... | ... |
@@ -8,7 +8,7 @@ Written 2008-2018 by schokokeks.org Hosting, namely |
8 | 8 |
|
9 | 9 |
To the extent possible under law, the author(s) have dedicated all copyright and related and neighboring rights to this software to the public domain worldwide. This software is distributed without any warranty. |
10 | 10 |
|
11 |
-You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see |
|
11 |
+You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see |
|
12 | 12 |
http://creativecommons.org/publicdomain/zero/1.0/ |
13 | 13 |
|
14 | 14 |
Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code. |
... | ... |
@@ -37,111 +37,106 @@ DEBUG($_SERVER); |
37 | 37 |
|
38 | 38 |
$redirect = ""; |
39 | 39 |
if (! isset($_SERVER['SSL_CLIENT_CERT']) && isset($_SERVER['REDIRECT_SSL_CLIENT_CERT'])) { |
40 |
- $redirect = "REDIRECT_"; |
|
40 |
+ $redirect = "REDIRECT_"; |
|
41 | 41 |
} |
42 | 42 |
|
43 |
-if ($_SESSION['role'] != ROLE_ANONYMOUS && isset($_REQUEST['record']) && isset($_REQUEST['backto']) && check_path($_REQUEST['backto'])) |
|
44 |
-{ |
|
45 |
- DEBUG('recording client-cert'); |
|
46 |
- if (isset($_SERVER[$redirect.'SSL_CLIENT_CERT']) && isset($_SERVER[$redirect.'SSL_CLIENT_S_DN']) && |
|
43 |
+if ($_SESSION['role'] != ROLE_ANONYMOUS && isset($_REQUEST['record']) && isset($_REQUEST['backto']) && check_path($_REQUEST['backto'])) { |
|
44 |
+ DEBUG('recording client-cert'); |
|
45 |
+ if (isset($_SERVER[$redirect.'SSL_CLIENT_CERT']) && isset($_SERVER[$redirect.'SSL_CLIENT_S_DN']) && |
|
47 | 46 |
isset($_SERVER[$redirect.'SSL_CLIENT_I_DN']) && isset($_SERVER[$redirect.'SSL_CLIENT_M_SERIAL']) && |
48 | 47 |
isset($_SERVER[$redirect.'SSL_CLIENT_V_START']) && isset($_SERVER[$redirect.'SSL_CLIENT_V_END']) |
49 |
- ) |
|
50 |
- { |
|
51 |
- $_SESSION['clientcert_cert'] = $_SERVER[$redirect.'SSL_CLIENT_CERT']; |
|
52 |
- $_SESSION['clientcert_dn'] = $_SERVER[$redirect.'SSL_CLIENT_S_DN']; |
|
53 |
- $_SESSION['clientcert_issuer'] = $_SERVER[$redirect.'SSL_CLIENT_I_DN']; |
|
54 |
- $_SESSION['clientcert_serial'] = $_SERVER[$redirect.'SSL_CLIENT_M_SERIAL']; |
|
55 |
- $vstart = new DateTime($_SERVER[$redirect.'SSL_CLIENT_V_START']); |
|
56 |
- $_SESSION['clientcert_valid_from'] = date_format($vstart, 'Y-m-d'); |
|
57 |
- $vend = new DateTime($_SERVER[$redirect.'SSL_CLIENT_V_END']); |
|
58 |
- $_SESSION['clientcert_valid_until'] = date_format($vend, 'Y-m-d'); |
|
59 |
- header('Location: '.$prefix.$_REQUEST['backto'].encode_querystring('')); |
|
60 |
- die(); |
|
61 |
- } |
|
62 |
- else |
|
63 |
- { |
|
64 |
- warning('Ihr Browser hat kein Client-Zertifikat gesendet'); |
|
65 |
- header('Location: '.$prefix.$_REQUEST['backto'].encode_querystring('')); |
|
66 |
- die(); |
|
67 |
- } |
|
68 |
-} |
|
69 |
-elseif (isset($_REQUEST['type']) && isset($_REQUEST['username'])) { |
|
70 |
- if (!isset($_SERVER[$redirect.'SSL_CLIENT_CERT'])) |
|
71 |
- system_failure('Ihr Browser hat kein Client-Zertifikat gesendet'); |
|
48 |
+ ) { |
|
49 |
+ $_SESSION['clientcert_cert'] = $_SERVER[$redirect.'SSL_CLIENT_CERT']; |
|
50 |
+ $_SESSION['clientcert_dn'] = $_SERVER[$redirect.'SSL_CLIENT_S_DN']; |
|
51 |
+ $_SESSION['clientcert_issuer'] = $_SERVER[$redirect.'SSL_CLIENT_I_DN']; |
|
52 |
+ $_SESSION['clientcert_serial'] = $_SERVER[$redirect.'SSL_CLIENT_M_SERIAL']; |
|
53 |
+ $vstart = new DateTime($_SERVER[$redirect.'SSL_CLIENT_V_START']); |
|
54 |
+ $_SESSION['clientcert_valid_from'] = date_format($vstart, 'Y-m-d'); |
|
55 |
+ $vend = new DateTime($_SERVER[$redirect.'SSL_CLIENT_V_END']); |
|
56 |
+ $_SESSION['clientcert_valid_until'] = date_format($vend, 'Y-m-d'); |
|
57 |
+ header('Location: '.$prefix.$_REQUEST['backto'].encode_querystring('')); |
|
58 |
+ die(); |
|
59 |
+ } else { |
|
60 |
+ warning('Ihr Browser hat kein Client-Zertifikat gesendet'); |
|
61 |
+ header('Location: '.$prefix.$_REQUEST['backto'].encode_querystring('')); |
|
62 |
+ die(); |
|
63 |
+ } |
|
64 |
+} elseif (isset($_REQUEST['type']) && isset($_REQUEST['username'])) { |
|
65 |
+ if (!isset($_SERVER[$redirect.'SSL_CLIENT_CERT'])) { |
|
66 |
+ system_failure('Ihr Browser hat kein Client-Zertifikat gesendet'); |
|
67 |
+ } |
|
72 | 68 |
|
73 |
- $ret = get_logins_by_cert($_SERVER[$redirect.'SSL_CLIENT_CERT']); |
|
74 |
- DEBUG($ret); |
|
75 |
- foreach ($ret as $account) { |
|
76 |
- DEBUG('/'.$account['type'].'/'.$_REQUEST['type'].'/ /'.$account['username'].'/'.$_REQUEST['username'].'/ =>'); |
|
77 |
- if (($account['type'] == urldecode($_REQUEST['type'])) && ($account['username'] == urldecode($_REQUEST['username']))) { |
|
78 |
- $uid = $account['username']; |
|
79 |
- $role = find_role($uid, '', True); |
|
80 |
- setup_session($role, $uid); |
|
81 |
- $destination = 'go/index/index'; |
|
82 |
- if (check_path($account['startpage'])) |
|
83 |
- $destination = $account['startpage']; |
|
84 |
- if (isset($_REQUEST['destination']) && check_path($_REQUEST['destination'])) |
|
85 |
- $destination = $_REQUEST['destination']; |
|
86 |
- header('Location: ../'.$destination); |
|
87 |
- die(); |
|
69 |
+ $ret = get_logins_by_cert($_SERVER[$redirect.'SSL_CLIENT_CERT']); |
|
70 |
+ DEBUG($ret); |
|
71 |
+ foreach ($ret as $account) { |
|
72 |
+ DEBUG('/'.$account['type'].'/'.$_REQUEST['type'].'/ /'.$account['username'].'/'.$_REQUEST['username'].'/ =>'); |
|
73 |
+ if (($account['type'] == urldecode($_REQUEST['type'])) && ($account['username'] == urldecode($_REQUEST['username']))) { |
|
74 |
+ $uid = $account['username']; |
|
75 |
+ $role = find_role($uid, '', true); |
|
76 |
+ setup_session($role, $uid); |
|
77 |
+ $destination = 'go/index/index'; |
|
78 |
+ if (check_path($account['startpage'])) { |
|
79 |
+ $destination = $account['startpage']; |
|
80 |
+ } |
|
81 |
+ if (isset($_REQUEST['destination']) && check_path($_REQUEST['destination'])) { |
|
82 |
+ $destination = $_REQUEST['destination']; |
|
83 |
+ } |
|
84 |
+ header('Location: ../'.$destination); |
|
85 |
+ die(); |
|
86 |
+ } |
|
88 | 87 |
} |
89 |
- } |
|
90 |
- system_failure('Der angegebene Account kann mit diesem Client-Zertifikat nicht eingeloggt werden.'); |
|
91 |
-} |
|
92 |
-elseif ($_SESSION['role'] != ROLE_ANONYMOUS && $_REQUEST['destination'] != '') { |
|
93 |
- # User hat sich grade eingeloggt |
|
94 |
- header('Location: ../'.$destination); |
|
95 |
-} |
|
96 |
-else |
|
97 |
-{ |
|
98 |
- if (isset($_SERVER[$redirect.'SSL_CLIENT_CERT']) && |
|
99 |
- isset($_SERVER[$redirect.'SSL_CLIENT_S_DN']) && $_SERVER[$redirect.'SSL_CLIENT_S_DN'] != '' && |
|
88 |
+ system_failure('Der angegebene Account kann mit diesem Client-Zertifikat nicht eingeloggt werden.'); |
|
89 |
+} elseif ($_SESSION['role'] != ROLE_ANONYMOUS && $_REQUEST['destination'] != '') { |
|
90 |
+ # User hat sich grade eingeloggt |
|
91 |
+ header('Location: ../'.$destination); |
|
92 |
+} else { |
|
93 |
+ if (isset($_SERVER[$redirect.'SSL_CLIENT_CERT']) && |
|
94 |
+ isset($_SERVER[$redirect.'SSL_CLIENT_S_DN']) && $_SERVER[$redirect.'SSL_CLIENT_S_DN'] != '' && |
