sql_query($qry); $int_count = $g_db->sql_numrows($res); if ($int_count > 0) { while ($row = $g_db->sql_fetchrow($res)) { //$str_item .= "
  • "; $str_item .= showMenu($row['menu_id'], $int_depth + 1); if (($int_depth == 0) && ($int_count-- > 1)) { $str_item .= "|"; } $str_item .= "
  • "; } } return $str_item; } function formatCurrency($price, $bln_add_symbol = true, $str_thousands_seperator = false, $str_decimal_seperator = false, $str_decimals = false) { if ($str_thousands_seperator === false) $str_thousands_seperator = getSetting('currency_thousands_seperator', '.'); if ($str_decimal_seperator === false) $str_decimal_seperator = getSetting('currency_decimal_seperator', ','); if ($str_decimals === false) $str_decimals = getSetting('currency_decimals', 2); $str_currency = ''; if ($bln_add_symbol) $str_currency = getSetting('currency_symbol', '€'). ' '; $str_currency .= number_format($price, $str_decimals, $str_decimal_seperator, $str_thousands_seperator); return $str_currency; } function TextToSQL($str_text) { $str_text = str_ireplace("\r", "", $str_text); $str_text = str_ireplace(array("\n", "
    \n"), "
    ", $str_text); return $str_text; } function SQLToText($str_sql) { $str_sql = str_ireplace("
    ", "\n", $str_sql); return $str_sql; } function die_message($type, $text, $title, $err_line = '', $err_file = '', $err_sql = '') { if (defined('SITE_HASDIED')) { die("die_message was called multiple times... how odd"); } define('SITE_HASDIED', 1); // handle all different kinds of errors // switch ($type) etc etc.. // for now, just print the info to get it over with: $msg = ''; switch ($type) { case ERR_GENERAL: $msg .= "ERR_GENERAL error
    \n"; break; case ERR_CRITICAL: $msg .= "ERR_CRITICAL error
    \n"; break; default: $msg .= "Uncaught error
    \n"; } if ($err_line != '') $msg .= "Error on line: ". $err_line ."
    \n"; if ($err_file != '') $msg .= "Error in file: ". basename($err_file) ."
    \n"; if ($err_sql != '') $msg .= "SQL_text: ". $err_sql ."
    \n"; echo "\n\n". $title ."\n

    \n". $text ."\n

    \n". $msg ."\n"; exit; } function redirect($url) { global $g_db, $g_cfg; // close database connection to avoid hacks etc /* if (!empty($g_db)) $g_db->sql_close(); */ $url = str_replace('&', '&', $url); if (strstr(urldecode($url), "\n") || strstr(urldecode($url), "\r")) { die_message(ERR_GENERAL, 'Error redirecting: potentially insecure url.'); } $server_protocol = ($g_cfg['cookie_secure']) ? 'https://' : 'http://'; $server_name = preg_replace('#^\/?(.*?)\/?$#', '\1', trim($g_cfg['server_name'])); $server_port = ($g_cfg['server_port'] <> 80) ? ':' . trim($g_cfg['server_port']) : ''; $script_name = preg_replace('#^\/?(.*?)\/?$#', '\1', trim($g_cfg['script_path'])); $script_name = ($script_name == '') ? $script_name : '/' . $script_name; $url = preg_replace('#^\/?(.*?)\/?$#', '/\1', trim($url)); // Redirect via an HTML form for PITA webservers if (@preg_match('/Microsoft|WebSTAR|Xitami/', getenv('SERVER_SOFTWARE'))) { header('Refresh: 0; URL=' . $server_protocol . $server_name . $server_port . $script_name . $url); echo 'Redirect
    If your browser does not support meta redirection please click HERE to be redirected
