PageRenderTime 48ms CodeModel.GetById 0ms RepoModel.GetById 0ms app.codeStats 0ms

/admin/lib/lib_misc.php

http://pixie-cms.googlecode.com/
PHP | 910 lines | 578 code | 157 blank | 175 comment | 127 complexity | 6617236b83b6f6d8673d2078fbbef469 MD5 | raw file
    

  1. <?php
    2. 

  2. if (!defined('DIRECT_ACCESS')) {
    3. 

  3. 	header('Location: ../../');
    4. 

  4. 	exit();
    5. 

  5. }
    6. 

  6. /**
    7. 

  7.  * Pixie: The Small, Simple, Site Maker.
    8. 

  8.  * 
    9. 

  9.  * Licence: GNU General Public License v3
    10. 

  10.  * Copyright (C) 2010, Scott Evans
    11. 

  11.  *
    12. 

  12.  * This program is free software: you can redistribute it and/or modify
    13. 

  13.  * it under the terms of the GNU General Public License as published by
    14. 

  14.  * the Free Software Foundation, either version 3 of the License, or
    15. 

  15.  * (at your option) any later version.
    16. 

  16.  *
    17. 

  17.  * This program is distributed in the hope that it will be useful,
    18. 

  18.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
    19. 

  19.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
    20. 

  20.  * GNU General Public License for more details.
    21. 

  21.  *
    22. 

  22.  * You should have received a copy of the GNU General Public License
    23. 

  23.  * along with this program. If not, see http://www.gnu.org/licenses/
    24. 

  24.  *
    25. 

  25.  * Title: lib_misc
    26. 

  26.  *
    27. 

  27.  * @package Pixie
    28. 

  28.  * @copyright 2008-2010 Scott Evans
    29. 

  29.  * @author Scott Evans
    30. 

  30.  * @author Sam Collett
    31. 

  31.  * @author Tony White
    32. 

  32.  * @author Isa Worcs
    33. 

  33.  * @link http://www.getpixie.co.uk
    34. 

  34.  * @license http://www.gnu.org/licenses/gpl-3.0.html GNU General Public License v3
    35. 

  35.  *
    36. 

  36.  */
    37. 

  37. // ------------------------------------------------------------------
    38. 

  38. 

  39. /* Set up debugging */
    40. 

  40. // ------------------------------------------------------------------
    41. 

  41. if (defined('PIXIE_DEBUG')) {
    42. 

  42. 	pixieExit();
    43. 

  43. 	exit();
    44. 

  44. }
    45. 

  45. define('PIXIE_DEBUG', 'no');
    46. 

  46. /* Set debug to yes to log errors */
    47. 

  47. // ------------------------------------------------------------------
    48. 

  48. 	/**
    49. 

  49. 	 * Re-implementation of PHP 5's stripos()
    50. 

  50. 	 *
    51. 

  51. 	 * Borrowed from simplepie for php4 (admin/lib/lib_simplepie.php)
    52. 

  52. 	 *
    53. 

  53. 	 * Returns the numeric position of the first occurrence of needle in the
    54. 

  54. 	 * haystack string.
    55. 

  55. 	 *
    56. 

  56. 	 * @static
    57. 

  57. 	 * @access string
    58. 

  58. 	 * @param object $haystack
    59. 

  59. 	 * @param string $needle Note that the needle may be a string of one or more
    60. 

  60. 	 *     characters. If needle is not a string, it is converted to an integer
    61. 

  61. 	 *     and applied as the ordinal value of a character.
    62. 

  62. 	 * @param int $offset The optional offset parameter allows you to specify which
    63. 

  63. 	 *     character in haystack to start searching. The position returned is still
    64. 

  64. 	 *     relative to the beginning of haystack.
    65. 

  65. 	 * @return bool If needle is not found, stripos() will return boolean false.
    66. 

  66. 	 */
    67. 

  67. if (!function_exists('stripos')) {
    68. 

  68. 	function stripos($haystack, $needle, $offset = 0) {
    69. 

  69. 			if (is_string($needle)) {
    70. 

  70. 				$needle = strtolower($needle);
    71. 

  71. 			}
    72. 

  72. 			elseif (is_int($needle) || is_bool($needle) || is_double($needle)) {
    73. 

  73. 				$needle = strtolower(chr($needle));
    74. 

  74. 			}
    75. 

  75. 			else {
    76. 

  76. 				trigger_error('needle is not a string or an integer', E_USER_WARNING);
    77. 

  77. 				return false;
    78. 

  78. 			}
    79. 

  79. 

  80. 			return strpos(strtolower($haystack), $needle, $offset);
    81. 

  81. 	}
    82. 

  82. }
    83. 

  83. /* An exit on error function */
    84. 

  84. // ------------------------------------------------------------------
    85. 

  85. function pixieExit() {
    86. 

  86. header('Status: 503 Service Unavailable');  /* 503 status might discourage search engines from indexing or caching the error message */
    87. 

  87. 

  88. 		return <<<eod
    89. 

  89. <!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">
    90. 

  90. <html xmlns=\"http://www.w3.org/1999/xhtml\" xml:lang=\"en\" lang=\"en\">
    91. 

  91. <head>
    92. 

  92. <meta http-equiv=\"content-type\" content=\"text/html; charset=utf-8\" />
    93. 

  93. <title>Pixie (www.getpixie.co.uk) - Security Warning</title>
    94. 

  94. <style type=\"text/css\">
    95. 

  95. body{font-family:Arial,'Lucida Grande',Verdana,Sans-Serif;color: #333;}
    96. 

  96. a, a:visited{text-decoration: none;color: #0497d3;}
    97. 

  97. a:hover{color: #191919;text-decoration: none;}
    98. 

  98. .helper{position: relative;top: 60px;border: 5px solid #e1e1e1;clear: left;padding: 15px 30px;margin: 0 auto;background-color: #F0F0F0;width: 500px;line-height: 15pt;}
    99. 

  99. </style>
    100. 

  100. </head>
    101. 

  101. <body>
    102. 

  102. <div class=\"helper\"><h3>Security Warning</h3>
    103. 

  103. <p><a href=\"http://www.getpixie.co.uk\" alt=\"Get Pixie!\">Pixie</a> has blocked your request to this site due to security concerns. The site administrator has been notified of your details. Please try to visit this site again later if you have recieved this message in error.</p>
    104. 

