
                       
        return $out;
    }
    /* END */


    /** ----------------------------------------
    /**  Fetch site index with URI query string
    /** ----------------------------------------*/
 
    function fetch_current_uri()
    { 
        global $IN;
           
		return $this->remove_double_slashes($this->fetch_site_index().$IN->URI);
    } 
    /* END */
    
    
    /** -----------------------------------------
    /**  Remove duplicate slashes from URL
    /** -----------------------------------------*/
    
    // With all the URL/URI parsing/building, there is the potential
    // to end up with double slashes.  This is a clean-up function.

    function remove_double_slashes($str)
    {  
		$str = str_replace("://", "{:SS}", $str);
		$str = str_replace(":&#47;&#47;", "{:SHSS}", $str);  // Super HTTP slashes saved!
		$str = preg_replace("#/+#", "/", $str);
		$str = preg_replace("/(&#47;)+/", "/", $str);
		$str = str_replace("&#47;/", "/", $str);
		$str = str_replace("{:SHSS}", ":&#47;&#47;", $str);
		$str = str_replace("{:SS}", "://", $str);
	
		return $str;
    }
    /* END */

    
    /** ----------------------------------------
    /**  Remove session ID from string
    /** ----------------------------------------*/
    
    // This function is used mainly by the Input class to strip
    // session IDs if they are used in public pages.
 
    function remove_session_id($str)
    {
		return preg_replace("#S=.+?/#", "", $str);
    } 
    /* END */


    /** -----------------------------------------
    /**  Extract path info
    /** -----------------------------------------*/
    
    // We use this to extract the template group/template name
    // from path variables, like {some_var path="weblog/index"}

    function extract_path($str)
    {
        global $REGX;
                    
        if (preg_match("#=(.*)#", $str, $match))
        {        
			if (isset($this->cached_path[$match['1']]))
			{
				return $this->cached_path[$match['1']];
			}
        
        	$path = $REGX->trim_slashes(str_replace(array("'",'"'), "", $match['1']));
        	
        	if (substr($path, -6) == 'index/')
			{
				$path = str_replace('/index', '', $path);
			}
			
			if (substr($path, -5) == 'index')
			{
				$path = str_replace('/index', '', $path);
			}
			
			$this->cached_path[$match['1']] = $path;
        
            return $path;
        }
        else
        {
            return 'SITE_INDEX';
        }
    }
    /* END */

        
    /** ----------------------------------------
    /**  Replace variables
    /** ----------------------------------------*/
		
	function var_swap($str, $data)
	{
		if ( ! is_array($data))
		{
			return FALSE;
		}
	
		foreach ($data as $key => $val)
		{
			$str = str_replace('{'.$key.'}', $val, $str);
		}
	
		return $str;
	}
	/* END */


    /** ----------------------------------------
    /**  Redirect
    /** ----------------------------------------*/
    
    function redirect($location)
    {    
        global $PREFS;
                
        $location = str_replace('&amp;', '&', $this->insert_action_ids($location));
                
        switch($PREFS->ini('redirect_method'))
        {
            case 'refresh' : header("Refresh: 0;url=$location");
                break;
            default        : header("Location: $location");
                break;
        }
        
        exit;
    }
    /* END */


    /** ----------------------------------------
    /**  Bounce
    /** ----------------------------------------*/
    
    function bounce($location = '')
    {
        if ($location == '')
            $location = BASE;
            
        $this->redirect($location);
        exit;
    }
    /* END */
    
    

    /** -------------------------------------------------
    /**  Convert a string into an encrypted hash
    /** -------------------------------------------------*/
    
    // SHA1 or MD5 is supported
    
    function hash($str)
    {
		global $PREFS;
		
		if ($PREFS->ini('encryption_type') == 'md5')
		{
			return md5($str);
		}
    		    
        if ( ! function_exists('sha1'))
        {
            if ( ! function_exists('mhash'))
            {
				if ( ! class_exists('SHA'))
				{
					require PATH_CORE.'core.sha1'.EXT;    
				}
            
                $SH = new SHA;

                return $SH->encode_hash($str);            
            }
            else
            {
                return bin2hex(mhash(MHASH_SHA1, $str));
            }
        }
        else
        {
            return sha1($str);
        }
    }
    /* END */



    /** -------------------------------------------------
    /**  Random number/password generator
    /** -------------------------------------------------*/
    
    function random($type = 'encrypt', $len = 8)
    {
        if ($this->seed == FALSE)
        {
            if (phpversion() >= 4.2)
                mt_srand();
            else
                mt_srand(hexdec(substr(md5(microtime()), -8)) & 0x7fffffff);
            
            $this->seed = TRUE;
        }
                        
        switch($type)
        {
            case 'basic'	: return mt_rand();  
              break;
            case 'alpha'	:
            case 'numeric'	:
            case 'nozero'	:
            
            		switch ($type)
            		{
            			case 'alpha'	:	$pool = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
            				break;
            			case 'numeric'	:	$pool = '0123456789';
            				break;
            			case 'nozero'	:	$pool = '123456789';
            				break;
            		}

					$str = '';
                
                    for ($i=0; $i < $len; $i++) 
                    {    
                        $str .= substr($pool, mt_rand(0, strlen($pool) -1), 1); 
                    }
                    return $str;      
              break;
            case 'md5'		: return md5(uniqid(mt_rand(), TRUE)); 
              break; 
            case 'encrypt'	: return $this->hash(uniqid(mt_rand(), TRUE)); 
              break; 
        }        
    }
    /* END */
 
 
    
    /** ----------------------------------------
    /**  Form declaration
    /** ----------------------------------------*/
    
    // This function is used by modules when they need to create forms
    
    function form_declaration($data)
    {
        global $PREFS, $EXT, $REGX;
        