    '; exit; } // Behave as per HTTP/1.1 spec for others header('Location: ' . $server_protocol . $server_name . $server_port . $script_name . $url); //echo 'Location: ' . $server_protocol . $server_name . $server_port . $script_name . $url; //exit; } function softredirect($url, $timeout = -1) { global $g_db, $g_cfg, $g_strmetatags; // close database connection to avoid hacks etc /* if (!empty($g_db)) $g_db->sql_close(); */ $url = str_replace('&', '&', $url); if (strstr(urldecode($url), "\n") || strstr(urldecode($url), "\r")) { die_message(ERR_GENERAL, 'Error redirecting: potentially insecure url.'); } $server_protocol = ($g_cfg['cookie_secure']) ? 'https://' : 'http://'; $server_name = preg_replace('#^\/?(.*?)\/?$#', '\1', trim($g_cfg['server_name'])); $server_port = ($g_cfg['server_port'] <> 80) ? ':' . trim($g_cfg['server_port']) : ''; $script_name = preg_replace('#^\/?(.*?)\/?$#', '\1', trim($g_cfg['server_path'])); $script_name = ($script_name == '') ? $script_name : '/' . $script_name; $url = preg_replace('#^\/?(.*?)\/?$#', '/\1', trim($url)); if ($timeout == -1) { $timeout = getSetting('redirect_delay'); } header('Refresh: '. $timeout .'; URL=' . $server_protocol . $server_name . $server_port . $script_name . $url); //echo 'Redirect
    If your browser does not support meta redirection please click HERE to be redirected
    '; echo ''; } function rndString($int_length, $salt = '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz') { $str = ''; for ($i = 0; $i < $int_length; $i++) { $num = mt_rand(0, strlen($salt) - 1); $str .= substr($salt, $num, 1); } return $str; } function filename_escape($filename) { return preg_replace("/[^a-z0-9-]/i","_", $filename); } function getMonthName($int_month) { switch ($int_month) { case 1: return 'januari'; break; case 2: return 'februari'; break; case 3: return 'maart'; break; case 4: return 'april'; break; case 5: return 'mei'; break; case 6: return 'juni'; break; case 7: return 'juli'; break; case 8: return 'augustus'; break; case 9: return 'september'; break; case 10: return 'oktober'; break; case 11: return 'november'; break; case 12: return 'december'; break; } return ''; } ?> valid... yikes!? return eregi($exp, $telnr); } ?> August 27th, 2004 -IP group range is more specific. Used to allow 0-299. Now it is 0-255 -Port range more specific. Used to allow 0-69999. Now it is 0-65535
    -Fixed bug disallowing 'i-' option.
    -Changed license to GPL July 8th, 2004 -Fixed bug disallowing 'l-' option. Thanks Dr. Cheap June 15, 2004 -Added options parameter to make it easier for people to plug the function in without needed to rework the code. -Split the example application away from the function June 1, 2004 -Complete rewrite -Now more modular -Easier to disable sections -Easier to port to other languages -Easier to port to verify email addresses -Uses only simple regular expressions so it is more portable -Follows RFC closer for domain names. Some "play" domains may break -Renamed from 'verifyUrl()' to 'validateUrlSyntax()' -Removed extra code which added 'http://' and trailing '/' if it was missing -That code was better suited for a massaging function, not verifying -Bug fixes: -Now splits up and forces '/path?query#fragment' order -No longer requires a path when using a query or fragment August 29, 2003 -Allowed port numbers above 9999. Now allows up to 69999 Sometime, 2002 -Added new top level domains -aero, coop, museum, name, info, biz, pro October 5, 2000 -First Version Intentional Limitations: -Does not verify url actually exists. Only validates the syntax -Strictly follows the RFC standards. Some urls exist in the wild which will not validate. Including ones with square brackets in the query section '[]' Known Problems: -None at this time Author(s): Rod