<?php

require_once('inc/db_connect.php');
require_once('inc/debug.php');

function config($key)
{
  global $config;

  if ($key == 'modules' && isset($_SESSION['restrict_modules']))
  {
    $modules = array();
    foreach ($config['modules'] as $mod)
    {
      if (in_array($mod, $_SESSION['restrict_modules']))
        $modules[] = $mod;
    }
    return $modules;
  }

  if (array_key_exists($key, $config))
    return $config[$key];
  
  /* read configuration from database */
  $options = db_query( "SELECT `key`, value FROM misc.config" );
  
  while( $object = mysql_fetch_assoc( $options ) ) {
	  $config[$object['key']]=$object['value'];
  }
  // Sonst wird das Passwort des webadmin-Users mit ausgegeben
  $debug_config = $config;
  unset($debug_config['db_pass']);
  DEBUG($debug_config);
  if (array_key_exists($key, $config))
    return $config[$key];
  else
    logger(LOG_ERR, "inc/base", "config", "Request to read nonexistant config option »{$key}«.");
    return NULL;
}

function get_server_by_id($id) {
  $id = (int) $id;
  $result = mysql_fetch_assoc(db_query("SELECT hostname FROM system.servers WHERE id='{$id}'"));
  return $result['hostname'];
}


function redirect($target)
{
  global $debugmode;
  if (! $debugmode)
    header("Location: {$target}");
  die();
}


function my_server_id()
{
  $uid = (int) $_SESSION['userinfo']['uid'];
  $result = db_query("SELECT server FROM system.useraccounts WHERE uid={$uid}");
  $r = mysql_fetch_assoc($result);
  DEBUG($r);
  return $r['server'];
}


function additional_servers()
{
  $uid = (int) $_SESSION['userinfo']['uid'];
  $result = db_query("SELECT server FROM system.user_server WHERE uid={$uid}");
  $servers = array();
  while ($s = mysql_fetch_assoc($result))
    $servers[] = $s['server'];
  DEBUG($servers);
  return $servers;
}


function server_names()
{
  $result = db_query("SELECT id, hostname FROM system.servers");
  $servers = array();
  while ($s = mysql_fetch_assoc($result))
    $servers[$s['id']] = $s['hostname'];
  DEBUG($servers);
  return $servers;
}


function db_query($query)
{
  DEBUG($query);
  $result = @mysql_query($query);
  if (mysql_error())
  {
    $error = mysql_error();
    logger(LOG_ERR, "inc/base", "dberror", "mysql error: {$error}");
    system_failure('Interner Datenbankfehler: »'.iconv('ISO-8859-1', 'UTF-8', $error).'«.');
  }
  $count = @mysql_num_rows($result);
  if (! $count)
    $count = 'no';
  DEBUG("=> {$count} rows");
  return $result; 
}



function maybe_null($value)
{
  if ($value == NULL)
    return 'NULL';

  if (strlen( (string) $value ) > 0)
    return "'".mysql_real_escape_string($value)."'";
  else
    return 'NULL';
}

#define('LOG_ERR', 3);
#define('LOG_WARNING', 4);
#define('LOG_INFO', 6);

function logger($severity, $scriptname, $scope, $message)
{
  if (config('logging') <= $severity)
    return;

  $user = 'NULL';
  if ($_SESSION['role'] & ROLE_SYSTEMUSER)
    $user = "'{$_SESSION['userinfo']['username']}'";
  elseif ($_SESSION['role'] & ROLE_CUSTOMER)
    $user = "'{$_SESSION['customerinfo']['customerno']}'";
  
  $remote = mysql_real_escape_string($_SERVER['REMOTE_ADDR']);

  $scriptname = mysql_real_escape_string($scriptname);
  $scope = mysql_real_escape_string($scope);
  $message = mysql_real_escape_string($message);

  db_query("INSERT INTO misc.scriptlog (remote, user,scriptname,scope,message) VALUES ('{$remote}', {$user}, '{$scriptname}', '{$scope}', '{$message}');");
}

function html_header($arg)
{
  global $html_header;
  $html_header .= $arg;
}

function title($arg)
{
  global $title;
  $title = $arg;
}

function headline($arg)
{
  global $headline;
  $headline = $arg;
}

function output($arg)
{
  global $output;
  $output .= $arg;
}


function random_string($nc, $a='abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789') {
    $l=strlen($a)-1; $r='';
    while($nc-->0) $r.=$a{mt_rand(0,$l)};
    return $r;
 }


