Initial checkin

This commit is contained in:
genuineparts 2025-06-20 19:10:23 +02:00
commit d75eb444fc
4304 changed files with 369634 additions and 0 deletions

1
inc/.gitignore vendored Normal file
View file

@ -0,0 +1 @@
config.inc.php

426
inc/SimpleOpenID.class.php Normal file
View file

@ -0,0 +1,426 @@
<?php
/*
FREE TO USE
Simple OpenID PHP Class
Latest update by Remy Sharp / http://remysharp.com (fixes)
Contributed by http://www.fivestores.com/
Updated by http://extremeswank.com/
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
This Class was written to make easy for you to integrate OpenID on your website.
This is just a client, which checks for user's identity. This Class Requires CURL Module.
It should be easy to use some other HTTP Request Method, but remember, often OpenID servers
are using SSL.
We need to be able to perform SSL Verification on the background to check for valid signature.
HOW TO USE THIS CLASS:
STEP 1)
$openid = new SimpleOpenID;
:: SET IDENTITY ::
$openid->SetIdentity($_POST['openid_url']);
:: SET RETURN URL ::
$openid->SetApprovedURL('http://www.yoursite.com/return.php'); // Script which handles a response from OpenID Server
:: SET TRUST ROOT ::
$openid->SetTrustRoot('http://www.yoursite.com/');
:: FETCH SERVER URL FROM IDENTITY PAGE :: [Note: It is recomended to cache this (Session, Cookie, Database)]
$openid->GetOpenIDServer(); // Returns false if server is not found
:: REDIRECT USER TO OPEN ID SERVER FOR APPROVAL ::
:: (OPTIONAL) SET OPENID SERVER ::
$openid->SetOpenIDServer($server_url); // If you have cached previously this, you don't have to call GetOpenIDServer and set value this directly
STEP 2)
Once user gets returned we must validate signature
:: VALIDATE REQUEST ::
true|false = $openid->ValidateWithServer();
ERRORS:
array = $openid->GetError(); // Get latest Error code
FIELDS:
OpenID allowes you to retreive a profile. To set what fields you'd like to get use (accepts either string or array):
$openid->SetRequiredFields(array('email','fullname','dob','gender','postcode','country','language','timezone'));
or
$openid->SetOptionalFields('postcode');
IMPORTANT TIPS:
OPENID as is now, is not trust system. It is a great single-sign on method. If you want to
store information about OpenID in your database for later use, make sure you handle url identities
properly.
For example:
https://steve.myopenid.com/
https://steve.myopenid.com
http://steve.myopenid.com/
http://steve.myopenid.com
... are representing one single user. Some OpenIDs can be in format openidserver.com/users/user/ - keep this in mind when storing identities
To help you store an OpenID in your DB, you can use function:
$openid_db_safe = $openid->OpenID_Standarize($upenid);
This may not be comatible with current specs, but it works in current enviroment. Use this function to get openid
in one format like steve.myopenid.com (without trailing slashes and http/https).
Use output to insert Identity to database. Don't use this for validation - it may fail.
*/
class SimpleOpenID{
var $openid_url_identity;
var $openid_url_type;
var $openid_url_orig;
var $URLs = array();
var $error = array();
var $fields = array();
function SimpleOpenID(){
if (!function_exists('curl_exec')) {
die('Error: Class SimpleOpenID requires curl extension to work');
}
}
function SetOpenIDServer($a){
$this->URLs['openid_server'] = $a;
}
function SetTrustRoot($a){
$this->URLs['trust_root'] = $a;
}
function SetCancelURL($a){
$this->URLs['cancel'] = $a;
}
function SetApprovedURL($a){
$this->URLs['approved'] = $a;
}
function SetPolicyURL($a) {
$this->URLs['policyurl'] = $a;
}
function SetRequiredFields($a){
if (is_array($a)){
$this->fields['required'] = $a;
}else{
$this->fields['required'][] = $a;
}
}
function SetOptionalFields($a){
if (is_array($a)){
$this->fields['optional'] = $a;
}else{
$this->fields['optional'][] = $a;
}
}
function SetIdentity($a){ // Set Identity URL
$this->openid_url_orig = $a;
$this->openid_url_type = 1;
$xriprefixes = array("xri://", "xri://\$ip*", "xri://\$dns*");
$inameprefixes = array("=", "@", "+", "$", "!");
foreach ($inameprefixes as $prefix) {
if (substr($a, 0, 1) == $prefix) {
$this->openid_url_type = 2;
$this->openid_url_identity = $a;
return;
}
}
foreach ($xriprefixes as $prefix) {
if(substr($a, 0, strlen($prefix)) == $prefix) {
$a = substr($a, strlen($prefix), strlen($a)-strlen($prefix));
$this->openid_url_type = 2;
$this->openid_url_identity = $a;
return;
}
}
if(substr($a, 0, 7) != 'http://') {
$a = 'http://'.$a;
// RS change - append a slash - Wordpress example remysharp.wordpress.com - not found + slash = ok.
if (substr($a, -1) != '/') $a .= '/';
$this->openid_url_type = 1;
$this->openid_url_identity = $a;
return;
}
$this->openid_url_identity = $a;
}
function GetIdentity(){ // Get Identity
return $this->openid_url_identity;
}
function GetError(){
$e = $this->error;
return array('code'=>$e[0],'description'=>$e[1]);
}
function ErrorStore($code, $desc = null){
$errs['OPENID_NOSERVERSFOUND'] = 'Cannot find OpenID Server using this identity.';
if ($desc == null){
$desc = $errs[$code];
}
$this->error = array($code,$desc);
}
function IsError(){
if (count($this->error) > 0){
return true;
}else{
return false;
}
}
function splitResponse($response) {
$r = array();
$response = explode("\n", $response);
foreach($response as $line) {
$line = trim($line);
if ($line != "") {
@list($key, $value) = explode(":", $line, 2);
$r[trim($key)] = trim($value);
}
}
return $r;
}
function OpenID_Standarize($openid_identity){
if ($this->openid_url_type == 2) {
return $openid_identity;
}
$u = parse_url(strtolower(trim($openid_identity)));
if ($u['path'] == '/'){
$u['path'] = '';
}
if(substr($u['path'],-1,1) == '/'){
$u['path'] = substr($u['path'], 0, strlen($u['path'])-1);
}
if (isset($u['query'])){ // If there is a query string, then use identity as is
return $u['host'] . $u['path'] . '?' . $u['query'];
}else{
return $u['host'] . $u['path'];
}
}
function array2url($arr){ // converts associated array to URL Query String
if (!is_array($arr)){
return false;
}
$query = '';
foreach($arr as $key => $value){
$query .= $key . "=" . $value . "&";
}
return $query;
}
function CURL_Request($url, $method="GET", $params = "") { // Remember, SSL MUST BE SUPPORTED
if (is_array($params)) $params = $this->array2url($params);
if ($this->openid_url_type == 2) { $url = 'http://xri.net/'.$url; }
if ($method == 'GET' && $params != '') {
// mod the URL - but first check whether there's existing args - RS change
if (stripos($url, '?')) {
$url .= '&' . $params;
} else {
$url .= '?' . $params;
}
}
$curl = curl_init($url);
@curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($curl, CURLOPT_HEADER, true);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl, CURLOPT_HTTPGET, ($method == "GET"));
curl_setopt($curl, CURLOPT_POST, ($method == "POST"));
if ($this->openid_url_type == 2) {
$headers = array("Accept: application/xrds+xml");
curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);
}
if ($method == "POST") curl_setopt($curl, CURLOPT_POSTFIELDS, $params);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($curl);
if (curl_errno($curl) == 0){
$response;
}else{
$this->ErrorStore('OPENID_CURL', curl_error($curl));
}
return $response;
}
function HTML2OpenIDServer($content) {
$get = array();
// Get details of their OpenID server and (optional) delegate
$reg1 = '/<link[^>]*rel="openid.server"[^>]*href="([^"]+)"[^>]*\/?>/i';
$reg2 = '/<link[^>]*href="([^"]+)"[^>]*rel="openid.server"[^>]*\/?>/i';
preg_match_all($reg1, $content, $matches1);
preg_match_all($reg1, $content, $matches2);
// match on non-xhtml - RS change
preg_match_all(preg_replace('/"/', "'", $reg1), $content, $matches3);
preg_match_all(preg_replace('/"/', "'", $reg2), $content, $matches4);
$servers = array_merge($matches1[1], $matches2[1], $matches3[1], $matches4[1]);
$reg1 = '/<link[^>]*rel="openid.delegate"[^>]*href="([^"]+)"[^>]*\/?>/i';
$reg2 = '/<link[^>]*href="([^"]+)"[^>]*rel="openid.delegate"[^>]*\/?>/i';
preg_match_all($reg1, $content, $matches1);
preg_match_all($reg2, $content, $matches2);
preg_match_all(preg_replace('/"/', "'", $reg1), $content, $matches3);
preg_match_all(preg_replace('/"/', "'", $reg2), $content, $matches4);
$delegates = array_merge($matches1[1], $matches2[1], $matches3[1], $matches4[1]);
if (count($servers) == 0 && count($delegates) == 0) {
preg_match_all('/<meta[^>]*http-equiv="X-XRDS-Location"[^>]*content="([^"]+)"[^>]*\/>/i', $content, $matches3);
preg_match_all('/<meta[^>]*content="([^"]+)"[^>]*http-equiv="X-XRDS-Location"[^>]*\/>/i', $content, $matches4);
if ($matches3[1][0] != "") { $url = $matches3[1][0]; }
else if ($matches4[1][0] != "") { $url = $matches4[1][0]; }
if ($url != "") {
$response = $this->CURL_Request($url);
list($servers, $delegates) = $this->XRDS2OpenIDServer($response);
}
}
$ret = array($servers, $delegates);
return $ret;
}
function XRDS2OpenIDServer($content) {
$arrcon = explode("\n", $content);
$services = array();
$delegates = array();
$i=0;
while ($i < count($arrcon)) {
if (substr(trim($arrcon[$i]),0,8) == "<Service") {
$servstr = "";
while (substr(trim($arrcon[$i]),0,10) != "</Service>") {
$servstr = $servstr . trim($arrcon[$i]) . "\n";
$i++;
}
$services[] = $servstr;
}
$i++;
}
$matches1 = array();
$matches2 = array();
foreach ($services as $service) {
if (strstr($service, "http://openid.net/signon/1.")) {
preg_match_all('/<URI[^>]*>([^<]+)<\/URI>/i', $service, $matches1);
preg_match_all('/<openid:Delegate[^>]*>([^<]+)<\/openid:Delegate>/i', $service, $matches2);
}
}
$servers = $matches1[1];
$delegates = $matches2[1];
$ret = array($servers, $delegates);
return $ret;
}
function CheckHeadersForXRDS($content) {
$arrcon = explode("\n", $content);
$i = 0;
while ($i < count($arrcon)) {
if (substr($arrcon[$i],0,16) == "X-XRDS-Location:") {
$keyval = explode(':', $arrcon[$i], 2);
$newurl = trim($keyval[1]);
return $newurl;
}
$i++;
}
return "";
}
function GetOpenIDServer(){
$response = $this->CURL_Request($this->openid_url_identity);
$xrds_url = $this->CheckHeadersForXRDS($response);
if ($xrds_url != "") {
$response = $this->CURL_Request($xrds_url);
list($servers, $delegates) = $this->XRDS2OpenIDServer($response);
}
else if ($this->openid_url_type == 1) {
list($servers, $delegates) = $this->HTML2OpenIDServer($response);
}
else if ($this->openid_url_type == 2) {
list($servers, $delegates) = $this->XRDS2OpenIDServer($response);
}
if (count($servers) == 0){
$this->ErrorStore('OPENID_NOSERVERSFOUND');
return false;
}
if ($delegates[0] != ""){
$this->openid_url_identity = $delegates[0];
}
$this->SetOpenIDServer($servers[0]);
return $servers[0];
}
function GetRedirectURL(){
$params = array();
$params['openid.return_to'] = urlencode($this->URLs['approved']);
$params['openid.mode'] = 'checkid_setup';
$params['openid.identity'] = urlencode($this->openid_url_identity);
$params['openid.trust_root'] = urlencode($this->URLs['trust_root']);
if (count($this->fields['required']) > 0){
$params['openid.sreg.required'] = implode(',',$this->fields['required']);
}
if (count($this->fields['optional']) > 0){
$params['openid.sreg.optional'] = implode(',',$this->fields['optional']);
}
$params['openid.sreg.policy_url'] = urlencode($this->URLs['policyurl']);
$join = stripos($this->URLs['openid_server'], '?') ? '&' : '?';
return $this->URLs['openid_server'] . $join. $this->array2url($params);
}
function Redirect(){
$redirect_to = $this->GetRedirectURL();
if (headers_sent()){ // Use JavaScript to redirect if content has been previously sent (not recommended, but safe)
echo '<script language="JavaScript" type="text/javascript">window.location=\'';
echo $redirect_to;
echo '\';</script>';
}else{ // Default Header Redirect
header('Location: ' . $redirect_to);
}
}
function ValidateWithServer(){
$params = array(
'openid.assoc_handle' => urlencode($_GET['openid_assoc_handle']),
'openid.signed' => urlencode($_GET['openid_signed']),
'openid.sig' => urlencode($_GET['openid_sig'])
);
// Send only required parameters to confirm validity
$arr_signed = explode(",",str_replace('sreg.','sreg_',$_GET['openid_signed']));
for ($i=0; $i<count($arr_signed); $i++){
$s = str_replace('sreg_','sreg.', $arr_signed[$i]);
$c = $_GET['openid_' . $arr_signed[$i]];
// if ($c != ""){
$params['openid.' . $s] = urlencode($c);
// }
}
$params['openid.mode'] = "check_authentication";
$openid_server = $this->GetOpenIDServer();
// print "<pre>";
// print_r($_GET);
// print_r($params);
// print_r($openid_server);
// print "</pre>";
if ($openid_server == false){
return false;
}
// RS change - GET => POST http://openid.net/specs/openid-authentication-1_1.html#mode_check_authentication
$response = $this->CURL_Request($openid_server,'POST',$params);
$data = $this->splitResponse($response);
if ($data['is_valid'] == "true") {
return true;
}else{
return false;
}
}
}
?>

