PageRenderTime 83ms CodeModel.GetById 21ms app.highlight 48ms RepoModel.GetById 1ms app.codeStats 0ms

/interface/main/calendar/includes/pnAPI.php

https://bitbucket.org/DenizYldrm/openemr
PHP | 1490 lines | 873 code | 212 blank | 405 comment | 191 complexity | f62c40a32f925d0494000cd2503c3b6c MD5 | raw file
   1<?php
   2// $Id$
   3// ----------------------------------------------------------------------
   4// PostNuke Content Management System
   5// Copyright (C) 2001 by the Post-Nuke Development Team.
   6// http://www.postnuke.com/
   7// ----------------------------------------------------------------------
   8// LICENSE
   9//
  10// This program is free software; you can redistribute it and/or
  11// modify it under the terms of the GNU General Public License (GPL)
  12// as published by the Free Software Foundation; either version 2
  13// of the License, or (at your option) any later version.
  14//
  15// This program is distributed in the hope that it will be useful,
  16// but WITHOUT ANY WARRANTY; without even the implied warranty of
  17// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  18// GNU General Public License for more details.
  19//
  20// To read the license please visit http://www.gnu.org/copyleft/gpl.html
  21// ----------------------------------------------------------------------
  22// Original Author of file: Jim McDonald
  23// Purpose of file: The PostNuke API
  24// ----------------------------------------------------------------------
  25
  26/*
  27 *
  28 * Defines
  29 *
  30 */
  31
  32/*        Allows Postnuke to work with register_globals set to off
  33 *        Patch for php 4.2.x or greater
  34 */
  35
  36if (phpversion() >= "4.2.0") {
  37	if ( ini_get('register_globals') != 1 ) {
  38		$supers = array('_REQUEST',
  39                                '_ENV',
  40                                '_SERVER',
  41                                '_POST',
  42                                '_GET',
  43                                '_COOKIE',
  44                                '_SESSION',
  45                                '_FILES',
  46                                '_GLOBALS' );
  47
  48		foreach( $supers as $__s) {
  49			if ( (isset($$__s) == true) && (is_array( $$__s ) == true) ) extract( $$__s, EXTR_OVERWRITE );
  50		}
  51		unset($supers);
  52	}
  53} else {
  54	if ( ini_get('register_globals') != 1 ) {
  55
  56		$supers = array('HTTP_POST_VARS',
  57                                'HTTP_GET_VARS',
  58                                'HTTP_COOKIE_VARS',
  59                                'GLOBALS',
  60                                'HTTP_SESSION_VARS',
  61                                'HTTP_SERVER_VARS',
  62                                'HTTP_ENV_VARS'
  63                                 );
  64
  65		foreach( $supers as $__s) {
  66			if ( (isset($$__s) == true) && (is_array( $$__s ) == true) ) extract( $$__s, EXTR_OVERWRITE );
  67		}
  68		unset($supers);
  69	}
  70}
  71
  72/*
  73 * Yes/no integer
  74 */
  75define('_PNYES', 1);
  76define('_PNNO', 0);
  77
  78/*
  79 * State of modules
  80 */
  81define('_PNMODULE_STATE_UNINITIALISED', 1);
  82define('_PNMODULE_STATE_INACTIVE', 2);
  83define('_PNMODULE_STATE_ACTIVE', 3);
  84define('_PNMODULE_STATE_MISSING', 4);
  85define('_PNMODULE_STATE_UPGRADED', 5);
  86
  87/*
  88 * 'All' and 'unregistered' for user and group permissions
  89 */
  90define('_PNPERMS_ALL', '-1');
  91define('_PNPERMS_UNREGISTERED', '0');
  92
  93/*
  94 * Core version informations - should be upgraded on each release for
  95 * better control on config settings
  96 */
  97define('_PN_VERSION_NUM',       "0.7.2.6-Phoenix");
  98define('_PN_VERSION_ID',        "PostNuke");
  99define('_PN_VERSION_SUB',       "Phoenix");
 100
 101/*
 102 * Fake module for config vars
 103 */
 104define('_PN_CONFIG_MODULE',     '/PNConfig');
 105
 106/*
 107 *
 108 * Functions
 109 *
 110 */
 111
 112/**
 113 * get all configuration variable into $pnconfig
 114 * will be removed on .8
 115 * @param none
 116 * @returns true|false
 117 * @return none
 118 */
 119function pnConfigInit() {
 120    global $pnconfig;
 121
 122    list($dbconn) = pnDBGetConn();
 123    $pntable = pnDBGetTables();
 124
 125    $table = $pntable['module_vars'];
 126    $columns = &$pntable['module_vars_column'];
 127
 128    /*
 129     * Make query and go
 130     */
 131    $query = "SELECT $columns[name],
 132                     $columns[value]
 133              FROM $table
 134              WHERE $columns[modname]='" . pnVarPrepForStore(_PN_CONFIG_MODULE) . "'";
 135    $dbresult = $dbconn->Execute($query);
 136    if($dbconn->ErrorNo() != 0) {
 137        return false;
 138    }
 139    if ($dbresult->EOF) {
 140        $dbresult->Close();
 141        return false;
 142    }
 143    while(!$dbresult->EOF) {
 144        list($k, $v) = $dbresult->fields;
 145        $dbresult->MoveNext();
 146        if (($k != 'dbtype') && ($k != 'dbhost') && ($k != 'dbuname') && ($k != 'dbpass')
 147                && ($k != 'dbname') && ($k != 'system') && ($k != 'prefix') && ($k != 'encoded')) {
 148            $v =@unserialize($v);
 149            $pnconfig[$k] = $v;
 150        }
 151    }
 152    $dbresult->Close();
 153    return true;
 154}
 155
 156/**
 157 * get a configuration variable
 158 * @param name the name of the variable
 159 * @returns data
 160 * @return value of the variable, or false on failure
 161 */
 162function pnConfigGetVar($name)
 163{
 164    global $pnconfig;
 165    if (isset($pnconfig[$name])) {
 166        $result = $pnconfig[$name];
 167    } else {
 168        /*
 169         * Fetch base data