function are_you_sure($query_string, $question)
{
  $query_string = encode_querystring($query_string);
  $token = random_string(20);
  $_SESSION['are_you_sure_token'] = $token;
  title('Sicherheitsabfrage');
  output("
    <form action=\"{$query_string}\" method=\"post\">
    <div class=\"confirmation\">
      <div class=\"question\">{$question}</div>
      <p class=\"buttons\">
        <input type=\"hidden\" name=\"random_token\" value=\"{$token}\" />
        <input type=\"submit\" name=\"really\" value=\"Ja\" />
        &#160; &#160;
        <input type=\"submit\" name=\"not_really\" value=\"Nein\" />
      </p>
    </div>");
  output("</form>\n");
}


function user_is_sure()
{
  if (isset($_POST['really']))
  {
    if ($_POST['random_token'] == $_SESSION['are_you_sure_token'])
      return true;
    else
      system_failure("Possible Cross-site-request-forgery detected!");
  }
  elseif (isset($_POST['not_really']))
    return false;
  else
    return NULL;
}



function generate_form_token($form_id)
{
  require_once("inc/debug.php");
  $sessid = session_id();
  if ($sessid == "") 
  {
    DEBUG("Uh? Session not running? Wtf?");
    system_failure("Internal error!");
  }
  if (! isset($_SESSION['session_token']))
    $_SESSION['session_token'] = random_string(10);
  return hash('sha256', $sessid.$form_id.$_SESSION['session_token']);
}


function check_form_token($form_id, $formtoken = NULL)
{
  if ($formtoken == NULL)
    $formtoken = $_POST['formtoken'];
  $sessid = session_id();
  if ($sessid == "") 
  {
    DEBUG("Uh? Session not running? Wtf?");
    system_failure("Internal error! (Session not running)");
  }

  $correct_formtoken = hash('sha256', $sessid.$form_id.$_SESSION['session_token']);

  if (! ($formtoken == $correct_formtoken))
    system_failure("Possible cross-site-request-forgery!");
}


function have_module($modname)
{
  return in_array($modname, config('modules'));
}


function encode_querystring($querystring)
{
  global $debugmode;
  if ($debugmode)
    $querystring = 'debug&'.$querystring;
  DEBUG($querystring);
  $query = explode('&', $querystring);
  $new_query = array();
  foreach ($query AS $item)
    if ($item != '')
    {
      $split = explode('=', $item, 2);
      if (count($split) == 1)
        $new_query[] = $split[0];
      else
        $new_query[] = $split[0].'='.urlencode($split[1]);
    }
  $querystring = implode('&amp;', $new_query);
  if ($querystring)
    $querystring = '?'.$querystring;
  DEBUG($querystring);
  return $querystring;
}


function addnew($file, $label, $querystring = '')
{
  output('<p class="addnew">'.internal_link($file, $label, $querystring).'</p>');
}


function internal_link($file, $label, $querystring = '', $attribs = '')
{
  global $prefix;
  if (strpos($file, '/') === 0)
  {
    $file = $prefix.substr($file, 1);
  }
  $querystring = encode_querystring($querystring);
  return "<a href=\"{$file}{$querystring}\" {$attribs} >{$label}</a>";
}


function html_form($form_id, $scriptname, $querystring, $content)
{
  $querystring = encode_querystring($querystring);
  $ret = '';
  $ret .= '<form action="'.$scriptname.$querystring.'" method="post">'."\n";
  $ret .= '<p style="display: none;"><input type="hidden" name="formtoken" value="'.generate_form_token($form_id).'" /></p>'."\n";
  $ret .= $content;
  $ret .= '</form>';
  return $ret;  
}


function html_select($name, $options, $default='', $free='')
{
  require_once('inc/security.php');
  $ret = "<select name=\"{$name}\" id=\"{$name}\" size=\"1\" {$free} >\n";
  foreach ($options as $key => $value)
  {
    $selected = '';
    if ($default == $key)
      $selected = ' selected="selected" ';
    $key = filter_input_general($key);
    $value = filter_input_general($value);
    $ret .= "  <option value=\"{$key}\"{$selected}>{$value}</option>\n";
  }
  $ret .= '</select>';
  return $ret;
}



?>