|
100 | 95 |
isset($_SERVER[$redirect.'SSL_CLIENT_I_DN']) && $_SERVER[$redirect.'SSL_CLIENT_I_DN'] != '' && |
101 | 96 |
isset($_SERVER[$redirect.'SSL_CLIENT_M_SERIAL']) && $_SERVER[$redirect.'SSL_CLIENT_M_SERIAL'] != '') { |
102 |
- $ret = get_logins_by_cert($_SERVER[$redirect.'SSL_CLIENT_CERT']); |
|
103 |
- if ($ret === NULL) { |
|
104 |
- login_screen('Ihr Browser hat ein Client-Zertifikat gesendet, dieses ist aber noch nicht für den Zugang hinterlegt. Melden Sie sich bitte per Benutzername und Passwort an.'); |
|
105 |
- } |
|
106 |
- if (count($ret) == 1) { |
|
107 |
- $uid = $ret[0]['username']; |
|
108 |
- $role = find_role($uid, '', True); |
|
109 |
- setup_session($role, $uid); |
|
110 |
- DEBUG("Set Cookie!"); |
|
111 |
- setcookie('CLIENTCERT_AUTOLOGIN', '1', strtotime("+ 1 year"), '/', '', true, true); |
|
112 |
- $destination = 'go/index/index'; |
|
113 |
- if (check_path($ret[0]['startpage'])) |
|
114 |
- $destination = $ret[0]['startpage']; |
|
115 |
- if (isset($_REQUEST['destination']) && check_path($_REQUEST['destination'])) |
|
116 |
- $destination = $_REQUEST['destination']; |
|
117 |
- header('Location: ../'.$destination); |
|
118 |
- die(); |
|
119 |
- } |
|
120 |
- output('<p>Ihr Browser hat ein gültiges SSL-Client-Zertifikat gesendet, mit dem Sie sich auf dieser Seite einloggen können. Allerdings haben Sie dieses Client-Zertifikat für mehrere Zugänge hinterlegt. Wählen Sie bitte den Zugang aus, mit dem Sie sich anmelden möchten.</p> |
|
97 |
+ $ret = get_logins_by_cert($_SERVER[$redirect.'SSL_CLIENT_CERT']); |
|
98 |
+ if ($ret === null) { |
|
99 |
+ login_screen('Ihr Browser hat ein Client-Zertifikat gesendet, dieses ist aber noch nicht für den Zugang hinterlegt. Melden Sie sich bitte per Benutzername und Passwort an.'); |
|
100 |
+ } |
|
101 |
+ if (count($ret) == 1) { |
|
102 |
+ $uid = $ret[0]['username']; |
|
103 |
+ $role = find_role($uid, '', true); |
|
104 |
+ setup_session($role, $uid); |
|
105 |
+ DEBUG("Set Cookie!"); |
|
106 |
+ setcookie('CLIENTCERT_AUTOLOGIN', '1', strtotime("+ 1 year"), '/', '', true, true); |
|
107 |
+ $destination = 'go/index/index'; |
|
108 |
+ if (check_path($ret[0]['startpage'])) { |
|
109 |
+ $destination = $ret[0]['startpage']; |
|
110 |
+ } |
|
111 |
+ if (isset($_REQUEST['destination']) && check_path($_REQUEST['destination'])) { |
|
112 |
+ $destination = $_REQUEST['destination']; |
|
113 |
+ } |
|
114 |
+ header('Location: ../'.$destination); |
|
115 |
+ die(); |
|
116 |
+ } |
|
117 |
+ output('<p>Ihr Browser hat ein gültiges SSL-Client-Zertifikat gesendet, mit dem Sie sich auf dieser Seite einloggen können. Allerdings haben Sie dieses Client-Zertifikat für mehrere Zugänge hinterlegt. Wählen Sie bitte den Zugang aus, mit dem Sie sich anmelden möchten.</p> |
|
121 | 118 |
<ul>'); |
122 |
- foreach ($ret as $account) { |
|
123 |
- $type = 'System-Account'; |
|
124 |
- if ($account['type'] == 'email') { |
|
125 |
- $type = 'E-Mail-Konto'; |
|
126 |
- } |
|
127 |
- elseif ($account['type'] == 'subuser') { |
|
128 |
- $type = 'Unter-Nutzer'; |
|
129 |
- } |
|
130 |
- elseif ($account['type'] == 'customer') { |
|
131 |
- $type = 'Kundenaccount'; |
|
132 |
- } |
|
133 |
- $destination = 'go/index/index'; |
|
134 |
- if ($account['startpage'] && check_path($account['startpage'])) |
|
135 |
- $destination = $account['startpage']; |
|
136 |
- output('<li>'.internal_link('', $type.': <strong>'.$account['username'].'</strong>', 'type='.$account['type'].'&username='.urlencode($account['username']).'&destination='.urlencode($destination)).'</li>'); |
|
119 |
+ foreach ($ret as $account) { |
|
120 |
+ $type = 'System-Account'; |
|
121 |
+ if ($account['type'] == 'email') { |
|
122 |
+ $type = 'E-Mail-Konto'; |
|
123 |
+ } elseif ($account['type'] == 'subuser') { |
|
124 |
+ $type = 'Unter-Nutzer'; |
|
125 |
+ } elseif ($account['type'] == 'customer') { |
|
126 |
+ $type = 'Kundenaccount'; |
|
127 |
+ } |
|
128 |
+ $destination = 'go/index/index'; |
|
129 |
+ if ($account['startpage'] && check_path($account['startpage'])) { |
|
130 |
+ $destination = $account['startpage']; |
|
131 |
+ } |
|
132 |
+ output('<li>'.internal_link('', $type.': <strong>'.$account['username'].'</strong>', 'type='.$account['type'].'&username='.urlencode($account['username']).'&destination='.urlencode($destination)).'</li>'); |
|
133 |
+ } |
|
134 |
+ output('</ul>'); |
|
135 |
+ } else { |
|
136 |
+ warning('Ihr Browser hat kein Client-Zertifikat gesendet. Eventuell müssen Sie in den Einstellungen des Browsers diese Funktion einschalten.'); |
|
137 |
+ redirect('/'); |
|
138 |
+ die(); |
|
137 | 139 |
} |
138 |
- output('</ul>'); |
|
139 |
- } else { |
|
140 |
- warning('Ihr Browser hat kein Client-Zertifikat gesendet. Eventuell müssen Sie in den Einstellungen des Browsers diese Funktion einschalten.'); |
|
141 |
- redirect('/'); |
|
142 |
- die(); |
|
143 |
- } |
|
144 | 140 |
} |
145 | 141 |
|
146 | 142 |
show_page('certlogin'); |
147 |
-?> |
... | ... |
@@ -8,7 +8,7 @@ Written 2008-2018 by schokokeks.org Hosting, namely |
8 | 8 |
|
9 | 9 |
To the extent possible under law, the author(s) have dedicated all copyright and related and neighboring rights to this software to the public domain worldwide. This software is distributed without any warranty. |
10 | 10 |
|
11 |
-You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see |
|
11 |
+You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see |
|
12 | 12 |
http://creativecommons.org/publicdomain/zero/1.0/ |
13 | 13 |
|
14 | 14 |
Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code. |
... | ... |
@@ -19,126 +19,127 @@ require_once('inc/error.php'); |
19 | 19 |
require_once('inc/debug.php'); |
20 | 20 |
|
21 | 21 |
|
22 |
-class DB extends PDO { |
|
23 |
- function __construct() { |
|
24 |
- $dsn = "mysql:host=".config('db_host', true); |
|
25 |
- if (config('db_port', true)) { |
|
26 |
- $dsn .= ';port='.config('db_port', true); |
|
27 |
- } |
|
28 |
- if (config('db_socket', true)) { |
|
29 |
- $dsn = "mysql:unix_socket=".config('db_socket', true); |
|
30 |
- } |
|
31 |
- $username = config('db_user', true); |
|
32 |
- $password = config('db_pass', true); |
|
33 |
- parent::__construct($dsn, $username, $password, array(PDO::ATTR_TIMEOUT => "30")); |
|
34 |
- } |
|
35 |
- |
|
36 |
- |
|
37 |
- /* |
|
38 |
- Wenn Parameter übergeben werden, werden Queries immer als Prepared statements übertragen |
|
39 |
- */ |
|
40 |
- function query($stmt, $params = NULL) { |
|
41 |
- if (is_array($params)) { |
|
42 |
- if (config("enable_debug")) { |
|
43 |
- foreach (array_values($params) as $p) { |
|
44 |
- if ($p === '') { |
|
45 |
- DEBUG("Potential bug, empty string found in database parameters"); |
|
46 |
- warning("Potential bug, empty string found in database parameters"); |
|
47 |
- } |
|
22 |
+class DB extends PDO |
|
23 |
+{ |
|
24 |
+ public function __construct() |
|
25 |
+ { |
|
26 |
