/ festos/core/core.php
PHP | 405 lines | 262 code | 55 blank | 88 comment | 49 complexity | 616a346ef279f64a109140557566500e MD5 | raw file
Possible License(s): LGPL-2.1, BSD-3-Clause
- <?php
- /* **************************************************
- Copyright (c) 2008, Skypanther(r) Studios, Inc.
- Skypanther(r) is a registered trademark of Skypanther Studios, Inc.
- ************************************************** */
-
- /*
- * DON'T CHANGE ANYTHING IN THIS FILE
- * ALL CONFIGURATION IS DONE IN config.php AND lang.PHP
- */
- require_once(dirname(dirname(__FILE__)).'/core/config.php');
- define('THEMEDIR',$config["ABSOLUTE_FILE_PATH"].'themes/'.$config["THEME"]);
- error_reporting($config['ERRORLEVEL']);
-
- $config["ARTISTS_APPTYPID"] = '1';
- $config["EXHIBITORS_APPTYPID"] = '2';
- $config["FOODVENDORS_APPTYPID"] = '3';
- $config["ENTERTAINERS_APPTYPID"] = '4';
- $config["VOLUNTEERS_APPTYPID"] = '5';
-
-
- /* INCLUDE THE CORE FILES OF THE APPLICATION */
- require_once($config['ABSOLUTE_FILE_PATH'].'cache/dates.php');
- require_once($config['ABSOLUTE_FILE_PATH'].'cache/roleinfo.php');
- require_once($config['ABSOLUTE_FILE_PATH']."cache/lang.php");
- require_once($config['ABSOLUTE_FILE_PATH']."cache/photolang.php");
- require_once($config['ABSOLUTE_FILE_PATH']."core/output.php");
- require_once($config['ABSOLUTE_FILE_PATH']."core/FestOS.php");
- $festos = new FestOS($config);
-
-
- //error_reporting($config['ERRORLEVEL']);
-
-
- /* APPLICATION CONSTANTS - DON'T CHANGE THESE!!!! */
- define('ADMINISTRATOR_ROLE_ID',1);
- define('VENDOR_ROLE_ID',2);
- define('USER_ROLE_ID',3);
-
- /* INCLUDE THE MAIL HANDLING FUNCTIONS...OKAY, SO NOT EVERY PAGE WILL NEED THEM
- SO THIS IS A RESOURCE WASTE. I'LL PUT THESE WHERE THEY BELONG SOMEDAY */
- require_once($config['ABSOLUTE_FILE_PATH'].'core/check_email_address.php');
- require_once($config['ABSOLUTE_FILE_PATH'].'core/class.phpmailer.php');
- require_once($config['ABSOLUTE_FILE_PATH'].'core/class.smtp.php');
-
-
- /* SOME FUNCTIONS THAT WE'LL USE A LOT, SO THEY'RE INCLUDED EVERYWHERE */
- ## #####################################################
- ## despam()
- ## Modifies an email address to make it less spam-scraper-friendly
- ## despam($email, $linkText)
- ## returns a complete mailto link
- ## #####################################################
- function despam($email) {
- $partA = substr($email,0, strpos($email,'@'));
- $partB = substr($email,strpos($email,'@'));
- $linkText = (func_num_args() == 2) ? func_get_arg(1) : $email;
- $linkText = str_replace('@', '<span class="nospam">@</span> ', $linkText);
- return '<a href="#" onClick=\'a="'.$partA.'";this.href="mail"+"to:"+a+"'.$partB.'";\'>'.$linkText.'</a>';
- }
-
-
- ## #####################################################
- ## sendEmail()
- ## sends an email using mailer values in config.php
- ## returns nothing on success, phpMailer error string on failure
- ## #####################################################
-
- function sendEmail($to, $subject, $message) {
- global $festos, $lang, $config;
- // email address is good, process message
- $mail = new PHPMailer();
- $mail->SetLanguage($config['PHPMAILER_LANGUAGE'], $config['ABSOLUTE_FILE_PATH'].'/core/language');
- $mail->IsSMTP(); // telling the class to use SMTP
- $mail->SMTPAuth = $config['SMTP_AUTH']; // telling the class to use SMTP Auth
- $mail->Username = $config['SMTP_USER'];
- $mail->Password = $config['SMTP_USER_PASSWORD'];
- $mail->Host = $config['SMTP_SERVER'];
-
- $mail->From = (isset($festos->email) && $festos->email!='') ? $festos->email : $config['SMTP_SENDER'];
- $mail->FromName = (isset($festos->nickname) && $festos->nickname!='') ? $festos->nickname : '';
-
- if(strpos($to, ',')!==FALSE) {
- // if (substr_count($mystring, "Hello") == 0)
- // passed multiple addresses, so, explode it and add them all
- $toArray = explode(',',$to);
- $cnt=count($toArray);
- for($i=0;$i<$cnt;$i++) {
- $mail->AddAddress($toArray[$i]);
- } // end for()
- } else {
- // passed a single address, add it as the to list
- $mail->AddAddress($to);
- } // end if(strpos...