 170         */
 171        list($dbconn) = pnDBGetConn();
 172        $pntable = pnDBGetTables();
 173
 174        $table = $pntable['module_vars'];
 175        $columns = &$pntable['module_vars_column'];
 176
 177        /*
 178         * Make query and go
 179         */
 180        $query = "SELECT $columns[value]
 181                  FROM $table
 182                  WHERE $columns[modname]='" . pnVarPrepForStore(_PN_CONFIG_MODULE) . "'
 183                    AND $columns[name]='" . pnVarPrepForStore($name) . "'";
 184        $dbresult = $dbconn->Execute($query);
 185
 186        /*
 187         * In any case of error return false
 188         */
 189        if($dbconn->ErrorNo() != 0) {
 190            return false;
 191        }
 192        if ($dbresult->EOF) {
 193            $dbresult->Close();
 194            return false;
 195        }
 196
 197        /*
 198         * Get data
 199         */
 200        list ($result) = $dbresult->fields;
 201        $result = unserialize($result);
 202
 203        /*
 204         * Some caching
 205         */
 206        $pnconfig[$name] = $result;
 207
 208        /*
 209         * That's all folks
 210         */
 211        $dbresult->Close();
 212    }
 213
 214    return $result;
 215}
 216
 217/**
 218 * set a configuration variable
 219 * @param name the name of the variable
 220 * @param value the value of the variable
 221 * @returns bool
 222 * @return true on success, false on failure
 223 */
 224function pnConfigSetVar($name, $value)
 225{
 226    /*
 227     * The database parameter are not allowed to change
 228     */
 229    if (empty($name) || ($name == 'dbtype') || ($name == 'dbhost') || ($name == 'dbuname') || ($name == 'dbpass')
 230            || ($name == 'dbname') || ($name == 'system') || ($name == 'prefix') || ($name == 'encoded')) {
 231        return false;
 232    }
 233
 234    /*
 235     * Test on missing record
 236     *
 237     * Also solve SF-bug #580951
 238     */
 239    $must_insert = true;
 240    global $pnconfig;
 241    foreach($pnconfig as $k => $v) {
 242        /*
 243         * Test if the key name is in the array
 244         */
 245        if ($k == $name) {
 246            /*
 247             * Set flag
 248             */
 249            $must_insert = false;
 250            /*
 251             * Test on change. If not, just quit now
 252             */
 253            if ($v == $value) {
 254                return true;
 255            }
 256            /*
 257             * End loop after success
 258             */
 259            break;
 260        }
 261    }
 262
 263    /*
 264     * Fetch base data
 265     */
 266    list($dbconn) = pnDBGetConn();
 267    $pntable = pnDBGetTables();
 268    $table = $pntable['module_vars'];
 269    $columns = &$pntable['module_vars_column'];
 270
 271    /*
 272     * Update the table
 273     */
 274    if ($must_insert) {
 275        /*
 276         * Insert
 277         */
 278        $query = "INSERT INTO $table
 279                  ($columns[modname],
 280                   $columns[name],
 281                   $columns[value])
 282                  VALUES ('" . pnVarPrepForStore(_PN_CONFIG_MODULE) . "',
 283                          '" . pnVarPrepForStore($name) . "',
 284                          '" . pnVarPrepForStore(serialize($value)). "')";
 285    } else {
 286        /*
 287         * Update
 288         */
 289         $query = "UPDATE $table
 290                   SET $columns[value]='" . pnVarPrepForStore(serialize($value)) . "'
 291                   WHERE $columns[modname]='" . pnVarPrepForStore(_PN_CONFIG_MODULE) . "'
 292                   AND $columns[name]='" . pnVarPrepForStore($name) . "'";
 293    }
 294    $dbconn->Execute($query);
 295    if($dbconn->ErrorNo() != 0) {
 296        return false;
 297    }
 298
 299    /*
 300     * Update my vars
 301     */
 302    $pnconfig[$name] = $value;
 303
 304    return true;
 305}
 306
 307
 308/**
 309 * delete a configuration variable
 310 * @param name the name of the variable
 311 * @returns bool
 312 * @return true on success, false on failure
 313 */
 314function pnConfigDelVar($name)
 315{
 316    global $pnconfig;
 317
 318    if (empty($name)) {
 319        return false;
 320    }
 321
 322    // Don't allow deleting at current
 323    return false;
 324}
 325
 326/**
 327 * Initialise PostNuke
 328 * <br>
 329 * Carries out a number of initialisation tasks to get PostNuke up and
 330 * running.
 331 * @returns void
 332 */
 333function pnInit()
 334{
 335    // proper error_repoting
 336    // e_all for development
 337    // error_reporting(E_ALL);
 338    // without warnings and notices for release
 339    error_reporting(E_ALL & ~E_NOTICE & ~E_WARNING);
 340
 341    // Hack for some weird PHP systems that should have the
 342    // LC_* constants defined, but don't
 343    if (!defined('LC_TIME')) {
 344        define('LC_TIME', 'LC_TIME');
 345    }
 346
 347    // ADODB configuration
 348    define('ADODB_DIR', 'pnadodb');
 349    require 'pnadodb/adodb.inc.php';
 350
 351    // Temporary fix for hacking the hlpfile global
 352    // TODO - remove with pre-0.71 code
 353    global $hlpfile;
 354    $hlpfile = '';
 355
 356    // Initialise and load configuration
 357    global $pnconfig, $pndebug;
 358    $pnconfig = array();
 359    include 'config.php';
 360
 361
 362    // Set up multisites
 363    // added this @define for .71, ugly ?
 364    // i guess the E_ALL stuff.
 365    @define('WHERE_IS_PERSO', '');
 366
 367    // Initialise and load pntables
 368    global $pntable;
 369    $pntable = array();
 370    // if a multisite has its own pntables.