+ $dsn = "mysql:host=".config('db_host', true); |
|
27 |
+ if (config('db_port', true)) { |
|
28 |
+ $dsn .= ';port='.config('db_port', true); |
|
48 | 29 |
} |
49 |
- } |
|
50 |
- $response = parent::prepare($stmt); |
|
51 |
- $response->execute($params); |
|
52 |
- return $response; |
|
53 |
- } else { |
|
54 |
- if (strtoupper(substr($stmt, 0, 6)) == "INSERT" || |
|
30 |
+ if (config('db_socket', true)) { |
|
31 |
+ $dsn = "mysql:unix_socket=".config('db_socket', true); |
|
32 |
+ } |
|
33 |
+ $username = config('db_user', true); |
|
34 |
+ $password = config('db_pass', true); |
|
35 |
+ parent::__construct($dsn, $username, $password, array(PDO::ATTR_TIMEOUT => "30")); |
|
36 |
+ } |
|
37 |
+ |
|
38 |
+ |
|
39 |
+ /* |
|
40 |
+ Wenn Parameter übergeben werden, werden Queries immer als Prepared statements übertragen |
|
41 |
+ */ |
|
42 |
+ public function query($stmt, $params = null) |
|
43 |
+ { |
|
44 |
+ if (is_array($params)) { |
|
45 |
+ if (config("enable_debug")) { |
|
46 |
+ foreach (array_values($params) as $p) { |
|
47 |
+ if ($p === '') { |
|
48 |
+ DEBUG("Potential bug, empty string found in database parameters"); |
|
49 |
+ warning("Potential bug, empty string found in database parameters"); |
|
50 |
+ } |
|
51 |
+ } |
|
52 |
+ } |
|
53 |
+ $response = parent::prepare($stmt); |
|
54 |
+ $response->execute($params); |
|
55 |
+ return $response; |
|
56 |
+ } else { |
|
57 |
+ if (strtoupper(substr($stmt, 0, 6)) == "INSERT" || |
|
55 | 58 |
strtoupper(substr($stmt, 0, 7)) == "REPLACE" || |
56 | 59 |
strpos(strtoupper($stmt), "WHERE") > 0) { // Das steht nie am Anfang |
57 |
- $backtrace = debug_backtrace(); |
|
58 |
- $wherepart = substr(strtoupper($stmt), strpos(strtoupper($stmt), "WHERE")); |
|
59 |
- if ((strpos($wherepart, '"') > 0 || strpos($wherepart, "'") > 0) && config("enable_debug")) { |
|
60 |
- warning("Possibly unsafe SQL statement in {$backtrace[1]['file']} line {$backtrace[1]['line']}:\n$stmt"); |
|
60 |
+ $backtrace = debug_backtrace(); |
|
61 |
+ $wherepart = substr(strtoupper($stmt), strpos(strtoupper($stmt), "WHERE")); |
|
62 |
+ if ((strpos($wherepart, '"') > 0 || strpos($wherepart, "'") > 0) && config("enable_debug")) { |
|
63 |
+ warning("Possibly unsafe SQL statement in {$backtrace[1]['file']} line {$backtrace[1]['line']}:\n$stmt"); |
|
64 |
+ } |
|
65 |
+ } |
|
66 |
+ return parent::query($stmt); |
|
61 | 67 |
} |
62 |
- } |
|
63 |
- return parent::query($stmt); |
|
64 | 68 |
} |
65 |
- } |
|
66 | 69 |
} |
67 | 70 |
|
68 | 71 |
|
69 |
-/* FIXME |
|
72 |
+/* FIXME |
|
70 | 73 |
Das ist etwas unelegant. Soll nur übergangsweise verwendet werden bis alles auf prepared statements umgestellt ist |
71 | 74 |
*/ |
72 | 75 |
function db_escape_string($string) |
73 | 76 |
{ |
74 |
- if (config("enable_debug")) { |
|
75 |
- $backtrace = debug_backtrace(); |
|
76 |
- warning("call to db_escape_string() in {$backtrace[0]['file']} line {$backtrace[0]['line']}"); |
|
77 |
- } |
|
78 |
- global $_db; |
|
79 |
- __ensure_connected(); |
|
80 |
- $quoted = $_db->quote($string); |
|
81 |
- // entferne die quotes, damit wird es drop-in-Kompatibel zu db_escape_string() |
|
82 |
- $ret = substr($quoted, 1, -1); |
|
83 |
- return $ret; |
|
77 |
+ if (config("enable_debug")) { |
|
78 |
+ $backtrace = debug_backtrace(); |
|
79 |
+ warning("call to db_escape_string() in {$backtrace[0]['file']} line {$backtrace[0]['line']}"); |
|
80 |
+ } |
|
81 |
+ global $_db; |
|
82 |
+ __ensure_connected(); |
|
83 |
+ $quoted = $_db->quote($string); |
|
84 |
+ // entferne die quotes, damit wird es drop-in-Kompatibel zu db_escape_string() |
|
85 |
+ $ret = substr($quoted, 1, -1); |
|
86 |
+ return $ret; |
|
84 | 87 |
} |
85 | 88 |
|
86 | 89 |
|
87 | 90 |
function db_insert_id() |
88 | 91 |
{ |
89 |
- global $_db; |
|
90 |
- __ensure_connected(); |
|
91 |
- return $_db->lastInsertId(); |
|
92 |
+ global $_db; |
|
93 |
+ __ensure_connected(); |
|
94 |
+ return $_db->lastInsertId(); |
|
92 | 95 |
} |
93 | 96 |
|
94 | 97 |
|
95 | 98 |
function __ensure_connected() |
96 | 99 |
{ |
97 |
- /* |
|
98 |
- Dieses Kontrukt ist vermultich noch schlimmer als ein normales singleton |
|
99 |
- aber es hilft uns in unserem prozeduralen Kontext |
|
100 |
- */ |
|
101 |
- global $_db; |
|
102 |
- if (! isset($_db)) { |
|
103 |
- try { |
|
104 |
- DEBUG("Neue Datenbankverbindung!"); |
|
105 |
- $_db = new DB(); |
|
106 |
- $_db->query("SET NAMES utf8mb4"); |
|
107 |
- $_db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); |
|
108 |
- $_db->setAttribute(PDO::ATTR_AUTOCOMMIT, true); |
|
109 |
- } catch (PDOException $e) { |
|
110 |
- global $debugmode; |
|
111 |
- if ($debugmode) { |
|
112 |
- die("MySQL-Fehler: ".$e->getMessage()); |
|
113 |
- } else { |
|
114 |
- die("Fehler bei der Datenbankverbindung!"); |
|
115 |
- } |
|
100 |
+ /* |
|
101 |
+ Dieses Kontrukt ist vermultich noch schlimmer als ein normales singleton |
|
102 |
+ aber es hilft uns in unserem prozeduralen Kontext |
|
103 |
+ */ |
|
104 |
+ global $_db; |
|
105 |
+ if (! isset($_db)) { |
|
106 |
+ try { |
|
107 |
+ DEBUG("Neue Datenbankverbindung!"); |
|
108 |
+ $_db = new DB(); |
|
109 |
+ $_db->query("SET NAMES utf8mb4"); |
|
110 |
+ $_db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); |
|
111 |
+ $_db->setAttribute(PDO::ATTR_AUTOCOMMIT, true); |
|
112 |
+ } catch (PDOException $e) { |
|
113 |
+ global $debugmode; |
|
114 |
+ if ($debugmode) { |
|
115 |
+ die("MySQL-Fehler: ".$e->getMessage()); |
|
116 |
+ } else { |
|
117 |
+ die("Fehler bei der Datenbankverbindung!"); |
|
118 |
+ } |
|
119 |
+ } |
|
116 | 120 |
} |
117 |
- } |
|
118 | 121 |
} |
119 | 122 |
|
120 | 123 |
|
121 |
-function db_query($stmt, $params = NULL) |
|
124 |
+function db_query($stmt, $params = null) |
|
122 | 125 |
{ |
123 |
- global $_db; |
|
124 |
- __ensure_connected(); |
|
125 |
- $backtrace = debug_backtrace(); |
|
126 |
- DEBUG($backtrace[0]['file'].':'.$backtrace[0]['line'].': '.htmlspecialchars($stmt)); |
|
127 |
- if ($params) { |
|
128 |
- DEBUG($params); |
|
129 |
- } |
|
130 |
- try { |
|
131 |
- $result = $_db->query($stmt, $params); |
|
132 |
- DEBUG('=> '.$result->rowCount().' rows'); |
|
133 |
- } catch (PDOException $e) { |
|
134 |
- global $debugmode; |
|
135 |
- if ($debugmode) { |
|
136 |
- system_failure("MySQL-Fehler: ".$e->getMessage()."\nQuery:\n".$stmt."\nParameters:\n".print_r($params, true)); |
|
137 |
- } else { |
|
138 |
- system_failure("Datenbankfehler"); |
|
126 |
+ global $_db; |
|
127 |
+ __ensure_connected(); |
|
128 |
+ $backtrace = debug_backtrace(); |
|
129 |
+ DEBUG($backtrace[0]['file'].':'.$backtrace[0]['line'].': '.htmlspecialchars($stmt)); |
|
130 |
+ if ($params) { |
|
131 |
+ DEBUG($params); |
|
132 |
+ } |
|
133 |
+ try { |
|
134 |
+ $result = $_db->query($stmt, $params); |
|
135 |
+ DEBUG('=> '.$result->rowCount().' rows'); |
|
136 |
+ } catch (PDOException $e) { |
|
137 |
+ global $debugmode; |
|
138 |
+ if ($debugmode) { |
|
139 |