        $deft = array(
        				'hidden_fields'	=> array(),
        				'action'		=> '', 
        				'id'			=> '',
        				'secure'		=> TRUE,
        				'enctype' 		=> '',
        				'onsubmit'		=> '',
        			);
        
        
        foreach ($deft as $key => $val)
        {
        	if ( ! isset($data[$key]))
        	{
        		$data[$key] = $val;
        	}
        }
        
        if (is_array($data['hidden_fields']) && ! isset($data['hidden_fields']['site_id']))
        {
        	$data['hidden_fields']['site_id'] = $PREFS->ini('site_id');
        }
        
        
        // -------------------------------------------
		// 'form_declaration_modify_data' hook.
		//  - Modify the $data parameters before they are processed
		//
			if ($EXT->active_hook('form_declaration_modify_data') === TRUE)
			{
				$data = $EXT->call_extension('form_declaration_modify_data', $data);
			}
		//
		// -------------------------------------------
		
		// -------------------------------------------
		// 'form_declaration_return' hook.
		//  - Take control of the form_declaration function
		//
			if ($EXT->active_hook('form_declaration_return') === TRUE)
			{
				$form = $EXT->call_extension('form_declaration_return', $data);
				if ($EXT->end_script === TRUE) return $form;
			}
		//
		// -------------------------------------------
            
        if ($data['action'] == '')
        {
            $data['action'] = $this->fetch_site_index();
        }
        
        if ($data['onsubmit'] != '')
        {
            $data['onsubmit'] = 'onsubmit="'.trim($data['onsubmit']).'"';
        }
        
        $data['action'] = rtrim($data['action'], '?');
        
        $data['name']	= (isset($data['name']) && $data['name'] != '') ? "name='".$data['name']."' "	: '';
        $data['id']		= ($data['id'] != '') 							? "id='".$data['id']."' " 		: '';

		if ($data['enctype'] == 'multi' OR strtolower($data['enctype']) == 'multipart/form-data')
		{
			$data['enctype'] = 'enctype="multipart/form-data" ';
		}
        
        $form  = '<form '.$data['id'].$data['name'].'method="post" action="'.$data['action'].'" '.$data['onsubmit'].' '.$data['enctype'].">\n";
       
        if ($data['secure'] == TRUE)
        {
			if ($PREFS->ini('secure_forms') == 'y')
			{
				if ( ! isset($data['hidden_fields']['XID']))
				{
					$data['hidden_fields'] = array_merge(array('XID' => '{XID_HASH}'), $data['hidden_fields']);
				}
				elseif ($data['hidden_fields']['XID'] == '')
				{
					$data['hidden_fields']['XID']  = '{XID_HASH}';
				}
			}
		}
	
        if (is_array($data['hidden_fields']))
        {
			$form .= "<div class='hiddenFields'>\n";
			
			foreach ($data['hidden_fields'] as $key => $val)
			{
				$form .= '<input type="hidden" name="'.$key.'" value="'.$REGX->form_prep($val).'" />'."\n";
			}
			
			$form .= "</div>\n\n";
		}
		      
        return $form;
    }
    /* END */
    
    
    
    /** ----------------------------------------
    /**  Form backtrack
    /** ----------------------------------------*/
    
    // This function lets us return a user to a previously
    // visited page after submitting a form.  The page
    // is determined by the offset that the admin
    // places in each form
    
    function form_backtrack($offset = '')
    {
        global $SESS, $PREFS;        
        
		$ret = $this->fetch_site_index();
		
		if ($offset != '')
		{
            if (isset($SESS->tracker[$offset]))
            {
                if ($SESS->tracker[$offset] != 'index')
                {
                    return $this->remove_double_slashes($this->fetch_site_index().$SESS->tracker[$offset]);
                }
            }
		}
		
		if (isset($_POST['RET']))
		{
			if (substr($_POST['RET'], 0, 1) == '-')
			{
				$return = str_replace("-", "", $_POST['RET']);
				
				if (isset($SESS->tracker[$return]))
				{
					if ($SESS->tracker[$return] != 'index')
					{
						$ret = $this->fetch_site_index().$SESS->tracker[$return];
					}
				}
			}
			else
			{
				$_POST['RET'] = str_replace(SLASH, '/', $_POST['RET']);
				
				if (strpos($_POST['RET'], '/') !== FALSE)
				{
					if (stristr($_POST['RET'], 'http://') OR 
						stristr($_POST['RET'], 'https://') OR 
						stristr($_POST['RET'], 'www.'))
					{
						$ret = $_POST['RET'];
					}
					else
					{
						$ret = $this->create_url($_POST['RET']);
					}
				}
				else
				{
					$ret = $_POST['RET'];
				}
			}
		
			// We need to slug in the session ID if the admin is running
			// their site using sessions only.  Normally the $FNS->fetch_site_index()
			// function adds the session ID automatically, except in cases when the 
			// $_POST['RET'] variable is set. Since the login routine relies on the RET
			// info to know where to redirect back to we need to sandwich in the session ID.
		
			if ($PREFS->ini('user_session_type') != 'c')
			{                
				if ($SESS->userdata['session_id'] != '' && ! stristr($ret, $SESS->userdata['session_id']))
				{
					$url = $PREFS->ini('site_url', 1);
							
					if (USER_BLOG !== FALSE)
					{
						$url .= USER_BLOG.'/';
					}
					
					$url .= $PREFS->ini('site_index');
			
					if ($PREFS->ini('force_query_string') == 'y')
					{
						$url .= '?';
					}        
			
					$sess_id = "/S=".$SESS->userdata['session_id']."/";
	
					$ret = str_replace($url, $url.$sess_id, $ret);			
				}            
			}			
		} 
		
        return $this->remove_double_slashes($ret);
    }
    /* END */


    /** ----------------------------------------
    /**  eval() 
    /** ----------------------------------------*/
    
    // Evaluates a string as PHP
    
    function evaluate($str)
    {    
		return eval('?>'.$str.'<?php ');
		
		// ?><?php // BBEdit syntax coloring bug fix
    }
    /* END */


    /** ----------------------------------------
    /**  Encode email from template callback
    /** ----------------------------------------*/

	function encode_email($str)
	{
		$email = (is_array($str)) ? trim($str['1']) : trim($str);
		