  104. </div>
    105. 

  105. </body>
    106. 

  106. </html>
    107. 

  107. eod;
    108. 

  108. 

  109. }
    110. 

  110. // ------------------------------------------------------------------
    111. 

  111. 

  112. /* Generate a new password */
    113. 

  113. // ------------------------------------------------------------------
    114. 

  114. function generate_password( $length = 10 )
    115. 

  115. {
    116. 

  116. 	$pass  = "";
    117. 

  117. 	$chars = '023456789bcdfghjkmnpqrstvwxyz';
    118. 

  118. 	$i     = 0;
    119. 

  119. 	
    120. 

  120. 	while ( $i < $length ) {
    121. 

  121. 		$char = substr( $chars, mt_rand( 0, strlen( $chars ) - 1 ), 1 );
    122. 

  122. 		
    123. 

  123. 		if ( !strstr( $pass, $char ) ) {
    124. 

  124. 			$pass .= $char;
    125. 

  125. 			$i++;
    126. 

  126. 		}
    127. 

  127. 	}
    128. 

  128. 	
    129. 

  129. 	return $pass;
    130. 

  130. 	
    131. 

  131. }
    132. 

  132. // ------------------------------------------------------------------
    133. 

  133. 

  134. /* Get the first word in a _ seperated string */
    135. 

  135. // ------------------------------------------------------------------
    136. 

  136. function first_word( $theString )
    137. 

  137. {
    138. 

  138. 	$stringParts = explode( '_', $theString );
    139. 

  139. 	
    140. 

  140. 	return $stringParts[0];
    141. 

  141. 	
    142. 

  142. }
    143. 

  143. // ------------------------------------------------------------------
    144. 

  144. 

  145. /* Get the last word in a _ seperated string */
    146. 

  146. // ------------------------------------------------------------------
    147. 

  147. function last_word( $theString )
    148. 

  148. {
    149. 

  149. 	$stringParts = explode( '_', $theString );
    150. 

  150. 	
    151. 

  151. 	return array_pop( $stringParts );
    152. 

  152. 	
    153. 

  153. }
    154. 

  154. // ------------------------------------------------------------------
    155. 

  155. 

  156. /* Get the first word in a string */
    157. 

  157. // ------------------------------------------------------------------
    158. 

  158. function firstword( $theString )
    159. 

  159. {
    160. 

  160. 	$stringParts = explode( " ", $theString );
    161. 

  161. 	
    162. 

  162. 	return $stringParts[0];
    163. 

  163. 	
    164. 

  164. }
    165. 

  165. // ------------------------------------------------------------------
    166. 

  166. 

  167. /* Get the last word in a string */
    168. 

  168. // ------------------------------------------------------------------
    169. 

  169. function lastword( $theString )
    170. 

  170. {
    171. 

  171. 	$stringParts = explode( " ", $theString );
    172. 

  172. 	
    173. 

  173. 	return array_pop( $stringParts );
    174. 

  174. 	
    175. 

  175. }
    176. 

  176. // ------------------------------------------------------------------
    177. 

  177. 

  178. /* Get a var from $_SERVER global array, or create it */
    179. 

  179. // ------------------------------------------------------------------
    180. 

  180. function serverSet( $thing )
    181. 

  181. {
    182. 

  182. 	return ( isset( $_SERVER[$thing] ) ) ? $_SERVER[$thing] : '';
    183. 

  183. 	
    184. 

  184. }
    185. 

  185. // ------------------------------------------------------------------
    186. 

  186. 

  187. /* Protection against those who'd bomb the site by GET */
    188. 

  188. // ------------------------------------------------------------------
    189. 

  189. function bombShelter()
    190. 

  190. {
    191. 

  191. 	$in = serverset( 'REQUEST_URI' );
    192. 

  192. 	$ip = $_SERVER['REMOTE_ADDR'];
    193. 

  193. 	
    194. 

  194. 	if ( strlen( $in ) > 260 ) {
    195. 

  195. 		pixieExit();
    196. 

  196. 	}
    197. 

  197. 	
    198. 

  198. }
    199. 

  199. // ------------------------------------------------------------------
    200. 

  200. 

  201. /* Prevents the super global $_REQUEST array's variables from poisioning */
    202. 

  202. // ------------------------------------------------------------------
    203. 

  203. function globalSec( $page_location, $sec_check )
    204. 

  204. {
    205. 

  205. 	global $clean_urls;
    206. 

  206. 	/* .htaccess already has a rule for this, we don't need to do it twice */
    207. 

  207. 	
    208. 

  208. 	if ( ( $clean_urls != 'yes' ) && ( $sec_check === 1 ) ) {
    209. 

  209. 		if ( isset( $_REQUEST['_GET'] ) ) {
    210. 

  210. 			pixieExit();
    211. 

  211. 		}
    212. 

  212. 		if ( isset( $_REQUEST['_POST'] ) ) {
    213. 

  213. 			pixieExit();
    214. 

  214. 		}
    215. 

  215. 		if ( isset( $_REQUEST['_COOKIE'] ) ) {
    216. 

  216. 			pixieExit();
    217. 

  217. 		}
    218. 

  218. 		if ( isset( $_REQUEST['_SESSION'] ) ) {
    219. 

  219. 			pixieExit();
    220. 

  220. 		}
    221. 

  221. 		if ( isset( $_REQUEST['GLOBALS'] ) ) {
    222. 

  222. 			pixieExit();
    223. 

  223. 		}
    224. 

  224. 		if ( isset( $_REQUEST['_FILES'] ) ) {
    225. 

  225. 			pixieExit();
    226. 

  226. 		}
    227. 

  227. 		if ( isset( $_REQUEST['_REQUEST'] ) ) {
    228. 

  228. 			pixieExit();
    229. 

  229. 		}
    230. 

  230. 		if ( isset( $_REQUEST['_SERVER'] ) ) {
    231. 

  231. 			pixieExit();
    232. 

  232. 		}
    233. 

  233. 	}
    234. 

  234. 	
    235. 

  235. }
    236. 

  236. // ------------------------------------------------------------------
    237. 

  237. 

  238. /* A workaround for old versions of php */
    239. 