 371    if (file_exists(WHERE_IS_PERSO.'pntables.php')) {
 372        include WHERE_IS_PERSO.'pntables.php';
 373    } else {
 374        require 'pntables.php';
 375    }
 376
 377    // Decode encoded DB parameters
 378    if ($pnconfig['encoded']) {
 379        $pnconfig['dbuname'] = base64_decode($pnconfig['dbuname']);
 380        $pnconfig['dbpass'] = base64_decode($pnconfig['dbpass']);
 381        $pnconfig['encoded'] = 0;
 382    }
 383    // Connect to database
 384    if (!pnDBInit()) {
 385        die('Database initialisation failed');
 386    }
 387
 388    // debugger if required
 389    if ($pndebug['debug']){
 390        include_once 'includes/lensdebug.inc.php';
 391        global $dbg, $debug_sqlcalls;
 392        $dbg = new LensDebug();
 393        $debug_sqlcalls = 0;
 394    }
 395
 396    // Build up old config array
 397    pnConfigInit();
 398
 399    // Set compression on if desired
 400    //
 401    if (pnConfigGetVar('UseCompression') == 1) {
 402    ob_start("ob_gzhandler");
 403    }
 404
 405    // Other includes
 406    include 'includes/pnSession.php';
 407    include 'includes/pnUser.php';
 408
 409    // Start session
 410    if (!pnSessionSetup()) {
 411        die('Session setup failed');
 412    }
 413
 414	if (!pnSessionInit()) {
 415        die('Session initialisation failed');
 416    }
 417
 418    include 'includes/security.php';
 419
 420    // See if a language update is required
 421    $newlang = pnVarCleanFromInput('newlang');
 422    if (!empty($newlang)) {
 423        $lang = $newlang;
 424        pnSessionSetVar('lang', $newlang);
 425    } else {
 426        $lang = pnSessionGetVar('lang');
 427    }
 428
 429    // Load global language defines
 430    if (isset ($lang) && file_exists('language/' . pnVarPrepForOS($lang) . '/global.php')) {
 431        $currentlang = $lang;
 432    } else {
 433        $currentlang = pnConfigGetVar('language');
 434        pnSessionSetVar('lang', $currentlang);
 435    }
 436    include 'language/' . pnVarPrepForOS($currentlang) . '/global.php';
 437
 438    include 'modules/NS-Languages/api.php';
 439
 440        // Cross-Site Scripting attack defense - Sent by larsneo
 441        // some syntax checking against injected javascript
 442
 443        $pnAntiCrackerMode = pnConfigGetVar('pnAntiCracker');
 444
 445        if ( $pnAntiCrackerMode == 1 ) {
 446                pnSecureInput();
 447        }
 448    // Banner system
 449    include 'includes/pnBanners.php';
 450
 451    // Other other includes
 452    include 'includes/advblocks.php';
 453    include 'includes/counter.php';
 454    include 'includes/pnHTML.php';
 455    include 'includes/pnMod.php';
 456    include 'includes/queryutil.php';
 457    include 'includes/xhtml.php';
 458    include 'includes/oldfuncs.php';
 459
 460    // Handle referer
 461    if (pnConfigGetVar('httpref') == 1) {
 462        include 'referer.php';
 463        httpreferer();
 464    }
 465
 466    return true;
 467}
 468
 469function pninclude_once($file)
 470{
 471    include_once($file);
 472}
 473
 474function pnDBInit()
 475{
 476    // Get database parameters
 477    global $pnconfig;
 478    $dbtype = $pnconfig['dbtype'];
 479    $dbhost = $pnconfig['dbhost'];
 480    $dbname = $pnconfig['dbname'];
 481    $dbuname = $pnconfig['dbuname'];
 482    $dbpass = $pnconfig['dbpass'];
 483
 484    // Database connection is a global (for now)
 485    global $dbconn;
 486
 487    // Start connection
 488    $dbconn = ADONewConnection($dbtype);
 489    $dbh = $dbconn->Connect($dbhost, $dbuname, $dbpass, $dbname);
 490    if (!$dbh) {
 491    	//$dbpass = "";
 492        //die("$dbtype://$dbuname:$dbpass@$dbhost/$dbname failed to connect" . $dbconn->ErrorMsg());
 493		die("<!DOCTYPE html PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">\n<html>\n<head>\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=ISO-8859-1\">\n<title>PostNuke powered Website</title>\n</head>\n<body>\n<center>\n<h1>Problem in Database Connection</h1>\n<br /><br />\n<h5>This Website is powered by PostNuke</h5>\n<a href=\"http://www.postnuke.com\" target=\"_blank\"><img src=\"images/powered/postnuke.butn.gif\" border=\"0\" alt=\"Web site powered by PostNuke\" hspace=\"10\" /></a> <a href=\"http://php.weblogs.com/ADODB\" target=\"_blank\"><img src=\"images/powered/adodb2.gif\" alt=\"ADODB database library\" border=\"0\" hspace=\"10\" /></a><a href=\"http://www.php.net\" target=\"_blank\"><img src=\"images/powered/php2.gif\" alt=\"PHP Scripting Language\" border=\"0\" hspace=\"10\" /></a><br />\n<h5>Although this site is running the PostNuke software<br />it has no other connection to the PostNuke Developers.<br />Please refrain from sending messages about this site or its content<br />to the PostNuke team, the end will result in an ignored e-mail.</h5>\n</center>\n</body>\n</html>");
 494    }
 495    
 496    // Modified 5/2009 by BM for UTF-8 project
 497    if ($pnconfig['utf8Flag']) {
 498        $success_flag = $dbconn->Execute("SET NAMES 'utf8'");
 499        if (!$success_flag) {
 500            error_log("PHP custom error: from postnuke interface/main/calendar/includes/pnAPI.php - Unable to set up UTF8 encoding with mysql database", 0);
 501        }
 502    }
 503    // ---------------------------------------
 504    
 505    global $ADODB_FETCH_MODE;
 506    $ADODB_FETCH_MODE = ADODB_FETCH_NUM;
 507
 508    // force oracle to a consistent date format for comparison methods later on
 509    if (strcmp($dbtype, 'oci8') == 0) {
 510        $dbconn->Execute("alter session set NLS_DATE_FORMAT = 'YYYY-MM-DD HH24:MI:SS'");
 511    }
 512
 513    return true;
 514}
 515
 516/**
 517 * get a list of database connections
 518 * @returns array
 519 * @return array of database connections
 520 */
 521function pnDBGetConn()
 522{
 523    global $dbconn;
 524
 525    return array($dbconn);
 526}
 527
 528/**
 529 * get a list of database tables
 530 * @returns array
 531 * @return array of database tables
 532 */
 533function pnDBGetTables()
 534{
 535    global $pntable;
 536
 537    return $pntable;
 538}
 539
 540/**
 541 * clean user input
 542 * <br>
 543 * Gets a global variable, cleaning it up to try to ensure that
 544 * hack attacks don't work
 545 * @param var name of variable to get
 546 * @param ...
 547 * @returns string/array
 548 * @return prepared variable if only one variable passed
 549 * in, otherwise an array of prepared variables
 550 */
 551function pnVarCleanFromInput()
 552{
 553    $search = array('|</?\s*SCRIPT.*?>|si',
 554                    '|</?\s*FRAME.*?>|si',
 555                    '|</?\s*OBJECT.*?>|si',
 556                    '|</?\s*META.*?>|si',
 557                    '|</?\s*APPLET.*?>|si',
 558                    '|</?\s*LINK.*?>|si',
 559                    '|</?\s*IFRAME.*?>|si',
 560                    '|STYLE\s*=\s*"[^"]*"|si');
 561
 562    $replace = array('');
 563
 564    $resarray = array();
 565    foreach (func_get_args() as $var) {
 566    // Get var
 567        global $$var;
 568	if (empty($var)) {
 569            return;
 570        }
 571        $ourvar = $$var;
 572        if (!isset($ourvar)) {
 573            array_push($resarray, NULL);
 574            continue;
 575        }
 576        if (empty($ourvar)) {
 577            array_push($resarray, $ourvar);
 578            continue;
 579        }
 580
 581        // Clean var
 582        if (get_magic_quotes_gpc()) {
 583            pnStripslashes($ourvar);
 584        }
 585        if (!pnSecAuthAction(0, '::', '::', ACCESS_ADMIN)) {
 586            $ourvar = preg_replace($search, $replace, $ourvar);
 587        }
 588
 589        // Add to result array
 590        array_push($resarray, $ourvar);
 591
 592    }
 593
 594    // Return vars
 595    if (func_num_args() == 1) {
 596        return $resarray[0];
 597    } else {
 598        return $resarray;
 599    }
 600}
 601
 602/**
 603 * strip slashes
 604 *
 605 * stripslashes on multidimensional arrays.