104
inc/admin.class.php Normal file
View file

@ -0,0 +1,104 @@
<?php
/**
* Project: astat - simple site engine
* File: /inc/admin.class.php
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*
* @link http://www.astat.org SVN: $URL: http://svn.astat.org/astat/trunk/inc/admin.class.php $
* @copyright 2009 becast.at
* @author Bernhard Jaud <bernhard at becast dot at>
* @package astat core
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
* @version $Id: admin.class.php 57 2009-07-10 19:34:56Z genuineparts $
*/
$module["admin"]["name"]="Admin Class";
$module["admin"]["ver"]="0.2.4";
class admin {
var $module_=array();
function create_admin_nav(){
global $config, $db, $panel, $core, $session;
$root = $_SERVER['DOCUMENT_ROOT'] . $config["path"];
include_once dirname(dirname(__FILE__)).'/class_templates/admin_module.template.php';
foreach($core->mod_ as $key=>$val){
if(file_exists($root."/modules/".$val["file"]."/" . $val["file"] . ".module.php")){
include_once $root.'/modules/'.$val["file"].'/' . $val["file"]. '.module.php';
$class="module_".$val["file"];
if(class_exists($class)){
$this->module_[$val["file"]] = new $class();
if(is_array($this->module_[$val["file"]]->admin_panels())){
if($session->userdata[$val["file"].'_admin']==1){
$panel->menu_item("group_only",$val["name"]);
foreach($this->module_[$val["file"]]->admin_panels() as $key => $val){
if(isset($val[2])){
$panel->menu_item($val[0],$val[1],$val[2]);
}else{
$panel->menu_item($val[0],$val[1]);
}
}
}
}
}
}
}
}
function get_panel($task){
global $config, $panel, $userinfo, $tpl, $error, $session, $meta, $mod;
$root = $_SERVER['DOCUMENT_ROOT'] . $config["path"];
if (strpos($task, '://') !== FALSE || strpos($task, '../') !== FALSE){
$panel->content="Unser System hat festgestellt das ein XSS Versuch erfolgt ist.<br />Wir haben alle Daten geloggt und eine E-Mail an den Administrator wurde versandt.<br />Im &uuml;brigen kannst du deine Versuche aufgeben XSS und SQL-Injections werden IMMER abgefangen.";
$panel->title="Fehler.";
$panel->parse_page();
return;
}else{
$module=explode("_",$task,2);
if(isset($module[1]) && $module[1]!=""){
$right=$module[1];
$include=$root."/modules/".$module[1]."/admin/" . $module[0] . ".apnl.php";
}else{
$right=$task;
$include=$root."/admin/".$task . ".apnl.php";
}
if($session->userdata[$right.'_admin']==1){
if(file_exists($include)){
include $include;
include_once dirname(dirname(__FILE__)).'/class_templates/admin_module.template.php';
$class=$task."_panel";
if(class_exists($class)){
$content = new $class();
$content->output();
$panel->meta.= $content->meta();
$panel->parse_page();
}
}else{
$panel->content="Das Panel konnte nicht gefunden werden.";
$panel->title="Fehler.";
$panel->parse_page();
}
}else{
$panel->content="You have not the necessary rights to view this page.";
$panel->title="Error.";
$panel->parse_page();
}
}
}
}
?>

111
inc/ajax.class.php Normal file
View file

@ -0,0 +1,111 @@
<?php
/**
* Project: astat - simple site engine
* File: /inc/ajax.class.php
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*
* @link http://www.astat.org SVN: $URL: http://svn.astat.org/astat/trunk/inc/ajax.class.php $
* @copyright 2009 becast.at
* @author Bernhard Jaud <bernhard at becast dot at>
* @package astat core
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
* @version $Id: ajax.class.php 31 2009-06-20 20:41:07Z genuineparts $
*/
$module["core"]["name"]="Ajax Class";
$module["core"]["ver"]="0.6.0";
use Smarty\Smarty;
class ajax{
var $db;
var $log;
var $tpl;
function __construct(& $db,& $log,& $tpl) {
global $config;
$this->log = & $log;
$this->db = & $db;
$this->tpl = & $tpl;
}
function get_ajax_module($task,$subtask=""){
global $config, $userdata, $core, $db, $userinfo, $tpl, $error, $session, $meta, $mod, $plugin;
include dirname(dirname(__FILE__)).'/class_templates/ajax_module.template.php';
$content="";
if (strpos($task, '://') !== FALSE || strpos($task, '../') !== FALSE){
$this->tpl->assign('messagetitle',"Intruder Alert!");
$this->tpl->assign('message', "Unser System hat festgestellt das ein XSS Versuch erfolgt ist.<br />Wir haben alle Daten geloggt und eine E-Mail an den Administrator wurde versandt.");
if($config["logging"])
$this->log->write("XSS ATTACK: Someone tried calling ".$task."!",1);
return $tpl->fetch('message.tpl',"INTRUDER");
}elseif((file_exists("modules/".$task."/" . $task . ".ajax.php") && is_array($core->mod_[$task]) )|| $task==""){
if($task!=""){
include 'modules/'.$task.'/' . $task. '.ajax.php';
if(class_exists($task)){
$mod = new $task();
$root = $_SERVER['DOCUMENT_ROOT'] . $config["path"];
if(isset($config["theme"]) && is_dir($root . '/modules/'.$task.'/templates/'.$config["theme"]) && !$mod -> uses_default_templates){
$mod -> tpl-> setTemplateDir($root . '/modules/'.$task.'/templates/'.$config["theme"]);
}elseif($mod -> uses_default_templates){
if(isset($config["theme"]) && is_dir($root . '/themes/'.$config["theme"])){
$mod -> tpl-> setTemplateDir($root . '/themes/'.$config["theme"]);
}else{
$mod -> tpl-> setTemplateDir($root . '/themes/default');
}
}else{
$mod -> tpl-> setTemplateDir($root . '/modules/'.$task.'/templates/default');
}
if($subtask!=""){
$subtask="sub_".$subtask;
if(!is_callable(array($mod,$subtask))){
if($config["logging"])
$this->log->write("FATAL ERROR: Modul ".$task." was found, but does not contain FUNCTION ".$subtask."!",1);
return $error->http_error("404");
}else{
$content.=$mod->$subtask();
}
}else{
$content.=$mod->ajax();
}
}else{
if($config["logging"])
$this->log->write("FATAL ERROR: Modul ".$task." was found, but does not contain CLASS ".$task."!",1);
return $error->http_error("404");
}
}
}else{
if($config["logging"])
$this->log->write("Modul ".$task." not found!",2);
return $error->http_error("404");
}
echo $content;
}
}
?>

101
inc/cache.class.php Normal file
View file

@ -0,0 +1,101 @@
<?php
/**
* Project: beFramed
* File: /inc/cache.class.php
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*
* @link http://www.jaud.be
* @copyright 2025 becast.at
* @author Bernhard Jaud <bernhard at becast dot at>
* @package beFramed Core
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
* @version $Id$
*/
/*
Already defined by PHP. I'll leave it here for Info
define("LOG_EMERG", 0);
define("LOG_ALERT", 1);
define("LOG_CRIT", 2);
define("LOG_ERR", 3);
define("LOG_WARNING", 4);
define("LOG_INFO", 6);
define("LOG_DEBUG", 7);
*/
$module["cache"]["name"]="Cache Class";
$module["cache"]["ver"]="0.9.10";
class cache {
var $server;
var $prefix;
var $obj;
var $port;
var $exp;
/////////////////////////////////////////
// Module data
/////////////////////////////////////////
//
// __construct
//
// Buid logger
//
function __construct() {
global $config, $logger;
$this->server=$config['MEMCACHE_SERVER'];
$this->port=$config['MEMCACHE_PORT'];
$this->prefix=$config['MEMCACHE_PREFIX'];
$this->exp=$config['MEMCACHE_EXPIRATION'];
$this->obj = new Memcached($this->prefix);
$con = $this->connect($this->server,$this->port);
if(!$con){
return false;
}else{
return true;
}
}
public function connect($host , $port){
$servers = $this->obj->getServerList();
if(is_array($servers)) {
foreach ($servers as $server) {
if($server['host'] == $host and $server['port'] == $port){
return true;
} else {
return $this->obj->addServer($host , $port);
}
}
}
}
function __destruct() {
$this->obj->quit();
}
function set($key,$var,$expiration=null){
if($expriation=null){
$expriation=$this->exp;
}
$this->obj->set($this->prefix.$key,$var,$expiration);
}
function get($key){
return $this->obj->get($this->prefix.$key);
}
}
?>