  239. // ------------------------------------------------------------------
    240. 

  240. function doSlash( $in )
    241. 

  241. {
    242. 

  242. 	if ( phpversion() >= '4.3.0' ) {
    243. 

  243. 		return doArray( $in, 'mysql_real_escape_string' );
    244. 

  244. 		
    245. 

  245. 	} else {
    246. 

  246. 		return doArray( $in, 'mysql_escape_string' );
    247. 

  247. 		
    248. 

  248. 	}
    249. 

  249. 	
    250. 

  250. }
    251. 

  251. // ------------------------------------------------------------------
    252. 

  252. 

  253. /* An array function */
    254. 

  254. // ------------------------------------------------------------------
    255. 

  255. function doArray( $in, $function )
    256. 

  256. {
    257. 

  257. 	return is_array( $in ) ? array_map( $function, $in ) : $function( $in );
    258. 

  258. 	
    259. 

  259. }
    260. 

  260. //-------------------------------------------------------------------
    261. 

  261. 

  262. /* A function to simply string in item_name format */
    263. 

  263. // ------------------------------------------------------------------
    264. 

  264. function simplify( $string )
    265. 

  265. {
    266. 

  266. 	$out    = str_replace( '_', " ", $string );
    267. 

  267. 	$strlen = strlen( $out );
    268. 

  268. 	$max    = 150; // find somwhere better for this?
    269. 

  269. 	
    270. 

  270. 	if ( $strlen > $max ) {
    271. 

  271. 		$out = substr( $out, 0, $max ) . '...';
    272. 

  272. 	}
    273. 

  273. 	
    274. 

  274. 	return ucfirst( $out );
    275. 

  275. 	
    276. 

  276. }
    277. 

  277. //-------------------------------------------------------------------
    278. 

  278. 

  279. /* A function chop length of string */
    280. 

  280. // ------------------------------------------------------------------
    281. 

  281. function chopme( $string, $length )
    282. 

  282. {
    283. 

  283. 	$strlen = strlen( $string );
    284. 

  284. 	$max    = $length;
    285. 

  285. 	
    286. 

  286. 	if ( $strlen > $max ) {
    287. 

  287. 		$string = substr( $string, 0, $max ) . '...';
    288. 

  288. 	}
    289. 

  289. 	
    290. 

  290. 	return $string;
    291. 

  291. 	
    292. 

  292. }
    293. 

  293. //-------------------------------------------------------------------
    294. 

  294. 

  295. /* A function for checking if its 404 time */
    296. 

  296. //-------------------------------------------------------------------
    297. 

  297. function check_404( $section )
    298. 

  298. {
    299. 

  299. 	$check = file_exists( "admin/modules/mod_{$section}.php" );
    300. 

  300. 	
    301. 

  301. 	if ( $check ) {
    302. 

  302. 		return $section;
    303. 

  303. 		
    304. 

  304. 	} else {
    305. 

  305. 		$section = '404';
    306. 

  306. 		
    307. 

  307. 		return $section;
    308. 

  308. 		
    309. 

  309. 	}
    310. 

  310. 	
    311. 

  311. }
    312. 

  312. //-------------------------------------------------------------------
    313. 

  313. 

  314. /* A Function for checking if its 404 time from public hit */
    315. 

  315. //-------------------------------------------------------------------
    316. 

  316. function public_check_404( $section )
    317. 

  317. {
    318. 

  318. 	$section = str_replace( '<x>', "", $section );
    319. 

  319. 	
    320. 

  320. 	if ( $section === 'rss' ) {
    321. 

  321. 		$check = safe_row( '*', 'pixie_core', "page_name = '$section' AND public = 'yes' limit 0,1" );
    322. 

  322. 		
    323. 

  323. 	} else {
    324. 

  324. 		$check = safe_row( '*', 'pixie_core', "page_name = '$section' AND public = 'yes' AND page_type != 'plugin' limit 0,1" );
    325. 

  325. 	}
    326. 

  326. 	
    327. 

  327. 	if ( $check ) {
    328. 

  328. 		return $section;
    329. 

  329. 		
    330. 

  330. 	} else {
    331. 

  331. 		$section = '404';
    332. 

  332. 		
    333. 

  333. 		return $section;
    334. 

  334. 	}
    335. 

  335. 	
    336. 

  336. }
    337. 

  337. //-------------------------------------------------------------------
    338. 

  338. 

  339. /* A function for checking what type of page we are dealing with */
    340. 

  340. //-------------------------------------------------------------------
    341. 

  341. function check_type( $section )
    342. 

  342. {
    343. 

  343. 	extract( safe_row( '*', 'pixie_core', "page_name = '$section' AND public = 'yes' limit 0,1" ) );
    344. 

  344. 	
    345. 

  345. 	if ( $page_type ) {
    346. 

  346. 		return $page_type;
    347. 

  347. 		
    348. 

  348. 	} else {
    349. 

  349. 		return 'Unable to find type of page in pixie_core. Has the page been deleted?';
    350. 

  350. 		
    351. 

  351. 	}
    352. 

  352. 	
    353. 

  353. }
    354. 

  354. //-------------------------------------------------------------------
    355. 

  355. 

  356. /* A function for deleting a file */
    357. 

  357. //-------------------------------------------------------------------
    358. 

  358. function file_delete( $file )
    359. 

  359. {
    360. 

  360. 	if ( unlink( $file ) ) {
    361. 

  361. 		return TRUE;
    362. 

  362. 		
    363. 

  363. 	} else {
    364. 

  364. 		return FALSE;
    365. 

  365. 		
    366. 

  366. 	}
    367. 

  367. 	
    368. 

  368. }
    369. 

  369. //-------------------------------------------------------------------
    370. 

  370. 

  371. /* A function to return current directory */
    372. 

  372. //-------------------------------------------------------------------
    373. 

  373. function current_dir()
    374. 

  374. {
    375. 

  375. 	$path     = dirname( $_SERVER['PHP_SELF'] );
    376. 

  376. 	$position = strrpos( $path, '/' ) + 1;
    377. 

  377. 	
    378. 

  378. 	return substr( $path, $position );
    379. 

  379. 	
    380. 

  380. }
    381. 

  381. //-------------------------------------------------------------------
    382. 

  382. 