 606 * Used in conjunction with pnVarCleanFromInput
 607 * @access private
 608 * @param any variables or arrays to be stripslashed
 609 */
 610function pnStripslashes (&$value) {
 611    if(!is_array($value)) {
 612        $value = stripslashes($value);
 613    } else {
 614        array_walk($value,'pnStripslashes');
 615    }
 616}
 617
 618/**
 619 * ready user output
 620 * <br>
 621 * Gets a variable, cleaning it up such that the text is
 622 * shown exactly as expected
 623 * @param var variable to prepare
 624 * @param ...
 625 * @returns string/array
 626 * @return prepared variable if only one variable passed
 627 * in, otherwise an array of prepared variables
 628 */
 629function pnVarPrepForDisplay()
 630{
 631    // This search and replace finds the text 'x@y' and replaces
 632    // it with HTML entities, this provides protection against
 633    // email harvesters
 634    static $search = array('/(.)@(.)/se');
 635
 636    static $replace = array('"&#" .
 637                            sprintf("%03d", ord("\\1")) .
 638                            ";&#064;&#" .
 639                            sprintf("%03d", ord("\\2")) . ";";');
 640
 641    $resarray = array();
 642    foreach (func_get_args() as $ourvar) {
 643
 644        // Prepare var
 645        $ourvar = htmlspecialchars($ourvar);
 646
 647        $ourvar = preg_replace($search, $replace, $ourvar);
 648
 649        // Add to array
 650        array_push($resarray, $ourvar);
 651    }
 652
 653    // Return vars
 654    if (func_num_args() == 1) {
 655        return $resarray[0];
 656    } else {
 657        return $resarray;
 658    }
 659}
 660
 661/**
 662 * ready HTML output
 663 * <br>
 664 * Gets a variable, cleaning it up such that the text is
 665 * shown exactly as expected, except for allowed HTML tags which
 666 * are allowed through
 667 * @param var variable to prepare
 668 * @param ...
 669 * @returns string/array
 670 * @return prepared variable if only one variable passed
 671 * in, otherwise an array of prepared variables
 672 */
 673function pnVarPrepHTMLDisplay()
 674{
 675    // This search and replace finds the text 'x@y' and replaces
 676    // it with HTML entities, this provides protection against
 677    // email harvesters
 678    //
 679    // Note that the use of \024 and \022 are needed to ensure that
 680    // this does not break HTML tags that might be around either
 681    // the username or the domain name
 682    static $search = array('/([^\024])@([^\022])/se');
 683
 684    static $replace = array('"&#" .
 685                            sprintf("%03d", ord("\\1")) .
 686                            ";&#064;&#" .
 687                            sprintf("%03d", ord("\\2")) . ";";');
 688
 689    static $allowedhtml;
 690
 691    if (!isset($allowedhtml)) {
 692        $allowedhtml = array();
 693        foreach(pnConfigGetVar('AllowableHTML') as $k=>$v) {
 694            switch($v) {
 695                case 0:
 696                    break;
 697                case 1:
 698                    $allowedhtml[] = "|<(/?$k)\s*/?>|i";
 699                    break;
 700                case 2:
 701                    $allowedhtml[] = "|<(/?$k(\s+.*?)?)>|i";
 702                    break;
 703            }
 704        }
 705    }
 706
 707    $resarray = array();
 708    foreach (func_get_args() as $ourvar) {
 709        // Preparse var to mark the HTML that we want
 710        $ourvar = preg_replace($allowedhtml, "\022\\1\024", $ourvar);
 711
 712        // Prepare var
 713        $ourvar = htmlspecialchars($ourvar);
 714        $ourvar = preg_replace($search, $replace, $ourvar);
 715
 716        // Fix the HTML that we want
 717        $ourvar = preg_replace('/\022([^\024]*)\024/e',
 718                               "'<' . strtr('\\1', array('&gt;' => '>',
 719                                                         '&lt;' => '<',
 720                                                         '&quot;' => '\"'))
 721                               . '>';", $ourvar);
 722
 723        // Fix entities if required
 724        if (pnConfigGetVar('htmlentities')) {
 725            $ourvar = preg_replace('/&amp;([a-z#0-9]+);/i', "&\\1;", $ourvar);
 726        }
 727
 728        // Add to array
 729        array_push($resarray, $ourvar);
 730    }
 731
 732    // Return vars
 733    if (func_num_args() == 1) {
 734        return $resarray[0];
 735    } else {
 736        return $resarray;
 737    }
 738}
 739
 740/**
 741 * ready databse output
 742 * <br>
 743 * Gets a variable, cleaning it up such that the text is
 744 * stored in a database exactly as expected
 745 * @param var variable to prepare
 746 * @param ...
 747 * @returns string/array
 748 * @return prepared variable if only one variable passed
 749 * in, otherwise an array of prepared variables
 750 */
 751function pnVarPrepForStore()
 752{
 753    $resarray = array();
 754    foreach (func_get_args() as $ourvar) {
 755
 756        // Prepare var
 757        if (!get_magic_quotes_runtime()) {
 758            $ourvar = addslashes($ourvar);
 759        }
 760
 761        // Add to array
 762        array_push($resarray, $ourvar);
 763    }
 764
 765    // Return vars
 766    if (func_num_args() == 1) {
 767        return $resarray[0];
 768    } else {
 769        return $resarray;
 770    }
 771}
 772
 773/**
 774 * ready operating system output
 775 * <br>
 776 * Gets a variable, cleaning it up such that any attempts
 777 * to access files outside of the scope of the PostNuke
 778 * system is not allowed
 779 * @param var variable to prepare
 780 * @param ...