109
inc/captcha.class.php Normal file
View file

@ -0,0 +1,109 @@
<?php
/**
* (c) 2025 BeCast
* -------------------------------------
* Filename: captcha.class.php
* Purpose: Capthca Handling
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; version 2 of the License.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston,
* MA 02111-1307 USA
*/
$module["module"]["name"]="Captcha Class";
$module["module"]["ver"]="1.0.0";
class captcha{
function getCaptcha(){
global $config;
if($config['captcha']==1) {
return '<label data-mcaptcha_url="https://'.$config['mcaptcha_url'].'/widget/?sitekey='.$config['mcaptcha_sitekey'].'" for="mcaptcha__token" id="mcaptcha__token-label">mCaptcha authorization token.<a href="https://mcaptcha.org/docs/user-manual/how-to-mcaptcha-without-js/">Instructions</a>.<input type="text" name="mcaptcha__token" id="mcaptcha__token" /></label><div id="mcaptcha__widget-container"></div> <script src="https://unpkg.com/@mcaptcha/vanilla-glue@0.1.0-rc2/dist/index.js"></script>';
} else if ($config['captcha']==2) {
return '<script src="https://www.google.com/recaptcha/api.js"></script><div class="g-recaptcha" data-sitekey="'.$config['recaptcha_sitekey'].'"></div>';
} else {
return '';
}
}
function validate($response){
global $config,$functions;
if($config['captcha']==1) {
if(isset($response['mcaptcha__token']) && $response['mcaptcha__token']!=''){
$token = $response['mcaptcha__token'];
} else {
return false;
}
$data = array(
'token' => $token,
'key' => $config['mcaptcha_sitekey'],
'secret' => $config['mcaptcha_secret']
);
$json = json_encode($data);
$url = 'https://'.$config['mcaptcha_url'].'/api/v1/pow/siteverify';
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
curl_setopt($ch, CURLOPT_POSTFIELDS, $json);
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
'Content-Type: application/json',
'Content-Length: ' . strlen($json)
));
$fh=curl_exec($ch);
// schließe den cURL-Handle und gebe die Systemresourcen frei
curl_close($ch);
if(!$fh){
return false;
}else{
$cresp = json_decode($fh, true);
if($cresp["valid"] === true){
return true;
}else{
return false;
}
}
}else if($config['captcha']==2) {
if(isset($response['g-recaptcha-response']) && $response['g-recaptcha-response']!=''){
$data = $response['g-recaptcha-response'];
} else {
return false;
}
$ch = curl_init();
// setze die URL und andere Optionen
curl_setopt($ch, CURLOPT_URL, "https://www.google.com/recaptcha/api/siteverify?secret=".$config['recaptcha_secret']."&response=".$data."&remoteip=".$functions->get_ip());
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_TIMEOUT, 10);
// führe die Aktion aus und gebe die Daten an den Browser weiter
$fh=curl_exec($ch);
// schließe den cURL-Handle und gebe die Systemresourcen frei
curl_close($ch);
if(!$fh){
return false;
}else{
$cresp = json_decode($fh, true);
if($cresp["success"] === true){
return true;
}else{
return false;
}
}
} else {
return true;
}
}
}
?>

View file

@ -0,0 +1,44 @@
<?php
/**
* (c) 2009 BeCast
* -------------------------------------
* Filename: config.defult.inc.php
* Purpose: Configuration
* CVS Header: $Header$
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; version 2 of the License.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston,
* MA 02111-1307 USA
*/
// your Database Server (most likely localhost)
$config["host"] = "localhost";
// your Database Username
$config["user"] = "bcWe";
// your Database Password
$config["pass"] = "MyPassword";
// your Database
$config["db"] = "bcWe";
// your Database Prefix
$config["prefix"]="be_";
// your Database Sytem
$config["db_class"]="mysqli";
$config['MEMCACHE_SERVER'] = '127.0.0.1';
$config['MEMCACHE_PORT'] = '11211';
$config['MEMCACHE_PREFIX'] = 'bcWe';
$config['MEMCACHE_EXPIRATION'] = '50000';
define('INSTALLED', FALSE);
define("CHARSET", "UTF-8");
define("DEBUG", FALSE);
?>