-
- $mail->Subject = $subject;
- $mail->Body = $message;
- $mail->WordWrap = 70;
-
- if(!$mail->Send()) {
- return $lang['phpmailer_error'] . $mail->ErrorInfo;
- }
- }
-
- ## #####################################################
- ## generatePassword()
- ## Generates a random password
- ## returns string
- ## #####################################################
- function generatePassword ($length = 8) {
-
- // start with a blank password
- $password = "";
-
- // define possible characters
- $possible = "0123456789bcdfghjkmnpqrstvwxyz";
-
- // set up a counter
- $i = 0;
-
- // add random characters to $password until $length is reached
- while ($i < $length) {
-
- // pick a random character from the possible ones
- $char = substr($possible, mt_rand(0, strlen($possible)-1), 1);
-
- // we don't want this character if it's already in the password
- if (!strstr($password, $char)) {
- $password .= $char;
- $i++;
- }
-
- }
-
- // done!
- return $password;
-
- }
-
- ## #####################################################
- ## passTheQueryString()
- ## Given the $_GET array, build a query string that can be
- ## appended to a URL for passing to a page, include, or template
- ## returns string
- ## #####################################################
- function passTheQueryString($q) {
- // TAKES THE $_GET ARRAY AND BUILDS A NEW QUERY STRING
- // FROM IT, FOR PASSING TO INCLUDED PAGES AND TEMPLATES
- $str = '';
- if(count($q)>0) {
- $str = '?';
- foreach($q as $qskey => $qsval) {
- $str .= ($qskey.'='.$qsval.'&');
- }
- }
- return rtrim($str,'&');
- }
-
- ## #####################################################
- ## ParamTester class
- ## Object class for checking a querystring parameter, options
- ## include testing for required value, integer value, etc.