+ system_failure("MySQL-Fehler: ".$e->getMessage()."\nQuery:\n".$stmt."\nParameters:\n".print_r($params, true)); |
|
140 |
+ } else { |
|
141 |
+ system_failure("Datenbankfehler"); |
|
142 |
+ } |
|
139 | 143 |
} |
140 |
- } |
|
141 |
- return $result; |
|
144 |
+ return $result; |
|
142 | 145 |
} |
143 |
- |
|
144 |
- |
... | ... |
@@ -8,7 +8,7 @@ Written 2008-2018 by schokokeks.org Hosting, namely |
8 | 8 |
|
9 | 9 |
To the extent possible under law, the author(s) have dedicated all copyright and related and neighboring rights to this software to the public domain worldwide. This software is distributed without any warranty. |
10 | 10 |
|
11 |
-You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see |
|
11 |
+You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see |
|
12 | 12 |
http://creativecommons.org/publicdomain/zero/1.0/ |
13 | 13 |
|
14 | 14 |
Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code. |
... | ... |
@@ -21,11 +21,10 @@ require_once('inc/debug.php'); |
21 | 21 |
class Domain |
22 | 22 |
{ |
23 | 23 |
protected $data = array(); |
24 |
- function __construct($init = NULL) |
|
25 |
- { |
|
26 |
- $this->setup(); |
|
27 |
- switch (gettype($init)) |
|
24 |
+ public function __construct($init = null) |
|
28 | 25 |
{ |
26 |
+ $this->setup(); |
|
27 |
+ switch (gettype($init)) { |
|
29 | 28 |
case 'string': |
30 | 29 |
$this->loadByName($init); |
31 | 30 |
break; |
... | ... |
@@ -35,105 +34,112 @@ class Domain |
35 | 34 |
case 'NULL': |
36 | 35 |
break; |
37 | 36 |
} |
38 |
- } |
|
39 |
- |
|
40 |
- function __set($key, $value) |
|
41 |
- { |
|
42 |
- if (array_key_exists($key, $this->data)) { |
|
43 |
- $this->data[$key] = $value; |
|
44 |
- } elseif (isset($this->$key)) { |
|
45 |
- $this->$key = $value; |
|
46 |
- } else { |
|
47 |
- $this->data[$key] = $value; |
|
48 | 37 |
} |
49 |
- } |
|
50 |
- |
|
51 |
- |
|
52 |
- function __get($key) |
|
53 |
- { |
|
54 |
- if (array_key_exists($key, $this->data)) |
|
55 |
- return $this->data[$key]; |
|
56 |
- elseif (isset($this->$key)) |
|
57 |
- return $this->$key; |
|
58 |
- // else werfe fehler |
|
59 |
- } |
|
60 |
- |
|
61 |
- |
|
62 |
- function loadByID($id) |
|
63 |
- { |
|
64 |
- $res = db_query("SELECT * FROM kundendaten.domains WHERE id=?", array($id)); |
|
65 |
- if ($res->rowCount() < 1) |
|
66 |
- return false; |
|
67 |
- $data = $res->fetch(); |
|
68 |
- $this->parse($data); |
|
69 |
- } |
|
70 |
- |
|
71 |
- function loadByName($name) |
|
72 |
- { |
|
73 |
- $raw = $name; |
|
74 |
- $utf8 = idn_to_utf8($raw, 0, INTL_IDNA_VARIANT_UTS46); |
|
75 |
- $res = db_query("SELECT * FROM kundendaten.domains WHERE CONCAT_WS('.', domainname, tld)=? OR CONCAT_WS('.', domainname, tld)=?", array($raw, $utf8)); |
|
76 |
- if ($res->rowCount() < 1) |
|
77 |
- return false; |
|
78 |
- $data = $res->fetch(); |
|
79 |
- $this->parse($data); |
|
80 |
- } |
|
81 |
- |
|
82 |
- function ensure_customerdomain() |
|
83 |
- { |
|
84 |
- if (! $this->is_customerdomain() ) |
|
85 |
- system_failure('Diese Domain gehört nicht Ihrem Kundenaccount.'); |
|
86 |
- } |
|
87 |
- |
|
88 |
- function ensure_userdomain() |
|
89 |
- { |
|
90 |
- if (! $this->is_userdomain() ) |
|
91 |
- system_failure('Diese Domain gehört nicht Ihrem Benutzeraccount.'); |
|
92 |
- } |
|
93 |
- |
|
94 |
- function is_customerdomain() |
|
95 |
- { |
|
96 |
- if (! isset($_SESSION['customerinfo']) ) |
|
97 |
- return false; |
|
98 |
- $customerno = (int) $_SESSION['customerinfo']['customerno']; |
|
99 |
- return ($this->kunde == $customerno); |
|
100 |
- } |
|
101 |
- |
|
102 |
- function is_userdomain() |
|
103 |
- { |
|
104 |
- if (! isset($_SESSION['userinfo']) ) |
|
105 |
- return false; |
|
106 |
- $uid = (int) $_SESSION['userinfo']['uid']; |
|
107 |
- return ($this->useraccount == $uid); |
|
108 |
- } |
|
109 |
- |
|
110 |
- function setup() |
|
111 |
- { |
|
112 |
- $fields = array(); |
|
113 |
- $res = db_query("DESCRIBE kundendaten.domains"); |
|
114 |
- while ($f = $res->fetch(PDO::FETCH_OBJ)) |
|
38 |
+ |
|
39 |
+ public function __set($key, $value) |
|
40 |
+ { |
|
41 |
+ if (array_key_exists($key, $this->data)) { |
|
42 |
+ $this->data[$key] = $value; |
|
43 |
+ } elseif (isset($this->$key)) { |
|
44 |
+ $this->$key = $value; |
|
45 |
+ } else { |
|
46 |
+ $this->data[$key] = $value; |
|
47 |
+ } |
|
48 |
+ } |
|
49 |
+ |
|
50 |
+ |
|
51 |
+ public function __get($key) |
|
52 |
+ { |
|
53 |
+ if (array_key_exists($key, $this->data)) { |
|
54 |
+ return $this->data[$key]; |
|
55 |
+ } elseif (isset($this->$key)) { |
|
56 |
+ return $this->$key; |
|
57 |
+ } |
|
58 |
+ // else werfe fehler |
|
59 |
+ } |
|
60 |
+ |
|
61 |
+ |
|
62 |
+ public function loadByID($id) |
|
63 |
+ { |
|
64 |
+ $res = db_query("SELECT * FROM kundendaten.domains WHERE id=?", array($id)); |
|
65 |
+ if ($res->rowCount() < 1) { |
|
66 |
+ return false; |
|
67 |
+ } |
|
68 |
+ $data = $res->fetch(); |
|
69 |
+ $this->parse($data); |
|
70 |
+ } |
|
71 |
+ |
|
72 |
+ public function loadByName($name) |
|
73 |
+ { |
|
74 |
+ $raw = $name; |
|
75 |
+ $utf8 = idn_to_utf8($raw, 0, INTL_IDNA_VARIANT_UTS46); |
|
76 |
+ $res = db_query("SELECT * FROM kundendaten.domains WHERE CONCAT_WS('.', domainname, tld)=? OR CONCAT_WS('.', domainname, tld)=?", array($raw, $utf8)); |
|
77 |
+ if ($res->rowCount() < 1) { |
|
78 |
+ return false; |
|
79 |
+ } |
|
80 |
+ $data = $res->fetch(); |
|
81 |
+ $this->parse($data); |
|
82 |
+ } |
|
83 |
+ |
|
84 |
+ public function ensure_customerdomain() |
|
85 |
+ { |
|
86 |
+ if (! $this->is_customerdomain()) { |
|
87 |
+ system_failure('Diese Domain gehört nicht Ihrem Kundenaccount.'); |
|
88 |
+ } |
|
89 |
+ } |
|
90 |
+ |
|
91 |
+ public function ensure_userdomain() |
|
92 |
+ { |
|
93 |
+ if (! $this->is_userdomain()) { |
|
94 |
+ system_failure('Diese Domain gehört nicht Ihrem Benutzeraccount.'); |
|
95 |
+ } |
|
96 |
+ } |
|
97 |
+ |
|
98 |
+ public function is_customerdomain() |
|
115 | 99 |
{ |
116 |
- $fields[$f->Field] = $f->Default; |
|
100 |
+ if (! isset($_SESSION['customerinfo'])) { |
|
101 |
+ return false; |
|
102 |
+ } |
|
103 |
+ $customerno = (int) $_SESSION['customerinfo']['customerno']; |
|
104 |
+ return ($this->kunde == $customerno); |
|
117 | 105 |
} |
118 |
- $this->data = $fields; |
|
119 |
- $this->data['id'] = NULL; |
|
120 |
- } |
|
121 | 106 |
|
107 |
+ public function is_userdomain() |
|
108 |
+ { |
|
109 |
+ if (! isset($_SESSION['userinfo'])) { |
|
110 |
+ return false; |
|
111 |
+ } |
|
112 |
+ $uid = (int) $_SESSION['userinfo']['uid']; |
|
113 |
+ return ($this->useraccount == $uid); |
|
114 |
+ } |
|
115 |
+ |
|
116 |
+ public function setup() |
|
117 |
+ { |
|
118 |
+ $fields = array(); |
|
119 |
+ $res = db_query("DESCRIBE kundendaten.domains"); |
|
120 |
+ while ($f = $res->fetch(PDO::FETCH_OBJ)) { |
|
121 |
+ $fields[$f->Field] = $f->Default; |
|
122 |
+ } |
|
123 |
+ $this->data = $fields; |
|
124 |
+ $this->data['id'] = null; |
|
125 |
