PageRenderTime 44ms CodeModel.GetById 15ms RepoModel.GetById 0ms app.codeStats 0ms

/gas2/functions.php

https://github.com/mauromorello/ReteDES
PHP | 301 lines | 226 code | 37 blank | 38 comment | 41 complexity | c976d3f0512b8522e09166e362decb50 MD5 | raw file
Possible License(s): LGPL-2.1, BSD-3-Clause 
    

  1. <?php
    2. 

  2. 

  3. 

  4. if (preg_match('/functions.php/i',$_SERVER['SCRIPT_NAME'])){
    5. 

  5.     Header("Location: index.php"); die();
    6. 

  6. }
    7. 

  7. 

  8. 

  9. function _clean($str){
    10. 

  10. return is_array($str) ? array_map('_clean', $str) : str_replace("\\", "\\\\", htmlspecialchars((get_magic_quotes_gpc() ? stripslashes($str) : $str), ENT_QUOTES));
    11. 

  11. }
    12. 

  12. 

  13. 

  14. // Disable magic_quotes_runtime
    15. 

  15. if(get_magic_quotes_runtime())
    16. 

  16. {
    17. 

  17.     // Deactivate
    18. 

  18.     set_magic_quotes_runtime(false);
    19. 

  19. }
    20. 

  20. 

  21. 

  22. 

  23. if (!ini_get("register_globals")) {
    24. 

  24.     import_request_variables('GPC');
    25. 

  25. }
    26. 

  26. 

  27. $phpver = phpversion();
    28. 

  28. if ($phpver < '4.1.0') {
    29. 

  29.     $_GET = $HTTP_GET_VARS;
    30. 

  30.     $_POST = $HTTP_POST_VARS;
    31. 

  31.     $_SERVER = $HTTP_SERVER_VARS;
    32. 

  32. }
    33. 

  33. $phpver = explode(".", $phpver);
    34. 

  34. $phpver = "$phpver[0]$phpver[1]";
    35. 

  35. if ($phpver >= 41) {
    36. 

  36.     $PHP_SELF = $_SERVER['PHP_SELF'];
    37. 

  37. }
    38. 

  38. 

  39. 

  40. if(isset($user)){
    41. 

  41. $user = base64_decode($user);
    42. 

  42. $user = addslashes($user);
    43. 

  43. $user = base64_encode($user);
    44. 

  44. }
    45. 

  45. 

  46. 

  47. _clean($_POST);
    48. 

  48. _clean($_GET);
    49. 

  49. //_clean($_REQUEST);// and so on..
    50. 

  50. 

  51. foreach ($_GET as $sec_key => $secvalue) {
    52. 

  52. 

  53.     if(is_array($secvalue)){
    54. 

  54.          foreach ($secvalue as $thirdvalue) {
    55. 

  55.          //echo "GET: Third:".$thirdvalue."<br>";
    56. 

  56.          if ((eregi("<[^>]*script*\"?[^>]*>", $thirdvalue)) ||
    57. 

  57.                 (eregi("<[^>]*object*\"?[^>]*>", $thirdvalue)) ||
    58. 

  58.                 (eregi("<[^>]*iframe*\"?[^>]*>", $thirdvalue)) ||
    59. 

  59.                 (eregi("<[^>]*applet*\"?[^>]*>", $thirdvalue)) ||
    60. 

  60.                 (eregi("<[^>]*meta*\"?[^>]*>", $thirdvalue)) ||
    61. 

  61.                 (eregi("<[^>]*style*\"?[^>]*>", $thirdvalue)) ||
    62. 

  62.                 (eregi("<[^>]*form*\"?[^>]*>", $thirdvalue)) ||
    63. 

  63.                 (eregi("<[^>]*img*\"?[^>]*>", $thirdvalue)) ||
    64. 

  64.                 (eregi("<[^>]*onmouseover*\"?[^>]*>", $thirdvalue)) ||
    65. 

  65.                 (eregi("\([^>]*\"?[^)]*\)", $thirdvalue)) ||
    66. 

  66.                 (eregi("\"", $thirdvalue))) {
    67. 

  67.                     die ("not allowed");
    68. 

  68.                 }
    69. 

  69.          }
    70. 

  70.     }else{
    71. 

  71. 