- ## Use example:
- ## $pt = new ParamTester($_GET, 'id','integer','login.php');
- ## $pt->go();
- ## Above would check that the id was an integer, if not, would redirect to the login.php page
- ## #####################################################
- class ParamTester {
- var $coll;
- var $vbl;
- var $varToTest;
- var $type;
- var $redir;
-
- function ParamTester ($coll, $vbl, $type = 'integer', $redir = 'index.php') {
- $this->coll = &$coll; // collection ($_GET or $_POST normally)
- $this->vbl = $vbl; // var within the collection to actually test
- $this->type = $type; // data type
- $this->redir = $redir; // redirection URL
- }
-
- function setColl ($theColl) {
- $this->coll = $theColl;
- }
- function setVarToTest ($theVar) {
- $this->vbl = $theVar;
- }
- function setCheckType ($t) {
- $this->type = $t;
- }
- function setRedirURL ($u) {
- $this->redir = $u;
- }
- function go() {
- if(!isset($this->coll) || !isset($this->vbl) || !isset($this->coll[$this->vbl]) ) {
- // first, handle the cases where variables aren't set or the variable isn't in the collection
- header('Location:'.$this->redir);
- die();
- }
- $this->varToTest = $this->coll[$this->vbl];
- switch($this->type) {
- case 'integer':
- if(!isset($this->varToTest) || ctype_digit($this->varToTest)===FALSE) {
- header('Location:'.$this->redir);
- die();
- }
- break;
- case 'required':
- if(!isset($this->varToTest)) {
- header('Location:'.$this->redir);
- die();
- }
- break;
- case 'string':
- if(!isset($this->varToTest) || ctype_alnum($this->varToTest)===FALSE) {
- header('Location:'.$this->redir);
- die();
- }
- break;
- case 'letters':
- if(!isset($this->varToTest) || ctype_alpha($this->varToTest)===FALSE) {
- header('Location:'.$this->redir);
- die();
- }
- break;
- }
- }
- } // end ParamTester
-
-
- ## #####################################################
- ## VarTester class
- ## Object class for checking a variable (typically a querystring parameter
- ## that could be passed as either a GET or POST param)
- ## Essentially a copy of the ParamTester class
- ## Use example:
- ## $vt = new VarTester($vbl,'integer','login.php');
- ## $vt->go();
- ## Above would check that $vbl is set, is an integer, and if not, would redirect to the login.php page
- ## #####################################################
- class VarTester {
- var $vbl;
- var $type;
- var $redir;
-
- function VarTester ( $vbl, $type = 'integer', $redir = 'index.php') {
- $this->vbl = $vbl; // var within the collection to actually test
- $this->type = $type; // data type
- $this->redir = $redir; // redirection URL
- }
-
- function setVarToTest ($theVar) {
- $this->vbl = $theVar;
- }
- function setCheckType ($t) {
- $this->type = $t;
- }
- function setRedirURL ($u) {
- $this->redir = $u;
- }
- function go() {
- switch($this->vbl) {
- case 'integer':
- if(!isset($this->vbl) || ctype_digit($this->vbl)===FALSE) {
- header('Location:'.$this->redir);
- die();
- }
- break;
- case 'required':
- if(!isset($this->vbl)) {
- header('Location:'.$this->redir);
- die();
- }
- break;
- case 'string':
- if(!isset($this->vbl) || ctype_alnum($this->vbl)===FALSE) {
- header('Location:'.$this->redir);
- die();
- }
- break;
- case 'letters':
- if(!isset($this->vbl) || ctype_alpha($this->vbl)===FALSE) {
- header('Location:'.$this->redir);
- die();
- }
- break;
- }
- }
- } // end VarTester
-
-
- /* ************************************************************
- Geocoding function from http://www.hostip.info
- ************************************************************ */
- function hostip_geocode($ip_address){
-
- $url = "http://api.hostip.info/get_html.php?ip=$ip_address&position=true";
- $ch = curl_init(); // initialize curl handle
- curl_setopt($ch, CURLOPT_URL,$url); // set url to post to
- curl_setopt($ch, CURLOPT_RETURNTRANSFER,1); // return into a variable
- curl_setopt($ch, CURLOPT_TIMEOUT, 4); // times out after 4s
- curl_setopt($ch, CURLOPT_POSTFIELDS, $XPost); // add POST fields