+ } |
|
122 | 126 |
|
123 | 127 |
|
124 |
- function parse($data) |
|
125 |
- { |
|
126 |
- DEBUG($data); |
|
127 |
- foreach (array_keys($this->data) as $key) |
|
128 |
- if (array_key_exists($key, $data)) |
|
129 |
- $this->data[$key] = $data[$key]; |
|
130 |
- $this->data['fqdn'] = $data['domainname'].'.'.$data['tld']; |
|
131 |
- $this->data['punycode'] = idn_to_ascii($this->data['fqdn'], 0, INTL_IDNA_VARIANT_UTS46); |
|
132 |
- $this->data['is_idn'] = ($this->data['fqdn'] != $this->data['punycode']); |
|
133 |
- $this->data['reg_date'] = $data['registrierungsdatum']; |
|
134 |
- $this->data['cancel_date'] = $data['kuendigungsdatum']; |
|
135 |
- } |
|
136 | 128 |
|
129 |
+ public function parse($data) |
|
130 |
+ { |
|
131 |
+ DEBUG($data); |
|
132 |
+ foreach (array_keys($this->data) as $key) { |
|
133 |
+ if (array_key_exists($key, $data)) { |
|
134 |
+ $this->data[$key] = $data[$key]; |
|
135 |
+ } |
|
136 |
+ } |
|
137 |
+ $this->data['fqdn'] = $data['domainname'].'.'.$data['tld']; |
|
138 |
+ $this->data['punycode'] = idn_to_ascii($this->data['fqdn'], 0, INTL_IDNA_VARIANT_UTS46); |
|
139 |
+ $this->data['is_idn'] = ($this->data['fqdn'] != $this->data['punycode']); |
|
140 |
+ $this->data['reg_date'] = $data['registrierungsdatum']; |
|
141 |
+ $this->data['cancel_date'] = $data['kuendigungsdatum']; |
|
142 |
+ } |
|
137 | 143 |
} |
138 | 144 |
|
139 | 145 |
|
... | ... |
@@ -142,48 +148,45 @@ class Domain |
142 | 148 |
|
143 | 149 |
|
144 | 150 |
|
145 |
-function get_domain_list($customerno, $uid = NULL) |
|
151 |
+function get_domain_list($customerno, $uid = null) |
|
146 | 152 |
{ |
147 |
- $customerno = (int) $customerno; |
|
148 |
- $query = "SELECT id FROM kundendaten.domains WHERE"; |
|
149 |
- if ($uid !== NULL) |
|
150 |
- { |
|
151 |
- $uid = (int) $uid; |
|
152 |
- $query .= " useraccount={$uid}"; |
|
153 |
- } |
|
154 |
- else |
|
155 |
- { |
|
156 |
- $query .= " kunde={$customerno}"; |
|
157 |
- } |
|
158 |
- $query .= " ORDER BY domainname,tld"; |
|
159 |
- $result = db_query($query, array()); // FIXME Übergebe leeren array um die Warnung zu unterdrücken |
|
160 |
- $domains = array(); |
|
161 |
- DEBUG('Result set is '.$result->rowCount()." rows.<br />\n"); |
|
162 |
- if ($result->rowCount() > 0) |
|
163 |
- while ($domain = $result->fetch(PDO::FETCH_OBJ)) |
|
164 |
- array_push($domains, new Domain((int) $domain->id)); |
|
165 |
- DEBUG($domains); |
|
166 |
- return $domains; |
|
153 |
+ $customerno = (int) $customerno; |
|
154 |
+ $query = "SELECT id FROM kundendaten.domains WHERE"; |
|
155 |
+ if ($uid !== null) { |
|
156 |
+ $uid = (int) $uid; |
|
157 |
+ $query .= " useraccount={$uid}"; |
|
158 |
+ } else { |
|
159 |
+ $query .= " kunde={$customerno}"; |
|
160 |
+ } |
|
161 |
+ $query .= " ORDER BY domainname,tld"; |
|
162 |
+ $result = db_query($query, array()); // FIXME Übergebe leeren array um die Warnung zu unterdrücken |
|
163 |
+ $domains = array(); |
|
164 |
+ DEBUG('Result set is '.$result->rowCount()." rows.<br />\n"); |
|
165 |
+ if ($result->rowCount() > 0) { |
|
166 |
+ while ($domain = $result->fetch(PDO::FETCH_OBJ)) { |
|
167 |
+ array_push($domains, new Domain((int) $domain->id)); |
|
168 |
+ } |
|
169 |
+ } |
|
170 |
+ DEBUG($domains); |
|
171 |
+ return $domains; |
|
167 | 172 |
} |
168 | 173 |
|
169 | 174 |
|
170 | 175 |
|
171 | 176 |
function get_jabberable_domains() |
172 | 177 |
{ |
173 |
- require_role(ROLE_CUSTOMER); |
|
174 |
- $customerno = (int) $_SESSION['customerinfo']['customerno']; |
|
175 |
- |
|
176 |
- $domains = get_domain_list($customerno); |
|
177 |
- DEBUG($domains); |
|
178 |
- $result = array( new Domain() ); |
|
179 |
- $result[0]->id = 0; |
|
180 |
- $result[0]->fqdn = config('masterdomain'); |
|
181 |
- foreach ($domains as $dom) |
|
182 |
- { |
|
183 |
- if ($dom->jabber) |
|
184 |
- $result[] = $dom; |
|
185 |
- } |
|
186 |
- return $result; |
|
178 |
+ require_role(ROLE_CUSTOMER); |
|
179 |
+ $customerno = (int) $_SESSION['customerinfo']['customerno']; |
|
187 | 180 |
|
181 |
+ $domains = get_domain_list($customerno); |
|
182 |
+ DEBUG($domains); |
|
183 |
+ $result = array( new Domain() ); |
|
184 |
+ $result[0]->id = 0; |
|
185 |
+ $result[0]->fqdn = config('masterdomain'); |
|
186 |
+ foreach ($domains as $dom) { |
|
187 |
+ if ($dom->jabber) { |
|
188 |
+ $result[] = $dom; |
|
189 |
+ } |
|
190 |
+ } |
|
191 |
+ return $result; |
|
188 | 192 |
} |
189 |
- |
... | ... |
@@ -8,7 +8,7 @@ Written 2008-2018 by schokokeks.org Hosting, namely |
8 | 8 |
|
9 | 9 |
To the extent possible under law, the author(s) have dedicated all copyright and related and neighboring rights to this software to the public domain worldwide. This software is distributed without any warranty. |
10 | 10 |
|
11 |
-You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see |
|
11 |
+You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see |
|
12 | 12 |
http://creativecommons.org/publicdomain/zero/1.0/ |
13 | 13 |
|
14 | 14 |
Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code. |
... | ... |
@@ -40,6 +40,4 @@ $config['session_name'] = 'CONFIG_SCHOKOKEKS_ORG'; |
40 | 40 |
$config['theme'] = 'default'; |
41 | 41 |
$config['jquery_ui_path'] = '/external/jquery'; |
42 | 42 |
|
43 |
-ini_set('display_errors','On'); |
|
44 |
- |
|
45 |
-?> |
|
43 |
+ini_set('display_errors', 'On'); |
... | ... |
@@ -9,7 +9,7 @@ Written 2008-2018 by schokokeks.org Hosting, namely |
9 | 9 |
|
10 | 10 |
To the extent possible under law, the author(s) have dedicated all copyright and related and neighboring rights to this software to the public domain worldwide. This software is distributed without any warranty. |
11 | 11 |
|
12 |
-You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see |
|
12 |
+You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see |
|
13 | 13 |
https://creativecommons.org/publicdomain/zero/1.0/ |
14 | 14 |
|
15 | 15 |
Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code. |
... | ... |
@@ -28,21 +28,19 @@ $go = $_GET['go']; |
28 | 28 |
*/ |
29 | 29 |
|
30 | 30 |
// filenames can end with .php |
31 |
-if ( substr( $go, strlen( $go ) - 4 ) == '.php' ) { |
|
32 |
- $go = substr( $go, 0, strlen($go) - 4); |
|
31 |
+if (substr($go, strlen($go) - 4) == '.php') { |
|
32 |
+ $go = substr($go, 0, strlen($go) - 4); |
|
33 | 33 |
} |
34 | 34 |
|
35 | 35 |
DEBUG($go); |
36 | 36 |
|
37 |
-if (strstr($go, "..") or strstr($go, "./") or strstr($go, ":") or (! file_exists("modules/$go.php")) or (! is_file("modules/$go.php"))) |
|
38 |
-{ |
|
39 |
- die("illegal command"); |
|
37 |
+if (strstr($go, "..") or strstr($go, "./") or strstr($go, ":") or (! file_exists("modules/$go.php")) or (! is_file("modules/$go.php"))) { |
|
38 |
+ die("illegal command"); |
|
40 | 39 |
} |
41 | 40 |
list($module, $page) = explode('/', $go, 2); |
42 | 41 |
$page = str_replace('/', '-', $page); |
43 |
-if (! in_array($module, config('modules'))) |
|
44 |
-{ |
|
45 |
- die("inactive module"); |