		$title = '';
		$email = str_replace(array('"', "'"), '', $email);
		
		if ($p = strpos($email, "title="))
		{
			$title = substr($email, $p + 6);
			$email = trim(substr($email, 0, $p));
		}
	
		if ( ! class_exists('Typography'))
		{
			require PATH_CORE.'core.typography'.EXT;
		}
		
		return Typography::encode_email($email, $title, TRUE);
	}
	/* END */


    /** ----------------------------------------
    /**  Delete spam prevention hashes
    /** ----------------------------------------*/
     
    function clear_spam_hashes()
    {
        global $PREFS, $DB;
     
        if ($PREFS->ini('secure_forms') == 'y')
        {
			$DB->query("DELETE FROM exp_security_hashes WHERE date < UNIX_TIMESTAMP()-7200");
        }    
    }
    /* END */



    /** ----------------------------------------
    /**  Set Cookie
    /** ----------------------------------------*/
    
    function set_cookie($name = '', $value = '', $expire = '')
    {    
        global $PREFS;
		
		if ( ! is_numeric($expire))
		{
			$expire = time() - 86500;
		}
		else
		{
			if ($expire > 0)
			{
				$expire = time() + $expire;
			}
			else
			{
				$expire = 0;
			}
		}
                    
        $prefix = ( ! $PREFS->ini('cookie_prefix')) ? 'exp_' : $PREFS->ini('cookie_prefix').'_';
        $path   = ( ! $PREFS->ini('cookie_path'))   ? '/'    : $PREFS->ini('cookie_path');
        
        if (REQ == 'CP' && $PREFS->ini('multiple_sites_enabled') == 'y')
        {
        	$domain = $PREFS->cp_cookie_domain;
        }
        else
        {
			$domain = ( ! $PREFS->ini('cookie_domain')) ? '' : $PREFS->ini('cookie_domain');
		}
		
        $value = stripslashes($value);
                    
        setcookie($prefix.$name, $value, $expire, $path, $domain, 0);
    }
    /* END */



    /** ----------------------------------------
    /**  Character limiter
    /** ----------------------------------------*/

    function char_limiter($str, $num = 500)
    {
        if (strlen($str) < $num)
        {
            return $str;
        }
        
        $str = str_replace("\n", " ", $str);        
        
        $str = preg_replace("/\s+/", " ", $str);

		if (strlen($str) <= $num)
		{
			return $str;
		}
		$str = trim($str);
		
        $out = "";
		
        foreach (explode(" ", trim($str)) as $val)
        {
			$out .= $val;
			
			if (strlen($out) >= $num)
			{
				return (strlen($out) == strlen($str)) ? $out : $out.'&#8230;';
			}
			
			$out .= ' ';
        }
    }
    /* END */



    /** ----------------------------------------
    /**  Word limiter
    /** ----------------------------------------*/
    
    function word_limiter($str, $num = 100)
    {
        if (strlen($str) < $num) 
        {
            return $str;
        }
        
		// allows the split to work properly with multi-byte Unicode characters
		if (version_compare(phpversion(), '4.3.2', '>') === TRUE)
		{
			$word = preg_split('/\s/u', $str, -1, PREG_SPLIT_NO_EMPTY);	
		}
		else
		{
			$word = preg_split('/\s/', $str, -1, PREG_SPLIT_NO_EMPTY);
		}
        
		if (count($word) <= $num)
		{
			return $str;
		}
                
        $str = "";
                 
        for ($i = 0; $i < $num; $i++) 
        {
            $str .= $word[$i]." ";
        }

        return trim($str).'&#8230;'; 
    }
    /* END */
	

    /** ----------------------------------------
    /**  Fetch Email Template
    /** ----------------------------------------*/
	
	function fetch_email_template($name)
	{
		global $IN, $DB, $SESS, $PREFS;

		$query = $DB->query("SELECT template_name, data_title, template_data, enable_template FROM exp_specialty_templates WHERE site_id = '".$DB->escape_str($PREFS->ini('site_id'))."' AND template_name = '".$DB->escape_str($name)."'");

		// Unlikely that this is necessary but it's possible a bad template request could
		// happen if a user hasn't run the update script.
		if ($query->num_rows == 0)
		{
			return array('title' => '', 'data' => '');
		}

		if ($query->row['enable_template'] == 'y')
		{
			return array('title' => $query->row['data_title'], 'data' => $query->row['template_data']);
		}
		
        if ($SESS->userdata['language'] != '')
        {
            $user_lang = $SESS->userdata['language'];
        }
        else
        {
			if ($IN->GBL('language', 'COOKIE'))
			{
				$user_lang = $IN->GBL('language', 'COOKIE');
			}
			elseif ($PREFS->ini('deft_lang') != '')
			{
                $user_lang = $PREFS->ini('deft_lang');
            }
            else
            {
                $user_lang = 'english';
            }
        }
        
        $user_lang = $this->filename_security($user_lang);

		if ( function_exists($name))
		{
			$title = $name.'_title';
		
			return array('title' => $title(), 'data' => $name());
		}
		else
		{
			if ( ! @include(PATH_LANG.$user_lang.'/email_data'.EXT))
			{
				return array('title' => $query->row['data_title'], 'data' => $query->row['template_data']);
			}
			
			if (function_exists($name))
			{
				$title = $name.'_title';
		
				return array('title' => $title(), 'data' => $name());
			}
			else
			{
				return array('title' => $query->row['data_title'], 'data' => $query->row['template_data']);
			}
		}
	}
	/* END */
	

    /** -----------------------------------------
    /**  Create character encoding menu
    /** -----------------------------------------*/
        
    function encoding_menu($which, $name, $selected = '')
    {
        global $DSP;       

		$files = array('languages', 'charsets');
		
		if ( ! in_array($which, $files))
		{
			return FALSE;
		}
		
        
        $file = PATH.'lib/'.$which.EXT;    
			
		if ( ! file_exists($file)) 
		{
			return FALSE;
		}   

		include($file);
        