Apeldoorn - rod(at)canowhoopass(dot)com Homepage: http://www.canowhoopass.com/ Thanks!: -WEAV -Several members of Weav helped to test - http://weav.bc.ca/ -There were also a number of emails from other developers expressing thanks and suggestions. It is nice to be appreciated. Thanks! License: Copyright 2004, Rod Apeldoorn This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. To view the license online, go to: http://www.gnu.org/copyleft/gpl.html Alternate Commercial Licenses: For information in regards to alternate licensing, contact me. */ // BEGINNING OF validateUrlSyntax() function function validateUrlSyntax( $urladdr, $options="" ){ // Force Options parameter to be lower case // DISABLED PERMAMENTLY - OK to remove from code // $options = strtolower($options); // Check Options Parameter if (!ereg( '^([sHSEFuPaIpfqr][+?-])*$', $options )) { trigger_error("Options attribute malformed", E_USER_ERROR); } // Set Options Array, set defaults if options are not specified // Scheme if (strpos( $options, 's') === false) $aOptions['s'] = '?'; else $aOptions['s'] = substr( $options, strpos( $options, 's') + 1, 1); // http:// if (strpos( $options, 'H') === false) $aOptions['H'] = '?'; else $aOptions['H'] = substr( $options, strpos( $options, 'H') + 1, 1); // https:// (SSL) if (strpos( $options, 'S') === false) $aOptions['S'] = '?'; else $aOptions['S'] = substr( $options, strpos( $options, 'S') + 1, 1); // mailto: (email) if (strpos( $options, 'E') === false) $aOptions['E'] = '-'; else $aOptions['E'] = substr( $options, strpos( $options, 'E') + 1, 1); // ftp:// if (strpos( $options, 'F') === false) $aOptions['F'] = '-'; else $aOptions['F'] = substr( $options, strpos( $options, 'F') + 1, 1); // User section if (strpos( $options, 'u') === false) $aOptions['u'] = '?'; else $aOptions['u'] = substr( $options, strpos( $options, 'u') + 1, 1); // Password in user section if (strpos( $options, 'P') === false) $aOptions['P'] = '?'; else $aOptions['P'] = substr( $options, strpos( $options, 'P') + 1, 1); // Address Section if (strpos( $options, 'a') === false) $aOptions['a'] = '+'; else $aOptions['a'] = substr( $options, strpos( $options, 'a') + 1, 1); // IP Address in address section if (strpos( $options, 'I') === false) $aOptions['I'] = '?'; else $aOptions['I'] = substr( $options, strpos( $options, 'I') + 1, 1); // Port number if (strpos( $options, 'p') === false) $aOptions['p'] = '?'; else $aOptions['p'] = substr( $options, strpos( $options, 'p') + 1, 1); // File Path if (strpos( $options, 'f') === false) $aOptions['f'] = '?'; else $aOptions['f'] = substr( $options, strpos( $options, 'f') + 1, 1); // Query Section if (strpos( $options, 'q') === false) $aOptions['q'] = '?'; else $aOptions['q'] = substr( $options, strpos( $options, 'q') + 1, 1); // Fragment (Anchor) if (strpos( $options, 'r') === false) $aOptions['r'] = '?'; else $aOptions['r'] = substr( $options, strpos( $options, 'r') + 1, 1); // Loop through options array, to search for and replace "-" to "{0}" and "+" to "" foreach($aOptions as $key => $value) { if ($value == '-') { $aOptions[$key] = '{0}'; } if ($value == '+') { $aOptions[$key] = ''; } } // DEBUGGING - Unescape following line to display to screen current option values // echo '
    '; print_r($aOptions); echo '