706
inc/core.class.php Normal file
View file

@ -0,0 +1,706 @@
<?php
/**
* Project: astat - simple site engine
* File: /inc/core.class.php
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*
* @link http://www.astat.org SVN: $URL: http://svn.becast.at/astat/trunk/inc/core.class.php $
* @copyright 2025 becast.at
* @author Bernhard Jaud <bernhard at becast dot at>
* @package astat core
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
* @version $Id: core.class.php 154 2012-03-27 21:50:46Z genuineparts $
*/
$module['core']['name']='Core Class';
$module['core']['ver']='0.9.81';
class Core{
/**
*
* Database Connection
*
* @var object
*/
var $db;
/**
*
* Logging Class
*
* @var object
*/
var $log;
/**
*
* Template Class
*
* @var object
*/
var $tpl;
/**
*
* loaded Modules
*
* @var array
*/
var $mod_=array();
/**
*
* Sidebar Modules
*
* @var array
*/
var $nav=array();
/**
*
* Major Version
*
* @var string
*/
var $ver_major='1';
/**
*
* Minor Version
*
* @var string
*/
var $ver_minor='0';
/**
*
* Revision
*
* @var string
*/
var $ver_rev='0';
/**
*
* Codename
*
* @var string
*/
var $ver_codename='Antiochos';
/**
*
* Navbits
*
* @var array
*/
var $navbits=array();
/**
* Constructor
*
* @param Database
* @param Log
* @param Template
*/
function __construct(& $db,& $log,& $tpl) {
global $config;
$this->log = & $log;
$this->db = & $db;
$this->tpl = & $tpl;
$this->nav['left']=TRUE;
$this->nav['right']=TRUE;
$this -> add_navbit($config['sitetitle'],$config['path'].'/index.php');
}
/**
* Loads all installed modules from the database
*
*/
function load_modules(){
global $config, $db;
$result = $db->query("SELECT * FROM " . $config['prefix'] . "module");
while ($row = $db->fetch_array($result)){
$this->mod_[$row['file']] = $row;
}
}
/**
* Creates the Sidebar
*
* @param string The side for which the Content should be rendered (l=left, r=right)
* @return false|string
*/
function create_nav($side){
global $config, $cache, $db, $session, $lang, $plugin;
$navrow = '';
$navtpl= $this->tpl;
$root = $_SERVER['DOCUMENT_ROOT'] . $config['path'];
if($navtpl-> isCached('navmain.tpl','navmain'.$side)){
$compilednav = $navtpl-> fetch('navmain.tpl','navmain'.$side);
return $compilednav;
}else{
$nav = $cache->read('sidebar');
if($nav==FALSE){
$cache->update_sidebars();
$nav = $cache->read('sidebar');
}
if($nav[$side] != NULL){
foreach($nav[$side] as $row){
$nav_title = $row['name'];
$nav_content = $row['content'];
$nav_file = $row['file'];
if($nav_file == ''){
preg_match_all ('{right=\"(?P<value>.*?)\"}',$nav_content,$regs);
if(is_array($regs)){
foreach($regs['value'] as $reg){
if($session->userdata[$reg]){
$nav_content=preg_replace("/\{right=\"".$reg."\"\}(.*?)\{\/right\}/si","\\1",$nav_content);
}else{
$nav_content=preg_replace("/\{right=\"".$reg."\"\}(.*?)\{\/right\}/si","",$nav_content);
}
}
}
if($session->userdata['uid']!=0){
$nav_content=preg_replace("/\{logged_in\}(.*?)\{\/logged_in\}/si","\\1",$nav_content);
$nav_content=preg_replace("/\{logged_out\}(.*?)\{\/logged_out\}/si","",$nav_content);
}else{
$nav_content=preg_replace("/\{logged_in\}(.*?)\{\/logged_in\}/si","",$nav_content);
$nav_content=preg_replace("/\{logged_out\}(.*?)\{\/logged_out\}/si","\\1",$nav_content);
}
if($session->userdata['allow_grimdark']!=0){
$nav_content=preg_replace("/\{allow_gd\}(.*?)\{\/allow_gd\}/si","\\1",$nav_content);
}else{
$nav_content=preg_replace("/\{allow_gd\}(.*?)\{\/allow_gd\}/si","",$nav_content);
}
if(trim($nav_content)!=''){
$navtpl->assign('navtitle', $nav_title);
$navtpl->assign('navcontent', $nav_content);
$navrow .= $navtpl->fetch('nav.tpl');
}
}elseif(file_exists($root.'/nav_modules/nav_' . $nav_file .'.php')){
$navtpl->assign('navtitle', $nav_title);
$navtpl->assign('navcontent', $nav_content);
// include a Navigation Module. The Navigation Module MUST return a variable $navcontent
include($root.'/nav_modules/nav_' . $nav_file .'.php');
}
}
$navtpl->assign('nav', $navrow);
if($side=='l'){
$sidename='leftside';
}else{
$sidename='rightside';
}
$navtpl->assign('sidename', $sidename);
$compilednav = $navtpl->fetch('navmain.tpl','navmain'.$side);
$plugin->run_hook('nav_finish',array(&$compilednav));
return $compilednav;
}else{
return false;
}
}
}
/**
* Outputs a Message
*
* @param string $title The title of the message
* @param string $message The message
* @param bool $redirect Should the user be redirected
* @param string $url The redirect URL
* @param integer $time The Time in seconds until the user gets redirected
* @param bool $minimal Should the Sidebars not get rendered
*
*/
function message($title,$message,$redirect=FALSE,$url='',$time=4,$minimal=FALSE,$fetch_page=TRUE){
global $config, $userdata, $userinfo, $tpl, $session, $lang, $meta;
if(!isset($session->userdata) && $fetch_page){
$session->page_begin('Message', FALSE);
}
if($url!='' && $redirect){
$tpl->assign('message', $message.'<br /><a href="'.$url.'">'.$lang->_('CLICKREDIRECT').'</a>');
}elseif($url!='' && !$redirect){
$tpl->assign('message', $message.'<br /><a href="'.$url.'">'.$lang->_('CLICKCONTINUE').'</a>');
}else{
$tpl->assign('message', $message);
}
$tpl->assign('messagetitle', $title);
if($redirect && $url!=''){
if(substr( $url, 0, 4 ) != "http") {
$url = '//'.$config['domain'].$config['path'].$url;
}
$meta.='<meta http-equiv="refresh" content="'.$time.';URL='.$url.'" />';
}
$this->make_page($tpl->fetch('message.tpl'),$minimal);
}
/**
* Outputs a Message
*
* @deprec 0.8.60 - 2009/06/20
* @param string $title The title of the message
* @param string $message The message
* @param bool $redirect Should the user be redirected
* @param string $url The redirect URL
* @param integer $time The Time in seconds until the user gets redirected
*
*/
function redirect_message($title,$message,$redirect=FALSE,$url='',$time=4){
$this->message($title,$message,$redirect,$url,$time,TRUE);
}
/**
* Adds a Navbit
*
* @param string $title The title of the navbit
* @param string $url The navbit url
*
*/
function add_navbit($title,$url=''){
$this->navbits[]=array('name'=>$title,'url'=>$url);
}
/**
* Clears Navbits
*
*/
function clear_navbits(){
unset($this->navbits);
}
/**
* get Navbits
*
* @returns string
*
*/
function get_navbits(){
foreach($this->navbits as $key => $nav){
if(isset($this->navbits[$key+1])){
if($nav['url']==''){
$bit='<span class="navbit">'.$nav['name'].'</span>';
}else{
$bit='<a href="'.$nav['url'].'"><span class="navbit">'.$nav['name'].'</span></a>';
}
}else{
if($nav['url']==''){
$bit='<span class="active_navbit">'.$nav['name'].'</span>';
}else{
$bit='<a href="'.$nav['url'].'"><span class="active_navbit">'.$nav['name'].'</span></a>';
}
}
if(!$navs){
$navs=$bit;
}else{
$navs.=' / '.$bit;
}
}
return $navs;
}
/**
* Gets a module and renders the main content
*
* @param string $task The name of the module
* @param string $subtask The name of the subfunction
* @return void|string
*
*/
function get_module($task,$subtask=''){
global $config, $userdata, $db, $cache, $tpl, $error, $session, $meta, $mod, $footer, $plugin;
$content='';
include dirname(dirname(__FILE__)).'/class_templates/page_module.template.php';
if (strpos($task, '://') !== FALSE || strpos($task, '../') !== FALSE){
$tpl->assign('messagetitle','Intruder Alert!');
$tpl->assign('message', 'The System has caught a possible attack. The Admins have been informed.');
if($config['logging'])
$this->log->write('XSS ATTACK: Someone tried calling '.$task.'!',1);
return $tpl->fetch('message.tpl','INTRUDER');
}elseif((file_exists('modules/'.$task.'/' . $task . '.output.php') && is_array($this->mod_[$task]) )|| $task==''){
if($config['startmodule'] == $task){
$result=$db->query("SELECT * FROM `".$config['prefix']."navigation` WHERE `side`='m' ORDER BY `sort`");
}else{
$result=$db->query("SELECT * FROM `".$config['prefix']."navigation` WHERE `side`='m' AND `valid`='E' ORDER BY `sort`");
}
while($row=$db->fetch_array($result)){
if($row['name']=='maincontent'){
if($task!=''){
include 'modules/'.$task.'/' . $task. '.output.php';
if($config['logging'])
$this->log->write($task.' called.');
if(class_exists($task)){
$mod = new $task();
$mod->get=$_GET;
$mod->post=$_POST;
$mod->files=$_FILES;
$mod->request=$_REQUEST;
if(isset($_SESSION)){
$mod->session=$_SESSION;
}
$mod->cookie=$_COOKIE;
$root = $_SERVER['DOCUMENT_ROOT'] . $config['path'];
if(isset($config['theme']) && $config['theme']!='' && is_dir($root . '/modules/'.$task.'/templates/'.$config['theme']) && !$mod -> uses_default_templates){
$mod -> tpl-> setTemplateDir($root . '/modules/'.$task.'/templates/'.$config['theme']);
}elseif($mod -> uses_default_templates){
if(isset($config['theme']) && $config['theme']!='' && is_dir($root . '/themes/'.$config['theme'])){
$mod -> tpl-> setTemplateDir($root . '/themes/'.$config['theme']);
}else{
$mod -> tpl-> setTemplateDir($root . '/themes/default');
}
}else{
$mod -> tpl-> setTemplateDir($root . '/modules/'.$task.'/templates/default');
}
$meta.= $mod->redirect;
if($subtask!=''){
$submeta='meta_'.$subtask;
$subfooter='footer_'.$subtask;
$subtask='output_'.$subtask;
if(!is_callable(array($mod,$subtask))){
if($config['logging'])
$this->log->write('FATAL ERROR: Modul '.$task.' was found, but does not contain FUNCTION '.$subtask.'!',1);
return $error->http_error('404');
}else{
if(!is_callable(array($mod,$submeta))){
$meta.= $mod->meta();
}else{
$meta.= $mod->$submeta();
}
if(!is_callable(array($mod,$subfooter))){
$footer.= $mod->footer();
}else{
$footer.= $mod->$subfooter();
}
$content.=$mod->$subtask();
}
}else{
$meta.= $mod->meta();
$footer.= $mod->footer();
$content.=$mod->output();
}
}else{
if($config['logging'])
$this->log->write('FATAL ERROR: Modul '.$task.' was found, but does not contain CLASS '.$task.'!',1);
return $error->http_error('404');
}
}
}else{
if($row['file']!=''){
$file_content=$plugin->run_hook($row['file'],array(&$tpl));
$content.=$file_content;
}else{
preg_match_all ('{right=\"(?P<value>.*?)\"}',$row['content'],$regs);
if(is_array($regs)){
foreach($regs['value'] as $reg){
if($session->userdata[$reg]){
$nav_content=preg_replace("/\{right=\"".$reg."\"\}(.*?)\{\/right\}/si","\\1",$row['content']);
}else{
$nav_content=preg_replace("/\{right=\"".$reg."\"\}(.*?)\{\/right\}/si","",$row['content']);
}
}
}
$session->page_begin('content', false);
if($session->userdata['uid']!=0){
$row['content']=preg_replace("/\{logged_in\}(.*?)\{\/logged_in\}/si","\\1",$row['content']);
$row['content']=preg_replace("/\{logged_out\}(.*?)\{\/logged_out\}/si","",$row['content']);
}else{
$row['content']=preg_replace("/\{logged_in\}(.*?)\{\/logged_in\}/si","",$row['content']);
$row['content']=preg_replace("/\{logged_out\}(.*?)\{\/logged_out\}/si","\\1",$row['content']);
}
if($session->userdata['allow_grimdark']!=0){
$row['content']=preg_replace("/\{allow_gd\}(.*?)\{\/allow_gd\}/si","\\1",$row['content']);
}else{
$row['content']=preg_replace("/\{allow_gd\}(.*?)\{\/allow_gd\}/si","",$row['content']);
}
$content.=$row['content'];
}
}
}
}else{
if($config['logging'])
$this->log->write('Modul '.$task.' not found!',2);
return $error->http_error('404');
}
$this->make_page($content);
}
function makeDownload($file, $dir, $type) {
$fullPath=$dir.$file;
// Must be fresh start
if( headers_sent())
die('Headers Sent');
// Required for some browsers
if(ini_get('zlib.output_compression'))
ini_set('zlib.output_compression', 'Off');
// File Exists?
if( file_exists($fullPath) ){
// Parse Info / Get Extension
$fsize = filesize($fullPath);
$path_parts = pathinfo($fullPath);
$ext = strtolower($path_parts["extension"]);
// Determine Content Type
switch ($ext) {
case "pdf": $ctype="application/pdf"; break;
case "exe": $ctype="application/octet-stream"; break;
case "zip": $ctype="application/zip"; break;
case "doc": $ctype="application/msword"; break;
case "xls": $ctype="application/vnd.ms-excel"; break;
case "ppt": $ctype="application/vnd.ms-powerpoint"; break;
case "apk": $ctype='application/vnd.android.package-archive'; break;
case "gif": $ctype="image/gif"; break;
case "png": $ctype="image/png"; break;
case "jpeg":
case "jpg": $ctype="image/jpg"; break;
default: $ctype="application/force-download";
}
header("Pragma: no-cache"); // required
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT\n");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Content-Description: File Transfer");
header("Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0");
header("Content-Type: $ctype");
header("Content-Disposition: attachment; filename=\"".basename($fullPath)."\";" );
header("Content-Transfer-Encoding: binary");
header("Content-Length: ".$fsize);
ob_clean();
readfile( $fullPath );
flush();
} else {
die('File Not Found');
}
}
/**
* Renders the Page
*
* @param string $content The content for the page
* @param bool $minimal Render the Page in a minaml mode (e.g. for redirect)
* @param string $minimal_tpl Custom minimal template
* @param string $header_tpl Custom header template
* @param string $footer_tpl Custom footer template
* @return void
*
*/
function make_page($content, $minimal=FALSE,$minimal_tpl='minimal_index.tpl',$header_tpl='header.tpl',$footer_tpl='footer.tpl'){
global $config, $session, $start, $tpl, $db, $meta, $footer, $mod, $plugin,$plugin_content;
$plugin->run_hook('frontpage_start',array(&$tpl));
if($config['p3p_active']==1){
header('P3P: CP="'.$config['p3p_string'].'"');
}
$tpl -> assign("path",$config["path"]."/");
$tpl -> assign("themepath",'/themes/'.$config['theme']);
$tpl -> assign('sitetitle', $config['sitetitle']);
if(isset($mod->titleaddon) && $mod->titleaddon!=''){
$tpl -> assign('titleaddon', ' - '.$mod->titleaddon);
}
$tpl -> assign('navbits',$this -> get_navbits());
$tpl -> assign('meta', $meta);
if($header_tpl!=''){
$header=$tpl->fetch($header_tpl);
$tpl -> assign('header', $header);
}
if(!$minimal){
if($this->nav['right']){
$rightnav = $this->create_nav('r');
$tpl -> assign('rightnav', $rightnav);
}
if($this->nav['left']){
$leftnav = $this->create_nav('l');
$tpl -> assign('leftnav', $leftnav);
}
$plugin->run_hook('frontpage_middle',array(&$tpl));
$tpl -> assign('content', $content);
$tpl -> display('index.tpl');
}else{
$tpl -> assign('content', $content);
$tpl -> display($minimal_tpl);
}
$tpl->assign('queries', $db->querys());
$tpl->assign('user', $session->userdata);
$tpl->assign('memory', number_format((@memory_get_usage()/1048576),2).' Mb');
$tpl->assign('version', $this->ver_major.'.'.$this->ver_minor.'.'.$this->ver_rev.' - '.$this->ver_codename);
$tpl -> assign('footer', $footer);
$end = getTime();
$tpl->assign('gentime',round($end - $start,4));
if($footer_tpl!=''){
$tpl->display($footer_tpl);
}
$plugin->run_hook('frontpage_end',array(&$tpl));
exit();
}
/**
* Uploads a file
*
* @param string $filename The name for the file
* @param string $tmpname The name of the Temporary (read uploaded) File
* @param integer $maxwidth Maximal width of the image
* @param integer $maxheight Maximal height of the image
* @param bool $resize Resize the image if its bigger
* @param bool $keep_ratio Keep the Height to Width ratio when resizing
* @return bool|string
*
*/
function upload_file($filename, $tmpname, $maxwidth=160, $maxheight=160, $resize=FALSE, $keep_ratio=TRUE){
global $config, $lang;
if(file_exists($tmpname)){
$sizes = getimagesize($tmpname);
$aspect_ratio = $sizes[1]/$sizes[0];
if ($sizes[1] <= $maxheight && $sizes[0] <= $maxwidth){
$new_width = $sizes[0];
$new_height = $sizes[1];
}elseif(!$resize){
return sprintf($lang->_('PICSIZE'),$maxwidth,$maxheight);
}elseif($keep_ratio){
$new_height = $maxheight;
$new_width = abs($new_height/$aspect_ratio);
if($new_width > $maxwidth){
$new_width = $maxwidth;
$new_height = abs($new_width*$aspect_ratio);
}
}else{
$new_width = $maxwidth;
$new_height = $maxheight;
}
$destimg=ImageCreateTrueColor($new_width,$new_height);
if(!$destimg)
return $lang->_('PICNOCREATE');
/**
*
* Needed to fix PNG Background Transparency
*/
imagealphablending($destimg, false);
imagesavealpha($destimg, true);
$srcimg= $this->imagecreatefromfile($tmpname);
if(!$srcimg)
return $lang->_('PICNOCREATE');
$cpy=ImageCopyResized($destimg,$srcimg,0,0,0,0,$new_width,$new_height,ImageSX($srcimg),ImageSY($srcimg));
if(!$cpy)
return $lang->_('NORESIZE');
$out=$this->imageoutput($sizes[2],$destimg,$filename);
if(!$out)
return $lang->_('CANTSAVEPIC');
imagedestroy($destimg);
imagedestroy($srcimg);
return TRUE;
}else{
return $tmpname.' - '.$lang->_('FILENOEXIST');
}
}
function imagecreatefromfile($path){
$info = @getimagesize($path);
if(!$info)
{
return false;
}
$functions = array(
IMAGETYPE_GIF => 'imagecreatefromgif',
IMAGETYPE_JPEG => 'imagecreatefromjpeg',
IMAGETYPE_PNG => 'imagecreatefrompng',
IMAGETYPE_WBMP => 'imagecreatefromwbmp',
IMAGETYPE_XBM => 'imagecreatefromwxbm',
);
if(!$functions[$info[2]])
{
return false;
}
if(!function_exists($functions[$info[2]]))
{
return false;
}
return $functions[$info[2]]($path);
}
function imageoutput($userfile_type, $image, $imgout=NULL){
$functions = array(
IMAGETYPE_GIF => 'imagegif',
IMAGETYPE_JPEG => 'imagejpeg',
IMAGETYPE_PNG => 'imagepng',
IMAGETYPE_WBMP => 'imagewbmp',
IMAGETYPE_XBM => 'imagewxbm',
);
if(!$functions[$userfile_type])
{
return false;
}
if(!function_exists($functions[$userfile_type]))
{
return false;
}
if($functions[$userfile_type]=='imagejpeg'){
return $functions[$userfile_type]($image, $imgout,100);
}elseif($functions[$userfile_type]=='imagepng'){
return $functions[$userfile_type]($image, $imgout,0);
}else{
return $functions[$userfile_type]($image, $imgout);
}
}
}
?>