  383. /* A function to return current page id */
    384. 

  384. //-------------------------------------------------------------------
    385. 

  385. function get_page_id( $section )
    386. 

  386. {
    387. 

  387. 	$page_id = safe_field( 'page_id', 'pixie_core', "page_name = '$section' AND public = 'yes' limit 0,1" );
    388. 

  388. 	
    389. 

  389. 	if ( $page_id ) {
    390. 

  390. 		return $page_id;
    391. 

  391. 		
    392. 

  392. 	}
    393. 

  393. 	
    394. 

  394. }
    395. 

  395. //-------------------------------------------------------------------
    396. 

  396. 

  397. /* function to create a safe string from special characters like those found in non-English languages */
    398. 

  398. //-------------------------------------------------------------------
    399. 

  399. function safe_string( $string )
    400. 

  400. {
    401. 

  401. 	$from   = explode( ',', '&lt;,&gt;,&#039;,&amp;,&quot;,Ŕ,Á,Â,Ă,Ä,&Auml;,Ĺ,?,?,?,Ć,Ç,?,?,?,?,?,?,Đ,Č,É,Ę,Ë,?,?,?,?,?,?,?,?,?,?,?,Ě,Í,Î,Ď,?,?,?,?,?,?,?,?,?,?,?,?,?,Ń,?,?,?,?,Ň,Ó,Ô,Ő,Ö,&Ouml;,Ř,?,?,?,Œ,?,?,?,?,Š,?,?,?,?,?,?,?,Ů,Ú,Ű,Ü,?,&Uuml;,?,?,?,?,?,?,Ý,?,Ÿ,?,Ž,?,Ţ,Ţ,ŕ,á,â,ă,ä,&auml;,ĺ,?,?,?,ć,ç,?,?,?,?,?,?,đ,č,é,ę,ë,?,?,?,?,?,ƒ,?,?,?,?,?,?,ě,í,î,ď,?,?,?,?,?,?,?,?,?,?,?,?,?,?,ń,?,?,?,?,?,ň,ó,ô,ő,ö,&ouml;,ř,?,?,?,œ,?,?,?,š,ů,ú,ű,ü,?,&uuml;,?,?,?,?,?,?,ý,˙,?,ž,?,?,ţ,ß,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?' );
    402. 

  402. 	$to     = explode( ',', ',,,,,A,A,A,A,Ae,A,A,A,A,A,Ae,C,C,C,C,C,D,D,D,E,E,E,E,E,E,E,E,E,G,G,G,G,H,H,I,I,I,I,I,I,I,I,I,IJ,J,K,K,K,K,K,K,N,N,N,N,N,O,O,O,O,Oe,Oe,O,O,O,O,OE,R,R,R,S,S,S,S,S,T,T,T,T,U,U,U,Ue,U,Ue,U,U,U,U,U,W,Y,Y,Y,Z,Z,Z,T,T,a,a,a,a,ae,ae,a,a,a,a,ae,c,c,c,c,c,d,d,d,e,e,e,e,e,e,e,e,e,f,g,g,g,g,h,h,i,i,i,i,i,i,i,i,i,ij,j,k,k,l,l,l,l,l,n,n,n,n,n,n,o,o,o,o,oe,oe,o,o,o,o,oe,r,r,r,s,u,u,u,ue,u,ue,u,u,u,u,u,w,y,y,y,z,z,z,t,ss,ss,A,B,V,G,D,E,YO,ZH,Z,I,Y,K,L,M,N,O,P,R,S,T,U,F,H,C,CH,SH,SCH,Y,Y,E,YU,YA,a,b,v,g,d,e,yo,zh,z,i,y,k,l,m,n,o,p,r,s,t,u,f,h,c,ch,sh,sch,y,y,e,yu,ya' );
    403. 

  403. 	$string = urldecode( str_replace( $from, $to, $string ) );
    404. 

  404. 	$string = preg_replace( '/[^a-zA-Z0-9 ]/', "", $string );
    405. 

  405. 	
    406. 

  406. 	return ( $string );
    407. 

  407. 	
    408. 

  408. }
    409. 

  409. //-------------------------------------------------------------------
    410. 

  410. 

  411. /* function to return a slug from post name */
    412. 

  412. //-------------------------------------------------------------------
    413. 

  413. function make_slug( $slug )
    414. 

  414. {
    415. 

  415. 	$slug = safe_string( $slug );
    416. 

  416. 	$slug = str_replace( ' ', '-', $slug );
    417. 

  417. 	$dash = array(
    418. 

  418. 		 '--',
    419. 

  419. 		'---',
    420. 

  420. 		'----',
    421. 

  421. 		'-----' 
    422. 

  422. 	);
    423. 

  423. 	$slug = strtolower( str_replace( $dash, '-', $slug ) );
    424. 

  424. 	
    425. 

  425. 	return ( $slug );
    426. 

  426. 	
    427. 

  427. }
    428. 

  428. //-------------------------------------------------------------------
    429. 

  429. 

  430. /* A function to correctly form tags */
    431. 

  431. //-------------------------------------------------------------------
    432. 

  432. function make_tag( $tags )
    433. 

  433. {
    434. 

  434. 	if ( isset( $tags ) ) {
    435. 

  435. 		$tags = explode( " ", $tags );
    436. 

  436. 		
    437. 

  437. 		for ( $count = 0; $count < ( count( $tags ) ); $count++ ) {
    438. 

  438. 			$current = $tags[$count];
    439. 

  439. 			
    440. 

  440. 			if ( $current != "" ) {
    441. 

  441. 				$current = safe_string( $current );
    442. 

  442. 				
    443. 

  443. 				if ( ( isset( $all_tag ) ) ) {
    444. 

  444. 				} else {
    445. 

  445. 					$all_tag = NULL;
    446. 

  446. 				}
    447. 

  447. 				
    448. 

  448. 				$all_tag .= $current . " ";
    449. 

  449. 			}
    450. 

  450. 		}
    451. 

  451. 		
    452. 

  452. 		return rtrim( $all_tag );
    453. 

  453. 		
    454. 

  454. 	}
    455. 

  455. 	
    456. 

  456. }
    457. 

  457. //-------------------------------------------------------------------
    458. 

  458. 

  459. /* A function to revert slug / used for tags only */
    460. 