  72.     if ((eregi("<[^>]*script*\"?[^>]*>", $secvalue)) ||
    73. 

  73.     (eregi("<[^>]*object*\"?[^>]*>", $secvalue)) ||
    74. 

  74.     (eregi("<[^>]*iframe*\"?[^>]*>", $secvalue)) ||
    75. 

  75.     (eregi("<[^>]*applet*\"?[^>]*>", $secvalue)) ||
    76. 

  76.     (eregi("<[^>]*meta*\"?[^>]*>", $secvalue)) ||
    77. 

  77.     (eregi("<[^>]*style*\"?[^>]*>", $secvalue)) ||
    78. 

  78.     (eregi("<[^>]*form*\"?[^>]*>", $secvalue)) ||
    79. 

  79.     (eregi("<[^>]*img*\"?[^>]*>", $secvalue)) ||
    80. 

  80.     (eregi("<[^>]*onmouseover*\"?[^>]*>", $secvalue)) ||
    81. 

  81.     (eregi("\([^>]*\"?[^)]*\)", $secvalue)) ||
    82. 

  82.     (eregi("\"", $secvalue))) {
    83. 

  83.         die ("not allowed");
    84. 

  84.     }
    85. 

  85.     }
    86. 

  86. }
    87. 

  87. foreach ($_POST as $secvalue) {
    88. 

  88.     //echo "POST: Sec: ".$secvalue."<br>";
    89. 

  89.     if(is_array($secvalue)){
    90. 

  90.          foreach ($secvalue as $thirdvalue) {
    91. 

  91.              //echo "POST: Third:".$thirdvalue."<br>";
    92. 

  92.          if ((eregi("<[^>]*onmouseover*\"?[^>]*>", $thirdvalue)) ||
    93. 

  93.                 (eregi("<[^>]script*\"?[^>]*>", $thirdvalue)) ||
    94. 

  94.                 (eregi("<[^>]meta*\"?[^>]*>", $thirdvalue)) ||
    95. 

  95.                 (eregi("<[^>]style*\"?[^>]*>", $thirdvalue))) {
    96. 

  96.                 die ("not allowed");
    97. 

  97.             }
    98. 

  98.          }
    99. 

  99.     }else{
    100. 

  100.         if ((eregi("<[^>]*onmouseover*\"?[^>]*>", $secvalue)) ||
    101. 

  101.             (eregi("<[^>]script*\"?[^>]*>", $secvalue)) ||
    102. 

  102.             (eregi("<[^>]meta*\"?[^>]*>", $secvalue)) ||
    103. 

  103.             (eregi("<[^>]style*\"?[^>]*>", $secvalue))) {
    104. 

  104.             die ("not allowed");
    105. 

  105.         }
    106. 

  106.     }
    107. 

  107. }
    108. 

  108. 

  109. //set root path
    110. 

  110. $ROOT_DIR = realpath(dirname(__FILE__));
    111. 

  111. $ROOT_DIR = str_replace('\\', '/', $ROOT_DIR);
    112. 

  112. 

  113. define("_ROOOT_",$ROOT_DIR);
    114. 

  114. 

  115. 

  116. 

  117. 

  118. 

  119. include ("$ROOT_DIR/config.php");
    120. 

  120. include ("$ROOT_DIR/mysql.class.php");
    121. 

  121. //include ("$ROOT_DIR/lang/italian.php");
    122. 

  122. include ("$ROOT_DIR/function_engine/structures.class.php");
    123. 

  123. 

  124. 

  125. if ($php_debug=="ON"){
    126. 

  126.     error_reporting(E_ERROR | E_WARNING | E_PARSE);
    127. 

  127. }else{
    128. 

  128.     //echo "OFF";
    129. 

  129.     error_reporting(0);
    130. 

  130. }
    131. 

  131. 

  132. 

  133. $db = new sql_db($db_host, $db_username, $db_password, $databse_name, false);
    134. 

  134. if(!$db->db_connect_id) {
    135. 

  135. 

  136. 

  137.       echo "<br><font color=\"red\"><h5><br><center>Error:</b><br><hr><br>
    138. 

  138.             <b>Il database è morto<br>
    139. 

  139.             chiama l'assistenza</center><hr>";
    140. 

  140.             echo mysql_error();
    141. 

