PageRenderTime 59ms CodeModel.GetById 26ms RepoModel.GetById 0ms app.codeStats 0ms

/interface/main/calendar/includes/pnAPI.php

https://bitbucket.org/astawiarski/openemr
PHP | 1490 lines | 873 code | 212 blank | 405 comment | 191 complexity | f62c40a32f925d0494000cd2503c3b6c MD5 | raw file
Possible License(s): LGPL-2.1, AGPL-1.0, GPL-2.0, MPL-2.0
  1. <?php
  2. // $Id$
  3. // ----------------------------------------------------------------------
  4. // PostNuke Content Management System
  5. // Copyright (C) 2001 by the Post-Nuke Development Team.
  6. // http://www.postnuke.com/
  7. // ----------------------------------------------------------------------
  8. // LICENSE
  9. //
  10. // This program is free software; you can redistribute it and/or
  11. // modify it under the terms of the GNU General Public License (GPL)
  12. // as published by the Free Software Foundation; either version 2
  13. // of the License, or (at your option) any later version.
  14. //
  15. // This program is distributed in the hope that it will be useful,
  16. // but WITHOUT ANY WARRANTY; without even the implied warranty of
  17. // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  18. // GNU General Public License for more details.
  19. //
  20. // To read the license please visit http://www.gnu.org/copyleft/gpl.html
  21. // ----------------------------------------------------------------------
  22. // Original Author of file: Jim McDonald
  23. // Purpose of file: The PostNuke API
  24. // ----------------------------------------------------------------------
  25. /*
  26. *
  27. * Defines
  28. *
  29. */
  30. /* Allows Postnuke to work with register_globals set to off
  31. * Patch for php 4.2.x or greater
  32. */
  33. if (phpversion() >= "4.2.0") {
  34. if ( ini_get('register_globals') != 1 ) {
  35. $supers = array('_REQUEST',
  36. '_ENV',
  37. '_SERVER',
  38. '_POST',
  39. '_GET',
  40. '_COOKIE',
  41. '_SESSION',
  42. '_FILES',
  43. '_GLOBALS' );
  44. foreach( $supers as $__s) {
  45. if ( (isset($$__s) == true) && (is_array( $$__s ) == true) ) extract( $$__s, EXTR_OVERWRITE );
  46. }
  47. unset($supers);
  48. }
  49. } else {
  50. if ( ini_get('register_globals') != 1 ) {
  51. $supers = array('HTTP_POST_VARS',
  52. 'HTTP_GET_VARS',
  53. 'HTTP_COOKIE_VARS',
  54. 'GLOBALS',
  55. 'HTTP_SESSION_VARS',
  56. 'HTTP_SERVER_VARS',
  57. 'HTTP_ENV_VARS'
  58. );
  59. foreach( $supers as $__s) {
  60. if ( (isset($$__s) == true) && (is_array( $$__s ) == true) ) extract( $$__s, EXTR_OVERWRITE );
  61. }
  62. unset($supers);
  63. }
  64. }
  65. /*
  66. * Yes/no integer
  67. */
  68. define('_PNYES', 1);
  69. define('_PNNO', 0);
  70. /*
  71. * State of modules
  72. */
  73. define('_PNMODULE_STATE_UNINITIALISED', 1);
  74. define('_PNMODULE_STATE_INACTIVE', 2);
  75. define('_PNMODULE_STATE_ACTIVE', 3);
  76. define('_PNMODULE_STATE_MISSING', 4);
  77. define('_PNMODULE_STATE_UPGRADED', 5);
  78. /*
  79. * 'All' and 'unregistered' for user and group permissions
  80. */
  81. define('_PNPERMS_ALL', '-1');
  82. define('_PNPERMS_UNREGISTERED', '0');
  83. /*
  84. * Core version informations - should be upgraded on each release for
  85. * better control on config settings
  86. */
  87. define('_PN_VERSION_NUM', "0.7.2.6-Phoenix");
  88. define('_PN_VERSION_ID', "PostNuke");
  89. define('_PN_VERSION_SUB', "Phoenix");
  90. /*
  91. * Fake module for config vars
  92. */
  93. define('_PN_CONFIG_MODULE', '/PNConfig');
  94. /*
  95. *
  96. * Functions
  97. *
  98. */
  99. /**
  100. * get all configuration variable into $pnconfig
  101. * will be removed on .8
  102. * @param none
  103. * @returns true|false
  104. * @return none
  105. */
  106. function pnConfigInit() {
  107. global $pnconfig;
  108. list($dbconn) = pnDBGetConn();
  109. $pntable = pnDBGetTables();
  110. $table = $pntable['module_vars'];
  111. $columns = &$pntable['module_vars_column'];
  112. /*
  113. * Make query and go
  114. */
  115. $query = "SELECT $columns[name],
  116. $columns[value]
  117. FROM $table
  118. WHERE $columns[modname]='" . pnVarPrepForStore(_PN_CONFIG_MODULE) . "'";
  119. $dbresult = $dbconn->Execute($query);
  120. if($dbconn->ErrorNo() != 0) {
  121. return false;
  122. }
  123. if ($dbresult->EOF) {
  124. $dbresult->Close();
  125. return false;
  126. }
  127. while(!$dbresult->EOF) {
  128. list($k, $v) = $dbresult->fields;
  129. $dbresult->MoveNext();
  130. if (($k != 'dbtype') && ($k != 'dbhost') && ($k != 'dbuname') && ($k != 'dbpass')
  131. && ($k != 'dbname') && ($k != 'system') && ($k != 'prefix') && ($k != 'encoded')) {
  132. $v =@unserialize($v);
  133. $pnconfig[$k] = $v;
  134. }
  135. }
  136. $dbresult->Close();
  137. return true;
  138. }
  139. /**
  140. * get a configuration variable
  141. * @param name the name of the variable
  142. * @returns data
  143. * @return value of the variable, or false on failure
  144. */
  145. function pnConfigGetVar($name)
  146. {
  147. global $pnconfig;