- $result = curl_exec($ch); // run the whole process
-
- //print $result . "<BR>";
-
- //print "$url<BR>$result<BR>";
-
- $find_string = "Country:";
- $start = strpos($result,$find_string);
- if ($start != false){
- $start = strpos($result,$find_string);
- $line_end = strpos($result,"\n",$start) - strlen($find_string) - $start;
- $geocode['country'] = trim(substr($result,$start + strlen($find_string),$line_end));
- }
-
- $find_string = "City:";
- $start = strpos($result,$find_string);
- if ($start != false){
- $line_end = strpos($result,"\n",$start) - strlen($find_string) - $start;
- $city_state = trim(substr($result,$start + strlen($find_string),$line_end));
- $geocode['city'] = trim(substr($city_state,0,strpos($city_state,",")));
- $geocode['state'] = trim(substr($city_state,strpos($city_state,",")+1));
- }
-
- $find_string = "Latitude:";
- $start = strpos($result,$find_string);
- if ($start != false){
- $line_end = strpos($result,"\n",$start) - strlen($find_string) - $start;
- $geocode['latitude'] = trim(substr($result,$start + strlen($find_string),$line_end));
- }
-
- $find_string = "Longitude:";
- $start = strpos($result,$find_string);
- if ($start != false){
- $line_end = strpos($result,"\n",$start) - strlen($find_string) - $start;
- if ($line_end <= 0) $line_end = strlen($result) - $start - strlen($find_string);
- $geocode['longitude'] = trim(substr($result,$start + strlen($find_string),$line_end));
- }
-
-
- return $geocode;
- }
-
- //==== Redirect... Try PHP header redirect, then Java redirect, then try http redirect.:
- function redirect($url){
- if (!headers_sent()){ //If headers not sent yet... then do php redirect
- header('Location: '.$url); exit;
- }else{ //If headers are sent... do java redirect... if java disabled, do html redirect.
- echo '<script type="text/javascript">';
- echo 'window.location.href="'.$url.'";';
- echo '</script>';
- echo '<noscript>';
- echo '<meta http-equiv="refresh" content="0;url='.$url.'" />';
- echo '</noscript>'; exit;
- }
- }//==== End -- Redirect
-
- //==== Turn on HTTPS - Detect if HTTPS, if not on, then turn on HTTPS:
- function SSLon(){
- if($_SERVER['HTTPS'] != 'on'){
- $url = "https://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
- redirect($url);
- }
- }//==== End -- Turn On HTTPS
-
- //==== Turn Off HTTPS -- Detect if HTTPS, if so, then turn off HTTPS:
- function SSLoff(){
- if($_SERVER['HTTPS'] == 'on'){
- $url = "http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
- redirect($url);
- }
- }//==== End -- Turn Off HTTPS
-
- /* 2009-12-21 skypanther
- Exploit: http://www.exploit-db.com/exploits/10552
- Reports that you can append one of the config fields to the URL to execute an RFI attack
- Doesn't work for me. But, assuming this file is included, I'll at least try to block such attacks by
- stripping any $config variables out of the $_GET array.
- */
- foreach($config as $cfg => $vlu) {
- if(isset($_GET[$cfg])) unset($_GET[$cfg]);
- }
-
- /*
- INPUT FILTERING
- Abstraction function so that I can replace with a different library in the
- future if desired
- */
- require_once($config['ABSOLUTE_FILE_PATH']."core/htmLawed.php");
- function filterHTML($htext) {
- global $config;
- if(!isset($config['filtertags']) || $config['filtertags'] == '' || $config['filtertags'] == NULL) {
- $config['filtertags'] = '*-applet-embed-iframe-object-script';
- }
- if(get_magic_quotes_gpc()) {
- return htmLawed(stripslashes($htext), array('comments'=>0, 'cdata'=>0, 'deny_attribute'=>'on*', 'elements'=>$config['filtertags'], 'scheme'=>'href: aim, feed, file, ftp, gopher, http, https, irc, mailto, news, nntp, sftp, ssh, telnet; style: nil; *:file, http, https' ));
-
- } else {
- return htmLawed($htext, array('comments'=>0, 'cdata'=>0, 'deny_attribute'=>'on*', 'elements'=>$config['filtertags'], 'scheme'=>'href: aim, feed, file, ftp, gopher, http, https, irc, mailto, news, nntp, sftp, ssh, telnet; style: nil; *:file, http, https' ));
- }
- } // end filterHTML
-
-
- ?>