  460. //-------------------------------------------------------------------
    461. 

  461. function squash_slug( $title )
    462. 

  462. {
    463. 

  463. 	$slug = str_replace( '-', " ", $title );
    464. 

  464. 	
    465. 

  465. 	return strtolower( $slug );
    466. 

  466. 	
    467. 

  467. }
    468. 

  468. //-------------------------------------------------------------------
    469. 

  469. 

  470. /* A function to check if a page is installed and public */
    471. 

  471. //-------------------------------------------------------------------
    472. 

  472. function public_page_exists( $page_name )
    473. 

  473. {
    474. 

  474. 	$rs = safe_row( '*', 'pixie_core', "page_name = '$page_name' AND public = 'yes' limit 0,1" );
    475. 

  475. 	
    476. 

  476. 	if ( $rs ) {
    477. 

  477. 		return TRUE;
    478. 

  478. 		
    479. 

  479. 	} else {
    480. 

  480. 		return FALSE;
    481. 

  481. 		
    482. 

  482. 	}
    483. 

  483. 	
    484. 

  484. }
    485. 

  485. //-------------------------------------------------------------------
    486. 

  486. 

  487. /* A function to check if a number is odd or even */
    488. 

  488. //-------------------------------------------------------------------
    489. 

  489. function is_even( $number )
    490. 

  490. {
    491. 

  491. 	$result = $number % 2;
    492. 

  492. 	
    493. 

  493. 	if ( $result == 0 ) {
    494. 

  494. 		return TRUE;
    495. 

  495. 		
    496. 

  496. 	} else {
    497. 

  497. 		return FALSE;
    498. 

  498. 		
    499. 

  499. 	}
    500. 

  500. 	
    501. 

  501. }
    502. 

  502. //-------------------------------------------------------------------
    503. 

  503. 

  504. /* Allow PHP/HTML to be written into textarea */
    505. 

  505. //-------------------------------------------------------------------
    506. 

  506. function textarea_encode( $html_code )
    507. 

  507. {
    508. 

  508. 	$from      = array(
    509. 

  509. 		 '<',
    510. 

  510. 		'>' 
    511. 

  511. 	);
    512. 

  512. 	$to        = array(
    513. 

  513. 		 '#&50',
    514. 

  514. 		'#&52' 
    515. 

  515. 	);
    516. 

  516. 	$html_code = str_replace( $from, $to, $html_code );
    517. 

  517. 	
    518. 

  518. 	return $html_code;
    519. 

  519. 	
    520. 

  520. }
    521. 

  521. //-------------------------------------------------------------------
    522. 

  522. 

  523. /* Output title of current section for admin area */
    524. 

  524. //-------------------------------------------------------------------
    525. 

  525. function build_admin_title()
    526. 

  526. {
    527. 

  527. 	global $version, $lang, $s, $m, $x, $do;
    528. 

  528. 	/* myaccount */
    529. 

  529. 	if ( ( isset( $s ) ) && ( $s == 'myaccount' ) ) {
    530. 

  530. 		$title = $lang['nav1_home'] . ' - ' . $lang['nav2_home'];
    531. 

  531. 	}
    532. 

  532. 	if ( ( isset( $s ) ) && ( $s == 'myaccount' ) && ( $x == 'myprofile' ) ) {
    533. 

  533. 		$title = $lang['nav1_home'] . ' - ' . $lang['nav2_profile'];
    534. 

  534. 	}
    535. 

  535. 	if ( ( isset( $s ) ) && ( $s == 'myaccount' ) && ( $x == 'myprofile' ) && ( $do == 'security' ) ) {
    536. 

  536. 		$title = $lang['nav1_home'] . ' - ' . $lang['nav2_security'];
    537. 

  537. 	}
    538. 

  538. 	/* publish - (needs expanding!) */
    539. 

  539. 	if ( ( isset( $s ) ) && ( $s == 'publish' ) ) {
    540. 

  540. 		$title = $lang['nav1_publish'];
    541. 

  541. 	}
    542. 

  542. 	if ( ( isset( $s ) ) && ( $s == 'publish' ) && ( $x == 'filemanager' ) ) {
    543. 

  543. 		$title = $lang['nav1_publish'] . ' - ' . $lang['nav2_files'];
    544. 

  544. 	}
    545. 

  545. 	/* settings - needs expanding! */
    546. 

  546. 	if ( ( isset( $s ) ) && ( $s == 'settings' ) ) {
    547. 

  547. 		$title = $lang['nav1_settings'];
    548. 

  548. 	}
    549. 

  549. 	if ( ( isset( $s ) ) && ( $s == 'settings' ) && ( $m == 'theme' ) ) {
    550. 

  550. 		$title = $lang['nav1_settings'] . ' - ' . $lang['nav2_theme'];
    551. 

  551. 	}
    552. 

  552. 	if ( ( isset( $s ) ) && ( $s == 'settings' ) && ( $m == 'users' ) ) {
    553. 

  553. 		$title = $lang['nav1_settings'] . ' - ' . $lang['nav2_users'];
    554. 

  554. 	}
    555. 

  555. 	if ( ( isset( $s ) ) && ( $s == 'settings' ) && ( $x == 'dbtools' ) ) {
    556. 

  556. 		$title = $lang['nav1_settings'] . ' - ' . $lang['nav2_backup'];
    557. 

  557. 	}
    558. 

  558. 	if ( ( isset( $version ) ) && ( isset( $title ) ) ) {
    559. 

  559. 		echo "Pixie v{$version} : {$title}";
    560. 

  560. 	} else {
    561. 

  561. 		echo "Pixie v{$version}";
    562. 

  562. 	}
    563. 

  563. 	
    564. 

  564. }
    565. 

  565. //-------------------------------------------------------------------
    566. 

  566. 

  567. /*  Create a clean or ugly url based on the Pixie setting */
    568. 

  568. //-------------------------------------------------------------------
    569. 

  569. function createURL( $s, $m = '', $x = '', $p = '' )
    570. 

  570. {
    571. 

  571. 	global $site_url, $clean_urls;
    572. 

  572. 	
    573. 

  573. 	if ( $clean_urls === 'yes' ) {
    574. 

  574. 		$return = "{$site_url}{$s}/{$m}/{$x}/{$p}";
    575. 