  148. if (isset($pnconfig[$name])) {
  149. $result = $pnconfig[$name];
  150. } else {
  151. /*
  152. * Fetch base data
  153. */
  154. list($dbconn) = pnDBGetConn();
  155. $pntable = pnDBGetTables();
  156. $table = $pntable['module_vars'];
  157. $columns = &$pntable['module_vars_column'];
  158. /*
  159. * Make query and go
  160. */
  161. $query = "SELECT $columns[value]
  162. FROM $table
  163. WHERE $columns[modname]='" . pnVarPrepForStore(_PN_CONFIG_MODULE) . "'
  164. AND $columns[name]='" . pnVarPrepForStore($name) . "'";
  165. $dbresult = $dbconn->Execute($query);
  166. /*
  167. * In any case of error return false
  168. */
  169. if($dbconn->ErrorNo() != 0) {
  170. return false;
  171. }
  172. if ($dbresult->EOF) {
  173. $dbresult->Close();
  174. return false;
  175. }
  176. /*
  177. * Get data
  178. */
  179. list ($result) = $dbresult->fields;
  180. $result = unserialize($result);
  181. /*
  182. * Some caching
  183. */
  184. $pnconfig[$name] = $result;
  185. /*
  186. * That's all folks
  187. */
  188. $dbresult->Close();
  189. }
  190. return $result;
  191. }
  192. /**
  193. * set a configuration variable
  194. * @param name the name of the variable
  195. * @param value the value of the variable
  196. * @returns bool
  197. * @return true on success, false on failure
  198. */
  199. function pnConfigSetVar($name, $value)
  200. {
  201. /*
  202. * The database parameter are not allowed to change
  203. */
  204. if (empty($name) || ($name == 'dbtype') || ($name == 'dbhost') || ($name == 'dbuname') || ($name == 'dbpass')
  205. || ($name == 'dbname') || ($name == 'system') || ($name == 'prefix') || ($name == 'encoded')) {
  206. return false;
  207. }
  208. /*
  209. * Test on missing record
  210. *
  211. * Also solve SF-bug #580951
  212. */
  213. $must_insert = true;
  214. global $pnconfig;
  215. foreach($pnconfig as $k => $v) {
  216. /*
  217. * Test if the key name is in the array
  218. */
  219. if ($k == $name) {
  220. /*
  221. * Set flag
  222. */
  223. $must_insert = false;
  224. /*
  225. * Test on change. If not, just quit now
  226. */
  227. if ($v == $value) {
  228. return true;
  229. }
  230. /*
  231. * End loop after success
  232. */
  233. break;
  234. }
  235. }
  236. /*
  237. * Fetch base data
  238. */
  239. list($dbconn) = pnDBGetConn();
  240. $pntable = pnDBGetTables();
  241. $table = $pntable['module_vars'];
  242. $columns = &$pntable['module_vars_column'];
  243. /*
  244. * Update the table
  245. */
  246. if ($must_insert) {
  247. /*
  248. * Insert
  249. */
  250. $query = "INSERT INTO $table
  251. ($columns[modname],
  252. $columns[name],
  253. $columns[value])
  254. VALUES ('" . pnVarPrepForStore(_PN_CONFIG_MODULE) . "',
  255. '" . pnVarPrepForStore($name) . "',
  256. '" . pnVarPrepForStore(serialize($value)). "')";
  257. } else {
  258. /*
  259. * Update
  260. */
  261. $query = "UPDATE $table
  262. SET $columns[value]='" . pnVarPrepForStore(serialize($value)) . "'
  263. WHERE $columns[modname]='" . pnVarPrepForStore(_PN_CONFIG_MODULE) . "'
  264. AND $columns[name]='" . pnVarPrepForStore($name) . "'";
  265. }
  266. $dbconn->Execute($query);
  267. if($dbconn->ErrorNo() != 0) {
  268. return false;
  269. }
  270. /*
  271. * Update my vars
  272. */
  273. $pnconfig[$name] = $value;
  274. return true;
  275. }
  276. /**
  277. * delete a configuration variable
  278. * @param name the name of the variable
  279. * @returns bool
  280. * @return true on success, false on failure
  281. */
  282. function pnConfigDelVar($name)
  283. {
  284. global $pnconfig;
  285. if (empty($name)) {
  286. return false;
  287. }
  288. // Don't allow deleting at current
  289. return false;
  290. }
  291. /**
  292. * Initialise PostNuke
  293. * <br>
  294. * Carries out a number of initialisation tasks to get PostNuke up and
  295. * running.
  296. * @returns void
  297. */
  298. function pnInit()
  299. {
  300. // proper error_repoting
  301. // e_all for development
  302. // error_reporting(E_ALL);
  303. // without warnings and notices for release
  304. error_reporting(E_ALL & ~E_NOTICE & ~E_WARNING);
  305. // Hack for some weird PHP systems that should have the
  306. // LC_* constants defined, but don't
  307. if (!defined('LC_TIME')) {
  308. define('LC_TIME', 'LC_TIME');
  309. }
  310. // ADODB configuration
  311. define('ADODB_DIR', 'pnadodb');
  312. require 'pnadodb/adodb.inc.php';
  313. // Temporary fix for hacking the hlpfile global
  314. // TODO - remove with pre-0.71 code
  315. global $hlpfile;
  316. $hlpfile = '';
  317. // Initialise and load configuration
  318. global $pnconfig, $pndebug;
  319. $pnconfig = array();
  320. include 'config.php';
  321. // Set up multisites
  322. // added this @define for .71, ugly ?
  323. // i guess the E_ALL stuff.
  324. @define('WHERE_IS_PERSO', '');
  325. // Initialise and load pntables
  326. global $pntable;
  327. $pntable = array();
  328. // if a multisite has its own pntables.