 781 * @returns string/array
 782 * @return prepared variable if only one variable passed
 783 * in, otherwise an array of prepared variables
 784 */
 785function pnVarPrepForOS()
 786{
 787    static $search = array('!\.\./!si', // .. (directory traversal)
 788                           '!^.*://!si', // .*:// (start of URL)
 789                           '!/!si',     // Forward slash (directory traversal)
 790                           '!\\\\!si'); // Backslash (directory traversal)
 791
 792    static $replace = array('',
 793                            '',
 794                            '_',
 795                            '_');
 796
 797    $resarray = array();
 798    foreach (func_get_args() as $ourvar) {
 799
 800        // Parse out bad things
 801        $ourvar = preg_replace($search, $replace, $ourvar);
 802
 803        // Prepare var
 804        if (!get_magic_quotes_runtime()) {
 805            $ourvar = addslashes($ourvar);
 806        }
 807
 808        // Add to array
 809        array_push($resarray, $ourvar);
 810    }
 811
 812    // Return vars
 813    if (func_num_args() == 1) {
 814        return $resarray[0];
 815    } else {
 816        return $resarray;
 817    }
 818}
 819
 820/**
 821 * remove censored words
 822 */
 823function pnVarCensor()
 824{
 825    static $docensor;
 826    if (!isset($docensor)) {
 827        $docensor = pnConfigGetVar('CensorMode');
 828    }
 829
 830    static $search = array();
 831    if (empty($search)) {
 832        $repsearch = array('/o/i',
 833                           '/e/i',
 834                           '/a/i',
 835                           '/i/i');
 836        $repreplace = array('0',
 837                            '3',
 838                            '@',
 839                            '1');
 840        $censoredwords = pnConfigGetVar('CensorList');
 841        foreach ($censoredwords as $censoredword) {
 842            // Simple word
 843            $search[] = "/\b$censoredword\b/i";
 844
 845            // Common replacements
 846            $mungedword = preg_replace($repsearch, $repreplace, $censoredword);
 847            if ($mungedword != $censoredword) {
 848                $search[] = "/\b$mungedword\b/";
 849            }
 850        }
 851    }
 852
 853    $replace = pnConfigGetVar('CensorReplace');
 854
 855    $resarray = array();
 856    foreach (func_get_args() as $ourvar) {
 857
 858        if ($docensor) {
 859            // Parse out nasty words
 860            $ourvar = preg_replace($search, $replace, $ourvar);
 861        }
 862
 863        // Add to array
 864        array_push($resarray, $ourvar);
 865    }
 866
 867    // Return vars
 868    if (func_num_args() == 1) {
 869        return $resarray[0];
 870    } else {
 871        return $resarray;
 872    }
 873}
 874
 875/**
 876 * validate a user variable
 877 * @access public
 878 * @author Damien Bonvillain
 879 * @author Gregor J. Rothfuss
 880 * @since 1.23 - 2002/02/01
 881 * @param var the variable to validate
 882 * @param type the type of the validation to perform
 883 * @param args optional array with validation-specific settings
 884 * @returns bool
 885 * @return true if the validation was successful, false otherwise
 886 */
 887function pnVarValidate($var, $type, $args=0)
 888{
 889 switch ($type) {
 890    case 'email':
 891        // all characters must be 7 bit ascii
 892        $length = strlen($var);
 893        $idx = 0;
 894        while($length--) {
 895           $c = $var[$idx++];
 896           if(ord($c) > 127){
 897              return false;
 898           }
 899        }
 900        $regexp = '/^(?:[^\s\000-\037\177\(\)<>@,;:\\"\[\]]\.?)+@(?:[^\s\000-\037\177\(\)<>@,;:\\\"\[\]]\.?)+\.[a-z]{2,6}$/Ui';
 901        if(preg_match($regexp,$var)) {
 902            return true;
 903        } else {
 904            return false;
 905        }
 906        break;
 907
 908    case 'url':
 909        // all characters must be 7 bit ascii
 910        $length = strlen($var);
 911        $idx = 0;
 912        while($length--) {
 913           $c = $var[$idx++];
 914           if(ord($c) > 127){
 915             return false;
 916           }
 917        }
 918        $regexp = '/^([!\$\046-\073=\077-\132_\141-\172~]|(?:%[a-f0-9]{2}))+$/i';
 919        if(!preg_match($regexp, $var)) {
 920            return false;
 921        }
 922        $url_array = @parse_url($var);
 923        if(empty($url_array)) {
 924            return false;
 925        } else {
 926            return !empty($url_array['scheme']);
 927        }
 928        break;
 929   }
 930}
 931
 932/**
 933 * check an assertion
 934 * <br>
 935 * Check an assertion to ensure that it is valid.  If not, then die
 936 * @param assertion the assertion
 937 * @param filename the filename the assertion occurs in
 938 * @param line the line number the assertion occurs in
 939 */
 940function pnAssert($assertion, $file='Unknown', $line='Unknown', $msg='')
 941{
 942    if ($assertion) {
 943        return;
 944    }
 945
 946    // Assertion failed - log it
 947    if (!empty($msg)) {
 948        die("Assertion failed in $file at line $line - $msg");
 949    } else {
 950        die("Assertion failed in $file at line $line");
 951    }
 952}
 953
 954/**
 955 * get status message from previous operation
 956 * <br>
 957 * Obtains any status message, and also destroys
 958 * it from the session to prevent duplication
 959 * @returns string
 960 * @return the status message
 961 */
 962function pnGetStatusMsg()
 963{
 964    $msg = pnSessionGetVar('statusmsg');
 965    pnSessionDelVar('statusmsg');
 966    $errmsg = pnSessionGetVar('errormsg');
 967    pnSessionDelVar('errormsg');
 968
 969    // Error message overrides status message
 970    if (!empty($errmsg)) {
 971        return $errmsg;
 972    }
 973    return $msg;
 974}
 975
 976function pnThemeLoad($thistheme)
 977{
 978    static $loaded = 0;
 979
 980    if ($loaded) {
 981        return true;
 982    }
 983
 984    // Lots of nasty globals for back-compatability with older themes
 985    global $bgcolor1;
 986    global $bgcolor2;
 987    global $bgcolor3;
 988    global $bgcolor4;
 989    global $bgcolor5;
 990    global $sepcolor;
 991    global $textcolor1;
 992    global $textcolor2;
 993    global $postnuke_theme;
 994    global $thename;
 995
 996    // modification mouzaia .71
 997
 998    // is this really useful ?