  141. 

  142.       die();
    143. 

  143. }
    144. 

  144. 

  145. 

  146. 

  147. $site_name= "ReteDES.it";              // stripslashes($options['site_name']);
    148. 

  148. $site_email= _SITE_MAIL_LOG;    //stripslashes($options['site_email']);
    149. 

  149. 

  150. //-----------------------------------------------MENU'
    151. 

  151. if(in_array("menu",$_FUNCTION_LOADER)){
    152. 

  152.     include ("function_engine/fun_menu.php");
    153. 

  153. }
    154. 

  154. //----------------------------------------------- OPZIONI
    155. 

  155. if(in_array("options",$_FUNCTION_LOADER)){
    156. 

  156.     include ("function_engine/fun_options.php");
    157. 

  157. }
    158. 

  158. //----------------------------------------------- WIDGETS
    159. 

  159. if(in_array("widgets",$_FUNCTION_LOADER)){
    160. 

  160.     include ("function_engine/fun_widgets.php");
    161. 

  161. }
    162. 

  162. //----------------------------------------------- DES
    163. 

  163. if(in_array("des",$_FUNCTION_LOADER)){
    164. 

  164.     include ("function_engine/fun_des.php");
    165. 

  165. }
    166. 

  166. // ----------------------------------------------- GRAFICI
    167. 

  167. if(in_array("gphpchart",$_FUNCTION_LOADER)){
    168. 

  168.     include_once("lib/graph/GphpChart.class.php");
    169. 

  169. }
    170. 

  170. // ----------------------------------------------- POSTA
    171. 

  171. if(in_array("swift",$_FUNCTION_LOADER)){
    172. 

  172.     require_once "lib/Swift-4.1.6/lib/swift_required.php";
    173. 

  173. }
    174. 

  174. if(in_array("posta",$_FUNCTION_LOADER)){
    175. 

  175.     include ("function_engine/fun_posta.php");
    176. 

  176. }
    177. 

  177. //----------------------------------------------AMICI
    178. 

  178. if(in_array("amici",$_FUNCTION_LOADER)){
    179. 

  179.     include ("function_engine/fun_amici.php");
    180. 

  180. }
    181. 

  181. //----------------------------------------------AIUTANTI
    182. 

  182. if(in_array("aiutanti",$_FUNCTION_LOADER)){
    183. 

  183.   //  include ("function_engine/fun_aiutanti.php");
    184. 

  184. }
    185. 

  185. //----------------------------------------------USERS
    186. 

  186. if(in_array("users",$_FUNCTION_LOADER)){
    187. 

  187.     include ("function_engine/fun_users.php");
    188. 

  188. }
    189. 

  189. //-----------------------------------------------GAS
    190. 

  190. if(in_array("gas",$_FUNCTION_LOADER)){
    191. 

  191.     include ("function_engine/fun_gas.php");
    192. 

  192. }
    193. 

  193. //-----------------------------------------------LISTINI
    194. 

  194. if(in_array("listini",$_FUNCTION_LOADER)){
    195. 

  195.     include ("function_engine/fun_listini.php");
    196. 

  196. }
    197. 

  197. //-----------------------------------------------DITTE
    198. 

  198. if(in_array("ditte",$_FUNCTION_LOADER)){
    199. 

  199.     include ("function_engine/fun_ditte.php");
    200. 

  200. }
    201. 

  201. //----------------------------------------------TIPOLOGIE
    202. 

  202. if(in_array("tipologie",$_FUNCTION_LOADER)){
    203. 

  203.     include ("function_engine/fun_tipologie.php");
    204. 

  204. }
    205. 

  205. //----------------------------------------------ARTICOLI
    206. 

  206. if(in_array("articoli",$_FUNCTION_LOADER)){
    207. 

  207.     include ("function_engine/fun_articoli.php");
    208. 

  208. }
    209. 

  209. //----------------------------------------------GRAFICI
    210. 

  210. if(in_array("graphics",$_FUNCTION_LOADER)){
    211. 

  211.     include ("function_engine/fun_graphics.php");
    212. 

  212. }
    213. 

  213. //---------------------------------------------ORDINI
    214. 

  214. if(in_array("ordini",$_FUNCTION_LOADER)){
    215. 