  329. if (file_exists(WHERE_IS_PERSO.'pntables.php')) {
  330. include WHERE_IS_PERSO.'pntables.php';
  331. } else {
  332. require 'pntables.php';
  333. }
  334. // Decode encoded DB parameters
  335. if ($pnconfig['encoded']) {
  336. $pnconfig['dbuname'] = base64_decode($pnconfig['dbuname']);
  337. $pnconfig['dbpass'] = base64_decode($pnconfig['dbpass']);
  338. $pnconfig['encoded'] = 0;
  339. }
  340. // Connect to database
  341. if (!pnDBInit()) {
  342. die('Database initialisation failed');
  343. }
  344. // debugger if required
  345. if ($pndebug['debug']){
  346. include_once 'includes/lensdebug.inc.php';
  347. global $dbg, $debug_sqlcalls;
  348. $dbg = new LensDebug();
  349. $debug_sqlcalls = 0;
  350. }
  351. // Build up old config array
  352. pnConfigInit();
  353. // Set compression on if desired
  354. //
  355. if (pnConfigGetVar('UseCompression') == 1) {
  356. ob_start("ob_gzhandler");
  357. }
  358. // Other includes
  359. include 'includes/pnSession.php';
  360. include 'includes/pnUser.php';
  361. // Start session
  362. if (!pnSessionSetup()) {
  363. die('Session setup failed');
  364. }
  365. if (!pnSessionInit()) {
  366. die('Session initialisation failed');
  367. }
  368. include 'includes/security.php';
  369. // See if a language update is required
  370. $newlang = pnVarCleanFromInput('newlang');
  371. if (!empty($newlang)) {
  372. $lang = $newlang;
  373. pnSessionSetVar('lang', $newlang);
  374. } else {
  375. $lang = pnSessionGetVar('lang');
  376. }
  377. // Load global language defines
  378. if (isset ($lang) && file_exists('language/' . pnVarPrepForOS($lang) . '/global.php')) {
  379. $currentlang = $lang;
  380. } else {
  381. $currentlang = pnConfigGetVar('language');
  382. pnSessionSetVar('lang', $currentlang);
  383. }
  384. include 'language/' . pnVarPrepForOS($currentlang) . '/global.php';
  385. include 'modules/NS-Languages/api.php';
  386. // Cross-Site Scripting attack defense - Sent by larsneo
  387. // some syntax checking against injected javascript
  388. $pnAntiCrackerMode = pnConfigGetVar('pnAntiCracker');
  389. if ( $pnAntiCrackerMode == 1 ) {
  390. pnSecureInput();
  391. }
  392. // Banner system
  393. include 'includes/pnBanners.php';
  394. // Other other includes
  395. include 'includes/advblocks.php';
  396. include 'includes/counter.php';
  397. include 'includes/pnHTML.php';
  398. include 'includes/pnMod.php';
  399. include 'includes/queryutil.php';
  400. include 'includes/xhtml.php';
  401. include 'includes/oldfuncs.php';
  402. // Handle referer
  403. if (pnConfigGetVar('httpref') == 1) {
  404. include 'referer.php';
  405. httpreferer();
  406. }
  407. return true;
  408. }
  409. function pninclude_once($file)
  410. {
  411. include_once($file);
  412. }
  413. function pnDBInit()
  414. {
  415. // Get database parameters
  416. global $pnconfig;
  417. $dbtype = $pnconfig['dbtype'];
  418. $dbhost = $pnconfig['dbhost'];
  419. $dbname = $pnconfig['dbname'];
  420. $dbuname = $pnconfig['dbuname'];
  421. $dbpass = $pnconfig['dbpass'];
  422. // Database connection is a global (for now)
  423. global $dbconn;
  424. // Start connection
  425. $dbconn = ADONewConnection($dbtype);
  426. $dbh = $dbconn->Connect($dbhost, $dbuname, $dbpass, $dbname);
  427. if (!$dbh) {
  428. //$dbpass = "";
  429. //die("$dbtype://$dbuname:$dbpass@$dbhost/$dbname failed to connect" . $dbconn->ErrorMsg());
  430. die("<!DOCTYPE html PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">\n<html>\n<head>\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=ISO-8859-1\">\n<title>PostNuke powered Website</title>\n</head>\n<body>\n<center>\n<h1>Problem in Database Connection</h1>\n<br /><br />\n<h5>This Website is powered by PostNuke</h5>\n<a href=\"http://www.postnuke.com\" target=\"_blank\"><img src=\"images/powered/postnuke.butn.gif\" border=\"0\" alt=\"Web site powered by PostNuke\" hspace=\"10\" /></a> <a href=\"http://php.weblogs.com/ADODB\" target=\"_blank\"><img src=\"images/powered/adodb2.gif\" alt=\"ADODB database library\" border=\"0\" hspace=\"10\" /></a><a href=\"http://www.php.net\" target=\"_blank\"><img src=\"images/powered/php2.gif\" alt=\"PHP Scripting Language\" border=\"0\" hspace=\"10\" /></a><br />\n<h5>Although this site is running the PostNuke software<br />it has no other connection to the PostNuke Developers.<br />Please refrain from sending messages about this site or its content<br />to the PostNuke team, the end will result in an ignored e-mail.</h5>\n</center>\n</body>\n</html>");
  431. }
  432. // Modified 5/2009 by BM for UTF-8 project
  433. if ($pnconfig['utf8Flag']) {
  434. $success_flag = $dbconn->Execute("SET NAMES 'utf8'");
  435. if (!$success_flag) {
  436. error_log("PHP custom error: from postnuke interface/main/calendar/includes/pnAPI.php - Unable to set up UTF8 encoding with mysql database", 0);
  437. }
  438. }
  439. // ---------------------------------------
  440. global $ADODB_FETCH_MODE;
  441. $ADODB_FETCH_MODE = ADODB_FETCH_NUM;
  442. // force oracle to a consistent date format for comparison methods later on
  443. if (strcmp($dbtype, 'oci8') == 0) {
  444. $dbconn->Execute("alter session set NLS_DATE_FORMAT = 'YYYY-MM-DD HH24:MI:SS'");
  445. }
  446. return true;
  447. }
  448. /**
  449. * get a list of database connections
  450. * @returns array
  451. * @return array of database connections
  452. */
  453. function pnDBGetConn()
  454. {
  455. global $dbconn;
  456. return array($dbconn);
  457. }
  458. /**
  459. * get a list of database tables
  460. * @returns array
  461. * @return array of database tables
  462. */
  463. function pnDBGetTables()
  464. {
  465. global $pntable;
  466. return $pntable;
  467. }
  468. /**
  469. * clean user input
  470. * <br>
  471. * Gets a global variable, cleaning it up to try to ensure that
  472. * hack attacks don't work
  473. * @param var name of variable to get
  474. * @param ...
  475. * @returns string/array
  476. * @return prepared variable if only one variable passed
  477. * in, otherwise an array of prepared variables
  478. */
  479. function pnVarCleanFromInput()
  480. {
  481. $search = array('|</?\s*SCRIPT.*?>|si',
  482. '|</?\s*FRAME.*?>|si',
  483. '|</?\s*OBJECT.*?>|si',
  484. '|</?\s*META.*?>|si',
  485. '|</?\s*APPLET.*?>|si',
  486. '|</?\s*LINK.*?>|si',
  487. '|</?\s*IFRAME.*?>|si',
  488. '|STYLE\s*=\s*"[^"]*"|si');
  489. $replace = array('');
  490. $resarray = array();
  491. foreach (func_get_args() as $var) {
  492. // Get var
  493. global $$var;
  494. if (empty($var)) {
  495. return;
  496. }
  497. $ourvar = $$var;
  498. if (!isset($ourvar)) {
  499. array_push($resarray, NULL);
  500. continue;
  501. }
  502. if (empty($ourvar)) {
  503. array_push($resarray, $ourvar);
  504. continue;
  505. }
  506. // Clean var
  507. if (get_magic_quotes_gpc()) {
  508. pnStripslashes($ourvar);
  509. }
  510. if (!pnSecAuthAction(0, '::', '::', ACCESS_ADMIN)) {
  511. $ourvar = preg_replace($search, $replace, $ourvar);
  512. }
  513. // Add to result array
  514. array_push($resarray, $ourvar);
  515. }
  516. // Return vars
  517. if (func_num_args() == 1) {
  518. return $resarray[0];
  519. } else {
  520. return $resarray;
  521. }
  522. }
  523. /**
  524. * strip slashes
  525. *
  526. * stripslashes on multidimensional arrays.