		$r = $DSP->input_select_header($name);
		
		foreach ($$which as $key => $val)
		{
			if ($which == 'languages')
			{
				$r .= $DSP->input_select_option($val, $key, ($selected == $val) ? 1 : '');
			}
			else
			{
				$r .= $DSP->input_select_option($val, $val, ($selected == $val) ? 1 : '');
			}
		}
		
		$r .= $DSP->input_select_footer();
		
		return $r;
	}
	/* END */



    /** -----------------------------
    /**  Create Directory Map
    /** -----------------------------*/

    function create_directory_map($source_dir, $top_level_only = FALSE)
    {
        if ( ! isset($filedata))
            $filedata = array();
        
        if ($fp = @opendir($source_dir))
        { 
            while (FALSE !== ($file = readdir($fp)))
            {
                if (@is_dir($source_dir.$file) && substr($file, 0, 1) != '.' AND $top_level_only == FALSE) 
                {       
                    $temp_array = array();
                     
                    $temp_array = $this->create_directory_map($source_dir.$file."/");   
                    
                    $filedata[$file] = $temp_array;
                }
                elseif (substr($file, 0, 1) != "." && $file != 'index.html')
                {
                    $filedata[] = $file;
                }
            }         
            return $filedata;        
        } 
    }
    /* END */

 
    /** -------------------------------------------
    /**  Create pull-down optios from dirctory map
    /** -------------------------------------------*/

    function render_map_as_select_options($zarray, $array_name = '') 
    {	
        foreach ($zarray as $key => $val)
        {
            if ( is_array($val))
            {
                if ($array_name != "")
                    $key = $array_name.'/'.$key;
            
                $this->render_map_as_select_options($val, $key);
            }		
            else
            {
                if ($array_name != "")
                {
                    $val = $array_name.'/'.$val;
				}
				
				if (substr($val, -4) == '.php')
				{
					if ($val != 'theme_master.php')
					{				   
						$this->template_map[] = $val;
					}
				}
			}
        }
    }
    /* END */


    /** -----------------------------------------
    /**  Fetch names of installed language packs
    /** -----------------------------------------*/
        
    function language_pack_names($default)
    {
        global $PREFS;
            
		$source_dir = PATH_LANG;

    	$dirs = array();

		if ($fp = @opendir($source_dir))
		{
			while (FALSE !== ($file = readdir($fp)))
			{
				if (is_dir($source_dir.$file) && substr($file, 0, 1) != ".")
				{
					$dirs[] = $file;
				}
			}
			closedir($fp);
		}

		sort($dirs);
		
		$r  = "<div class='default'>";
		$r .= "<select name='deft_lang' class='select'>\n";

		foreach ($dirs as $dir)
		{
			$selected = ($dir == $default) ? " selected='selected'" : '';
			$r .= "<option value='{$dir}'{$selected}>".ucfirst($dir)."</option>\n";
		}

        $r .= "</select>";
        $r .= "</div>";

        return $r;
    }
    /* END */
    
    
    
    /** -----------------------------------------
    /**  Delete cache files
    /** -----------------------------------------*/
        
    function clear_caching($which, $sub_dir = '', $relationships=FALSE)
    {
        global $IN, $DB, $PREFS;
            
        $actions = array('page', 'tag', 'db', 'sql', 'relationships', 'all');
        
        if ( ! in_array($which, $actions))
            return;
		
		/* -------------------------------------
		/*  Disable Tag Caching
		/*  
		/*  All for you, Nevin!  Disables tag caching, which if used unwisely
		/*  on a high traffic site can lead to disastrous disk i/o
		/*  This setting allows quick thinking admins to temporarily disable
		/*  it without hacking or modifying folder permissions
		/*  
		/*  Hidden Configuration Variable
		/*  - disable_tag_caching => Disable tag caching? (y/n)
		/* -------------------------------------*/

		if ($which == 'tag' && $PREFS->ini('disable_tag_caching') == 'y')
		{
			return;
		}
		
        if ($sub_dir != '')
        {
            $sub_dir = '/'.md5($sub_dir).'/';
        }
                        
        switch ($which)
        {
            case 'page' : $this->delete_directory(PATH_CACHE.'page_cache'.$sub_dir);
                break;
            case 'db'   : $this->delete_directory(PATH_CACHE.'db_cache'.$sub_dir);
                break;
            case 'tag'  : $this->delete_directory(PATH_CACHE.'tag_cache'.$sub_dir);
                break;
            case 'sql'  : $this->delete_directory(PATH_CACHE.'sql_cache'.$sub_dir);
                break;
            case 'relationships' : $DB->query("UPDATE exp_relationships SET rel_data = '', reverse_rel_data = ''");
            	break;
            case 'all'  : 
						$this->delete_directory(PATH_CACHE.'page_cache'.$sub_dir);
						$this->delete_directory(PATH_CACHE.'db_cache'.$sub_dir);
						$this->delete_directory(PATH_CACHE.'sql_cache'.$sub_dir);

						if ($PREFS->ini('disable_tag_caching') != 'y')
						{
							$this->delete_directory(PATH_CACHE.'tag_cache'.$sub_dir);
						}
                          
						if ($relationships === TRUE)
						{
							$DB->query("UPDATE exp_relationships SET rel_data = '', reverse_rel_data = ''");
						}
                break;
        }            
    }
    /* END */
    
    
       
    /** -----------------------------------------
    /**  Delete Direcories
    /** -----------------------------------------*/

    function delete_directory($path, $del_root = FALSE)
    {
		$path = rtrim($path, '/');
		
		if ( ! is_dir($path))
		{
			return FALSE;
		}
		
		// let's try this the sane way first
		@exec("mv {$path} {$path}_delete", $out, $ret);
		
		if (isset($ret) && $ret == 0)
		{
			if ($del_root === FALSE)
			{
				@mkdir($path, 0777);
				
				if ($fp = @fopen($path.'/index.html', 'wb'))
				{
					fclose($fp);
				}				
			}