  215.     include ("function_engine/fun_ordini.php");
    216. 

  216. }
    217. 

  217. //---------------------------------------------ORDINI CALCOLI
    218. 

  218. if(in_array("ordini_valori",$_FUNCTION_LOADER)){
    219. 

  219.     include ("function_engine/fun_ordini_valori.php");
    220. 

  220. }
    221. 

  221. //----------------------------------------------BACHECA
    222. 

  222. if(in_array("bacheca",$_FUNCTION_LOADER)){
    223. 

  223.     include ("function_engine/fun_bacheca.php");
    224. 

  224. }
    225. 

  225. //-------------------------------------------DATA CHECK
    226. 

  226. if(in_array("data_check",$_FUNCTION_LOADER)){
    227. 

  227.     include ("function_engine/fun_data_check.php");
    228. 

  228. }
    229. 

  229. //--------------------------------------------RENDERING
    230. 

  230. if(in_array("rendering",$_FUNCTION_LOADER)){
    231. 

  231.     include ("function_engine/fun_rendering.php");
    232. 

  232. }
    233. 

  233. //--------------------------------------------Geocoding
    234. 

  234. if(in_array("geocoding",$_FUNCTION_LOADER)){
    235. 

  235.     include ("function_engine/fun_geocoding.php");
    236. 

  236. }
    237. 

  237. //------------------------------------------ADMINISTRATION
    238. 

  238. if(in_array("admin",$_FUNCTION_LOADER)){
    239. 

  239.     include ("function_engine/fun_admin.php");
    240. 

  240. }
    241. 

  241. //------------------------------------------DAREAVERE
    242. 

  242. if(in_array("dareavere",$_FUNCTION_LOADER)){
    243. 

  243.     include ("function_engine/fun_dareavere.php");
    244. 

  244. }
    245. 

  245. //------------------------------------------CASSA
    246. 

  246. if(in_array("cassa",$_FUNCTION_LOADER)){
    247. 

  247.     include ("function_engine/fun_cassa.php");
    248. 

  248. }
    249. 

  249. //------------------------------------------VARIE
    250. 

  250. if(in_array("varie",$_FUNCTION_LOADER)){
    251. 

  251.     include ("function_engine/fun_varie.php");
    252. 

  252. }
    253. 

  253. //------------------------------------------OPINIONI
    254. 

  254. if(in_array("opinioni",$_FUNCTION_LOADER)){
    255. 

  255.     include ("function_engine/fun_opinioni.php");
    256. 

  256. }
    257. 

  257. 

  258. //------------------------------------------THEMING
    259. 

  259. if(in_array("theming",$_FUNCTION_LOADER)){
    260. 

  260.     include ("function_engine/fun_theming.php");
    261. 

  261. }
    262. 

  262. 

  263. //------------------------------------------MOBILE
    264. 

  264. if(in_array("mobile",$_FUNCTION_LOADER)){
    265. 

  265.     include ("function_engine/fun_mobile.php");
    266. 

  266. }
    267. 

  267. 

  268. //------------------------------------------TWITTER
    269. 

  269. if(in_array("twitter",$_FUNCTION_LOADER)){
    270. 

  270.     include ("function_engine/fun_twitter.php");
    271. 

  271.     include ("lib/o_auth/tmhOAuth.php");
    272. 

  272. }
    273. 

  273. 

  274. //DEBUG
    275. 

  275. class debugs{
    276. 

  276. 

  277. public $debug_state;
    278. 

  278. public $debug_msg;
    279. 

  279. public $debug_start;
    280. 

  280. 

  281. public function __construct() {
    282. 

  282. 

  283.       $this->debug_state = read_option_text(0,"DEBUG");
    284. 

  284.       $this->debug_start = array_sum(explode(' ', microtime()));;
    285. 

  285. 

  286. 

  287.    }
    288. 

  288. 

  289. public function render_debug(){
    290. 

  290. 

  291.     unset($h_d);
    292. 

  292. 

  293. foreach ($this->debug_msg as $v) {
    294. 

  294.     $h_d .='<div class="sub_debug">'.$v.'</div>';
    295. 

  295. }
    296. 

  296. 

  297. return $h_d;
    298. 

  298. }
    299. 

  299. 

  300. }
    301. 

  301. 

  302.