|
42 |
+if (! in_array($module, config('modules'))) { |
|
43 |
+ die("inactive module"); |
|
46 | 44 |
} |
47 | 45 |
|
48 | 46 |
|
... | ... |
@@ -64,7 +62,7 @@ $output = ""; |
64 | 62 |
$html_header = ""; |
65 | 63 |
require_once("inc/base.php"); |
66 | 64 |
/* setup module include path */ |
67 |
-ini_set('include_path',ini_get('include_path').':./modules/'.$module.'/include:'); |
|
65 |
+ini_set('include_path', ini_get('include_path').':./modules/'.$module.'/include:'); |
|
68 | 66 |
|
69 | 67 |
/* Look where we are (but let the module override) */ |
70 | 68 |
$section = str_replace("/", "_", $go); |
... | ... |
@@ -72,12 +70,9 @@ $section = str_replace("/", "_", $go); |
72 | 70 |
/* Let the module work */ |
73 | 71 |
include("modules/".$go.".php"); |
74 | 72 |
|
75 |
-if ($output) |
|
76 |
-{ |
|
77 |
- if (!isset($title)) { |
|
78 |
- $title = ''; |
|
79 |
- } |
|
80 |
- show_page($module, $page); |
|
73 |
+if ($output) { |
|
74 |
+ if (!isset($title)) { |
|
75 |
+ $title = ''; |
|
76 |
+ } |
|
77 |
+ show_page($module, $page); |
|
81 | 78 |
} |
82 |
- |
|
83 |
-?> |
... | ... |
@@ -8,7 +8,7 @@ Written 2008-2018 by schokokeks.org Hosting, namely |
8 | 8 |
|
9 | 9 |
To the extent possible under law, the author(s) have dedicated all copyright and related and neighboring rights to this software to the public domain worldwide. This software is distributed without any warranty. |
10 | 10 |
|
11 |
-You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see |
|
11 |
+You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see |
|
12 | 12 |
http://creativecommons.org/publicdomain/zero/1.0/ |
13 | 13 |
|
14 | 14 |
Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code. |
... | ... |
@@ -16,7 +16,7 @@ Nevertheless, in case you use a significant part of this code, we ask (but not r |
16 | 16 |
|
17 | 17 |
require_once('inc/debug.php'); |
18 | 18 |
|
19 |
-function api_request($method, $input_data) |
|
19 |
+function api_request($method, $input_data) |
|
20 | 20 |
{ |
21 | 21 |
$url = config('http.net-apiurl').'domain/v1/json/'.$method; |
22 | 22 |
$input_data['authToken'] = config('http.net-apikey'); |
... | ... |
@@ -28,9 +28,9 @@ function api_request($method, $input_data) |
28 | 28 |
curl_setopt($curl, CURLOPT_POST, 1); |
29 | 29 |
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1); |
30 | 30 |
curl_setopt($curl, CURLOPT_POSTFIELDS, $json); |
31 |
- curl_setopt($curl, CURLOPT_HTTPHEADER, array('Content-Type: application/json')); |
|
31 |
+ curl_setopt($curl, CURLOPT_HTTPHEADER, array('Content-Type: application/json')); |
|
32 | 32 |
$result = curl_exec($curl); |
33 |
- if ($result === FALSE) { |
|
33 |
+ if ($result === false) { |
|
34 | 34 |
system_failure("API-Anfrage kaputt"); |
35 | 35 |
} |
36 | 36 |
DEBUG('=============================='); |
... | ... |
@@ -39,4 +39,3 @@ function api_request($method, $input_data) |
39 | 39 |
DEBUG($output_data); |
40 | 40 |
return $output_data; |
41 | 41 |
} |
42 |
- |
... | ... |
@@ -8,7 +8,7 @@ Written 2008-2018 by schokokeks.org Hosting, namely |
8 | 8 |
|
9 | 9 |
To the extent possible under law, the author(s) have dedicated all copyright and related and neighboring rights to this software to the public domain worldwide. This software is distributed without any warranty. |
10 | 10 |
|
11 |
-You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see |
|
11 |
+You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see |
|
12 | 12 |
http://creativecommons.org/publicdomain/zero/1.0/ |
13 | 13 |
|
14 | 14 |
Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code. |
... | ... |
@@ -19,57 +19,59 @@ require_once('inc/debug.php'); |
19 | 19 |
|
20 | 20 |
function config($key, $localonly = false) |
21 | 21 |
{ |
22 |
- global $config; |
|
23 |
- |
|
24 |
- if ($key == "modules") { |
|
25 |
- // Stelle sicher, dass das "index"-Modul immer aktiv ist! |
|
26 |
- if (! in_array("index", $config['modules'])) { |
|
27 |
- $config['modules'][] = "index"; |
|
28 |
- } |
|
29 |
- // Stelle sicher, dass das "about"-Modul immer aktiv ist! |
|
30 |
- if (! in_array("about", $config['modules'])) { |
|
31 |
- $config['modules'][] = "about"; |
|
22 |
+ global $config; |
|
23 |
+ |
|
24 |
+ if ($key == "modules") { |
|
25 |
+ // Stelle sicher, dass das "index"-Modul immer aktiv ist! |
|
26 |
+ if (! in_array("index", $config['modules'])) { |
|
27 |
+ $config['modules'][] = "index"; |
|
28 |
+ } |
|
29 |
+ // Stelle sicher, dass das "about"-Modul immer aktiv ist! |
|
30 |
+ if (! in_array("about", $config['modules'])) { |
|
31 |
+ $config['modules'][] = "about"; |
|
32 |
+ } |
|
32 | 33 |
} |
33 |
- } |
|
34 | 34 |
|
35 |
- if ($key == 'modules' && isset($_SESSION['restrict_modules'])) |
|
36 |
- { |
|
37 |
- $modules = array(); |
|
38 |
- foreach ($config['modules'] as $mod) |
|
39 |
- { |
|
40 |
- if (in_array($mod, $_SESSION['restrict_modules'])) |
|
41 |
- $modules[] = $mod; |
|
35 |
+ if ($key == 'modules' && isset($_SESSION['restrict_modules'])) { |
|
36 |
+ $modules = array(); |
|
37 |
+ foreach ($config['modules'] as $mod) { |
|
38 |
+ if (in_array($mod, $_SESSION['restrict_modules'])) { |
|
39 |
+ $modules[] = $mod; |
|
40 |
+ } |
|
41 |
+ } |
|
42 |
+ return $modules; |
|
42 | 43 |
} |
43 |
- return $modules; |
|
44 |
- } |
|
45 | 44 |
|
46 |
- if (array_key_exists($key, $config)) |
|
47 |
- return $config[$key]; |
|
45 |
+ if (array_key_exists($key, $config)) { |
|
46 |
+ return $config[$key]; |
|
47 |
+ } |
|
48 | 48 |
|
49 |
- if ($localonly) { |
|
50 |
- return NULL; |
|
51 |
- } |
|
49 |
+ if ($localonly) { |
|
50 |
+ return null; |
|
51 |
+ } |
|
52 | 52 |
|
53 |
- /* read configuration from database */ |
|
54 |
- $result = db_query( "SELECT `key`, value FROM misc.config" ); |
|
53 |
+ /* read configuration from database */ |
|
54 |
+ $result = db_query("SELECT `key`, value FROM misc.config"); |
|
55 | 55 |
|
56 |
- while( $object = $result->fetch() ) { |
|
57 |
- if (!array_key_exists($object['key'], $config)) { |
|
58 |
- $config[$object['key']]=$object['value']; |
|
59 |
- } |
|
60 |
- } |
|
61 |
- // Sonst wird das Passwort des webadmin-Users mit ausgegeben |
|
62 |
- $debug_config = $config; |
|
63 |
- unset($debug_config['db_pass']); |
|
64 |
- DEBUG($debug_config); |
|
65 |
- if (array_key_exists($key, $config)) |
|
66 |
- return $config[$key]; |
|
67 |
- else |
|
68 |
- logger(LOG_ERR, "inc/base", "config", "Request to read nonexistant config option »{$key}«."); |
|
69 |
- return NULL; |
|
56 |
+ while ($object = $result->fetch()) { |
|
57 |
+ if (!array_key_exists($object['key'], $config)) { |
|
58 |
+ $config[$object['key']]=$object['value']; |
|
59 |
+ } |
|
60 |
+ } |
|
61 |
+ // Sonst wird das Passwort des webadmin-Users mit ausgegeben |
|
62 |
+ $debug_config = $config; |
|
63 |
+ unset($debug_config['db_pass']); |
|
64 |
+ DEBUG($debug_config); |
|
65 |
+ if (array_key_exists($key, $config)) { |
|
66 |
+ return $config[$key]; |
|
67 |
+ } else { |