    '; // Preset Allowed Characters $alphanum = '[a-zA-Z0-9]'; // Alpha Numeric $unreserved = '[a-zA-Z0-9_.!~*' . '\'' . '()-]'; $escaped = '(%[0-9a-fA-F]{2})'; // Escape sequence - In Hex - %6d would be a 'm' $reserved = '[;/?:@&=+$,]'; // Special characters in the URI // Beginning Regular Expression // Scheme - Allows for 'http://', 'https://', 'mailto:', or 'ftp://' $scheme = '('; if ($aOptions['H'] === '') { $scheme .= 'http://'; } elseif ($aOptions['S'] === '') { $scheme .= 'https://'; } elseif ($aOptions['E'] === '') { $scheme .= 'mailto:'; } elseif ($aOptions['F'] === '') { $scheme .= 'ftp://'; } else { if ($aOptions['H'] === '?') { $scheme .= '|(http://)'; } if ($aOptions['S'] === '?') { $scheme .= '|(https://)'; } if ($aOptions['E'] === '?') { $scheme .= '|(mailto:)'; } if ($aOptions['F'] === '?') { $scheme .= '|(ftp://)'; } $scheme = str_replace('(|', '(', $scheme); // fix first pipe } $scheme .= ')' . $aOptions['s']; // End setting scheme // User Info - Allows for 'username@' or 'username:password@'. Note: contrary to rfc, I removed ':' from username section, allowing it only in password. // /---------------- Username -----------------------\ /-------------------------------- Password ------------------------------\ $userinfo = '((' . $unreserved . '|' . $escaped . '|[;&=+$,]' . ')+(:(' . $unreserved . '|' . $escaped . '|[;:&=+$,]' . ')+)' . $aOptions['P'] . '@)' . $aOptions['u']; // IP ADDRESS - Allows 0.0.0.0 to 255.255.255.255 $ipaddress = '((((2(([0-4][0-9])|(5[0-5])))|([01]?[0-9]?[0-9]))\.){3}((2(([0-4][0-9])|(5[0-5])))|([01]?[0-9]?[0-9])))'; // Tertiary Domain(s) - Optional - Multi - Although some sites may use other characters, the RFC says tertiary domains have the same naming restrictions as second level domains $domain_tertiary = '(' . $alphanum . '(([a-zA-Z0-9-]{0,62})' . $alphanum . ')?\.)*'; // Second Level Domain - Required - First and last characters must be Alpha-numeric. Hyphens are allowed inside. $domain_secondary = '(' . $alphanum . '(([a-zA-Z0-9-]{0,62})' . $alphanum . ')?\.)'; /* // This regex is disabled on purpose in favour of the more exact version below // Top Level Domain - First character must be Alpha. Last character must be AlphaNumeric. Hyphens are allowed inside. $domain_toplevel = '([a-zA-Z](([a-zA-Z0-9-]*)[a-zA-Z0-9])?)'; */ // Top Level Domain - Required - Domain List Current As Of December 2004. Use above escaped line to be forgiving of possible future TLD's $domain_toplevel = '(aero|biz|com|coop|edu|gov|info|int|jobs|mil|mobi|museum|name|net|org|post|pro|travel|ac|ad|ae|af|ag|ai|al|am|an|ao|aq|ar|as|at|au|aw|az|ax|ba|bb|bd|be|bf|bg|bh|bi|bj|bm|bn|bo|br|bs|bt|bv|bw|by|bz|ca|cc|cd|cf|cg|ch|ci|ck|cl|cm|cn|co|cr|cs|cu|cv|cx|cy|cz|de|dj|dk|dm|do|dz|ec|ee|eg|eh|er|es|et|fi|fj|fk|fm|fo|fr|ga|gb|gd|ge|gf|gg|gh|gi|gl|gm|gn|gp|gq|gr|gs|gt|gu|gw|gy|hk|hm|hn|hr|ht|hu|id|ie|il|im|in|io|iq|ir|is|it|je|jm|jo|jp|ke|kg|kh|ki|km|kn|kp|kr|kw|ky|kz|la|lb|lc|li|lk|lr|ls|lt|lu|lv|ly|ma|mc|md|mg|mh|mk|ml|mm|mn|mo|mp|mq|mr|ms|mt|mu|mv|mw|mx|my|mz|na|nc|ne|nf|ng|ni|nl|no|np|nr|nu|nz|om|pa|pe|pf|pg|ph|pk|pl|pm|pn|pr|ps|pt|pw|py|qa|re|ro|ru|rw|sa|sb|sc|sd|se|sg|sh|si|sj|sk|sl|sm|sn|so|sr|st|sv|sy|sz|tc|td|tf|tg|th|tj|tk|tl|tm|tn|to|tp|tr|tt|tv|tw|tz|ua|ug|uk|um|us|uy|uz|va|vc|ve|vg|vi|vn|vu|wf|ws|ye|yt|yu|za|zm|zw)'; // Address can be IP address or Domain if ($aOptions['I'] === '{0}') { // IP Address Not Allowed $address = '(' . $domain_tertiary . $domain_secondary . $domain_toplevel . ')'; } elseif ($aOptions['I'] === '') { // IP Address Required $address = '(' . $ipaddress . ')'; } else { // IP Address Optional $address = '((' . $ipaddress . ')|(' . $domain_tertiary . $domain_secondary . $domain_toplevel . '))'; } $address = $address . $aOptions['a']; // Port Number - :80 or :8080 or :65534 Allows range of :0 to :65535 // (0-59999) |(60000-64999) |(65000-65499) |(65500-65529) |(65530-65535) $port_number = '(:(([0-5]?