113
inc/datacache.class.php Normal file
View file

@ -0,0 +1,113 @@
<?php
$module["datacache"]["name"]="Datacache Module";
$module["datacache"]["ver"]="0.1.0";
/**
* Project: astat - simple site engine
* File: /inc/datacache.class.php
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*
* @link http://www.astat.org SVN: $URL$
* @copyright 2010 becast.at
* @author Bernhard Jaud <bernhard at becast dot at>
* @package astat core
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
* @version $Id$
*/
class datacache {
var $data = array();
var $expires = array();
function __construct(){
global $config, $db;
$res=$db->query('SELECT `cache`,`content`,`expire` FROM `' . $config['prefix'] . 'datacache`');
while($row=$db->fetch_object($res)){
$this->data[$row->cache]=@unserialize(base64_decode($row->content));
$this->expires[$row->cache]=$row->expire;
}
}
//Fetch userdata
function read($cache){
global $config, $db;
if(isset($this->data[$cache]) && $this->data[$cache]){
return $this->data[$cache];
}else{
$res=$db->query('SELECT `cache`,`content` FROM `' . $config['prefix'] . 'datacache` WHERE `cache`=\''.$db->escape($cache).'\' LIMIT 1') or die($db->error());
$row=$db->fetch_row($res);
if(!$row[0]){
$data=false;
}else{
$data = @unserialize(base64_decode($row[1]));
}
return $data;
}
}
function set($name,$data,$expires=0){
global $db,$config;
$data=base64_encode(serialize($data));
$test=$this->read($name);
if($test){
$res=$db->query('UPDATE `' . $config['prefix'] . 'datacache` SET `content`=\''.$data.'\',`expire`=\''.$expires.'\' WHERE `cache`=\''.$db->escape($name).'\'');
if($res){
return true;
}
}else{
$res=$db->query('INSERT INTO `' . $config['prefix'] . 'datacache` (`cache`,`content`,`expire`) VALUES (\''.$db->escape($name).'\',\''.$data.'\',\''.$expires.'\')');
if($res){
return true;
}
}
return false;
}
function is_expired($name){
global $db,$config;
if(isset($this->expires[$name])){
if($this->expires[$name]<time() && $this->expires[$name]!=0){
return true;
}else{
return false;
}
}
$res=$db->query('SELECT `cache` FROM `' . $config['prefix'] . 'datacache` WHERE `cache`=\''.$db->escape($name).'\' AND `expire`< \''.time().'\' AND `expire`<>\'0\' LIMIT 1');
$row=$db->fetch_row($res);
if($row[0]){
return true;
}
return false;
}
function update_sidebars(){
global $db,$config;
$res = $db->query('SELECT `name`, `content`, `file` FROM `' . $config['prefix'] . 'navigation` WHERE `side`=\'l\' ORDER BY `sort`');
while ($row=$db->fetch_row($res)){
$nav['l'][]=array('name'=>$row[0],'content'=>$row[1],'file'=>$row[2]);
}
$res = $db->query('SELECT `name`, `content`, `file` FROM `' . $config['prefix'] . 'navigation` WHERE `side`=\'r\' ORDER BY `sort`');
while ($row=$db->fetch_row($res)){
$nav['r'][]=array('name'=>$row[0],'content'=>$row[1],'file'=>$row[2]);
}
$this->set('sidebar',$nav);
}
}
?>

67
inc/error.class.php Normal file
View file

@ -0,0 +1,67 @@
<?php
/**
* Project: astat - simple site engine
* File: /inc/error.class.php
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*
* @link http://www.astat.org SVN: $URL$
* @copyright 2009 becast.at
* @author Bernhard Jaud <bernhard at becast dot at>
* @package astat core
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
* @version $Id$
*/
$module["error"]["name"]="Error Class";
$module["error"]["ver"]="0.9.0";
class errorhandler{
var $type;
function http_error($type){
global $core,$session;
$session->page_begin("Error", FALSE);
switch($type){
case 401:
header("HTTP/1.1 401 Unauthorized");
return $core->message('Error 401 - Nicht Authorisiert!', 'Du bist nicht Authorisiert um hierauf zuzugreifen.',FALSE);
break;
case 403:
header("HTTP/1.1 403 Forbidden");
header("Status: 403 Forbidden");
return $core->message("Error 403 - Verboten", "Der Zugriff ist Verboten.",FALSE);
break;
case 404:
default:
header("HTTP/1.1 404 Not Found");
header("Status: 404 Not Found");
return $core->message('Error 404 - Nicht gefunden', 'Die von Dir angeforderte Seite konnte nicht gefunden werden.<br />Wenn Du dies für einen Fehler h&auml;ltst informiere bitte das Team!',FALSE);
break;
case 500:
header("HTTP/1.1 500 Internal Server Error");
header("Status: 500 Internal Server Error");
header("Retry-After: 120");
return $core->message('Error 500 - Interner Serverfehler', 'Der Server kann die Anfrage wegen eines Fehlers nicht beantworten.',FALSE);
break;
case 503:
header("HTTP/1.1 503 Service Temporarily Unavailable");
header("Status: 503 Service Temporarily Unavailable");
header("Retry-After: 120");
return $core->message("Error 503 - Dienst nicht verf&uuml;gbar", "Der Dienst ist zurzeit nicht verf&uuml;gbar. Grund k&ouml;nnten Wartungsarbeiten oder Kapazitätsprobleme sein, bitte versuche es sp&auml;ter erneut.",FALSE);
break;
}
}
}
?>

356
inc/functions.class.php Normal file
View file

@ -0,0 +1,356 @@
<?php
$module["functions"]["name"]="Functions Module";
$module["functions"]["ver"]="1.0.0";
/**
* Project: astat - simple site engine
* File: /inc/sessions.class.php
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*
* @link http://www.astat.org SVN: $URL: http://svn.astat.org/astat/trunk/inc/sessions.class.php $
* @copyright 2010 becast.at
* @author Bernhard Jaud <bernhard at becast dot at>
* @package astat core
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
* @version $Id: sessions.class.php 129 2010-02-21 22:04:51Z genuineparts $
*/
class functions {
function my_inet_pton($ip)
{
if(function_exists('inet_pton'))
{
return @inet_pton($ip);
}
else
{
/**
* Replace inet_pton()
*
* @category PHP
* @package PHP_Compat
* @license LGPL - http://www.gnu.org/licenses/lgpl.html
* @copyright 2004-2007 Aidan Lister <aidan@php.net>, Arpad Ray <arpad@php.net>
* @link http://php.net/inet_pton
* @author Arpad Ray <arpad@php.net>
* @version $Revision: 269597 $
*/
$r = ip2long($ip);
if($r !== false && $r != -1)
{
return pack('N', $r);
}
$delim_count = substr_count($ip, ':');
if($delim_count < 1 || $delim_count > 7)
{
return false;
}
$r = explode(':', $ip);
$rcount = count($r);
if(($doub = array_search('', $r, 1)) !== false)
{
$length = (!$doub || $doub == $rcount - 1 ? 2 : 1);
array_splice($r, $doub, $length, array_fill(0, 8 + $length - $rcount, 0));
}
$r = array_map('hexdec', $r);
array_unshift($r, 'n*');
$r = call_user_func_array('pack', $r);
return $r;
}
}
/**
* Converts a packed internet address to a human readable representation
*
* @param string $ip IP in 32bit or 128bit binary format
* @return string IP in human readable format
*/
function my_inet_ntop($ip)
{
if(function_exists('inet_ntop'))
{
return @inet_ntop($ip);
}
else
{
/**
* Replace inet_ntop()
*
* @category PHP
* @package PHP_Compat
* @license LGPL - http://www.gnu.org/licenses/lgpl.html
* @copyright 2004-2007 Aidan Lister <aidan@php.net>, Arpad Ray <arpad@php.net>
* @link http://php.net/inet_ntop
* @author Arpad Ray <arpad@php.net>
* @version $Revision: 269597 $
*/
switch(strlen($ip))
{
case 4:
list(,$r) = unpack('N', $ip);
return long2ip($r);
case 16:
$r = substr(chunk_split(bin2hex($ip), 4, ':'), 0, -1);
$r = preg_replace(
array('/(?::?\b0+\b:?){2,}/', '/\b0+([^0])/e'),
array('::', '(int)"$1"?"$1":"0$1"'),
$r);
return $r;
}
return false;
}
}
function get_ip(){
global $config;
$ip = strtolower($_SERVER['REMOTE_ADDR']);
if($config['ip_forwarded_check'])
{
$addresses = array();
if(isset($_SERVER['HTTP_X_FORWARDED_FOR']))
{
$addresses = explode(',', strtolower($_SERVER['HTTP_X_FORWARDED_FOR']));
}
elseif(isset($_SERVER['HTTP_X_REAL_IP']))
{
$addresses = explode(',', strtolower($_SERVER['HTTP_X_REAL_IP']));
}
if(is_array($addresses))
{
foreach($addresses as $val)
{
$val = trim($val);
// Validate IP address and exclude private addresses
if($this->my_inet_ntop($this->my_inet_pton($val)) == $val && !preg_match("#^(10\.|172\.(1[6-9]|2[0-9]|3[0-1])\.|192\.168\.|fe80:|fe[c-f][0-f]:|f[c-d][0-f]{2}:)#", $val))
{
$ip = $val;
break;
}
}
}
}
if(!$ip)
{
if(isset($_SERVER['HTTP_CLIENT_IP']))
{
$ip = strtolower($_SERVER['HTTP_CLIENT_IP']);
}
}
return $ip;
}
function my_rand($min=0, $max=PHP_INT_MAX){
// backward compatibility
if($min === null || $max === null || $max < $min)
{
$min = 0;
$max = PHP_INT_MAX;
}
if(version_compare(PHP_VERSION, '7.0', '>='))
{
try
{
$result = random_int($min, $max);
} catch (Exception $e) {
}
if(isset($result))
{
return $result;
}
}
$seed = $this->secure_seed_rng();
$distance = $max - $min;
return $min + floor($distance * ($seed / PHP_INT_MAX) );
}
function random_str($length=8, $complex=false){
$set = array_merge(range(0, 9), range('A', 'Z'), range('a', 'z'));
$str = array();
// Complex strings have always at least 3 characters, even if $length < 3
if($complex == true)
{
// At least one number
$str[] = $set[$this->my_rand(0, 9)];
// At least one big letter
$str[] = $set[$this->my_rand(10, 35)];
// At least one small letter
$str[] = $set[$this->my_rand(36, 61)];
$length -= 3;
}
for($i = 0; $i < $length; ++$i)
{
$str[] = $set[$this->my_rand(0, 61)];
}
// Make sure they're in random order and convert them to a string
shuffle($str);
return implode($str);
}
function secure_seed_rng(){
$bytes = PHP_INT_SIZE;
do
{
$output = $this->secure_binary_seed_rng($bytes);
// convert binary data to a decimal number
if ($bytes == 4)
{
$elements = unpack('i', $output);
$output = abs($elements[1]);
}
else
{
$elements = unpack('N2', $output);
$output = abs($elements[1] << 32 | $elements[2]);
}
} while($output > PHP_INT_MAX);
return $output;
}
function secure_binary_seed_rng($bytes){
$output = null;
if(version_compare(PHP_VERSION, '7.0', '>='))
{
try
{
$output = random_bytes($bytes);
} catch (Exception $e) {
}
}
if(strlen($output) < $bytes)
{
if(@is_readable('/dev/urandom') && ($handle = @fopen('/dev/urandom', 'rb')))
{
$output = @fread($handle, $bytes);
@fclose($handle);
}
}
else
{
return $output;
}
if(strlen($output) < $bytes)
{
if(function_exists('mcrypt_create_iv'))
{
if (DIRECTORY_SEPARATOR == '/')
{
$source = MCRYPT_DEV_URANDOM;
}
else
{
$source = MCRYPT_RAND;
}
$output = @mcrypt_create_iv($bytes, $source);
}
}
else
{
return $output;
}
if(strlen($output) < $bytes)
{
if(function_exists('openssl_random_pseudo_bytes'))
{
// PHP <5.3.4 had a bug which makes that function unusable on Windows
if ((DIRECTORY_SEPARATOR == '/') || version_compare(PHP_VERSION, '5.3.4', '>='))
{
$output = openssl_random_pseudo_bytes($bytes, $crypto_strong);
if ($crypto_strong == false)
{
$output = null;
}
}
}
}
else
{
return $output;
}
if(strlen($output) < $bytes)
{
if(class_exists('COM'))
{
try
{
$CAPI_Util = new COM('CAPICOM.Utilities.1');
if(is_callable(array($CAPI_Util, 'GetRandom')))
{
$output = $CAPI_Util->GetRandom($bytes, 0);
}
} catch (Exception $e) {
}
}
}
else
{
return $output;
}
if(strlen($output) < $bytes)
{
// Close to what PHP basically uses internally to seed, but not quite.
$unique_state = microtime().@getmypid();
$rounds = ceil($bytes / 16);
for($i = 0; $i < $rounds; $i++)
{
$unique_state = md5(microtime().$unique_state);
$output .= md5($unique_state);
}
$output = substr($output, 0, ($bytes * 2));
$output = pack('H*', $output);
return $output;
}
else
{
return $output;
}
}
}