  527. * Used in conjunction with pnVarCleanFromInput
  528. * @access private
  529. * @param any variables or arrays to be stripslashed
  530. */
  531. function pnStripslashes (&$value) {
  532. if(!is_array($value)) {
  533. $value = stripslashes($value);
  534. } else {
  535. array_walk($value,'pnStripslashes');
  536. }
  537. }
  538. /**
  539. * ready user output
  540. * <br>
  541. * Gets a variable, cleaning it up such that the text is
  542. * shown exactly as expected
  543. * @param var variable to prepare
  544. * @param ...
  545. * @returns string/array
  546. * @return prepared variable if only one variable passed
  547. * in, otherwise an array of prepared variables
  548. */
  549. function pnVarPrepForDisplay()
  550. {
  551. // This search and replace finds the text 'x@y' and replaces
  552. // it with HTML entities, this provides protection against
  553. // email harvesters
  554. static $search = array('/(.)@(.)/se');
  555. static $replace = array('"&#" .
  556. sprintf("%03d", ord("\\1")) .
  557. ";&#064;&#" .
  558. sprintf("%03d", ord("\\2")) . ";";');
  559. $resarray = array();
  560. foreach (func_get_args() as $ourvar) {
  561. // Prepare var
  562. $ourvar = htmlspecialchars($ourvar);
  563. $ourvar = preg_replace($search, $replace, $ourvar);
  564. // Add to array
  565. array_push($resarray, $ourvar);
  566. }
  567. // Return vars
  568. if (func_num_args() == 1) {
  569. return $resarray[0];
  570. } else {
  571. return $resarray;
  572. }
  573. }
  574. /**
  575. * ready HTML output
  576. * <br>
  577. * Gets a variable, cleaning it up such that the text is
  578. * shown exactly as expected, except for allowed HTML tags which
  579. * are allowed through
  580. * @param var variable to prepare
  581. * @param ...
  582. * @returns string/array
  583. * @return prepared variable if only one variable passed
  584. * in, otherwise an array of prepared variables
  585. */
  586. function pnVarPrepHTMLDisplay()
  587. {
  588. // This search and replace finds the text 'x@y' and replaces
  589. // it with HTML entities, this provides protection against
  590. // email harvesters
  591. //
  592. // Note that the use of \024 and \022 are needed to ensure that
  593. // this does not break HTML tags that might be around either
  594. // the username or the domain name
  595. static $search = array('/([^\024])@([^\022])/se');
  596. static $replace = array('"&#" .
  597. sprintf("%03d", ord("\\1")) .
  598. ";&#064;&#" .
  599. sprintf("%03d", ord("\\2")) . ";";');
  600. static $allowedhtml;
  601. if (!isset($allowedhtml)) {
  602. $allowedhtml = array();
  603. foreach(pnConfigGetVar('AllowableHTML') as $k=>$v) {
  604. switch($v) {
  605. case 0:
  606. break;
  607. case 1:
  608. $allowedhtml[] = "|<(/?$k)\s*/?>|i";
  609. break;
  610. case 2:
  611. $allowedhtml[] = "|<(/?$k(\s+.*?)?)>|i";
  612. break;
  613. }
  614. }
  615. }
  616. $resarray = array();
  617. foreach (func_get_args() as $ourvar) {
  618. // Preparse var to mark the HTML that we want
  619. $ourvar = preg_replace($allowedhtml, "\022\\1\024", $ourvar);
  620. // Prepare var
  621. $ourvar = htmlspecialchars($ourvar);
  622. $ourvar = preg_replace($search, $replace, $ourvar);
  623. // Fix the HTML that we want
  624. $ourvar = preg_replace('/\022([^\024]*)\024/e',
  625. "'<' . strtr('\\1', array('&gt;' => '>',
  626. '&lt;' => '<',
  627. '&quot;' => '\"'))
  628. . '>';", $ourvar);
  629. // Fix entities if required
  630. if (pnConfigGetVar('htmlentities')) {
  631. $ourvar = preg_replace('/&amp;([a-z#0-9]+);/i', "&\\1;", $ourvar);
  632. }
  633. // Add to array
  634. array_push($resarray, $ourvar);
  635. }
  636. // Return vars
  637. if (func_num_args() == 1) {
  638. return $resarray[0];
  639. } else {
  640. return $resarray;
  641. }
  642. }
  643. /**
  644. * ready databse output
  645. * <br>
  646. * Gets a variable, cleaning it up such that the text is
  647. * stored in a database exactly as expected
  648. * @param var variable to prepare
  649. * @param ...
  650. * @returns string/array
  651. * @return prepared variable if only one variable passed
  652. * in, otherwise an array of prepared variables
  653. */
  654. function pnVarPrepForStore()
  655. {
  656. $resarray = array();
  657. foreach (func_get_args() as $ourvar) {
  658. // Prepare var
  659. if (!get_magic_quotes_runtime()) {
  660. $ourvar = addslashes($ourvar);
  661. }
  662. // Add to array
  663. array_push($resarray, $ourvar);
  664. }
  665. // Return vars
  666. if (func_num_args() == 1) {
  667. return $resarray[0];
  668. } else {
  669. return $resarray;
  670. }
  671. }
  672. /**
  673. * ready operating system output
  674. * <br>
  675. * Gets a variable, cleaning it up such that any attempts
  676. * to access files outside of the scope of the PostNuke
  677. * system is not allowed
  678. * @param var variable to prepare
  679. * @param ...