 999/*  $themefile = 'themes/' . pnVarPrepForOS(pnUserGetTheme()) . '/theme.php';
1000    if (!file_exists($themefile)) {
1001        return false;
1002    }
1003*/
1004// eugenio themeover 20020413
1005    if (@file(WHERE_IS_PERSO."themes/$thistheme/theme.php"))
1006        { include WHERE_IS_PERSO."themes/$thistheme/theme.php"; }
1007    else
1008        {
1009        include "themes/$thistheme/theme.php";
1010        }
1011    // end of modification
1012    $loaded = 1;
1013    return true;
1014}
1015
1016function pnThemeGetVar($name)
1017{
1018    global $$name;
1019    if (isset($$name)) {
1020        return $$name;
1021    }
1022}
1023
1024/**
1025 * get base URI for PostNuke
1026 * @returns string
1027 * @return base URI for PostNuke
1028 */
1029function pnGetBaseURI()
1030{
1031    global $HTTP_SERVER_VARS;
1032
1033    // Get the name of this URI
1034
1035    // Start of with REQUEST_URI
1036    if (isset($HTTP_SERVER_VARS['REQUEST_URI'])) {
1037        $path = $HTTP_SERVER_VARS['REQUEST_URI'];
1038    } else {
1039        $path = getenv('REQUEST_URI');
1040    }
1041    if ((empty($path)) ||
1042        (substr($path, -1, 1) == '/')) {
1043        // REQUEST_URI was empty or pointed to a path
1044        // Try looking at PATH_INFO
1045        $path = getenv('PATH_INFO');
1046        if (empty($path)) {
1047            // No luck there either
1048            // Try SCRIPT_NAME
1049            if (isset($HTTP_SERVER_VARS['SCRIPT_NAME'])) {
1050                $path = $HTTP_SERVER_VARS['SCRIPT_NAME'];
1051            } else {
1052                $path = getenv('SCRIPT_NAME');
1053            }
1054        }
1055    }
1056
1057    $path = preg_replace('/[#\?].*/', '', $path);
1058    $path = dirname($path);
1059
1060    if (preg_match('!^[/\\\]*$!', $path)) {
1061        $path = '';
1062    }
1063
1064    return $path;
1065}
1066
1067/**
1068 * get base URL for PostNuke
1069 * @returns string
1070 * @return base URL for PostNuke
1071 */
1072function pnGetBaseURL()
1073{
1074    global $HTTP_SERVER_VARS;
1075
1076    if (empty($HTTP_SERVER_VARS['HTTP_HOST'])) {
1077        $server = getenv('HTTP_HOST');
1078    } else {
1079        $server = $HTTP_SERVER_VARS['HTTP_HOST'];
1080    }
1081    // IIS sets HTTPS=off
1082    if ( (isset($HTTP_SERVER_VARS['HTTPS']) && $HTTP_SERVER_VARS['HTTPS'] != 'off') || (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ) {
1083        $proto = 'https://';
1084    } else {
1085        $proto = 'http://';
1086    }
1087
1088    $path = pnGetBaseURI();
1089
1090    return "$proto$server$path/";
1091}
1092
1093/**
1094 * Carry out a redirect
1095 * @param the URL to redirect to
1096 * @returns void
1097 */
1098function pnRedirect($redirecturl)
1099{
1100    // Always close session before redirect
1101    if (function_exists('session_write_close')) {
1102        session_write_close();
1103    }
1104
1105    if (preg_match('!^http!', $redirecturl)) {
1106        // Absolute URL - simple redirect
1107        Header("Location: $redirecturl");
1108        return;
1109    } else {
1110        // Removing leading slashes from redirect url
1111        $redirecturl = preg_replace('!^/*!', '', $redirecturl);
1112
1113        // Get base URL
1114        $baseurl = pnGetBaseURL();
1115
1116        Header("Location: $baseurl$redirecturl");
1117    }
1118
1119}
1120
1121/**
1122 * check to see if this is a local referral
1123 * @returns bool
1124 * @return true if locally referred, false if not
1125 */
1126function pnLocalReferer()
1127{
1128    global $HTTP_SERVER_VARS;
1129
1130    if (empty($HTTP_SERVER_VARS['HTTP_HOST'])) {
1131        $server = getenv('HTTP_HOST');
1132    } else {
1133        $server = $HTTP_SERVER_VARS['HTTP_HOST'];
1134    }
1135
1136    if (empty($HTTP_SERVER_VARS['HTTP_REFERER'])) {
1137        $referer = getenv('HTTP_REFERER');
1138    } else {
1139        $referer = $HTTP_SERVER_VARS['HTTP_REFERER'];
1140    }
1141
1142    if (empty($referer) || preg_match("!^http://$server/!", $referer)) {
1143        return true;
1144    } else {
1145        return false;
1146    }
1147}
1148
1149// Hack - we need this for themes, but will get rid of it soon
1150if (!function_exists('GetUserTime')) {
1151    function GetUserTime($time) {
1152        if (pnUserLoggedIn()) {
1153            $time += (pnUserGetVar('timezone_offset') - pnConfigGetVar('timezone_offset')) * 3600;
1154        }
1155        return($time);
1156    }
1157}
1158
1159/**
1160 * send an email
1161 * @param to - recipient of the email
1162 * @param subject - title of the email
1163 * @param message - body of the email
1164 * @param headers - extra headers for the email
1165 * @param debug - if 1, echo mail content
1166 * @returns bool
1167 * @return true if the email was sent, false if not
1168 */
1169function pnMail($to, $subject, $message, $headers, $debug=0)
1170{
1171    // Language translations
1172    switch(pnUserGetLang()) {
1173        case 'rus':
1174        if (!empty($headers)) $headers .= "\n";
1175            $headers .= "Content-Type: text/plain; charset=koi8-r";
1176            $subject = convert_cyr_string($subject,"w","k");
1177            $message = convert_cyr_string($message,"w","k");
1178            $headers = convert_cyr_string($headers,"w","k");
1179            break;
1180    }
1181    
1182    // Debug
1183    if ($debug) {
1184    	echo "Mail To: ".$to."<br>";
1185    	echo "Mail Subject: ".$subject."<br>";
1186    	echo "Mail Message: ".$message."<br>";
1187    	echo "Mail Headers: ".$headers."<br>";
1188	}
1189	
1190    // Mail message
1191    // do not display error messages [class007]
1192    $return = @mail($to, $subject, $message, $headers);
1193    return $return;
1194}
1195
1196/* Protects better diverse attempts of Cross-Site Scripting
1197   attacks, thanks to webmedic, Timax, larsneo.
1198 */
1199
1200function pnSecureInput() {
1201
1202/*      Lets validate the current php version and set globals
1203        accordingly.
1204        Do not change this value unless you know what you are
1205        doing you have been warned!