  575. 		$slash  = array(
    576. 

  576. 			 '//',
    577. 

  577. 			'///',
    578. 

  578. 			'////' 
    579. 

  579. 		);
    580. 

  580. 		$return = str_replace( $slash, "", $return );
    581. 

  581. 		$return = str_replace( 'http:', 'http://', $return );
    582. 

  582. 		$last   = $return{strlen( $return ) - 1};
    583. 

  583. 		
    584. 

  584. 		if ( $last != '/' ) {
    585. 

  585. 			$return = "{$return}/";
    586. 

  586. 		}
    587. 

  587. 		
    588. 

  588. 		return $return;
    589. 

  589. 		
    590. 

  590. 	} else {
    591. 

  591. 		$return = "{$site_url}?s={$s}&m={$m}&x={$x}&p={$p}";
    592. 

  592. 		$return = str_replace( '&m=&x=&p=', "", $return );
    593. 

  593. 		$return = str_replace( '&x=&p=', "", $return );
    594. 

  594. 		
    595. 

  595. 		if ( !$p ) {
    596. 

  596. 			$return = str_replace( '&p=', "", $return );
    597. 

  597. 		}
    598. 

  598. 		$return = htmlspecialchars( $return, ENT_QUOTES, 'UTF-8' );
    599. 

  599. 		
    600. 

  600. 		return $return;
    601. 

  601. 		
    602. 

  602. 	}
    603. 

  603. 	
    604. 

  604. }
    605. 

  605. //-------------------------------------------------------------------
    606. 

  606. 

  607. /* Reset the page order */
    608. 

  608. //-------------------------------------------------------------------
    609. 

  609. function page_order_reset()
    610. 

  610. {
    611. 

  611. 	$pages = safe_rows( '*', 'pixie_core', "public = 'yes' and in_navigation = 'yes' order by page_order asc" );
    612. 

  612. 	$num   = count( $pages );
    613. 

  613. 	$i     = 0;
    614. 

  614. 	
    615. 

  615. 	while ( $i < $num ) {
    616. 

  616. 		$out     = $pages[$i];
    617. 

  617. 		$page_id = $out['page_id'];
    618. 

  618. 		safe_update( 'pixie_core', "page_order  = $i + 1", "page_id = '$page_id'" );
    619. 

  619. 		$i++;
    620. 

  620. 	}
    621. 

  621. 	
    622. 

  622. }
    623. 

  623. //-------------------------------------------------------------------
    624. 

  624. 

  625. /* Create list of blocks with form adder */
    626. 

  626. //-------------------------------------------------------------------
    627. 

  627. function form_blocks()
    628. 

  628. {
    629. 

  629. 	global $s, $m, $x, $site_url, $lang;
    630. 

  630. 	$dir = './blocks';
    631. 

  631. 	
    632. 

  632. 	if ( ( is_dir( $dir ) ) ) {
    633. 

  633. 		$fd = @opendir( $dir );
    634. 

  634. 		
    635. 

  635. 		if ( $fd ) {
    636. 

  636. 			while ( ( $part = @readdir( $fd ) ) == TRUE ) {
    637. 

  637. 				if ( ( $part != '.' ) && ( $part != '..' ) ) {
    638. 

  638. 					if ( ( $part != 'index.php' ) && ( preg_match( '/^block_.*\.php$/', $part ) ) ) {
    639. 

  639. 						$part = str_replace( 'block_', "", $part );
    640. 

  640. 						$part = str_replace( '.php', "", $part );
    641. 

  641. 						
    642. 

  642. 						if ( isset( $cloud ) ) {
    643. 

  643. 						} else {
    644. 

  644. 							$cloud = NULL;
    645. 

  645. 						}
    646. 

  646. 						
    647. 

  647. 						$cloud .= "\t\t\t\t\t\t\t\t\t<a href=\"#\" title=\"Add block: $part\">$part</a>\n";
    648. 

  648. 					}
    649. 

  649. 				}
    650. 

  650. 			}
    651. 

  651. 		}
    652. 

  652. 	}
    653. 

  653. 	
    654. 

  654. 	if ( ( isset( $cloud ) ) && ( $cloud ) ) {
    655. 

  655. 		$cloud = substr( $cloud, 0, ( strlen( $cloud ) - 1 ) ) . "";
    656. 

  656. 		echo "\t\t\t\t\t\t\t\t<div class=\"form_block_suggestions\" id=\"form_block_list\">";
    657. 

  657. 		echo "<span class=\"form_block_suggestions_text\">" . $lang['form_help_current_blocks'] . "</span>\n $cloud\n";
    658. 

  658. 		echo "\t\t\t\t\t\t\t\t</div>\n";
    659. 

  659. 	}
    660. 

  660. 	
    661. 

  661. }
    662. 

  662. //-------------------------------------------------------------------
    663. 

  663. 

  664. /* Protect email from spam bots */
    665. 

  665. //-------------------------------------------------------------------
    666. 

  666. function encode_email( $emailaddy, $mailto = 0 )
    667. 

  667. {
    668. 

  668. 	$emailNOSPAMaddy = '';
    669. 

  669. 	srand( (float) microtime() * 1000000 );
    670. 

  670. 	
    671. 

  671. 	for ( $i = 0; $i < strlen( $emailaddy ); $i = $i + 1 ) {
    672. 

  672. 		$j = floor( rand( 0, 1 + $mailto ) );
    673. 

  673. 		
    674. 

  674. 		if ( $j == 0 ) {
    675. 

  675. 			$emailNOSPAMaddy .= '&#' . ord( substr( $emailaddy, $i, 1 ) ) . ';';
    676. 

  676. 			
    677. 

  677. 		} elseif ( $j === 1 ) {
    678. 

  678. 			$emailNOSPAMaddy .= substr( $emailaddy, $i, 1 );
    679. 

  679. 			
    680. 

  680. 		} elseif ( $j === 2 ) {
    681. 

  681. 			$emailNOSPAMaddy .= '%' . zeroise( dechex( ord( substr( $emailaddy, $i, 1 ) ) ), 2 );
    682. 

  682. 		}
    683. 

  683. 	}
    684. 

  684. 	
    685. 

  685. 	$emailNOSPAMaddy = str_replace( '@', '&#64;', $emailNOSPAMaddy );
    686. 