  680. * @returns string/array
  681. * @return prepared variable if only one variable passed
  682. * in, otherwise an array of prepared variables
  683. */
  684. function pnVarPrepForOS()
  685. {
  686. static $search = array('!\.\./!si', // .. (directory traversal)
  687. '!^.*://!si', // .*:// (start of URL)
  688. '!/!si', // Forward slash (directory traversal)
  689. '!\\\\!si'); // Backslash (directory traversal)
  690. static $replace = array('',
  691. '',
  692. '_',
  693. '_');
  694. $resarray = array();
  695. foreach (func_get_args() as $ourvar) {
  696. // Parse out bad things
  697. $ourvar = preg_replace($search, $replace, $ourvar);
  698. // Prepare var
  699. if (!get_magic_quotes_runtime()) {
  700. $ourvar = addslashes($ourvar);
  701. }
  702. // Add to array
  703. array_push($resarray, $ourvar);
  704. }
  705. // Return vars
  706. if (func_num_args() == 1) {
  707. return $resarray[0];
  708. } else {
  709. return $resarray;
  710. }
  711. }
  712. /**
  713. * remove censored words
  714. */
  715. function pnVarCensor()
  716. {
  717. static $docensor;
  718. if (!isset($docensor)) {
  719. $docensor = pnConfigGetVar('CensorMode');
  720. }
  721. static $search = array();
  722. if (empty($search)) {
  723. $repsearch = array('/o/i',
  724. '/e/i',
  725. '/a/i',
  726. '/i/i');
  727. $repreplace = array('0',
  728. '3',
  729. '@',
  730. '1');
  731. $censoredwords = pnConfigGetVar('CensorList');
  732. foreach ($censoredwords as $censoredword) {
  733. // Simple word
  734. $search[] = "/\b$censoredword\b/i";
  735. // Common replacements
  736. $mungedword = preg_replace($repsearch, $repreplace, $censoredword);
  737. if ($mungedword != $censoredword) {
  738. $search[] = "/\b$mungedword\b/";
  739. }
  740. }
  741. }
  742. $replace = pnConfigGetVar('CensorReplace');
  743. $resarray = array();
  744. foreach (func_get_args() as $ourvar) {
  745. if ($docensor) {
  746. // Parse out nasty words
  747. $ourvar = preg_replace($search, $replace, $ourvar);
  748. }
  749. // Add to array
  750. array_push($resarray, $ourvar);
  751. }
  752. // Return vars
  753. if (func_num_args() == 1) {
  754. return $resarray[0];
  755. } else {
  756. return $resarray;
  757. }
  758. }
  759. /**
  760. * validate a user variable
  761. * @access public
  762. * @author Damien Bonvillain
  763. * @author Gregor J. Rothfuss
  764. * @since 1.23 - 2002/02/01
  765. * @param var the variable to validate
  766. * @param type the type of the validation to perform
  767. * @param args optional array with validation-specific settings
  768. * @returns bool
  769. * @return true if the validation was successful, false otherwise
  770. */
  771. function pnVarValidate($var, $type, $args=0)
  772. {
  773. switch ($type) {
  774. case 'email':
  775. // all characters must be 7 bit ascii
  776. $length = strlen($var);
  777. $idx = 0;
  778. while($length--) {
  779. $c = $var[$idx++];
  780. if(ord($c) > 127){
  781. return false;
  782. }
  783. }
  784. $regexp = '/^(?:[^\s\000-\037\177\(\)<>@,;:\\"\[\]]\.?)+@(?:[^\s\000-\037\177\(\)<>@,;:\\\"\[\]]\.?)+\.[a-z]{2,6}$/Ui';
  785. if(preg_match($regexp,$var)) {
  786. return true;
  787. } else {
  788. return false;
  789. }
  790. break;
  791. case 'url':
  792. // all characters must be 7 bit ascii
  793. $length = strlen($var);
  794. $idx = 0;
  795. while($length--) {
  796. $c = $var[$idx++];
  797. if(ord($c) > 127){
  798. return false;
  799. }
  800. }
  801. $regexp = '/^([!\$\046-\073=\077-\132_\141-\172~]|(?:%[a-f0-9]{2}))+$/i';
  802. if(!preg_match($regexp, $var)) {
  803. return false;
  804. }
  805. $url_array = @parse_url($var);
  806. if(empty($url_array)) {
  807. return false;
  808. } else {
  809. return !empty($url_array['scheme']);
  810. }
  811. break;
  812. }
  813. }
  814. /**
  815. * check an assertion
  816. * <br>
  817. * Check an assertion to ensure that it is valid. If not, then die
  818. * @param assertion the assertion
  819. * @param filename the filename the assertion occurs in
  820. * @param line the line number the assertion occurs in
  821. */
  822. function pnAssert($assertion, $file='Unknown', $line='Unknown', $msg='')
  823. {
  824. if ($assertion) {
  825. return;
  826. }
  827. // Assertion failed - log it
  828. if (!empty($msg)) {
  829. die("Assertion failed in $file at line $line - $msg");
  830. } else {
  831. die("Assertion failed in $file at line $line");
  832. }
  833. }
  834. /**
  835. * get status message from previous operation
  836. * <br>
  837. * Obtains any status message, and also destroys
  838. * it from the session to prevent duplication
  839. * @returns string
  840. * @return the status message
  841. */
  842. function pnGetStatusMsg()
  843. {
  844. $msg = pnSessionGetVar('statusmsg');
  845. pnSessionDelVar('statusmsg');
  846. $errmsg = pnSessionGetVar('errormsg');
  847. pnSessionDelVar('errormsg');
  848. // Error message overrides status message
  849. if (!empty($errmsg)) {
  850. return $errmsg;
  851. }
  852. return $msg;
  853. }
  854. function pnThemeLoad($thistheme)
  855. {
  856. static $loaded = 0;
  857. if ($loaded) {
  858. return true;
  859. }
  860. // Lots of nasty globals for back-compatability with older themes
  861. global $bgcolor1;
  862. global $bgcolor2;
  863. global $bgcolor3;
  864. global $bgcolor4;
  865. global $bgcolor5;
  866. global $sepcolor;
  867. global $textcolor1;
  868. global $textcolor2;
  869. global $postnuke_theme;
  870. global $thename;
  871. // modification mouzaia .71
  872. // is this really useful ?