82
inc/lang.class.php Normal file
View file

@ -0,0 +1,82 @@
<?php
/**
* Project: astat - simple site engine
* File: /inc/lang.class.php
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*
* @link http://www.astat.org SVN: $URL: $
* @copyright 2025 becast.at
* @author Bernhard Jaud <bernhard at becast dot at>
* @package astat core
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
* @version $Id$
*/
$module["lang"]["name"]="Language Class";
$module["lang"]["ver"]="0.1.1";
class lang{
var $langname=array('de'=>'Deutsch','en'=>'English');
var $language;
var $languagedir;
var $lf;
function __construct($languagedir='/languages/'){
$this->languagedir = dirname(dirname(__FILE__)).'/languages/';
}
function setlang($language){
global $config, $error, $db, $log, $core, $plugin, $lang;
unset($this->language);
unset($this->lf);
if(!$language || $language==''){
$language=$config['lang'];
if(!$language){
$this->language='en';
}else{
$this->language=$language;
}
}else{
$this->language=$language;
}
include_once $this->languagedir.$this->language.'.lang.php';
$this->lf=$lf;
}
function getlanguages(){
$langdir = $this->languagedir;
$langs = opendir($langdir);
$i=0;
while ($lang = readdir($langs)) {
if (preg_match('/^.*?\.lang.php$/', $lang)) {
$langfile[$i]['short']=substr($lang,0,2);
$langfile[$i]['name']=$this->langname[$langfile[$i]['short']];
$i++;
}
}
@closedir($langs);
return($langfile);
}
function _($string){
if(isset($this->lf[$string])){
return($this->lf[$string]);
}else{
return($string);
}
}
}
?>

115
inc/logger.class.php Normal file
View file

@ -0,0 +1,115 @@
<?php
/**
* Project: astat - simple site engine
* File: /inc/logger.class.php
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*
* @link http://www.astat.org SVN: $URL: http://svn.astat.org/astat/trunk/inc/logger.class.php $
* @copyright 2009 becast.at
* @author Bernhard Jaud <bernhard at becast dot at>
* @package astat core
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
* @version $Id: logger.class.php 91 2009-10-22 20:47:08Z genuineparts $
*/
$module["logger"]["name"]="Logging Class";
$module["logger"]["ver"]="0.2.1";
/*
Already defined by PHP. I'll leave it here for Info
define("LOG_EMERG", 0);
define("LOG_ALERT", 1);
define("LOG_CRIT", 2);
define("LOG_ERR", 3);
define("LOG_WARNING", 4);
define("LOG_INFO", 6);
define("LOG_DEBUG", 7);
*/
class logger {
var $type="file";
var $logfile;
var $level=LOG_ERR;
var $filelink;
function __construct($type="file", $logfile='/logs/logfile.log', $level=LOG_INFO) {
global $core, $config, $db;
$this->type=$type;
$this->logfile=$logfile;
$this->level=$level;
switch($this->type){
case "syslog":
openlog("astatlog", LOG_ODELAY , LOG_USER);
break;
case "SQL":
if(!is_object($db)){
$this->type="file";
$this->filelink=$this->open_file($this->logfile);
}
break;
case "file":
default:
if($this->logfile==""){
$this->logfile='/logs/logfile.log';
}
$this->filelink=$this->open_file($this->logfile);
break;
}
$this->write("File Logging instanziert.", LOG_DEBUG);
}
function __destruct() {
$this->close($this->filelink);
}
function open_file($file){
global $core, $config, $db;
$filelink = fopen($file, "a");
return $filelink;
}
function close(){
if($this->type=="file")
fclose($this->filelink);
}
function write($text,$level=LOG_INFO,$line="",$file=""){
global $db, $config;
if($level<=$this->level){
$timestamp = date("d.m.Y, H:i:s",time());
$date = date("d.m.Y",time());
$time = date("H:i:s",time());
$ip = $_SERVER["REMOTE_ADDR"];
switch ($this->type) {
case "syslog":
syslog($level, '<' . $timestamp . '> '.$text.' IP: ' . $ip .' FILE: '. $file . ' LINE:' . $line);
break;
case "SQL":
$db->query("INSERT INTO ".$config["prefix"] . "logs (date,time,ip,file,line,text) VALUES ('".$date."','".$time."','".$ip."','".$file."','".$line."','".$text."')");
break;
case "file":
default:
$log = "<" . $timestamp . ">;" . $ip . ";" . $file . ";" . $line . ";" . $text . "\r\n";
fwrite($this->filelink, $log);
break;
}
}
}
}
?>

111
inc/mail.class.php Normal file
View file

@ -0,0 +1,111 @@
<?php
$module["mail"]["name"]="Mail Class";
$module["mail"]["ver"]="0.7.2";
class mail {
var $errstr;
var $headers;
var $textbody;
var $htmlbody;
var $attachments;
var $boundary;
var $semi_rand;
// Default constructor, sets up default header and boundary.
function __construct() {
$this->attachments = array();
$this->semi_rand = md5(time());
$this->boundary = '==becast_'.$this->semi_rand ;
$this->headers = array(
'From' => 'BeCast WebEngine Mail Class <noreply@becast.at>',
'MIME-Version' => '1.0',
'Content-Type' => "multipart/mixed; boundary=\"".$this->boundary."\""
);
$this->bodytext("Body");
}
// For debugging purposes you can display the body you are about
// to send.
function get_body() {
$retval = $textbody;
$retval .= $htmlbody;
foreach($this->attachments as $tblck)
$retval .= $tblck;
return $retval;
}
// Convert the values in the header array into the correct format.
function get_header() {
$retval = "";
foreach($this->headers as $key => $value)
$retval .= "$key: $value\n";
return $retval;
}
// Add your own header entry or modify a header.
function set_header($name, $value) {
$this->headers[$name] = $value;
}
// Attach a file to the message.
function attachfile($file, $type = "application/octetstream") {
if(!($fd = fopen($file, "r"))) {
$this->errstr = "Error opening ".$file." for reading.";
return 0;
}
$_buf = fread($fd, filesize($file));
fclose($fd);
$fname = $file;
for($x = strlen($file); $x > 0; $x--)
if($file[$x] == "/")
$fname = substr($file, $x, strlen($file) - $x);
// Convert to base64 becuase mail attachments are not binary safe.
$_buf = chunk_split(base64_encode($_buf));
$this->attachments[$file] = "--" . $this->boundary . "\n";
$this->attachments[$file] .= "Content-Type: ".$type."; name=\"".$fname."\"\n";
$this->attachments[$file] .= "Content-Transfer-Encoding: base64\n";
$this->attachments[$file] .= "Content-Disposition: attachment; " .
"filename=\"".$fname."\"\n\n";
$this->attachments[$file] .= $_buf;
return 1;
}
function bodytext($text) {
$this->textbody = "--" . $this->boundary . "\n";
$this->textbody .= "Content-Type: text/plain; charset=utf-8\n";
$this->textbody .= "Content-Transfer-Encoding: base64\n\n";
$this->textbody .= base64_encode($text);
}
function htmltext($text) {
$this->htmlbody = "\n--" . $this->boundary . "\n";
$this->htmlbody .= "Content-Type: text/html; charset=utf-8\n";
$this->htmlbody .= "Content-Transfer-Encoding: base64\n\n";
$this->htmlbody .= base64_encode($text);
}
function clear_bodytext() { $this->textbody = ""; }
function clear_htmltext() { $this->htmlbody = ""; }
function get_error() { return $this->errstr; }
// Send the headers and body using php's built in mail.
function sendmail($to = "root@localhost", $subject = "kein Betreff") {
if(isset($this->textbody)) $_body .= $this->textbody;
if(isset($this->htmlbody)) $_body .= $this->htmlbody;
foreach($this->attachments as $tblck)
$_body .= $tblck;
$_body .= "\n--$this->boundary--";
mail($to, '=?utf-8?B?'.base64_encode($subject).'?=', $_body, $this->get_header());
}
}
?>