|
68 |
+ logger(LOG_ERR, "inc/base", "config", "Request to read nonexistant config option »{$key}«."); |
|
69 |
+ } |
|
70 |
+ return null; |
|
70 | 71 |
} |
71 | 72 |
|
72 |
-function have_role($role) { |
|
73 |
+function have_role($role) |
|
74 |
+{ |
|
73 | 75 |
$have = $_SESSION['role'] & $role; |
74 | 76 |
if ($have) { |
75 | 77 |
DEBUG("Current user has role ".$role); |
... | ... |
@@ -79,76 +81,81 @@ function have_role($role) { |
79 | 81 |
return $have; |
80 | 82 |
} |
81 | 83 |
|
82 |
-function get_server_by_id($id) { |
|
83 |
- $id = (int) $id; |
|
84 |
- $result = db_query("SELECT hostname FROM system.servers WHERE id=?", array($id)); |
|
85 |
- $ret = $result->fetch(); |
|
86 |
- return $ret['hostname']; |
|
84 |
+function get_server_by_id($id) |
|
85 |
+{ |
|
86 |
+ $id = (int) $id; |
|
87 |
+ $result = db_query("SELECT hostname FROM system.servers WHERE id=?", array($id)); |
|
88 |
+ $ret = $result->fetch(); |
|
89 |
+ return $ret['hostname']; |
|
87 | 90 |
} |
88 | 91 |
|
89 | 92 |
|
90 | 93 |
function redirect($target) |
91 | 94 |
{ |
92 |
- global $debugmode; |
|
93 |
- if ($target == '') { |
|
94 |
- $target = $_SERVER['REQUEST_URI']; |
|
95 |
- } |
|
96 |
- if (! $debugmode) { |
|
97 |
- header("Location: {$target}"); |
|
98 |
- } else { |
|
99 |
- if (strpos($target, '?') === false) { |
|
100 |
- print 'REDIRECT: '.internal_link($target, $target); |
|
101 |
- } else { |
|
102 |
- list($file, $qs) = explode('?', $target, 2); |
|
103 |
- print 'REDIRECT: '.internal_link($file, $target, $qs); |
|
104 |
- } |
|
105 |
- } |
|
106 |
- die(); |
|
95 |
+ global $debugmode; |
|
96 |
+ if ($target == '') { |
|
97 |
+ $target = $_SERVER['REQUEST_URI']; |
|
98 |
+ } |
|
99 |
+ if (! $debugmode) { |
|
100 |
+ header("Location: {$target}"); |
|
101 |
+ } else { |
|
102 |
+ if (strpos($target, '?') === false) { |
|
103 |
+ print 'REDIRECT: '.internal_link($target, $target); |
|
104 |
+ } else { |
|
105 |
+ list($file, $qs) = explode('?', $target, 2); |
|
106 |
+ print 'REDIRECT: '.internal_link($file, $target, $qs); |
|
107 |
+ } |
|
108 |
+ } |
|
109 |
+ die(); |
|
107 | 110 |
} |
108 | 111 |
|
109 | 112 |
|
110 | 113 |
function my_server_id() |
111 | 114 |
{ |
112 |
- $uid = (int) $_SESSION['userinfo']['uid']; |
|
113 |
- $result = db_query("SELECT server FROM system.useraccounts WHERE uid=?", array($uid)); |
|
114 |
- $r = $result->fetch(); |
|
115 |
- DEBUG($r); |
|
116 |
- return $r['server']; |
|
115 |
+ $uid = (int) $_SESSION['userinfo']['uid']; |
|
116 |
+ $result = db_query("SELECT server FROM system.useraccounts WHERE uid=?", array($uid)); |
|
117 |
+ $r = $result->fetch(); |
|
118 |
+ DEBUG($r); |
|
119 |
+ return $r['server']; |
|
117 | 120 |
} |
118 | 121 |
|
119 | 122 |
|
120 | 123 |
function additional_servers() |
121 | 124 |
{ |
122 |
- $uid = (int) $_SESSION['userinfo']['uid']; |
|
123 |
- $result = db_query("SELECT server FROM system.user_server WHERE uid=?", array($uid)); |
|
124 |
- $servers = array(); |
|
125 |
- while ($s = $result->fetch()) |
|
126 |
- $servers[] = $s['server']; |
|
127 |
- DEBUG($servers); |
|
128 |
- return $servers; |
|
125 |
+ $uid = (int) $_SESSION['userinfo']['uid']; |
|
126 |
+ $result = db_query("SELECT server FROM system.user_server WHERE uid=?", array($uid)); |
|
127 |
+ $servers = array(); |
|
128 |
+ while ($s = $result->fetch()) { |
|
129 |
+ $servers[] = $s['server']; |
|
130 |
+ } |
|
131 |
+ DEBUG($servers); |
|
132 |
+ return $servers; |
|
129 | 133 |
} |
130 | 134 |
|
131 | 135 |
|
132 | 136 |
function server_names() |
133 | 137 |
{ |
134 |
- $result = db_query("SELECT id, hostname FROM system.servers"); |
|
135 |
- $servers = array(); |
|
136 |
- while ($s = $result->fetch()) |
|
137 |
- $servers[$s['id']] = $s['hostname']; |
|
138 |
- DEBUG($servers); |
|
139 |
- return $servers; |
|
138 |
+ $result = db_query("SELECT id, hostname FROM system.servers"); |
|
139 |
+ $servers = array(); |
|
140 |
+ while ($s = $result->fetch()) { |
|
141 |
+ $servers[$s['id']] = $s['hostname']; |
|
142 |
+ } |
|
143 |
+ DEBUG($servers); |
|
144 |
+ return $servers; |
|
140 | 145 |
} |
141 | 146 |
|
142 | 147 |
|
143 | 148 |
function maybe_null($value) |
144 | 149 |
{ |
145 |
- if (! $value) |
|
146 |
- return NULL; |
|
150 |
+ if (! $value) { |
|
151 |
+ return null; |
|
152 |
+ } |
|
147 | 153 |
|
148 |
- if (strlen( (string) $value ) > 0) |
|
149 |
- return (string) $value; |
|
150 |
- else |
|
151 |
- return NULL; |
|
154 |
+ if (strlen((string) $value) > 0) { |
|
155 |
+ return (string) $value; |
|
156 |
+ } else { |
|
157 |
+ return null; |
|
158 |
+ } |
|
152 | 159 |
} |
153 | 160 |
|
154 | 161 |
|
... | ... |
@@ -158,51 +165,52 @@ function maybe_null($value) |
158 | 165 |
|
159 | 166 |
function logger($severity, $scriptname, $scope, $message) |
160 | 167 |
{ |
161 |
- if (config('logging') < $severity) { |
|
162 |
- DEBUG("NOT LOGGING $scriptname:$scope:$message"); |
|
163 |
- return; |
|
164 |
- } |
|
165 |
- |
|
166 |
- DEBUG("LOGGING $scriptname:$scope:$message"); |
|
167 |
- $user = NULL; |
|
168 |
- if (array_key_exists("role", $_SESSION)) { |
|
169 |
- if ($_SESSION['role'] & ROLE_SYSTEMUSER) |
|
170 |
- $user = $_SESSION['userinfo']['username']; |
|
171 |
- elseif ($_SESSION['role'] & ROLE_CUSTOMER) |
|
172 |
- $user = $_SESSION['customerinfo']['customerno']; |
|
173 |
- } |
|
174 |
- |
|
175 |
- $args = array(":user" => $user, |
|
168 |
+ if (config('logging') < $severity) { |
|
169 |
+ DEBUG("NOT LOGGING $scriptname:$scope:$message"); |
|
170 |
+ return; |
|
171 |
+ } |
|
172 |
+ |
|
173 |
+ DEBUG("LOGGING $scriptname:$scope:$message"); |
|
174 |
+ $user = null; |
|
175 |
+ if (array_key_exists("role", $_SESSION)) { |
|
176 |
+ if ($_SESSION['role'] & ROLE_SYSTEMUSER) { |
|
177 |
+ $user = $_SESSION['userinfo']['username']; |
|
178 |
+ } elseif ($_SESSION['role'] & ROLE_CUSTOMER) { |
|
179 |
+ $user = $_SESSION['customerinfo']['customerno']; |
|
180 |
+ } |
|
181 |
+ } |
|
182 |
+ |
|
183 |
+ $args = array(":user" => $user, |
|
176 | 184 |
":remote" => $_SERVER['REMOTE_ADDR'], |
177 | 185 |
":scriptname" => $scriptname, |
178 | 186 |
":scope" => $scope, |
179 | 187 |
":message" => $message); |
180 | 188 |
|
181 |
- db_query("INSERT INTO misc.scriptlog (remote, user,scriptname,scope,message) VALUES (:remote, :user, :scriptname, :scope, :message)", $args); |
|
189 |
+ db_query("INSERT INTO misc.scriptlog (remote, user,scriptname,scope,message) VALUES (:remote, :user, :scriptname, :scope, :message)", $args); |
|
182 | 190 |
} |
183 | 191 |
|
184 | 192 |
function html_header($arg) |
185 | 193 |
{ |
186 |
- global $html_header; |
|
187 |
- $html_header .= $arg; |
|
194 |
+ global $html_header; |
|
195 |
+ $html_header .= $arg; |
|
188 | 196 |
} |
189 | 197 |
|
190 | 198 |
function title($arg) |
191 | 199 |
{ |
192 |
- global $title; |
|
193 |
- $title = $arg; |
|
200 |
+ global $title; |
|
201 |
+ $title = $arg; |
|
194 | 202 |
} |
195 | 203 |
|
196 | 204 |