  873. /* $themefile = 'themes/' . pnVarPrepForOS(pnUserGetTheme()) . '/theme.php';
  874. if (!file_exists($themefile)) {
  875. return false;
  876. }
  877. */
  878. // eugenio themeover 20020413
  879. if (@file(WHERE_IS_PERSO."themes/$thistheme/theme.php"))
  880. { include WHERE_IS_PERSO."themes/$thistheme/theme.php"; }
  881. else
  882. {
  883. include "themes/$thistheme/theme.php";
  884. }
  885. // end of modification
  886. $loaded = 1;
  887. return true;
  888. }
  889. function pnThemeGetVar($name)
  890. {
  891. global $$name;
  892. if (isset($$name)) {
  893. return $$name;
  894. }
  895. }
  896. /**
  897. * get base URI for PostNuke
  898. * @returns string
  899. * @return base URI for PostNuke
  900. */
  901. function pnGetBaseURI()
  902. {
  903. global $HTTP_SERVER_VARS;
  904. // Get the name of this URI
  905. // Start of with REQUEST_URI
  906. if (isset($HTTP_SERVER_VARS['REQUEST_URI'])) {
  907. $path = $HTTP_SERVER_VARS['REQUEST_URI'];
  908. } else {
  909. $path = getenv('REQUEST_URI');
  910. }
  911. if ((empty($path)) ||
  912. (substr($path, -1, 1) == '/')) {
  913. // REQUEST_URI was empty or pointed to a path
  914. // Try looking at PATH_INFO
  915. $path = getenv('PATH_INFO');
  916. if (empty($path)) {
  917. // No luck there either
  918. // Try SCRIPT_NAME
  919. if (isset($HTTP_SERVER_VARS['SCRIPT_NAME'])) {
  920. $path = $HTTP_SERVER_VARS['SCRIPT_NAME'];
  921. } else {
  922. $path = getenv('SCRIPT_NAME');
  923. }
  924. }
  925. }
  926. $path = preg_replace('/[#\?].*/', '', $path);
  927. $path = dirname($path);
  928. if (preg_match('!^[/\\\]*$!', $path)) {
  929. $path = '';
  930. }
  931. return $path;
  932. }
  933. /**
  934. * get base URL for PostNuke
  935. * @returns string
  936. * @return base URL for PostNuke
  937. */
  938. function pnGetBaseURL()
  939. {
  940. global $HTTP_SERVER_VARS;
  941. if (empty($HTTP_SERVER_VARS['HTTP_HOST'])) {
  942. $server = getenv('HTTP_HOST');
  943. } else {
  944. $server = $HTTP_SERVER_VARS['HTTP_HOST'];
  945. }
  946. // IIS sets HTTPS=off
  947. if ( (isset($HTTP_SERVER_VARS['HTTPS']) && $HTTP_SERVER_VARS['HTTPS'] != 'off') || (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ) {
  948. $proto = 'https://';
  949. } else {
  950. $proto = 'http://';
  951. }
  952. $path = pnGetBaseURI();
  953. return "$proto$server$path/";
  954. }
  955. /**
  956. * Carry out a redirect
  957. * @param the URL to redirect to
  958. * @returns void
  959. */
  960. function pnRedirect($redirecturl)
  961. {
  962. // Always close session before redirect
  963. if (function_exists('session_write_close')) {
  964. session_write_close();
  965. }
  966. if (preg_match('!^http!', $redirecturl)) {
  967. // Absolute URL - simple redirect
  968. Header("Location: $redirecturl");
  969. return;
  970. } else {
  971. // Removing leading slashes from redirect url
  972. $redirecturl = preg_replace('!^/*!', '', $redirecturl);
  973. // Get base URL
  974. $baseurl = pnGetBaseURL();
  975. Header("Location: $baseurl$redirecturl");
  976. }
  977. }
  978. /**
  979. * check to see if this is a local referral
  980. * @returns bool
  981. * @return true if locally referred, false if not
  982. */
  983. function pnLocalReferer()
  984. {
  985. global $HTTP_SERVER_VARS;
  986. if (empty($HTTP_SERVER_VARS['HTTP_HOST'])) {
  987. $server = getenv('HTTP_HOST');
  988. } else {
  989. $server = $HTTP_SERVER_VARS['HTTP_HOST'];
  990. }
  991. if (empty($HTTP_SERVER_VARS['HTTP_REFERER'])) {
  992. $referer = getenv('HTTP_REFERER');
  993. } else {
  994. $referer = $HTTP_SERVER_VARS['HTTP_REFERER'];
  995. }
  996. if (empty($referer) || preg_match("!^http://$server/!", $referer)) {
  997. return true;
  998. } else {
  999. return false;
  1000. }
  1001. }
  1002. // Hack - we need this for themes, but will get rid of it soon
  1003. if (!function_exists('GetUserTime')) {
  1004. function GetUserTime($time) {
  1005. if (pnUserLoggedIn()) {
  1006. $time += (pnUserGetVar('timezone_offset') - pnConfigGetVar('timezone_offset')) * 3600;
  1007. }
  1008. return($time);
  1009. }
  1010. }
  1011. /**
  1012. * send an email
  1013. * @param to - recipient of the email
  1014. * @param subject - title of the email
  1015. * @param message - body of the email
  1016. * @param headers - extra headers for the email
  1017. * @param debug - if 1, echo mail content
  1018. * @returns bool
  1019. * @return true if the email was sent, false if not
  1020. */
  1021. function pnMail($to, $subject, $message, $headers, $debug=0)
  1022. {
  1023. // Language translations
  1024. switch(pnUserGetLang()) {
  1025. case 'rus':
  1026. if (!empty($headers)) $headers .= "\n";
  1027. $headers .= "Content-Type: text/plain; charset=koi8-r";
  1028. $subject = convert_cyr_string($subject,"w","k");
  1029. $message = convert_cyr_string($message,"w","k");
  1030. $headers = convert_cyr_string($headers,"w","k");
  1031. break;
  1032. }
  1033. // Debug
  1034. if ($debug) {
  1035. echo "Mail To: ".$to."<br>";
  1036. echo "Mail Subject: ".$subject."<br>";
  1037. echo "Mail Message: ".$message."<br>";
  1038. echo "Mail Headers: ".$headers."<br>";
  1039. }
  1040. // Mail message
  1041. // do not display error messages [class007]
  1042. $return = @mail($to, $subject, $message, $headers);
  1043. return $return;
  1044. }
  1045. /* Protects better diverse attempts of Cross-Site Scripting
  1046. attacks, thanks to webmedic, Timax, larsneo.
  1047. */
  1048. function pnSecureInput() {
  1049. /* Lets validate the current php version and set globals
  1050. accordingly.
  1051. Do not change this value unless you know what you are
  1052. doing you have been warned!