252
inc/panel.class.php Normal file
View file

@ -0,0 +1,252 @@
<?php
/**
* Project: BeCast Webengine - simple site engine
* File: /inc/panel.class.php
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*
* @link http://www.becast.at
* @copyright 2009 becast.at
* @author Bernhard Jaud <bernhard at becast dot at>
* @package BeCast Webengine core
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
* @version $Id: panel.class.php 128 2010-02-21 22:03:37Z genuineparts $
*/
$module["panel"]["name"]="Panel Class";
$module["panel"]["ver"]="0.3.4";
class panel {
var $sidebar="";
var $page="";
var $bodyext="";
var $title="";
var $content="";
var $meta="";
var $form="";
var $foot="";
var $head="";
var $menu_items ="";
function page($additional_title="",$meta=""){
global $config,$db,$core;
return '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<title>'.$config['sitetitle'].'</title>
<link rel="stylesheet" type="text/css" href="admin.css" />
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
'.$this->meta.'
</head>
<body '.$this->bodyext.'>
<div id="container">
'.$this->menu().'
<div id="content">
'.$this->page.'
</div>
<div id="footer">
&copy; 2016 - 2025 Becast.at | mySQL Queries: '.$db->querys().'
<br/>
Powered by
<a href="http://www.becast.at">BeCast WebEngine</a>
'.$core->ver_major.'.'.$core->ver_minor.".".$core->ver_rev.' - '.$core->ver_codename.'
</div>
</div>
'.$this->foot.'
</body>
</html>';
}
function parse_page(){
$this->page.="<h2>".$this->title."</h2>
<p>".$this->content."</p>";
$this->title="";
$this->content="";
echo $this->page();
exit();
}
function menu_item($panel,$text, $img=""){
global $config, $userdata, $userinfo, $session, $meta;
if($panel=="group_only"){
$this->menu_items.="<li><strong>".$text."</strong></li>";
}elseif($panel=="admin_home"){
$this->menu_items.="<li><a href=\"".$config["path"]."/admin/index.php\"><img src=\"".$config["path"]."/admin/images/icons/".$img.".png\" /> ".$text."</a></li>";
}elseif($panel=="page_home"){
$this->menu_items.="<li><a href=\"".$config["path"]."/index.php\"><img src=\"".$config["path"]."/admin/images/icons/".$img.".png\" /> ".$text."</a></li>";
}else{
if($img!=""){
$this->menu_items.="<li><a href=\"".$config["path"]."/admin/index.php?panel=".$panel."\"><img src=\"".$config["path"]."/admin/images/icons/".$img.".png\" /> ".$text."</a></li>";
}else{
$this->menu_items.="<li><a href=\"".$config["path"]."/admin/index.php?panel=".$panel."\">".$text."</a></li>";
}
}
}
function admin_message($title,$message,$redirect=FALSE,$panel="",$time="4"){
global $config,$session,$lang;
$session->page_begin("Admin Message", True);
if($panel!="" && $redirect){
$this->content=$message."<br /><a href=\"".$config["path"]."/admin/index.php?panel=".$panel."\">".$lang->_('CLICKREDIRECT')."</a>";
}elseif($panel!="" && !$redirect){
$this->content=$message."<br /><a href=\"".$config["path"]."/admin/index.php?panel=".$panel."\">".$lang->_('CLICKCONTINUE')."</a>";
}else{
$this->content=$message;
}
if($redirect && $panel!="")
$this->meta.="<meta http-equiv=\"refresh\" content=\"".$time."; URL=".$config["path"]."/admin/index.php?panel=".$panel."\" />";
$this->title=$title;
$this->parse_page();
}
function menu(){
return '<div id="menu">
<ul>'.$this->menu_items.'</ul></div>';
}
function form ($args = array(),$return=FALSE,$extra=""){
$method = $args["method"] ? $args["method"] : 'post';
$action = $args["action"] ? $args["action"] : $_SERVER['PHP_SELF'];
$form = '<form action="' .$action. '" method="' .$method. '"' .$extra. '>';
if(!$return){
$this->content .= $form;
}else{
return $form;
}
}
function formClose ()
{
$form = '</form>';
if(!$return){
$this->content .= $form;
}else{
return $form;
}
}
function button ($text = '', $name='', $extra='', $return=FALSE)
{
$fld = '<input type="button" name="'.$name.'" value="'.$text.'" ' .$extra. ' />';
if(!$return){
$this->content .= $fld;
}else{
return $fld;
}
}
function radio ($args=array(),$extra="",$return=FALSE)
{
$name = $args["name"] ? $args["name"] : 'radiobutton';
$value = $args["value"];
if($value!=""){
$extra .= ' value="'.$value.'"';
}
$fld=$this->radioOrCheck ("radio",$name,$extra,$return);
if($return){
return $fld;
}
}
function checkbox ($args=array(),$extra="",$return=FALSE)
{
$name = $args["name"] ? $args["name"] : 'checkbox';
$value = $args["value"];
if($value!=""){
$extra .= ' value="'.$value.'"';
}
$fld=$this->radioOrCheck ("checkbox",$name,$extra,$return);
if($return){
return $fld;
}
}
/* private */
function radioOrCheck ($type,$name="",$extra="",$return=FALSE)
{
$fld = '<input type="'.$type.'" name="'.$name.'" ' .$extra. ' />';
if(!$return){
$this->content .= $fld;
}else{
return $fld;
}
}
function field ($args=array(),$extra="",$return=FALSE)
{
$typ = $args["typ"] ? $args["typ"] : 'text';
$name = $args["name"] ? $args["name"] : 'textfield';
$value = $args["value"] ? $args["value"] : '';
$fld = '<input type="' .$typ. '" name="' .$name. '" value="' .$value. '"' .$extra. ' />'; // html: form field
if(!$return){
$this->content .= $fld;
}else{
return $fld;
}
}
function submit ($args=array(),$extra="",$return=FALSE)
{
$name = $args["name"] ? $args["name"] : 'submit';
$fld = '<input type="submit" name="'.$name.'" ' .$extra. ' />'; // html: form submit button
if(!$return){
$this->content .= $fld;
}else{
return $fld;
}
}
/*
$args[value] used for default text (as in "field" function)
*/
function textarea ($args = array(),$extra="",$return=FALSE)
{
$name = $args["name"] ? $args["name"] : 'field';
$rows = $args["rows"] ? $args["rows"] : '3';
$cols = $args["cols"] ? $args["cols"] : '30';
$text = $args["value"] ? $args["value"] : '';
$fld = '<textarea name="' .$name. '" rows="' .$rows. '" cols="' .$cols. '"' .$extra. '>' .$text. '</textarea>';
if(!$return){
$this->content .= $fld;
}else{
return $fld;
}
}
/*
$values = array containing values (key = processing value, data = displaying value)
*/
function select ($values=array(),$selected="",$name="",$extra="",$return=FALSE)
{
$fld='<select name="'.$name.'" '.$extra.'>';
foreach($values as $name=>$val){
if($val==$selected){
$fld.='<option value="'.$val.'" selected="selected">'.$name.'</option>';
}else{
$fld.='<option value="'.$val.'">'.$name.'</option>';
}
}
$fld.="</select>";
if(!$return){
$this->content .= $fld;
}else{
return $fld;
}
}
}
?>

99
inc/plugin.class.php Normal file
View file

@ -0,0 +1,99 @@
<?php
/**
* (c) 2025 BeCast
* -------------------------------------
* Filename: plugin.class.php
* Purpose: Plugin Handling
* CVS Header: $Header$
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; version 2 of the License.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston,
* MA 02111-1307 USA
*/
$module["module"]["name"]="Plugin Class";
$module["module"]["ver"]="0.1.1";
class plugins{
var $hooks;
var $current_hook;
var $plugin_=array();
function load_plugins($region='G'){
global $config, $db;
$result = $db->query("SELECT * FROM " . $config["prefix"] . "module");
while ($row = $db->fetch_array($result)){
$this->plugin_[$row["file"]] = $row;
if($row["module"]=""){
//$plugin="$
}else{
}
//include_once();
}
}
function use_hook($name,$function,$order=20,$file="") {
if(is_array($function)){
$fname=serialize($function);
}else{
$fname=$function;
}
if(!empty($this->hooks[$name][$order][$fname]) && is_array($this->hooks[$name][$order][$fname])){
return true;
}
$this->hooks[$name][$order][$fname] = array(
"function" => $function,
"file" => $file
);
return true;
}
function run_hook($name,$variables=array()) {
if(array_key_exists($name,$this->hooks)){
if(!is_array($this->hooks[$name]))
{
return false;
}
$this->current_hook = $name;
ksort($this->hooks[$name]);
foreach($this->hooks[$name] as $priority => $hooks)
{
if(is_array($hooks))
{
foreach($hooks as $hook)
{
if($hook['file'])
{
require_once $hook['file'];
}
if(!is_array($variables))
$variables=array();
$return = call_user_func_array($hook['function'], $variables);
}
}
}
$this->current_hook = '';
return $return;
}
}
}
?>