1206 */
1207
1208//require('includes/htmlfilter.inc');
1209
1210if ( phpversion() >= "4.2.0" ) {
1211
1212$HTTP_GET_VARS          = $_GET;
1213$HTTP_POST_VARS         = $_POST;
1214$HTTP_COOKIE_VARS       = $_COOKIE;
1215
1216} else {
1217
1218global $HTTP_GET_VARS, $HTTP_POST_VARS, $HTTP_COOKIE_VARS;
1219
1220}
1221
1222// Cross-Site Scripting attack defense - Sent by larsneo
1223// some syntax checking against injected javascript
1224// extended by Neo
1225
1226if (count($HTTP_GET_VARS) > 0) {
1227
1228/*        Lets now sanitize the GET vars
1229 */
1230
1231
1232        foreach ($HTTP_GET_VARS as $secvalue) {
1233        	if (!is_array($secvalue)) {
1234                if ((eregi("<[^>]*script*\"?[^>]*>", $secvalue)) ||
1235                        (eregi(".*[[:space:]](or|and)[[:space:]].*(=|like).*", $secvalue)) ||
1236                        (eregi("<[^>]*object*\"?[^>]*>", $secvalue)) ||
1237                        (eregi("<[^>]*iframe*\"?[^>]*>", $secvalue)) ||
1238                        (eregi("<[^>]*applet*\"?[^>]*>", $secvalue)) ||
1239                        (eregi("<[^>]*meta*\"?[^>]*>", $secvalue)) ||
1240                        (eregi("<[^>]*style*\"?[^>]*>", $secvalue)) ||
1241                        (eregi("<[^>]*form*\"?[^>]*>", $secvalue)) ||
1242                        (eregi("<[^>]*window.*\"?[^>]*>", $secvalue)) ||
1243                        (eregi("<[^>]*alert*\"?[^>]*>", $secvalue)) ||
1244                        (eregi("<[^>]*img*\"?[^>]*>", $secvalue)) ||
1245                        (eregi("<[^>]*document.*\"?[^>]*>", $secvalue)) ||
1246                        (eregi("<[^>]*cookie*\"?[^>]*>", $secvalue)) ||
1247                        (eregi("\"", $secvalue))) {
1248                        //pnMailHackAttempt(__FILE__,__LINE__,'pnSecurity Alert','Intrusion detection.');
1249                        //Header("Location: index.php");
1250                }
1251        	}
1252        }
1253}
1254
1255/*        Lets now sanitize the POST vars
1256 */
1257
1258if ( count($HTTP_POST_VARS) > 0) {
1259
1260        foreach ($HTTP_POST_VARS as $secvalue) {
1261        	if (!is_array($secvalue)) {
1262                if ((eregi("<[^>]*script*\"?[^>]*>", $secvalue)) ||
1263                        (eregi("<[^>]*object*\"?[^>]*>", $secvalue)) ||
1264                        (eregi("<[^>]*iframe*\"?[^>]*>", $secvalue)) ||
1265                        (eregi("<[^>]*applet*\"?[^>]*>", $secvalue)) ||
1266                        (eregi("<[^>]*window.*\"?[^>]*>", $secvalue)) ||
1267                        (eregi("<[^>]*alert*\"?[^>]*>", $secvalue)) ||
1268                        (eregi("<[^>]*document.*\"?[^>]*>", $secvalue)) ||
1269                        (eregi("<[^>]*cookie*\"?[^>]*>", $secvalue)) ||
1270                        (eregi("<[^>]*meta*\"?[^>]*>", $secvalue))
1271                        ) {
1272
1273                        //pnMailHackAttempt(__FILE__,__LINE__,'pnSecurity Alert','Intrusion detection.');
1274                        //Header("Location: index.php");
1275                }
1276         	}
1277        }
1278
1279}
1280
1281/*        Lets now sanitize the COOKIE vars
1282 */
1283
1284if ( count($HTTP_COOKIE_VARS) > 0) {
1285
1286        foreach ($HTTP_COOKIE_VARS as $secvalue) {
1287			if (!is_array($secvalue)) {
1288                if ((eregi("<[^>]*script*\"?[^>]*>", $secvalue)) ||
1289                        (eregi(".*[[:space:]](or|and)[[:space:]].*(=|like).*", $secvalue)) ||
1290                        (eregi("<[^>]*object*\"?[^>]*>", $secvalue)) ||
1291                        (eregi("<[^>]*iframe*\"?[^>]*>", $secvalue)) ||
1292                        (eregi("<[^>]*applet*\"?[^>]*>", $secvalue)) ||
1293                        (eregi("<[^>]*meta*\"?[^>]*>", $secvalue)) ||
1294                        (eregi("<[^>]*style*\"?[^>]*>", $secvalue)) ||
1295                        (eregi("<[^>]*form*\"?[^>]*>", $secvalue)) ||
1296                        (eregi("<[^>]*window.*\"?[^>]*>", $secvalue)) ||
1297                        (eregi("<[^>]*alert*\"?[^>]*>", $secvalue)) ||
1298                        (eregi("<[^>]*document.*\"?[^>]*>", $secvalue)) ||
1299                        (eregi("<[^>]*cookie*\"?[^>]*>", $secvalue)) ||
1300                        (eregi("<[^>]*img*\"?[^>]*>", $secvalue))
1301                        ) {
1302
1303                        pnMailHackAttempt(__FILE__,__LINE__,'pnSecurity Alert','Intrusion detection.');
1304                        //Header("Location: index.php");
1305                }
1306        	}
1307        }
1308}
1309
1310
1311} # End of secure Input
1312
1313/*         Function that compares the current php version on the
1314        system with the target one
1315 */
1316
1317// Deprecate function reverting to php detecion function
1318
1319function pnPhpVersionCheck($vercheck) {
1320
1321$minver = str_replace(".","", $vercheck);
1322$curver = str_replace(".","", phpversion());
1323
1324        if($curver >= $minver){
1325                return true;
1326                } else {
1327                return false;
1328        }
1329}
1330
1331function pnMailHackAttempt( $detecting_file        =        "(no filename available)",
1332                            $detecting_line        =        "(no line number available)",
1333                            $hack_type             =        "(no type given)",
1334                            $message               =        "(no message given)" ) {
1335
1336# Backwards compatibility fix with php 4.0.x and 4.1.x or greater Neo
1337
1338if (phpversion() >= "4.2.0") {
1339
1340		$_pv  = $_POST;
1341		$_gv  = $_GET;
1342		$_rv  = $_REQUEST;
1343		$_sv  = $_SERVER;
1344		$_ev  = $_ENV;
1345		$_cv  = $_COOKIE;
1346		$_fv  = $_FILES;
1347		$_snv = $_SESSION;
1348		
1349	} else {
1350
1351	global $HTTP_POST_VARS, $HTTP_GET_VARS, $HTTP_SERVER_VARS, $HTTP_ENV_VARS, $HTTP_COOKIE_VARS, $HTTP_POST_FILES, $HTTP_SESSION_VARS;
1352
1353		$_pv  = $HTTP_POST_VARS;
1354		$_gv  = $HTTP_GET_VARS;
1355		$_rv  = array();
1356		$_sv  = $HTTP_SERVER_VARS;
1357		$_ev  = $HTTP_ENV_VARS;
1358		$_cv  = $HTTP_COOKIE_VARS;
1359		$_fv  = $HTTP_POST_FILES;
1360		$_snv = $HTTP_SESSION_VARS;
1361
1362}
1363        $output         =        "Attention site admin of ".pnConfigGetVar('sitename').",\n";
1364        $output        .=        "On ".ml_ftime( _DATEBRIEF, ( GetUserTime( time( ) ) ) );
1365        $output        .=        " at ". ml_ftime( _TIMEBRIEF, ( GetUserTime( time( ) ) ) );
1366        $output        .=        " the Postnuke code has detected that somebody tried to"