  1053. */
  1054. //require('includes/htmlfilter.inc');
  1055. if ( phpversion() >= "4.2.0" ) {
  1056. $HTTP_GET_VARS = $_GET;
  1057. $HTTP_POST_VARS = $_POST;
  1058. $HTTP_COOKIE_VARS = $_COOKIE;
  1059. } else {
  1060. global $HTTP_GET_VARS, $HTTP_POST_VARS, $HTTP_COOKIE_VARS;
  1061. }
  1062. // Cross-Site Scripting attack defense - Sent by larsneo
  1063. // some syntax checking against injected javascript
  1064. // extended by Neo
  1065. if (count($HTTP_GET_VARS) > 0) {
  1066. /* Lets now sanitize the GET vars
  1067. */
  1068. foreach ($HTTP_GET_VARS as $secvalue) {
  1069. if (!is_array($secvalue)) {
  1070. if ((eregi("<[^>]*script*\"?[^>]*>", $secvalue)) ||
  1071. (eregi(".*[[:space:]](or|and)[[:space:]].*(=|like).*", $secvalue)) ||
  1072. (eregi("<[^>]*object*\"?[^>]*>", $secvalue)) ||
  1073. (eregi("<[^>]*iframe*\"?[^>]*>", $secvalue)) ||
  1074. (eregi("<[^>]*applet*\"?[^>]*>", $secvalue)) ||
  1075. (eregi("<[^>]*meta*\"?[^>]*>", $secvalue)) ||
  1076. (eregi("<[^>]*style*\"?[^>]*>", $secvalue)) ||
  1077. (eregi("<[^>]*form*\"?[^>]*>", $secvalue)) ||
  1078. (eregi("<[^>]*window.*\"?[^>]*>", $secvalue)) ||
  1079. (eregi("<[^>]*alert*\"?[^>]*>", $secvalue)) ||
  1080. (eregi("<[^>]*img*\"?[^>]*>", $secvalue)) ||
  1081. (eregi("<[^>]*document.*\"?[^>]*>", $secvalue)) ||
  1082. (eregi("<[^>]*cookie*\"?[^>]*>", $secvalue)) ||
  1083. (eregi("\"", $secvalue))) {
  1084. //pnMailHackAttempt(__FILE__,__LINE__,'pnSecurity Alert','Intrusion detection.');
  1085. //Header("Location: index.php");
  1086. }
  1087. }
  1088. }
  1089. }
  1090. /* Lets now sanitize the POST vars
  1091. */
  1092. if ( count($HTTP_POST_VARS) > 0) {
  1093. foreach ($HTTP_POST_VARS as $secvalue) {
  1094. if (!is_array($secvalue)) {
  1095. if ((eregi("<[^>]*script*\"?[^>]*>", $secvalue)) ||
  1096. (eregi("<[^>]*object*\"?[^>]*>", $secvalue)) ||
  1097. (eregi("<[^>]*iframe*\"?[^>]*>", $secvalue)) ||
  1098. (eregi("<[^>]*applet*\"?[^>]*>", $secvalue)) ||
  1099. (eregi("<[^>]*window.*\"?[^>]*>", $secvalue)) ||
  1100. (eregi("<[^>]*alert*\"?[^>]*>", $secvalue)) ||
  1101. (eregi("<[^>]*document.*\"?[^>]*>", $secvalue)) ||
  1102. (eregi("<[^>]*cookie*\"?[^>]*>", $secvalue)) ||
  1103. (eregi("<[^>]*meta*\"?[^>]*>", $secvalue))
  1104. ) {
  1105. //pnMailHackAttempt(__FILE__,__LINE__,'pnSecurity Alert','Intrusion detection.');
  1106. //Header("Location: index.php");
  1107. }
  1108. }
  1109. }
  1110. }
  1111. /* Lets now sanitize the COOKIE vars
  1112. */
  1113. if ( count($HTTP_COOKIE_VARS) > 0) {
  1114. foreach ($HTTP_COOKIE_VARS as $secvalue) {
  1115. if (!is_array($secvalue)) {
  1116. if ((eregi("<[^>]*script*\"?[^>]*>", $secvalue)) ||
  1117. (eregi(".*[[:space:]](or|and)[[:space:]].*(=|like).*", $secvalue)) ||
  1118. (eregi("<[^>]*object*\"?[^>]*>", $secvalue)) ||
  1119. (eregi("<[^>]*iframe*\"?[^>]*>", $secvalue)) ||
  1120. (eregi("<[^>]*applet*\"?[^>]*>", $secvalue)) ||
  1121. (eregi("<[^>]*meta*\"?[^>]*>", $secvalue)) ||
  1122. (eregi("<[^>]*style*\"?[^>]*>", $secvalue)) ||
  1123. (eregi("<[^>]*form*\"?[^>]*>", $secvalue)) ||
  1124. (eregi("<[^>]*window.*\"?[^>]*>", $secvalue)) ||
  1125. (eregi("<[^>]*alert*\"?[^>]*>", $secvalue)) ||
  1126. (eregi("<[^>]*document.*\"?[^>]*>", $secvalue)) ||
  1127. (eregi("<[^>]*cookie*\"?[^>]*>", $secvalue)) ||
  1128. (eregi("<[^>]*img*\"?[^>]*>", $secvalue))
  1129. ) {
  1130. pnMailHackAttempt(__FILE__,__LINE__,'pnSecurity Alert','Intrusion detection.');
  1131. //Header("Location: index.php");
  1132. }
  1133. }
  1134. }
  1135. }
  1136. } # End of secure Input
  1137. /* Function that compares the current php version on the
  1138. system with the target one
  1139. */
  1140. // Deprecate function reverting to php detecion function
  1141. function pnPhpVersionCheck($vercheck) {
  1142. $minver = str_replace(".","", $vercheck);
  1143. $curver = str_replace(".","", phpversion());
  1144. if($curver >= $minver){
  1145. return true;
  1146. } else {
  1147. return false;
  1148. }
  1149. }
  1150. function pnMailHackAttempt( $detecting_file = "(no filename available)",
  1151. $detecting_line = "(no line number available)",
  1152. $hack_type = "(no type given)",
  1153. $message = "(no message given)" ) {
  1154. # Backwards compatibility fix with php 4.0.x and 4.1.x or greater Neo
  1155. if (phpversion() >= "4.2.0") {
  1156. $_pv = $_POST;
  1157. $_gv = $_GET;
  1158. $_rv = $_REQUEST;
  1159. $_sv = $_SERVER;
  1160. $_ev = $_ENV;
  1161. $_cv = $_COOKIE;
  1162. $_fv = $_FILES;
  1163. $_snv = $_SESSION;
  1164. } else {
  1165. global $HTTP_POST_VARS, $HTTP_GET_VARS, $HTTP_SERVER_VARS, $HTTP_ENV_VARS, $HTTP_COOKIE_VARS, $HTTP_POST_FILES, $HTTP_SESSION_VARS;
  1166. $_pv = $HTTP_POST_VARS;
  1167. $_gv = $HTTP_GET_VARS;
  1168. $_rv = array();
  1169. $_sv = $HTTP_SERVER_VARS;
  1170. $_ev = $HTTP_ENV_VARS;
  1171. $_cv = $HTTP_COOKIE_VARS;
  1172. $_fv = $HTTP_POST_FILES;
  1173. $_snv = $HTTP_SESSION_VARS;
  1174. }
  1175. $output = "Attention site admin of ".pnConfigGetVar('sitename').",\n";
  1176. $output .= "On ".ml_ftime( _DATEBRIEF, ( GetUserTime( time( ) ) ) );
  1177. $output .= " at ". ml_ftime( _TIMEBRIEF, ( GetUserTime( time( ) ) ) );