[0-9]{1,4})|(6[0-4][0-9]{3})|(65[0-4][0-9]{2})|(655[0-2][0-9])|(6553[0-5])))' . $aOptions['p']; // Path - Can be as simple as '/' or have multiple folders and filenames $path = '(/((;)?(' . $unreserved . '|' . $escaped . '|' . '[:@&=+$,]' . ')+(/)?)*)' . $aOptions['f']; // Query Section - Accepts ?var1=value1&var2=value2 or ?2393,1221 and much more $querystring = '(\?(' . $reserved . '|' . $unreserved . '|' . $escaped . ')*)' . $aOptions['q']; // Fragment Section - Accepts anchors such as #top $fragment = '(#(' . $reserved . '|' . $unreserved . '|' . $escaped . ')*)' . $aOptions['r']; // Building Regular Expression $regexp = '^' . $scheme . $userinfo . $address . $port_number . $path . $querystring . $fragment . '$'; // DEBUGGING - Uncomment Line Below To Display The Regular Expression Built // echo '
    ' . htmlentities(wordwrap($regexp,70,"\n",1)) . '
    '; // Running the regular expression if (eregi( $regexp, $urladdr )) { return true; // The domain passed } else { return false; // The domain didn't pass the expression } } // END Function validateUrlSyntax() /* About ValidateEmailSyntax(): This function uses the ValidateUrlSyntax() function to easily check the syntax of an email address. It accepts the same options as ValidateURLSyntax but defaults them for email addresses. Usage: validateEmailSyntax( url_to_check[, options]) url_to_check - string - The url to check options - string - A optional string of options to set which parts of the url are required, optional, or not allowed. Each option must be followed by a "+" for required, "?" for optional, or "-" for not allowed. See ValidateUrlSyntax() docs for option list. The default options are changed to: s-H-S-E+F-u+P-a+I-p-f-q-r- This only allows an address of "name@domain". Examples: validateEmailSyntax('george@fakemail.com') validateEmailSyntax('mailto:george@fakemail.com', 's+') validateEmailSyntax('george@fakemail.com?subject=Hi%20George', 'q?') validateEmailSyntax('george@212.198.33.12', 'I?') Author(s): Rod Apeldoorn - rod(at)canowhoopass(dot)com Homepage: http://www.canowhoopass.com/ License: Copyright 2004 - Rod Apeldoorn Released under same license as validateUrlSyntax(). For details, contact me. */ function validateEmailSyntax( $emailaddr, $options="" ){ // Check Options Parameter if (!ereg( '^([sHSEFuPaIpfqr][+?-])*$', $options )) { trigger_error("Options attribute malformed", E_USER_ERROR); } // Set Options Array, set defaults if options are not specified // Scheme if (strpos( $options, 's') === false) $aOptions['s'] = '-'; else $aOptions['s'] = substr( $options, strpos( $options, 's') + 1, 1); // http:// if (strpos( $options, 'H') === false) $aOptions['H'] = '-'; else $aOptions['H'] = substr( $options, strpos( $options, 'H') + 1, 1); // https:// (SSL) if (strpos( $options, 'S') === false) $aOptions['S'] = '-'; else $aOptions['S'] = substr( $options, strpos( $options, 'S') + 1, 1); // mailto: (email) if (strpos( $options, 'E') === false) $aOptions['E'] = '?'; else $aOptions['E'] = substr( $options, strpos( $options, 'E') + 1, 1); // ftp:// if (strpos( $options, 'F') === false) $aOptions['F'] = '-'; else $aOptions['F'] = substr( $options, strpos( $options, 'F') + 1, 1); // User section if (strpos( $options, 