1367                           ." send information to your site that may have been intended"
1368                           ." as a hack. Do not panic, it may be harmless: maybe this"
1369                           ." detection was triggered by something you did! Anyway, it"
1370                           ." was detected and blocked. \n";
1371        $output        .=        "The suspicious activity was recognized in $detecting_file "
1372                              ."on line $detecting_line, and is of the type $hack_type. \n";
1373        $output        .=        "Additional information given by the code which detected this: ".$message;
1374        $output        .=        "\n\nBelow you will find a lot of information obtained about "
1375                           ."this attempt, that may help you to find  what happened and "
1376                           ."maybe who did it.\n\n";
1377
1378        $output        .=        "\n=====================================\n";
1379        $output        .=        "Information about this user:\n";
1380        $output        .=        "=====================================\n";
1381
1382        if ( !pnUserLoggedIn() ) {
1383                $output        .=  "This person is not logged in.\n";
1384        } else {
1385                $output .=        "Postnuke username:  ".pnUserGetVar('uname') ."\n"
1386                                   ."Registered email of this Postnuke user: ". pnUserGetVar('email')."\n"
1387                                   ."Registered real name of this Postnuke user: ".pnUserGetVar('name') ."\n";
1388        }
1389
1390        $output        .=        "IP numbers: [note: when you are dealing with a real cracker "
1391                           ."these IP numbers might not be from the actual computer he is "
1392                           ."working on]"
1393                           ."\n\t IP according to HTTP_CLIENT_IP: ".getenv( 'HTTP_CLIENT_IP' )
1394                           ."\n\t IP according to REMOTE_ADDR: ".getenv( 'REMOTE_ADDR' )
1395                           ."\n\t IP according to GetHostByName(\$REMOTE_ADDR): ".GetHostByName( $REMOTE_ADDR )
1396                           ."\n\n";
1397
1398        $output .=        "\n=====================================\n";
1399        $output .=        "Information in the \$_REQUEST array\n";
1400        $output .=        "=====================================\n";
1401
1402        while ( list ( $key, $value ) = each ( $_rv ) ) {
1403                $output .= "REQUEST * $key : $value\n";
1404        }
1405
1406        $output .=        "\n=====================================\n";
1407        $output .=        "Information in the \$_GET array\n";
1408        $output .=        "This is about variables that may have been ";
1409        $output .=        "in the URL string or in a 'GET' type form.\n";
1410        $output        .=        "=====================================\n";
1411
1412        while ( list ( $key, $value ) = each ( $_gv ) ) {
1413                $output .= "GET * $key : $value\n";
1414        }
1415
1416        $output        .=        "\n=====================================\n";
1417        $output        .=        "Information in the \$_POST array\n";
1418        $output        .=        "This is about visible and invisible form elements.\n";
1419        $output        .=        "=====================================\n";
1420
1421        while ( list ( $key, $value ) = each ( $_pv ) ) {
1422                $output .= "POST * $key : $value\n";
1423        }
1424
1425        $output        .=        "\n=====================================\n";
1426        $output        .=         "Browser information\n";
1427        $output        .=        "=====================================\n";
1428
1429        global $HTTP_USER_AGENT;
1430        $output        .=        "HTTP_USER_AGENT: ".$HTTP_USER_AGENT ."\n";
1431
1432        $browser = (array) get_browser();
1433        while ( list ( $key, $value ) = each ( $browser ) ) {
1434                $output .= "BROWSER * $key : $value\n";
1435        }
1436
1437        $output        .=        "\n=====================================\n";
1438        $output        .=        "Information in the \$_SERVER array\n";
1439        $output        .=        "=====================================\n";
1440
1441        while ( list ( $key, $value ) = each ( $_sv ) ) {
1442                $output .= "SERVER * $key : $value\n";
1443        }
1444
1445        $output        .=        "\n=====================================\n";
1446        $output        .=        "Information in the \$_ENV array\n";
1447        $output        .=        "=====================================\n";
1448
1449        while ( list ( $key, $value ) = each ( $_ev ) ) {
1450                $output .= "ENV * $key : $value\n";
1451        }
1452
1453        $output        .=        "\n=====================================\n";
1454        $output        .=  "Information in the \$_COOKIE array\n";
1455        $output        .=        "=====================================\n";
1456
1457        while ( list ( $key, $value ) = each ( $_cv ) )  {
1458                $output .= "COOKIE * $key : $value\n";
1459        }
1460
1461        $output        .=        "\n=====================================\n";
1462        $output        .=        "Information in the \$_FILES array\n";
1463        $output        .=        "=====================================\n";
1464
1465        while ( list ( $key, $value ) = each ( $_fv ) ) {
1466                $output .= "FILES * $key : $value\n";
1467        }
1468
1469        $output        .=        "\n=====================================\n";
1470        $output        .=        "Information in the \$_SESSION array\n";
1471        $output .=  "This is session info. The variables\n";
1472        $output .=  "  starting with PNSV are PostNukeSessionVariables.\n";
1473        $output        .=        "=====================================\n";
1474
1475        while ( list ( $key, $value ) = each ( $_snv ) ) {
1476                $output .= "SESSION * $key : $value\n";
1477        }
1478
1479		$sitename = pnConfigGetVar('sitename');
1480		$adminmail = pnConfigGetVar('adminmail');
1481
1482        $headers = "From: $sitename <$adminmail>\n"
1483                          ."X-Priority: 1 (Highest)\n";
1484
1485        pnMail($adminmail, 'Attempted hack on your site? (type: '.$hack_type.')', $output, $headers );
1486
1487        return;
1488}
1489
1490?>