			@exec("rm -r -f {$path}_delete");
		}
		else
		{
		    if ( ! $current_dir = @opendir($path))
	        {
	        	return;
	        }

	        while($filename = @readdir($current_dir))
	        {        
				if ($filename != "." AND $filename != "..")
				{
					if (@is_dir($path.'/'.$filename))
					{
						if (substr($filename, 0, 1) != '.')
						{
	            	    	$this->delete_directory($path.'/'.$filename, TRUE);
	            	    }
					}
					else
					{
	              	  @unlink($path.'/'.$filename);
					}
				}
	        }

	        closedir($current_dir);

			if (substr($path, -6) == '_cache' && $fp = @fopen($path.'/index.html', 'wb'))
			{
				fclose($fp);			
			}

	        if ($del_root == TRUE)
	        {
	            @rmdir($path);
	        }	
		}
    }
    /* END */
 

    /** -----------------------------------------
    /**  Fetch allowed weblogs
    /** -----------------------------------------*/
    
    // This function fetches the ID numbers of the
    // weblogs assigned to the currently logged in user.

    function fetch_assigned_weblogs($all_sites = FALSE)
    {
        global $SESS, $DB, $PREFS;
    
        $allowed_blogs = array();
        
        // If the 'weblog_id' index is not zero, it means the
        // current user has been assigned a specifc blog
        
        if (isset($SESS->userdata['weblog_id']) AND $SESS->userdata['weblog_id'] != 0)
        {
            $allowed_blogs[] = $SESS->userdata['weblog_id'];
        }
        else
        {
        	if (REQ == 'CP' AND isset($SESS->userdata['assigned_weblogs']) && $all_sites === FALSE)
			{
				$allowed_blogs = array_keys($SESS->userdata['assigned_weblogs']);
			}
            elseif ($SESS->userdata['group_id'] == 1)
            {
            	if ($all_sites === TRUE)
            	{
					$query = $DB->query("SELECT weblog_id FROM exp_weblogs WHERE is_user_blog = 'n'");
				}
				else
				{
					$query = $DB->query("SELECT weblog_id FROM exp_weblogs WHERE site_id = '".$DB->escape_str($PREFS->ini('site_id'))."' AND is_user_blog = 'n'");
				}
				
				if ($query->num_rows > 0)
				{
					foreach ($query->result as $row)
					{
                	    $allowed_blogs[] = $row['weblog_id'];
            		}
            	}
            }
            else
            {
				if ($all_sites === TRUE)
            	{
            		$result = $DB->query("SELECT exp_weblog_member_groups.weblog_id FROM exp_weblog_member_groups 
										  WHERE exp_weblog_member_groups.group_id = '".$DB->escape_str($SESS->userdata['group_id'])."'");
				}
				else
				{
					$result = $DB->query("SELECT exp_weblogs.weblog_id FROM exp_weblogs, exp_weblog_member_groups 
										  WHERE exp_weblogs.weblog_id = exp_weblog_member_groups.weblog_id
										  AND exp_weblogs.site_id = '".$DB->escape_str($PREFS->ini('site_id'))."'
										  AND exp_weblog_member_groups.group_id = '".$DB->escape_str($SESS->userdata['group_id'])."'");
				}
				
				if ($result->num_rows > 0)
				{
					foreach ($result->result as $row)
					{
						$allowed_blogs[] = $row['weblog_id'];
					}
				}
            }
        }
        
        return array_values($allowed_blogs);
    }
    /* END */

 
    /** -----------------------------------------
    /**  Fetch allowed template group
    /** -----------------------------------------*/
    
    // This function fetches the ID number of the
    // template assigned to the currently logged in user.

    function fetch_assigned_template_group()
    {
        global $SESS;
    
        $allowed_tg = 0;
                
        if ($SESS->userdata['tmpl_group_id'] != 0)
        {
            $allowed_tg = $SESS->userdata['tmpl_group_id'];
        }
        
        return $allowed_tg;
    }
    /* END */

 
    /** ----------------------------------------------
    /**  Log Search terms
    /** ----------------------------------------------*/
  
    function log_search_terms($terms = '', $type = 'site')
    {  
        global $IN, $SESS, $DB, $LOC, $PREFS, $REGX;
        
        if ($terms == '')
        	return;
        	
        if ($PREFS->ini('enable_search_log') == 'n')
        	return;        	

		$search_log = array(
								'id'			=> '',
								'member_id'		=> $SESS->userdata('member_id'),
								'screen_name'	=> $SESS->userdata('screen_name'),
								'ip_address'	=> $IN->IP,
								'search_date'	=> $LOC->now,
								'search_type'	=> $type,
								'search_terms'	=> $REGX->xml_convert($REGX->encode_ee_tags($REGX->xss_clean($terms), TRUE)),
								'site_id'		=> $PREFS->ini('site_id')
							);
								
		$DB->query($DB->insert_string('exp_search_log', $search_log));
		
		/** ----------------------------------
		/**  Prune Database
		/** ----------------------------------*/
		
		srand(time());
		if ((rand() % 100) < 5) 
		{ 
			$max = ( ! is_numeric($PREFS->ini('max_logged_searches'))) ? 500 : $PREFS->ini('max_logged_searches');
		
			$query = $DB->query("SELECT MAX(id) as search_id FROM exp_search_log WHERE site_id = '".$DB->escape_str($PREFS->ini('site_id'))."'");
			
			if (isset($query->row['search_id']) && $query->row['search_id'] > $max)
			{
				$DB->query("DELETE FROM exp_search_log WHERE site_id = '".$DB->escape_str($PREFS->ini('site_id'))."' AND id < ".($query->row['search_id']-$max)."");
			}
		}
		
	}
	/* END */
 
 
    /** ----------------------------------------------
    /**  Log Referrer data
    /** ----------------------------------------------*/
  
    function log_referrer()
    {  
        global $IN, $PREFS, $DB, $LOC, $REGX, $SESS;
        