  686. 	
    687. 

  687. 	return $emailNOSPAMaddy;
    688. 

  688. 	
    689. 

  689. }
    690. 

  690. //-------------------------------------------------------------------
    691. 

  691. 

  692. /* Get extended entry info (<!--more-->) */
    693. 

  693. //-------------------------------------------------------------------
    694. 

  694. function get_extended( $post )
    695. 

  695. {
    696. 

  696. 	/* Match the more links */
    697. 

  697. 	
    698. 

  698. 	if ( preg_match( '/<!--more(.*?)?-->/', $post, $matches ) ) {
    699. 

  699. 		list( $main, $extended ) = explode( $matches[0], $post, 2 );
    700. 

  700. 		
    701. 

  701. 	} else {
    702. 

  702. 		$main     = $post;
    703. 

  703. 		$extended = '';
    704. 

  704. 	}
    705. 

  705. 	
    706. 

  706. 	/* Strip leading and trailing whitespace */
    707. 

  707. 	
    708. 

  708. 	$main     = preg_replace( '/^[\s]*(.*)[\s]*$/', '\\1', $main );
    709. 

  709. 	$extended = preg_replace( '/^[\s]*(.*)[\s]*$/', '\\1', $extended );
    710. 

  710. 	
    711. 

  711. 	return array(
    712. 

  712. 		 'main' => $main,
    713. 

  713. 		'extended' => $extended 
    714. 

  714. 	);
    715. 

  715. 	
    716. 

  716. }
    717. 

  717. //-------------------------------------------------------------------
    718. 

  718. 

  719. /* Don't call sterilise unless necessary */
    720. 

  720. //-------------------------------------------------------------------
    721. 

  721. function sterilise_txt( $txt, $is_sql = FALSE )
    722. 

  722. {
    723. 

  723. 	if ( !preg_match( '/^[a-zA-ZŔÁÂĂÄĹ???ĆÇ??????ĐČÉĘË???????????ĚÍÎĎ?????????????Ń????ŇÓÔŐÖŘ???Œ????Š???????ŮÚŰÜ???????Ý?Ÿ?Ž?ŢŢŕáâăäĺ???ćç??????đčéęë?????ƒ??????ěíîď??????????????ń?????ňóôőöř???œ???šůúűü???????ý˙?ž??ţß?????????????????????????????????????????????????????????????????0-9\_]+$/', $txt ) )
    724. 

  724. 		return sterilise( $txt, $is_sql );
    725. 

  725. 	
    726. 

  726. 	return $txt;
    727. 

  727. 	
    728. 

  728. }
    729. 

  729. //-------------------------------------------------------------------
    730. 

  730. 

  731. /* Steralise user input, security against XSS etc */
    732. 

  732. //-------------------------------------------------------------------
    733. 

  733. function sterilise( $val, $is_sql = FALSE )
    734. 

  734. {
    735. 

  735. 	/* 	Remove all non-printable characters. CR(0a) and LF(0b) and TAB(9) are allowed
    736. 

  736. 	this prevents some character re-spacing such as <java\0script>
    737. 

  737. 	note that you have to handle splits with \n, \r, and \t later since they *are* allowed in some inputs	 */
    738. 

  738. 	
    739. 

  739. 	$val = preg_replace( '/([\x00-\x08,\x0b-\x0c,\x0e-\x19])/', '', $val );
    740. 

  740. 	
    741. 

  741. 	/* 	Straight replacements, the user should never need these since they're normal characters
    742. 

  742. 	this prevents like <IMG SRC=&#X40&#X61&#X76&#X61&#X73&#X63&#X72&#X69&#X70&#X74&#X3A&#X61&#X6C&#X65&#X72&#X74&#X28&#X27&#X58&#X53&#X53&#X27&#X29> 	*/
    743. 

  743. 	
    744. 

  744. 	$search = 'abcdefghijklmnopqrstuvwxyz';
    745. 

  745. 	$search .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
    746. 

  746. 	$search .= '1234567890!@#$%^&*()';
    747. 

  747. 	$search .= '~`";:?+/={}[]-_|\'\\';
    748. 

  748. 	$search .= 'ŔÁÂĂÄĹ???ĆÇ??????ĐČÉĘË???????????ĚÍÎĎ?????????????Ń????ŇÓÔŐÖŘ???Œ????Š???????ŮÚŰÜ???????Ý?Ÿ?Ž?ŢŢŕáâăäĺ???ćç??????đčéęë?????ƒ??????ěíîď??????????????ń?????ňóôőöř???œ???šůúűü???????ý˙?ž??ţß?????????????????????????????????????????????????????????????????';
    749. 

  749. 	
    750. 

  750. 	for ( $i = 0; $i < strlen( $search ); $i++ ) {
    751. 

  751. 		/* 	;? matches the ;, which is optional
    752. 

  752. 		0{0,7} matches any padded zeros, which are optional and go up to 8 chars
    753. 

  753. 		
    754. 

  754. 		&#x0040 @ search for the hex values 	*/
    755. 

  755. 		
    756. 

  756. 		$val = preg_replace( '/(&#[xX]0{0,8}' . dechex( ord( $search[$i] ) ) . ';?)/i', $search[$i], $val );
    757. 

  757. 		/* With a ; */
    758. 

  758. 		
    759. 

  759. 		/* &#00064 @ 0{0,7} matches '0' zero to seven times */
    760. 

  760. 		
    761. 

  761. 		$val = preg_replace( '/(&#0{0,8}' . ord( $search[$i] ) . ';?)/', $search[$i], $val );
    762. 

  762. 		/* With a ; */
    763. 

  763. 	}
    764. 

  764. 	
    765. 

  765. 	/* now the only remaining whitespace attacks are \t, \n, and \r */
    766. 

  766. 	
    767. 

  767. 	$ra1   = Array(
    768. 

  768. 		 'javascript',
    769. 

  769. 		'vbscript',
    770. 

  770. 		'expression',
    771. 

  771. 		'applet',
    772. 

  772. 		'meta',
    773. 

  773. 		'xml',
    774. 

  774. 		'blink',
    775. 

  775. 		'link',
    776. 

  776. 		'style',
    777. 

  777. 		'script',
    778. 