'u') === false) $aOptions['u'] = '+'; else $aOptions['u'] = substr( $options, strpos( $options, 'u') + 1, 1); // Password in user section if (strpos( $options, 'P') === false) $aOptions['P'] = '-'; else $aOptions['P'] = substr( $options, strpos( $options, 'P') + 1, 1); // Address Section if (strpos( $options, 'a') === false) $aOptions['a'] = '+'; else $aOptions['a'] = substr( $options, strpos( $options, 'a') + 1, 1); // IP Address in address section if (strpos( $options, 'I') === false) $aOptions['I'] = '-'; else $aOptions['I'] = substr( $options, strpos( $options, 'I') + 1, 1); // Port number if (strpos( $options, 'p') === false) $aOptions['p'] = '-'; else $aOptions['p'] = substr( $options, strpos( $options, 'p') + 1, 1); // File Path if (strpos( $options, 'f') === false) $aOptions['f'] = '-'; else $aOptions['f'] = substr( $options, strpos( $options, 'f') + 1, 1); // Query Section if (strpos( $options, 'q') === false) $aOptions['q'] = '-'; else $aOptions['q'] = substr( $options, strpos( $options, 'q') + 1, 1); // Fragment (Anchor) if (strpos( $options, 'r') === false) $aOptions['r'] = '-'; else $aOptions['r'] = substr( $options, strpos( $options, 'r') + 1, 1); // Generate options $newoptions = ''; foreach($aOptions as $key => $value) { $newoptions .= $key . $value; } // DEBUGGING - Uncomment line below to display generated options // echo '
    ' . $newoptions . '
    '; // Send to validateUrlSyntax() and return result return validateUrlSyntax( $emailaddr, $newoptions); } // END Function validateEmailSyntax() /* About ValidateFtpSyntax(): This function uses the ValidateUrlSyntax() function to easily check the syntax of an FTP address. It accepts the same options as ValidateURLSyntax but defaults them for FTP addresses. Usage: validateFtpSyntax( url_to_check[, options]) url_to_check - string - The url to check options - string - A optional string of options to set which parts of the url are required, optional, or not allowed. Each option must be followed by a "+" for required, "?" for optional, or "-" for not allowed. See ValidateUrlSyntax() docs for option list. The default options are changed to: s?H-S-E-F+u?P?a+I?p?f?q-r- Examples: validateFtpSyntax('ftp://netscape.com') validateFtpSyntax('moz:iesucks@netscape.com') validateFtpSyntax('ftp://netscape.com:2121/browsers/ns7/', 'u-') Author(s): Rod Apeldoorn - rod(at)canowhoopass(dot)com Homepage: http://www.canowhoopass.com/ License: Copyright 2004 - Rod Apeldoorn Released under same license as validateUrlSyntax(). For details, contact me. */ function validateFtpSyntax( $ftpaddr, $options="" ){ // Check Options Parameter if (!ereg( '^([sHSEFuPaIpfqr][+?-])*$', $options )) { trigger_error("Options attribute malformed", E_USER_ERROR); } // Set Options Array, set defaults if options are not specified // Scheme if (strpos( $options, 's') === false) $aOptions['s'] = '?'; else $aOptions['s'] = substr( $options, strpos( $options, 's') + 1, 1); // http:// if (strpos( $options, 'H') === false) $aOptions['H'] = '-'; else $aOptions['H'] = substr( $options, strpos( $options, 'H') + 1, 1); // https:// (SSL) if (strpos( $options, 'S') === false) $aOptions['S'] = '-'; else $aOptions['S'] = substr( $options, strpos( $options, 'S') + 1, 1); // mailto: (email) if (strpos( $options, 'E') === false) $aOptions['E'] = '-'; else $aOptions['E'] = substr( $options, strpos( $options, 'E') + 1, 1); // ftp:// if (strpos( $options, 'F') === false) $aOptions['F'] = '+'; else $aOptions['F'] = substr( $options, strpos( $options, 