        /** ----------------------------------------
		/**  Is the nation of the user banend?
		/** ----------------------------------------*/
        
		if ($SESS->nation_ban_check(FALSE) === FALSE)
			return;
        
        
        if ($PREFS->ini('log_referrers') == 'n' OR ! isset($_SERVER['HTTP_REFERER']))
        {
            return;
        }
        
        $site_url 	= $PREFS->ini('site_url');
        $ref 		= ( ! isset($_SERVER['HTTP_REFERER'])) ? '' : $REGX->xss_clean($REGX->_html_entity_decode($_SERVER['HTTP_REFERER']));
        $test_ref	= strtolower($ref); // Yes, a copy, not a reference
        $domain		= ( ! $PREFS->ini('cookie_domain')) ? '' : $PREFS->ini('cookie_domain');
        
        /** ---------------------------------------------
        /**  Throttling - Ten hits a minute is the limit
        /** ---------------------------------------------*/
        	
        $query = $DB->query("SELECT COUNT(*) AS count 
        					 FROM exp_referrers
        					 WHERE site_id = '".$DB->escape_str($PREFS->ini('site_id'))."'
        					 AND (ref_from = '".$DB->escape_str($ref)."' OR ref_ip = '{$IN->IP}')
        					 AND ref_date > '".($LOC->now-60)."'");
        					 
        if ($query->row['count'] > 10)
        {
        	return FALSE;
        }
        
        if (stristr($ref, '{') !== FALSE OR stristr($ref, '}') !== FALSE)
        {
        	return FALSE;
        }        
        
		if ( ! preg_match("#^http://\w+\.\w+\.\w*#", $ref))
		{
			if (substr($test_ref, 0, 7) == 'http://' AND substr($test_ref, 0, 11) != 'http://www.')
			{
				$test_ref = preg_replace("#^http://(.+?)#", "http://www.\\1", $test_ref);
			}
		}
		
		if ( ! preg_match("#^http://\w+\.\w+\.\w*#", $site_url))
		{
			if (substr($site_url, 0, 7) == 'http://' AND substr($site_url, 0, 11) != 'http://www.')
			{
				$site_url = preg_replace("#^http://(.+?)#", "http://www.\\1", $site_url);
			}
		}
				                
        if ($test_ref != '' 
        	&& ! stristr($test_ref, $site_url)
        	&& ($domain == '' || !stristr($test_ref,$domain))
        	&& ($IN->whitelisted == 'y' OR $IN->blacklisted == 'n'))
        {
        	
        	/** --------------------------------
        	/**  INSERT into database
        	/** --------------------------------*/
        	
			$ref_to = $REGX->xss_clean($this->fetch_current_uri());
			
			if (stristr($ref_to, '{') !== FALSE OR stristr($ref_to, '}') !== FALSE)
        	{
        		return FALSE;
        	}
			
			$insert_data = array (  'ref_id'  	=>  '',
									'ref_from' 	=> $ref,
									'ref_to'  	=> $ref_to,
									'user_blog'	=> (USER_BLOG === FALSE) ? '' : USER_BLOG,
									'ref_ip'   	=> $IN->IP,
									'ref_date'	=> $LOC->now,
									'ref_agent'	=> $IN->AGENT,
									'site_id'	=> $PREFS->ini('site_id')
									);
	
			$DB->query($DB->insert_string('exp_referrers', $insert_data));
			
			/** ----------------------------------
			/**  Prune Database
			/** ----------------------------------*/
			
			srand(time());
			if ((rand() % 100) < 5) 
			{        
				$max = ( ! is_numeric($PREFS->ini('max_referrers'))) ? 500 : $PREFS->ini('max_referrers');
		
				$query = $DB->query("SELECT MAX(ref_id) as ref_id FROM exp_referrers WHERE site_id = '".$DB->escape_str($PREFS->ini('site_id'))."'");
				
				if (isset($query->row['ref_id']) && $query->row['ref_id'] > $max)
				{
					$DB->query("DELETE FROM exp_referrers WHERE site_id = '".$DB->escape_str($PREFS->ini('site_id'))."' AND ref_id < ".($query->row['ref_id']-$max)."");
				}
			}
        }
    }
	/* END */
    
        
    /** ----------------------------------------------
    /**  Fetch Action ID
    /** ----------------------------------------------*/
  
    function fetch_action_id($class, $method)
    {  
        global $DB;
        
        if ($class == '' || $method == '')
        {
            return FALSE;
        }
        
        $this->action_ids[ucfirst($class)][$method] = $method;
        
        return LD.'AID:'.ucfirst($class).':'.$method.RD;
    }
    /* END */
    
	
	/** ----------------------------------------------
    /**  Insert Action IDs
    /** ----------------------------------------------*/
  
    function insert_action_ids($str)
    {  
    	global $DB;
    	
    	if (count($this->action_ids) == 0) return $str;
    	
       	$sql = "SELECT action_id, class, method FROM exp_actions WHERE";
			
		foreach($this->action_ids as $key => $value)
		{
			foreach($value as $k => $v)
			{
				$sql .= " (class= '".$DB->escape_str($key)."' AND method = '".$DB->escape_str($v)."') OR";
			}
		}
		
		$query = $DB->query(substr($sql, 0, -3));
		
		if ($query->num_rows > 0)
		{
			foreach($query->result as $row)
			{
				$str = str_replace(LD.'AID:'.$row['class'].':'.$row['method'].RD, $row['action_id'], $str);
			}
		}
		
		return $str;
    }
    /* END */
    
    
    /** ----------------------------------------
    /**  Compile and cache relationship data
    /** ----------------------------------------*/
   
	// This is used when submitting new weblog entries or gallery posts.
	// It serializes the related entry data.  The reason it's in this 
	// file is becuase it gets called from the publish class and the
	// gallery class so we need it somewhere that is accessible to both.
	