  778. 		'embed',
    779. 

  779. 		'object',
    780. 

  780. 		'iframe',
    781. 

  781. 		'frame',
    782. 

  782. 		'frameset',
    783. 

  783. 		'ilayer',
    784. 

  784. 		'layer',
    785. 

  785. 		'bgsound',
    786. 

  786. 		'title',
    787. 

  787. 		'base' 
    788. 

  788. 	);
    789. 

  789. 	$ra2   = Array(
    790. 

  790. 		 'onabort',
    791. 

  791. 		'onactivate',
    792. 

  792. 		'onafterprint',
    793. 

  793. 		'onafterupdate',
    794. 

  794. 		'onbeforeactivate',
    795. 

  795. 		'onbeforecopy',
    796. 

  796. 		'onbeforecut',
    797. 

  797. 		'onbeforedeactivate',
    798. 

  798. 		'onbeforeeditfocus',
    799. 

  799. 		'onbeforepaste',
    800. 

  800. 		'onbeforeprint',
    801. 

  801. 		'onbeforeunload',
    802. 

  802. 		'onbeforeupdate',
    803. 

  803. 		'onblur',
    804. 

  804. 		'onbounce',
    805. 

  805. 		'oncellchange',
    806. 

  806. 		'onchange',
    807. 

  807. 		'onclick',
    808. 

  808. 		'oncontextmenu',
    809. 

  809. 		'oncontrolselect',
    810. 

  810. 		'oncopy',
    811. 

  811. 		'oncut',
    812. 

  812. 		'ondataavailable',
    813. 

  813. 		'ondatasetchanged',
    814. 

  814. 		'ondatasetcomplete',
    815. 

  815. 		'ondblclick',
    816. 

  816. 		'ondeactivate',
    817. 

  817. 		'ondrag',
    818. 

  818. 		'ondragend',
    819. 

  819. 		'ondragenter',
    820. 

  820. 		'ondragleave',
    821. 

  821. 		'ondragover',
    822. 

  822. 		'ondragstart',
    823. 

  823. 		'ondrop',
    824. 

  824. 		'onerror',
    825. 

  825. 		'onerrorupdate',
    826. 

  826. 		'onfilterchange',
    827. 

  827. 		'onfinish',
    828. 

  828. 		'onfocus',
    829. 

  829. 		'onfocusin',
    830. 

  830. 		'onfocusout',
    831. 

  831. 		'onhelp',
    832. 

  832. 		'onkeydown',
    833. 

  833. 		'onkeypress',
    834. 

  834. 		'onkeyup',
    835. 

  835. 		'onlayoutcomplete',
    836. 

  836. 		'onload',
    837. 

  837. 		'onlosecapture',
    838. 

  838. 		'onmousedown',
    839. 

  839. 		'onmouseenter',
    840. 

  840. 		'onmouseleave',
    841. 

  841. 		'onmousemove',
    842. 

  842. 		'onmouseout',
    843. 

  843. 		'onmouseover',
    844. 

  844. 		'onmouseup',
    845. 

  845. 		'onmousewheel',
    846. 

  846. 		'onmove',
    847. 

  847. 		'onmoveend',
    848. 

  848. 		'onmovestart',
    849. 

  849. 		'onpaste',
    850. 

  850. 		'onpropertychange',
    851. 

  851. 		'onreadystatechange',
    852. 

  852. 		'onreset',
    853. 

  853. 		'onresize',
    854. 

  854. 		'onresizeend',
    855. 

  855. 		'onresizestart',
    856. 

  856. 		'onrowenter',
    857. 

  857. 		'onrowexit',
    858. 

  858. 		'onrowsdelete',
    859. 

  859. 		'onrowsinserted',
    860. 

  860. 		'onscroll',
    861. 

  861. 		'onselect',
    862. 

  862. 		'onselectionchange',
    863. 

  863. 		'onselectstart',
    864. 

  864. 		'onstart',
    865. 

  865. 		'onstop',
    866. 

  866. 		'onsubmit',
    867. 

  867. 		'onunload' 
    868. 

  868. 	);
    869. 

  869. 	$ra    = array_merge( $ra1, $ra2 );
    870. 

  870. 	$found = TRUE;
    871. 

  871. 	/* keep replacing as long as the previous round replaced something */
    872. 

  872. 	
    873. 

  873. 	while ( $found === TRUE ) {
    874. 

  874. 		$val_before = $val;
    875. 

  875. 		
    876. 

  876. 		for ( $i = 0; $i < sizeof( $ra ); $i++ ) {
    877. 

  877. 			$pattern = '/';
    878. 

  878. 			
    879. 

  879. 			for ( $j = 0; $j < strlen( $ra[$i] ); $j++ ) {
    880. 

  880. 				if ( $j > 0 ) {
    881. 

  881. 					$pattern .= '(';
    882. 

  882. 					$pattern .= '(&#[xX]0{0,8}([9ab]);)';
    883. 

  883. 					$pattern .= '|';
    884. 

  884. 					$pattern .= '|(&#0{0,8}([9|10|13]);)';
    885. 

  885. 					$pattern .= ')*';
    886. 

  886. 				}
    887. 

  887. 				$pattern .= $ra[$i][$j];
    888. 

  888. 			}
    889. 

  889. 			$pattern .= '/i';
    890. 

  890. 			$replacement = substr( $ra[$i], 0, 2 ) . '<x>' . substr( $ra[$i], 2 );
    891. 

  891. 			/* Add in <> to nerf the tag */
    892. 

  892. 			$val         = preg_replace( $pattern, $replacement, $val );
    893. 

  893. 			/* Filter out the hex tags */
    894. 

  894. 			
    895. 

  895. 			if ( $val_before == $val ) {
    896. 

  896. 				/* No replacements were made, so exit the loop */
    897. 

  897. 				
    898. 

  898. 				$found = FALSE;
    899. 

  899. 			}
    900. 

  900. 		}
    901. 

  901. 	}
    902. 

  902. 	
    903. 

  903. 	if ( $is_sql ) {
    904. 

  904. 		$val = mysql_real_escape_string( $val );
    905. 

  905. 	}
    906. 

  906. 	
    907. 

  907. 	return $val;
    908. 

  908. 	
    909. 

  909. }
    910. 

  910. ?>
    911.