'F') + 1, 1); // User section if (strpos( $options, 'u') === false) $aOptions['u'] = '?'; else $aOptions['u'] = substr( $options, strpos( $options, 'u') + 1, 1); // Password in user section if (strpos( $options, 'P') === false) $aOptions['P'] = '?'; else $aOptions['P'] = substr( $options, strpos( $options, 'P') + 1, 1); // Address Section if (strpos( $options, 'a') === false) $aOptions['a'] = '+'; else $aOptions['a'] = substr( $options, strpos( $options, 'a') + 1, 1); // IP Address in address section if (strpos( $options, 'I') === false) $aOptions['I'] = '?'; else $aOptions['I'] = substr( $options, strpos( $options, 'I') + 1, 1); // Port number if (strpos( $options, 'p') === false) $aOptions['p'] = '?'; else $aOptions['p'] = substr( $options, strpos( $options, 'p') + 1, 1); // File Path if (strpos( $options, 'f') === false) $aOptions['f'] = '?'; else $aOptions['f'] = substr( $options, strpos( $options, 'f') + 1, 1); // Query Section if (strpos( $options, 'q') === false) $aOptions['q'] = '-'; else $aOptions['q'] = substr( $options, strpos( $options, 'q') + 1, 1); // Fragment (Anchor) if (strpos( $options, 'r') === false) $aOptions['r'] = '-'; else $aOptions['r'] = substr( $options, strpos( $options, 'r') + 1, 1); // Generate options $newoptions = ''; foreach($aOptions as $key => $value) { $newoptions .= $key . $value; } // DEBUGGING - Uncomment line below to display generated options // echo '
    ' . $newoptions . '
    '; // Send to validateUrlSyntax() and return result return validateUrlSyntax( $ftpaddr, $newoptions); } // END Function validateFtpSyntax() ?>db_connect_id) { die("Could not connect to the database"); } ?>sql_query($query); $user_data = $g_db->sql_fetchrow($res); if (!defined('IN_CMS') && !$user_data) { $query = "SELECT * FROM client WHERE client_id = '". $user_id ."'"; $res = $g_db->sql_query($query); $user_data = $g_db->sql_fetchrow($res); if (isset($user_data['client_id'])) { $user_data['user_id'] = $user_data['client_id']; } } if ($user_data && $user_data['user_id'] != ANONYMOUS) { $session_data['user_id'] = $user_id; } $query = "UPDATE sessions SET session_user_id = $user_id, session_start = $current_time, session_lastvisit = $current_time WHERE session_id = '" . $session_id . "' AND session_ip = '". $user_ip ."'"; if (!($g_db->sql_query($query)) || !($g_db->sql_affectedrows())) { // query failed, create new session list($sec, $usec) = explode(' ', microtime()); mt_srand((float) $sec + ((float) $usec * 100000)); $session_id = md5(uniqid(mt_rand(), true)); $query = "INSERT INTO sessions (session_id, session_user_id, session_start, session_lastvisit, session_ip) VALUES ('". $session_id ."', $user_id, $current_time, $current_time, '". $user_ip ."')"; if (!$g_db->sql_query($query)) die_message(ERR_CRITICAL, "Error updating sessions in the database.", 'Sessions - new', __LINE__, __FILE__, $query); } $user_data['session_id'] = $session_id; $user_data['session_ip'] = $user_ip; $user_data['session_user_id'] = $user_id; $user_data['session_start'] = $current_time; $user_data['session_time'] = $current_time; $g_SID = 'sid=' . $session_id; if (defined('IN_CMS')) { $session_data['ic'] = 1; } else { $session_data['ic'] = 0; } setSessionCookie('_data', serialize($session_data)); setSessionCookie('_sid', $session_id); return $user_data; } function checkSession($user_ip) { global $g_db, $g_SID, $cookiename, $last_visit, $current_time, $expiry_time; // check for cookie if ( isset($_COOKIE[$cookiename . '_sid']) || isset($_COOKIE[$cookiename . '_data']) ) { $session_id = isset($_COOKIE[$cookiename . '_sid']) ? $_COOKIE[$cookiename . '_sid'] : ''; $session_data = isset($_COOKIE[$cookiename . '_data']) ? unserialize(stripslashes($_COOKIE[$cookiename . '_data'])) : array(); $sessionmethod = SESSION_MODE_COOKIE; } else // or check the get { $session_data = array(); $session_id = (isset($_GET['sid'])) ? $_GET['sid'] : ''; $sessionmethod = SESSION_MODE_GET; } // check for wrong session information // if it's wrong, reset it so a new session will be created if (!preg_match('/^[A-Za-z0-9]*$/', $session_id)) { $session_id = ''; } if (defined('IN_CMS') && !(isset($session_data['ic']) && ($session_data['ic'] == '1'))) { $session_data = array(); } $session_ok = false; $session_clear = false; if (!empty($session_id)) { // check session $query = "SELECT u.*, s.* FROM sessions s, user u WHERE s.session_id = '". $session_id ."' AND u.user_id = s.session_user_id"; if (!($res = $g_db->sql_query($query))) { die_message(ERR_CRITICAL, 'Error getting userdata', 'Sessions', __LINE__, __FILE__, $query); } $user_data = $g_db->sql_fetchrow($res); if (isset($user_data['user_id'])) { // Found a user! yay, now check ip's $ip_check_s = substr($user_data['session_ip'], 0, 6); $ip_check_u = substr($user_ip, 0, 6); if ($ip_check_s == $ip_check_u) { $g_SID = ($sessionmethod == SESSION_MODE_GET) ? 'sid=' . $session_id : ''; if ($current_time - $user_data['session_lastvisit'] > 60) { if ($user_data['session_lastvisit'] < $expiry_time) { $session_clear = true; } $query = "UPDATE sessions SET session_lastvisit = ". $current_time ." WHERE session_id = '" . $user_data['session_id'] . "'"; $g_db->sql_query($query); // Delete expired sessions $query = "DELETE FROM sessions WHERE session_lastvisit < ". $expiry_time ." AND session_id <> '". $session_id ."'"; $g_db->sql_query($query); if (defined('IN_CMS')) { $session_data['ic'] = 1; } else { $session_data['ic'] = 0; } setSessionCookie('_data', serialize($session_data)); setSessionCookie('_sid', $session_id); } $session_ok = true; } } } if (!$session_ok) { $user_id = (isset($session_data['user_id'])) ? $session_data['user_id'] : ANONYMOUS; if (!($user_data = newSession($user_id, $user_ip))) { die_message(ERR_CRITICAL, 'Error creating user session', 'Sessions', __LINE__, __FILE__); } } session_id($user_data['session_id']); session_start(); if ($session_clear) { // Clear out the session first session_destroy(); //session_id($user_data['session_id']); session_start(); } return $user_data; } function delSession($session_id, $user_id) { global $g_db, $g_SID, $cookiename, $last_visit, $current_time, $expiry_time; // check for wrong session information // if it's wrong, reset it so a new session will be created if (!preg_match('/^[A-Za-z0-9]*$/', $session_id)) { return; } $query = "DELETE FROM sessions WHERE session_id = '". $session_id ."' AND session_user_id = '". $user_id ."'"; if (!$g_db->sql_query($query)) die_message(ERR_CRITICAL, "Error updating session in the database.", 'Sessions', __LINE__, __FILE__, $query); setSessionCookie('_data', '', $current_time - 31536000); // last year, so expire immediately setSessionCookie('_sid', '', $current_time - 31536000); session_destroy(); return true; } ?>sql_query("SELECT * FROM settings"); while ($row = $g_db->sql_fetchrow($res)) { setSetting($row['setting_name'], $row['setting_value']); } setSetting('settings_loaded', true); $g_db->sql_freeresult($res); } } ?>