  1178. $output .= " the Postnuke code has detected that somebody tried to"
  1179. ." send information to your site that may have been intended"
  1180. ." as a hack. Do not panic, it may be harmless: maybe this"
  1181. ." detection was triggered by something you did! Anyway, it"
  1182. ." was detected and blocked. \n";
  1183. $output .= "The suspicious activity was recognized in $detecting_file "
  1184. ."on line $detecting_line, and is of the type $hack_type. \n";
  1185. $output .= "Additional information given by the code which detected this: ".$message;
  1186. $output .= "\n\nBelow you will find a lot of information obtained about "
  1187. ."this attempt, that may help you to find what happened and "
  1188. ."maybe who did it.\n\n";
  1189. $output .= "\n=====================================\n";
  1190. $output .= "Information about this user:\n";
  1191. $output .= "=====================================\n";
  1192. if ( !pnUserLoggedIn() ) {
  1193. $output .= "This person is not logged in.\n";
  1194. } else {
  1195. $output .= "Postnuke username: ".pnUserGetVar('uname') ."\n"
  1196. ."Registered email of this Postnuke user: ". pnUserGetVar('email')."\n"
  1197. ."Registered real name of this Postnuke user: ".pnUserGetVar('name') ."\n";
  1198. }
  1199. $output .= "IP numbers: [note: when you are dealing with a real cracker "
  1200. ."these IP numbers might not be from the actual computer he is "
  1201. ."working on]"
  1202. ."\n\t IP according to HTTP_CLIENT_IP: ".getenv( 'HTTP_CLIENT_IP' )
  1203. ."\n\t IP according to REMOTE_ADDR: ".getenv( 'REMOTE_ADDR' )
  1204. ."\n\t IP according to GetHostByName(\$REMOTE_ADDR): ".GetHostByName( $REMOTE_ADDR )
  1205. ."\n\n";
  1206. $output .= "\n=====================================\n";
  1207. $output .= "Information in the \$_REQUEST array\n";
  1208. $output .= "=====================================\n";
  1209. while ( list ( $key, $value ) = each ( $_rv ) ) {
  1210. $output .= "REQUEST * $key : $value\n";
  1211. }
  1212. $output .= "\n=====================================\n";
  1213. $output .= "Information in the \$_GET array\n";
  1214. $output .= "This is about variables that may have been ";
  1215. $output .= "in the URL string or in a 'GET' type form.\n";
  1216. $output .= "=====================================\n";
  1217. while ( list ( $key, $value ) = each ( $_gv ) ) {
  1218. $output .= "GET * $key : $value\n";
  1219. }
  1220. $output .= "\n=====================================\n";
  1221. $output .= "Information in the \$_POST array\n";
  1222. $output .= "This is about visible and invisible form elements.\n";
  1223. $output .= "=====================================\n";
  1224. while ( list ( $key, $value ) = each ( $_pv ) ) {
  1225. $output .= "POST * $key : $value\n";
  1226. }
  1227. $output .= "\n=====================================\n";
  1228. $output .= "Browser information\n";
  1229. $output .= "=====================================\n";
  1230. global $HTTP_USER_AGENT;
  1231. $output .= "HTTP_USER_AGENT: ".$HTTP_USER_AGENT ."\n";
  1232. $browser = (array) get_browser();
  1233. while ( list ( $key, $value ) = each ( $browser ) ) {
  1234. $output .= "BROWSER * $key : $value\n";
  1235. }
  1236. $output .= "\n=====================================\n";
  1237. $output .= "Information in the \$_SERVER array\n";
  1238. $output .= "=====================================\n";
  1239. while ( list ( $key, $value ) = each ( $_sv ) ) {
  1240. $output .= "SERVER * $key : $value\n";
  1241. }
  1242. $output .= "\n=====================================\n";
  1243. $output .= "Information in the \$_ENV array\n";
  1244. $output .= "=====================================\n";
  1245. while ( list ( $key, $value ) = each ( $_ev ) ) {
  1246. $output .= "ENV * $key : $value\n";
  1247. }
  1248. $output .= "\n=====================================\n";
  1249. $output .= "Information in the \$_COOKIE array\n";
  1250. $output .= "=====================================\n";
  1251. while ( list ( $key, $value ) = each ( $_cv ) ) {
  1252. $output .= "COOKIE * $key : $value\n";
  1253. }
  1254. $output .= "\n=====================================\n";
  1255. $output .= "Information in the \$_FILES array\n";
  1256. $output .= "=====================================\n";
  1257. while ( list ( $key, $value ) = each ( $_fv ) ) {
  1258. $output .= "FILES * $key : $value\n";
  1259. }
  1260. $output .= "\n=====================================\n";
  1261. $output .= "Information in the \$_SESSION array\n";
  1262. $output .= "This is session info. The variables\n";
  1263. $output .= " starting with PNSV are PostNukeSessionVariables.\n";
  1264. $output .= "=====================================\n";
  1265. while ( list ( $key, $value ) = each ( $_snv ) ) {
  1266. $output .= "SESSION * $key : $value\n";
  1267. }
  1268. $sitename = pnConfigGetVar('sitename');
  1269. $adminmail = pnConfigGetVar('adminmail');
  1270. $headers = "From: $sitename <$adminmail>\n"
  1271. ."X-Priority: 1 (Highest)\n";
  1272. pnMail($adminmail, 'Attempted hack on your site? (type: '.$hack_type.')', $output, $headers );
  1273. return;
  1274. }
  1275. ?>