	function compile_relationship($data, $parent_entry = TRUE, $reverse = FALSE)
	{
		global $DB;
						
		if ($data['type'] == 'blog' OR ($reverse === TRUE && $parent_entry === FALSE))
		{
			$sql = "SELECT t.entry_id, t.weblog_id, t.forum_topic_id, t.author_id, t.ip_address, t.title, t.url_title, t.status, t.dst_enabled, t.view_count_one, t.view_count_two, t.view_count_three, t.view_count_four, t.allow_comments, t.comment_expiration_date, t.allow_trackbacks, t.sticky, t.entry_date, t.year, t.month, t.day, t.entry_date, t.edit_date, t.expiration_date, t.recent_comment_date, t.comment_total, t.trackback_total, t.sent_trackbacks, t.recent_trackback_date, t.site_id as entry_site_id,
					w.blog_title, w.blog_name, w.blog_url, w.comment_url, w.tb_return_url, w.comment_moderate, w.weblog_html_formatting, w.weblog_allow_img_urls, w.weblog_auto_link_urls, w.enable_trackbacks, w.trackback_field, w.trackback_use_captcha, w.trackback_system_enabled, 
					m.username, m.email, m.url, m.screen_name, m.location, m.occupation, m.interests, m.aol_im, m.yahoo_im, m.msn_im, m.icq, m.signature, m.sig_img_filename, m.sig_img_width, m.sig_img_height, m.avatar_filename, m.avatar_width, m.avatar_height, m.photo_filename, m.photo_width, m.photo_height, m.group_id, m.member_id, m.bday_d, m.bday_m, m.bday_y, m.bio,
					md.*,
					wd.*
			FROM exp_weblog_titles		AS t
			LEFT JOIN exp_weblogs 		AS w  ON t.weblog_id = w.weblog_id 
			LEFT JOIN exp_weblog_data	AS wd ON t.entry_id = wd.entry_id 
			LEFT JOIN exp_members		AS m  ON m.member_id = t.author_id 
			LEFT JOIN exp_member_data	AS md ON md.member_id = m.member_id 
			WHERE t.entry_id = '".(($reverse === TRUE && $parent_entry === FALSE) ? $data['parent_id'] : $data['child_id'])."'";
			
			$entry_query = $DB->query($sql);
	
			// Is there a category group associated with this blog?
			$query = $DB->query("SELECT cat_group FROM  exp_weblogs WHERE weblog_id = '".$entry_query->row['weblog_id']."'");     
			$cat_group = ($query->num_rows == 0) ? FALSE : $query->row['cat_group'];
	
			$this->cat_array = array();
	
			if ($cat_group !== FALSE)
			{
				$this->get_categories($cat_group, ($reverse === TRUE && $parent_entry === FALSE) ? $data['parent_id'] : $data['child_id']);
				$cat_array = $this->cat_array;
			}
			
			if ($parent_entry == TRUE)
			{
				$DB->query("INSERT INTO exp_relationships (rel_id, rel_parent_id, rel_child_id, rel_type, rel_data) 
							VALUES ('', '".$data['parent_id']."', '".$data['child_id']."', '".$data['type']."',
									'".addslashes(serialize(array('query' => $entry_query, 'cats_fixed' => '1', 'categories' => $cat_array)))."')");
				return $DB->insert_id;
			}
			else
			{
				if ($reverse === TRUE)
				{
					$DB->query("UPDATE exp_relationships 
								SET reverse_rel_data = '".addslashes(serialize(array('query' => $entry_query, 'cats_fixed' => '1', 'categories' => $cat_array)))."' 
								WHERE rel_type = '".$DB->escape_str($data['type'])."' AND rel_parent_id = '".$data['parent_id']."'");
				}
				else
				{
					$DB->query("UPDATE exp_relationships 
								SET rel_data = '".addslashes(serialize(array('query' => $entry_query, 'cats_fixed' => '1', 'categories' => $cat_array)))."' 
								WHERE rel_type = 'blog' AND rel_child_id = '".$data['child_id']."'");
				}
			}		
		}
		elseif ($data['type'] == 'gallery')
		{
			$sql = "SELECT e.*, 
					p.gallery_image_url, p.gallery_thumb_prefix, p.gallery_medium_prefix, p.gallery_text_formatting, p.gallery_auto_link_urls, p.gallery_cf_one_formatting, p.gallery_cf_one_auto_link, p.gallery_cf_two_formatting, p.gallery_cf_two_auto_link, p.gallery_cf_three_formatting, p.gallery_cf_three_auto_link, p.gallery_cf_four_formatting, p.gallery_cf_four_auto_link, p.gallery_cf_five_formatting, p.gallery_cf_five_auto_link, p.gallery_cf_six_formatting, p.gallery_cf_six_auto_link,					
					c.cat_folder, c.cat_name, c.cat_description,
					m.screen_name, m.username 
					FROM exp_gallery_entries			AS e
					LEFT JOIN exp_galleries				AS p ON p.gallery_id = e.gallery_id
					LEFT JOIN exp_gallery_categories	AS c ON c.cat_id = e.cat_id
					LEFT JOIN exp_members				AS m ON e.author_id = m.member_id
					WHERE e.entry_id = '".$data['child_id']."'";
					
			$sql = str_replace("\t", " ", $sql);
		
			$entry_query = $DB->query($sql);
	
			if ($parent_entry == TRUE)
			{
				$DB->query("INSERT INTO exp_relationships (rel_id, rel_parent_id, rel_child_id, rel_type, rel_data) VALUES ('', '".$data['parent_id']."', '".$data['child_id']."', '".$data['type']."', '".addslashes(serialize(array('query' => $entry_query)))."')");
				return $DB->insert_id;
			}
			else
			{
				$DB->query("UPDATE exp_relationships SET rel_data = '".addslashes(serialize(array('query' => $entry_query)))."' WHERE rel_type = 'gallery' AND rel_child_id = '".$data['child_id']."'");
			}
		}
	}
	/* END */
	
	/** --------------------------------
    /**  Get Categories for Weblog Entry/Entries
    /** --------------------------------*/
        
    function get_categories($cat_group, $entry_id)
    {        
		global $DB;