396
inc/sessions.class.php Normal file
View file

@ -0,0 +1,396 @@
<?php
$module["session"]["name"]="Sessionmanagement Module";
$module["session"]["ver"]="0.9.1";
/**
* Project: astat - simple site engine
* File: /inc/sessions.class.php
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*
* @link http://www.astat.org SVN: $URL: http://svn.astat.org/astat/trunk/inc/sessions.class.php $
* @copyright 2010 becast.at
* @author Bernhard Jaud <bernhard at becast dot at>
* @package astat core
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
* @version $Id: sessions.class.php 129 2010-02-21 22:04:51Z genuineparts $
*/
class session {
var $sid = 0;
var $uid = 0;
var $ip = '';
var $packip = '';
var $userdata = array();
var $useragent = '';
function page_begin($page = "UNDEFINED", $needlogin = TRUE){
global $config, $db, $log, $core, $lang, $plugin, $functions;
$plugin->run_hook('page_begin_start',array('page'=>$page,'needlogin'=>$needlogin));
if($this->userdata['uid']==0 || !$this->userdata['uid']){
$this->ip = $functions->get_ip();
$this->packip = $functions->my_inet_pton($this->ip);
$this->useragent = $_SERVER["HTTP_USER_AGENT"];
//Check if the User has a Cookie
if (isset($_COOKIE[$config["cookiename"] . "_sid"])){
//Retireve Data from Cookie
$sid = $_COOKIE[$config["cookiename"] . "_sid"];
$sid = $db->escape(base64_decode($sid));
$data = $db->fetch_array($db->query("SELECT sid,uid FROM `" . $config["prefix"] . "sessions` WHERE `sid`='".$sid."' AND `ip`=".$db->escape_binary($this->packip)));
if($data['sid']){
$this->sid=$data['sid'];
$this->uid=$data['uid'];
}else{
$this->sid=0;
$this->uid=0;
}
}
//Something's rotten. Still no SID.
if(!$this->sid){
//This is some strange behavior, log it with low priority.
if($config["logging"])
$log->write("SID not set.",5,__LINE__,__FILE__);
$this->sid = 0;
$this->uid = 0;
}
// If there is a Cookie log the user in (if he isn't already)
if (isset($_COOKIE[$config["cookiename"] . "_base"])){
$cookiedata = $_COOKIE[$config["cookiename"] . "_base"];
$cookiedata = explode("_",base64_decode($cookiedata),2);
$this->load_data($cookiedata[0],$cookiedata[1]);
}
if($this->userdata['active']==2){
$additional_message = '';
if($this->userdata['bio']!=""){
$additional_message = '<br />'.$lang->_('REASON').' '.$this->userdata['bio'];
}
//$this->destroy_session($session->sid);
$this->userdata['uid']=0;
$this->setcookie($config['cookiename'] . '_base', 0, time()-3600, $config['path'],$config['domain']);
$core->message($lang->_('BANNED'),$lang->_('YOUHAVEBEENBANNED').$additional_message);
}
// Still no Userdata, its a Guest
if(!isset($this->userdata['uid'])){
if(!empty($this->sid)){
$this->update_session($this->sid);
$this->userdata['uid']=0;
}else{
$this->create_session();
$this->userdata['uid']=0;
}
}
$this->setcookie($config["cookiename"] . "_sid",base64_encode($this->sid),0,"/",$config['domain'],true);
}
$plugin->run_hook('page_begin_end',array('data'=>$this));
if($needlogin != FALSE && $this->userdata["uid"]==0){
header("LOCATION://" . $_SERVER["HTTP_HOST"] . $config['path'] . "/index.php?fail=needlogin");
}
}
//Fetch userdata
function load_data($uid, $loginkey){
global $db,$config, $log, $plugin, $lang;
$plugin->run_hook('load_data_start',array('loginkey'=>$loginkey,'uid'=>$uid, 'data'=>$this));
$result = $db->query("SELECT * FROM `" . $config["prefix"] . "users` u LEFT JOIN `" . $config["prefix"] . "role` r ON r.id=u.role WHERE u.`uid`='" . intval($uid) . "' and u.`loginkey`='" . $db->escape($loginkey) . "' LIMIT 1");
$this->userdata=$db->fetch_array($result);
$result = $db->query("SELECT * FROM `" . $config["prefix"] . "roleset` rs LEFT JOIN `" . $config["prefix"] . "role_values` rv ON rv.id=rs.role_value_id WHERE rs.role_id='".$this->userdata["role"]."'");
while($row=$db->fetch_array($result)){
$this->userdata[$row["name"]]=$row["value"];
}
if(!$this->userdata['uid']){
if($config["logging"])
$log->write("No User found. UID: " .$uid,4,__LINE__,__FILE__);
unset($this->userdata);
$this->uid=0;
return false;
}
if($uid!=$this->userdata['uid'] || $loginkey!=$this->userdata['loginkey']){
if($config["logging"]){
$log->write("HACK ATTEMPT. Cookie Spoof. UID: " .$uid,1,__LINE__,__FILE__);
}
unset($this->userdata);
$this->uid=0;
return false;
}
if($this->userdata['uid']!=0){
if($this->userdata['lastip'] != $this->packip && array_key_exists('lastip', $this->userdata)){
$lastip_add = ", lastip=".$db->escape_binary($this->packip);
}
else
{
$lastip_add = '';
}
$time = time();
if($time - $this->userdata['lastactive'] > 900){
$db->query("UPDATE `" . $config["prefix"] . "users` SET `lastvisit`='" . $this->userdata['lastactive'] . "', `lastactive`='" . $time . "'".$lastip_add." WHERE `uid`='" . $uid . "'");
//$mybb->user['lastvisit'] = $mybb->user['lastactive'];
}
else
{
$timespent = $time - $this->userdata['lastactive'];
$db->query("UPDATE `" . $config["prefix"] . "users` SET `lastactive`='" . $time . "'".$lastip_add." WHERE `uid`='" . $uid . "'");
}
}
if(!empty($this->sid)){
$this->update_session($this->sid, $this->userdata['uid']);
}else{
$this->create_session($this->userdata['uid']);
}
$lang->setlang($this->userdata['lang']);
$plugin->run_hook('load_data_end',array('data'=>$this));
}
function setcookie($name,$data,$validto=0,$path=NULL,$domain=NULL,$httponly=false,$https=true)
{
if($domain!=''){
// Fix the domain to accept domains with and without 'www.'.
if (strtolower( substr($domain, 0, 4) ) == 'www.' ){
$domain = substr($domain, 4);
}else{
$domain = $domain;
}
// Add the dot prefix to ensure compatibility with subdomains
if ( substr($domain, 0, 1) != '.' ){
$domain = '.'.$domain;
}
}
if((isset($_SERVER['HTTPS']) && !empty($_SERVER['HTTPS'])) || $https){
$https = true;
}
$arr_cookie_options = array (
'expires' => $validto,
'path' => $path,
'domain' => $domain, // leading dot for compatibility or use subdomain
'secure' => $https, // or false
'httponly' => $httponly, // or false
'samesite' => 'Strict' // None || Lax || Strict
);
setcookie($name, $data, $arr_cookie_options);
}
function update_session($sid, $uid=''){
global $db,$config, $plugin, $lang;
$plugin->run_hook('update_session_start', array('sid'=>$sid,'uid'=>$uid, 'data'=>$this));
if($uid){
$sessiondata['uid'] = $uid;
$db->query("UPDATE `" . $config["prefix"] . "users` SET `lastvisit`='".time()."' WHERE `uid`='".$uid."'");
}else{
$sessiondata['uid'] = 0;
$lang->setlang($config['lang']);
}
$sid = $db->escape($sid);
$db->query("UPDATE `" . $config["prefix"] . "sessions` SET `uid`='".$sessiondata['uid']."',`time`='".time()."',`ip`=".$db->escape_binary($this->packip).", `useragent`='".$db->escape($this->useragent)."' WHERE `sid`='".$sid."'");
$timeout=time()-1800;
$db->query("DELETE FROM `" . $config["prefix"] . "sessions` WHERE `time`<='".$timeout."'");
$plugin->run_hook('update_session_end');
}
function create_session($uid=0){
global $db,$config, $plugin, $lang, $functions;
$plugin->run_hook('create_session_start', array('uid'=>$uid, 'data'=>$this));
if($uid > 0){
$db->query("DELETE FROM `" . $config["prefix"] . "sessions` WHERE `uid`='".intval($uid)."'");
$sessiondata['uid'] = $uid;
}else{
$db->query("DELETE FROM `" . $config["prefix"] . "sessions` WHERE `ip`=".$db->escape_binary($this->packip));
$sessiondata['uid'] = 0;
$lang->setlang($config['lang']);
}
$sessiondata['sid'] = md5($functions->random_str(50));
$db->query("INSERT INTO `" . $config["prefix"] . "sessions` (`sid`,`uid`,`time`,`useragent`,`ip`) VALUES ('".$sessiondata['sid']."','".$sessiondata['uid']."','".time()."','".$db->escape($this->useragent)."',".$db->escape_binary($this->packip).")");
$db->query("UPDATE `" . $config["prefix"] . "users` SET `lastvisit`='".time()."' WHERE `uid`='".$uid."'");
$this->sid = $sessiondata['sid'];
$this->uid = $sessiondata['uid'];
$plugin->run_hook('create_session_end');
}
function destroy_session($sid)
{
global $db,$config, $plugin;
$plugin->run_hook('destroy_session_start', array('data'=>$this));
if($sid !=""){
$db->query("DELETE FROM `" . $config["prefix"] . "sessions` WHERE `sid`='".$db->escape($sid)."'");
}else{
$db->query("DELETE FROM `" . $config["prefix"] . "sessions` WHERE `ip`=".$db->escape_binary($this->packip));
}
unset($this->userdata);
$this->setcookie($config["cookiename"] . '_sid','',-3600,'/',true);
$this->sid = 0;
$this->uid = 0;
$plugin->run_hook('destroy_session_end');
}
function check_login($username='',$password='',$openid='')
{
global $db,$config, $plugin, $lang, $core;
$plugin->run_hook('check_login_start', array('data'=>$this));
if($username!='' && $password!=''){
$username = $db->escape($username);
$result = $db->query("SELECT `uid`,`salt` FROM `" . $config['prefix'] . "users` WHERE `username` LIKE '".$username."' AND `active`>'0' LIMIT 1");
if ($db->num_rows ($result) > 0){
// There is a user
$data=$db->fetch_array($result);
}else{
return false;
}
$pass = hash('sha256',$db->escape($data['salt'].$password));
$result = $db->query("SELECT `uid`,`loginkey`,`active`,`bio` FROM `" . $config['prefix'] . "users` WHERE `username` LIKE '".$username."' AND `password`='".$pass."' AND `active`>'0' LIMIT 1");
if ($db->num_rows ($result) > 0){
// There is a user
$data=$db->fetch_array($result);
}else{
return false;
}
if($data['active']==2){
$additional_message = '';
if($data['bio']!=""){
$additional_message = '<br />'.$lang->_('REASON').' '.$data['bio'];
}
unset($data);
$this->setcookie($config['cookiename'] . '_base', 0, time()-3600, $config['path'],$config['domain']);
$core->message($lang->_('BANNED'),$lang->_('YOUHAVEBEENBANNED').$additional_message);
return 'BANNED';
}
$uid = $data['uid'];
$key = $data['loginkey'];
$this->login($uid,$key);
return $uid;
}elseif($openid!=''){
$identity=$db->escape($openid);
$result = $db->query("SELECT `uid`,`loginkey` FROM `" . $config['prefix'] . "users` WHERE `openid_identity` = '".$identity."' AND `active`='1' LIMIT 1");
if ($db->num_rows ($result) > 0){
// There is a user
$data=$db->fetch_array($result);
}else{
return false;
}
$uid = $data['uid'];
$key = $data['loginkey'];
$this->login($uid,$key);
return $uid;
}else{
return false;
}
}
function login($uid,$key)
{
global $db,$config, $plugin;
$plugin->run_hook('logon_start', array('data'=>$this));
$cookiedata['uid'] = $uid;
$cookiedata['loginkey'] = $key;
$cookiedata = base64_encode($cookiedata['uid'] .'_'. $cookiedata['loginkey']);
if(isset($_POST['remember']) && $_POST['remember']){
$this->setcookie($config['cookiename'] . '_base', $cookiedata, time() + 60 * 60 * 24 * 365, $config['path'],$config['domain'],true);
}else{
$this->setcookie($config['cookiename'] . '_base', $cookiedata, 0, $config['path'],$config['domain'],true);
}
$this->create_session($uid);
$plugin->run_hook('logon_end');
}
function get_users_with_right($right, $value)
{
global $db,$config;
$result = $db->query("SELECT u.* FROM `" . $config["prefix"] . "users` u LEFT JOIN `" . $config["prefix"] . "role` r ON u.`role`=r.`id` LEFT JOIN `" . $config["prefix"] . "roleset` rs ON rs.`role_id`=r.`id` LEFT JOIN `" . $config["prefix"] . "role_values` rv ON rv.`id`=rs.`role_value_id` WHERE rv.`name`='".$db->escape($right)."' AND rs.`value`='".$db->escape($value)."'");
while($row=$db->fetch_array($result)){
$return[]=$row;
}
return $return;
}
function generate_Key($length=8){
$dummy = array_merge(range('0', '9'), range('a', 'z'), range('A', 'Z'));
mt_srand((double)microtime()*1000000);
for ($i = 1; $i <= (count($dummy)*2); $i++){
$swap = mt_rand(0,count($dummy)-1);
$tmp = $dummy[$swap];
$dummy[$swap] = $dummy[0];
$dummy[0] = $tmp;
}
return substr(implode('',$dummy),0,$length);
}
function sanitize_username($username){
global $config;
$username = trim($username);
$username = preg_replace('/[\x00-\x1F\x80-\xFF]/', '', $username);
$username = str_replace(array(chr(160), chr(173), chr(0xCA), chr(8238), chr(8237), chr(8203),"]","[","/","\\"), array("", "-", "", "", "", "","","","",""), $username);
// Remove multiple spaces from the username
$username = preg_replace("#\s{2,}#", "", $username);
return $username;
}
function verify_username($username){
global $config;
// Check if the username is not empty.
if($username == '')
{
return "Username empty.";
}
// Check if the username belongs to the list of banned usernames.
$banned=explode("\n",$config['banned_usernames']);
if(is_array($banned)){
foreach($banned as $banned_username){
$banned_username = str_replace('*', '(.*)', trim($banned_username));
if(preg_match("#\b{$banned_username}\b#i", $username)){
return "Forbidden Username:".$banned_username;
}
}
}
// Check for certain characters in username (<, >, &, commas and slashes)
if(strpos($username, ".") !== false || strpos($username, ":") !== false || strpos($username, " ") !== false || strpos($username, "<") !== false || strpos($username, ">") !== false || strpos($username, "&") !== false || strpos($username, ")") !== false || strpos($username, "(") !== false || strpos($username, "\\") !== false || strpos($username, ";") !== false || strpos($username, ",") !== false || strpos($username, "~") !== false)
{
return "Forbidden Chars in Username";
}
// Check if the username is of the correct length.
if(($config['maxnamelength'] != 0 && strlen($username) > $config['maxnamelength']) || ($config['minnamelength'] != 0 && strlen($username) < $config['minnamelength']))
{
return sprintf('The username must be %s Chars minimum and can be %s Chars long at max.',$config['minnamelength'],$config['maxnamelength']);
}
return true;
}
}
?>