function headline($arg) |
197 | 205 |
{ |
198 |
- global $headline; |
|
199 |
- $headline = $arg; |
|
206 |
+ global $headline; |
|
207 |
+ $headline = $arg; |
|
200 | 208 |
} |
201 | 209 |
|
202 | 210 |
function output($arg) |
203 | 211 |
{ |
204 |
- global $output; |
|
205 |
- $output .= $arg; |
|
212 |
+ global $output; |
|
213 |
+ $output .= $arg; |
|
206 | 214 |
} |
207 | 215 |
|
208 | 216 |
function footnote($explaination) |
... | ... |
@@ -213,7 +221,7 @@ function footnote($explaination) |
213 | 221 |
} |
214 | 222 |
$fnid = array_search($explaination, $footnotes); |
215 | 223 |
DEBUG($footnotes); |
216 |
- if ($fnid === FALSE) { |
|
224 |
+ if ($fnid === false) { |
|
217 | 225 |
DEBUG("Footnote »{$explaination}« is not in footnotes!"); |
218 | 226 |
$footnotes[] = $explaination; |
219 | 227 |
} |
... | ... |
@@ -221,20 +229,20 @@ function footnote($explaination) |
221 | 229 |
return str_repeat('*', ($fnid+1)); |
222 | 230 |
} |
223 | 231 |
|
224 |
-function random_string($len) |
|
232 |
+function random_string($len) |
|
225 | 233 |
{ |
226 |
- $s = str_replace('+', '.', base64_encode(random_bytes(ceil($len*3/4)))); |
|
227 |
- return substr($s, 0, $len); |
|
234 |
+ $s = str_replace('+', '.', base64_encode(random_bytes(ceil($len*3/4)))); |
|
235 |
+ return substr($s, 0, $len); |
|
228 | 236 |
} |
229 | 237 |
|
230 | 238 |
|
231 | 239 |
function are_you_sure($query_string, $question) |
232 | 240 |
{ |
233 |
- $query_string = encode_querystring($query_string); |
|
234 |
- $token = random_string(20); |
|
235 |
- $_SESSION['are_you_sure_token'] = $token; |
|
236 |
- title('Sicherheitsabfrage'); |
|
237 |
- output(" |
|
241 |
+ $query_string = encode_querystring($query_string); |
|
242 |
+ $token = random_string(20); |
|
243 |
+ $_SESSION['are_you_sure_token'] = $token; |
|
244 |
+ title('Sicherheitsabfrage'); |
|
245 |
+ output(" |
|
238 | 246 |
<form action=\"{$query_string}\" method=\"post\"> |
239 | 247 |
<div class=\"confirmation\"> |
240 | 248 |
<div class=\"question\">{$question}</div> |
... | ... |
@@ -245,68 +253,68 @@ function are_you_sure($query_string, $question) |
245 | 253 |
<input type=\"submit\" name=\"not_really\" value=\"Nein\" /> |
246 | 254 |
</p> |
247 | 255 |
</div>"); |
248 |
- output("</form>\n"); |
|
256 |
+ output("</form>\n"); |
|
249 | 257 |
} |
250 | 258 |
|
251 | 259 |
|
252 | 260 |
function user_is_sure() |
253 | 261 |
{ |
254 |
- if (isset($_POST['really'])) |
|
255 |
- { |
|
256 |
- if ($_POST['random_token'] == $_SESSION['are_you_sure_token']) |
|
257 |
- return true; |
|
258 |
- else |
|
259 |
- system_failure("Possible Cross-site-request-forgery detected!"); |
|
260 |
- } |
|
261 |
- elseif (isset($_POST['not_really'])) |
|
262 |
- return false; |
|
263 |
- else |
|
264 |
- return NULL; |
|
262 |
+ if (isset($_POST['really'])) { |
|
263 |
+ if ($_POST['random_token'] == $_SESSION['are_you_sure_token']) { |
|
264 |
+ return true; |
|
265 |
+ } else { |
|
266 |
+ system_failure("Possible Cross-site-request-forgery detected!"); |
|
267 |
+ } |
|
268 |
+ } elseif (isset($_POST['not_really'])) { |
|
269 |
+ return false; |
|
270 |
+ } else { |
|
271 |
+ return null; |
|
272 |
+ } |
|
265 | 273 |
} |
266 | 274 |
|
267 | 275 |
|
268 | 276 |
|
269 | 277 |
function generate_form_token($form_id) |
270 | 278 |
{ |
271 |
- require_once("inc/debug.php"); |
|
272 |
- $sessid = session_id(); |
|
273 |
- if ($sessid == "") |
|
274 |
- { |
|
275 |
- DEBUG("Uh? Session not running? Wtf?"); |
|
276 |
- system_failure("Internal error!"); |
|
277 |
- } |
|
278 |
- if (! isset($_SESSION['session_token'])) { |
|
279 |
- $_SESSION['session_token'] = random_string(10); |
|
280 |
- } |
|
281 |
- return hash('sha256', $sessid.$form_id.$_SESSION['session_token']); |
|
279 |
+ require_once("inc/debug.php"); |
|
280 |
+ $sessid = session_id(); |
|
281 |
+ if ($sessid == "") { |
|
282 |
+ DEBUG("Uh? Session not running? Wtf?"); |
|
283 |
+ system_failure("Internal error!"); |
|
284 |
+ } |
|
285 |
+ if (! isset($_SESSION['session_token'])) { |
|
286 |
+ $_SESSION['session_token'] = random_string(10); |
|
287 |
+ } |
|
288 |
+ return hash('sha256', $sessid.$form_id.$_SESSION['session_token']); |
|
282 | 289 |
} |
283 | 290 |
|
284 | 291 |
|
285 |
-function check_form_token($form_id, $formtoken = NULL) |
|
292 |
+function check_form_token($form_id, $formtoken = null) |
|
286 | 293 |
{ |
287 |
- if ($formtoken == NULL) |
|
288 |
- $formtoken = $_REQUEST['formtoken']; |
|
289 |
- $sessid = session_id(); |
|
290 |
- if ($sessid == "") |
|
291 |
- { |
|
292 |
- DEBUG("Uh? Session not running? Wtf?"); |
|
293 |
- system_failure("Internal error! (Session not running)"); |
|
294 |
- } |
|
295 |
- |
|
296 |
- $correct_formtoken = hash('sha256', $sessid.$form_id.$_SESSION['session_token']); |
|
297 |
- |
|
298 |
- if (! ($formtoken == $correct_formtoken)) |
|
299 |
- system_failure("Possible cross-site-request-forgery!"); |
|
294 |
+ if ($formtoken == null) { |
|
295 |
+ $formtoken = $_REQUEST['formtoken']; |
|
296 |
+ } |
|
297 |
+ $sessid = session_id(); |
|
298 |
+ if ($sessid == "") { |
|
299 |
+ DEBUG("Uh? Session not running? Wtf?"); |
|
300 |
+ system_failure("Internal error! (Session not running)"); |
|
301 |
+ } |
|
302 |
+ |
|
303 |
+ $correct_formtoken = hash('sha256', $sessid.$form_id.$_SESSION['session_token']); |
|
304 |
+ |
|
305 |
+ if (! ($formtoken == $correct_formtoken)) { |
|
306 |
+ system_failure("Possible cross-site-request-forgery!"); |
|
307 |
+ } |
|
300 | 308 |
} |
301 | 309 |
|
302 | 310 |
|
303 | 311 |
function have_module($modname) |
304 | 312 |
{ |
305 |
- return in_array($modname, config('modules')); |
|
313 |
+ return in_array($modname, config('modules')); |
|
306 | 314 |
} |
307 | 315 |
|
308 | 316 |
|
309 |
-function use_module($modname) |
|
317 |
+function use_module($modname) |
|
310 | 318 |
{ |
311 | 319 |
global $prefix, $needed_modules; |
312 | 320 |
if (! isset($needed_modules)) { |
... | ... |
@@ -320,35 +328,37 @@ function use_module($modname) |
320 | 328 |
system_failure("Soll nicht verfügbares Modul laden!"); |
321 | 329 |
} |
322 | 330 |
/* setup module include path */ |
323 |
- ini_set('include_path',ini_get('include_path').':./modules/'.$modname.'/include:'); |
|
331 |
+ ini_set('include_path', ini_get('include_path').':./modules/'.$modname.'/include:'); |
|
324 | 332 |
$style = 'modules/'.$modname.'/style.css'; |
325 | 333 |
if (file_exists($style)) { |
326 | 334 |
html_header('<link rel="stylesheet" href="'.$prefix.$style.'" type="text/css" />'."\n"); |
327 | 335 |
} |
328 |
- |
|
329 | 336 |
} |
330 | 337 |
|
331 | 338 |
|
332 | 339 |
function encode_querystring($querystring) |
333 | 340 |
{ |
334 |
- global $debugmode; |
|
335 |
- if ($debugmode) |
|
336 |
- $querystring = 'debug&'.$querystring; |
|
337 |
- $query = explode('&', $querystring); |
|
338 |
- $new_query = array(); |
|
339 |
- foreach ($query AS $item) |
|
340 |
- if ($item != '') |
|
341 |
- |