		$sql = "SELECT		c.cat_name, c.cat_url_title, c.cat_id, c.cat_image, p.cat_id, c.parent_id, c.cat_description, c.group_id
				FROM		exp_categories AS c, exp_category_posts AS p
				WHERE		c.group_id	IN ('".str_replace('|', "','", $DB->escape_str($cat_group))."')
				AND			p.entry_id	= '".$entry_id."'
				AND			c.cat_id 	= p.cat_id
				ORDER BY	c.parent_id, c.cat_order";
	
		$sql = str_replace("\t", " ", $sql);
		$query = $DB->query($sql);
		
		$this->cat_array = array();
		$parents = array();
				
		if ($query->num_rows > 0)
		{
			$this->temp_array = array();
			
			foreach ($query->result as $row)
			{    
				$this->temp_array[$row['cat_id']] = array($row['cat_id'], $row['parent_id'], $row['cat_name'], $row['cat_image'], $row['cat_description'], $row['group_id'], $row['cat_url_title']);
						
				if ($row['parent_id'] > 0 && ! isset($this->temp_array[$row['parent_id']])) $parents[$row['parent_id']] = '';
				unset($parents[$row['cat_id']]);              
			}
				
			foreach($this->temp_array as $k => $v) 
			{			
				if (isset($parents[$v['1']])) $v['1'] = 0;
					
				if (0 == $v['1'])
				{    
					$this->cat_array[] = $v;
					$this->process_subcategories($k);
				}
			}
		
			unset($this->temp_array);
		}
    }
    /* END */



	/** --------------------------------
    /**  Process Subcategories
    /** --------------------------------*/
        
    function process_subcategories($parent_id)
    {        
    	foreach($this->temp_array as $key => $val) 
        {
            if ($parent_id == $val['1'])
            {
				$this->cat_array[] = $val;
				$this->process_subcategories($key);
			}
        }
    }
    /* END */
    
	/** -----------------------------------
	/**  Add security hashes to forms
	/** -----------------------------------*/

   function add_form_security_hash($str)
   {
   		global $PREFS, $IN, $DB;
   
		if ($PREFS->ini('secure_forms') == 'y')
		{
			if (preg_match_all("/({XID_HASH})/", $str, $matches))
			{
				$db_reset = FALSE;
				
				// Disable DB caching if it's currently set
				
				if ($DB->enable_cache == TRUE)
				{
					$DB->enable_cache = FALSE;
					$db_reset = TRUE;
				}
			
				// Add security hashes
				
				$sql = "INSERT INTO exp_security_hashes (date, ip_address, hash) VALUES";
				
				foreach ($matches['1'] as $val)
				{
					$hash = $this->random('encrypt');
					$str = preg_replace("/{XID_HASH}/", $hash, $str, 1);
					$sql .= "(UNIX_TIMESTAMP(), '".$IN->IP."', '".$hash."'),";
				}
				
				$DB->query(substr($sql,0,-1));
				
				// Re-enable DB caching
				
				if ($db_reset == TRUE)
				{
					$DB->enable_cache = TRUE;                
				}
			}
		}
   
   		return $str;	
	}
   
	/** -----------------------------------
	/**  Remap pMachine Pro URLs
	/** -----------------------------------*/
	//  Since pM URLs are different than EE URLs,
	//  for those who have migrated from pM we will
	//  check the URL formatting.  If the request is
	//  for a pMachine URL, we'll remap it to the new EE location

	function remap_pm_urls()
	{
		global $DB, $IN, $PREFS;

		if ($PREFS->ini('remap_pm_urls') == 'y' AND $PREFS->ini('remap_pm_dest') !== FALSE AND $IN->URI != '')
		{
			$p_uri = ( ! isset($_GET['id'])) ? $IN->URI : '/'.$_GET['id'].'/';
			
			if (preg_match("#^/[0-9]{1,6}\_[0-9]{1,4}\_[0-9]{1,4}\_[0-9]{1,4}.*$#", $p_uri))
			{
				$pentry_id = substr($p_uri, 1, (strpos($p_uri, '_')-1));
			}
			elseif (preg_match("#^/P[0-9]{1,6}.*$#", $p_uri))
			{	
				$p_uri = str_replace("/", "", $p_uri);
				$pentry_id = substr($p_uri, 1);
			}
				
			if (isset($pentry_id) AND $pentry_id != '')
			{
				$query = $DB->query("SELECT url_title FROM exp_weblog_titles WHERE pentry_id = '".$DB->escape_str($pentry_id)."'");
				
				if ($query->num_rows == 1)
				{
					$this->redirect($PREFS->ini('remap_pm_dest', 1).$query->row['url_title'].'/');
					exit;
				}
			}
		}	    
	}
	/* END */
    
    
	/** -----------------------------------
	/**  Generate Captcha
	/** -----------------------------------*/

	function create_captcha($old_word = '')
	{
		global $DB, $IN, $PREFS, $SESS, $EXT;
		
		if ($PREFS->ini('captcha_require_members') == 'n' AND $SESS->userdata['member_id'] != 0)
		{
			return '';
		}
		
		// -------------------------------------------
        // 'create_captcha_start' hook.
		//  - Allows rewrite of how CAPTCHAs are created
		//
			if ($EXT->active_hook('create_captcha_start') === TRUE)
			{
				$edata = $EXT->call_extension('create_captcha_start', $old_word);
				if ($EXT->end_script === TRUE) return $edata;
			}	
		//
		// -------------------------------------------
		
			
		$img_path	= $PREFS->ini('captcha_path', 1, TRUE);
		$img_url	= $PREFS->ini('captcha_url', 1);
		$use_font	= ($PREFS->ini('captcha_font') == 'y') ? TRUE : FALSE;
				
		$font_face	= "texb.ttf";
		$font_size	= 16;
		
		$expiration = 60*60*2;  // 2 hours
		
		$img_width	= 140;	// Image width
		$img_height	= 30;	// Image height	
				
		if ($img_path == '' || $img_url == '')
		{
			return FALSE;
		}

		if ( ! @is_dir($img_path)) 
		{
			return FALSE;
		}
		
        if ( ! is_writable($img_pat…