Browse code

Codingstyle PSR12 + array syntax

Hanno Böck authored on 30/10/2021 21:18:17
Showing 1 changed files
... ...
@@ -33,7 +33,7 @@ function config($key, $localonly = false)
33 33
     }
34 34
 
35 35
     if ($key == 'modules' && isset($_SESSION['restrict_modules'])) {
36
-        $modules = array();
36
+        $modules = [];
37 37
         foreach ($config['modules'] as $mod) {
38 38
             if (in_array($mod, $_SESSION['restrict_modules'])) {
39 39
                 $modules[] = $mod;
... ...
@@ -84,7 +84,7 @@ function have_role($role)
84 84
 function get_server_by_id($id)
85 85
 {
86 86
     $id = (int) $id;
87
-    $result = db_query("SELECT hostname FROM system.servers WHERE id=?", array($id));
87
+    $result = db_query("SELECT hostname FROM system.servers WHERE id=?", [$id]);
88 88
     $ret = $result->fetch();
89 89
     return $ret['hostname'];
90 90
 }
... ...
@@ -102,7 +102,7 @@ function redirect($target)
102 102
         if (strpos($target, '?') === false) {
103 103
             print 'REDIRECT: '.internal_link($target, $target);
104 104
         } else {
105
-            list($file, $qs) = explode('?', $target, 2);
105
+            [$file, $qs] = explode('?', $target, 2);
106 106
             print 'REDIRECT: '.internal_link($file, $target, $qs);
107 107
         }
108 108
     }
... ...
@@ -113,7 +113,7 @@ function redirect($target)
113 113
 function my_server_id()
114 114
 {
115 115
     $uid = (int) $_SESSION['userinfo']['uid'];
116
-    $result = db_query("SELECT server FROM system.useraccounts WHERE uid=?", array($uid));
116
+    $result = db_query("SELECT server FROM system.useraccounts WHERE uid=?", [$uid]);
117 117
     $r = $result->fetch();
118 118
     DEBUG($r);
119 119
     return $r['server'];
... ...
@@ -123,8 +123,8 @@ function my_server_id()
123 123
 function additional_servers()
124 124
 {
125 125
     $uid = (int) $_SESSION['userinfo']['uid'];
126
-    $result = db_query("SELECT server FROM system.user_server WHERE uid=?", array($uid));
127
-    $servers = array();
126
+    $result = db_query("SELECT server FROM system.user_server WHERE uid=?", [$uid]);
127
+    $servers = [];
128 128
     while ($s = $result->fetch()) {
129 129
         $servers[] = $s['server'];
130 130
     }
... ...
@@ -136,7 +136,7 @@ function additional_servers()
136 136
 function server_names()
137 137
 {
138 138
     $result = db_query("SELECT id, hostname FROM system.servers");
139
-    $servers = array();
139
+    $servers = [];
140 140
     while ($s = $result->fetch()) {
141 141
         $servers[$s['id']] = $s['hostname'];
142 142
     }
... ...
@@ -180,11 +180,11 @@ function logger($severity, $scriptname, $scope, $message)
180 180
         }
181 181
     }
182 182
 
183
-    $args = array(":user" => $user,
183
+    $args = [":user" => $user,
184 184
                 ":remote" => $_SERVER['REMOTE_ADDR'],
185 185
                 ":scriptname" => $scriptname,
186 186
                 ":scope" => $scope,
187
-                ":message" => $message);
187
+                ":message" => $message, ];
188 188
 
189 189
     db_query("INSERT INTO misc.scriptlog (remote, user,scriptname,scope,message) VALUES (:remote, :user, :scriptname, :scope, :message)", $args);
190 190
 }
... ...
@@ -195,7 +195,7 @@ function count_failed_logins()
195 195
         DEBUG("logging is disabled, no brute force check possible");
196 196
         return;
197 197
     }
198
-    $result = db_query("SELECT count(*) AS num FROM misc.scriptlog WHERE user IS NULL AND scriptname='session/start' AND scope='login' AND message LIKE 'wrong user data%' AND remote=:remote AND `timestamp` > NOW() - INTERVAL 10 MINUTE", array(":remote" => $_SERVER['REMOTE_ADDR']));
198
+    $result = db_query("SELECT count(*) AS num FROM misc.scriptlog WHERE user IS NULL AND scriptname='session/start' AND scope='login' AND message LIKE 'wrong user data%' AND remote=:remote AND `timestamp` > NOW() - INTERVAL 10 MINUTE", [":remote" => $_SERVER['REMOTE_ADDR']]);
199 199
     $data = $result->fetch();
200 200
     DEBUG('seen '.$data['num'].' failed logins from this address within 10 minutes');
201 201
     return $data['num'];
... ...
@@ -229,7 +229,7 @@ function footnote($explaination)
229 229
 {
230 230
     global $footnotes;
231 231
     if (!isset($footnotes) || !is_array($footnotes)) {
232
-        $footnotes = array();
232
+        $footnotes = [];
233 233
     }
234 234
     $fnid = array_search($explaination, $footnotes);
235 235
     DEBUG($footnotes);
... ...
@@ -334,7 +334,7 @@ function use_module($modname)
334 334
 {
335 335
     global $prefix, $needed_modules;
336 336
     if (! isset($needed_modules)) {
337
-        $needed_modules = array();
337
+        $needed_modules = [];
338 338
     }
339 339
     if (in_array($modname, $needed_modules)) {
340 340
         return;
... ...
@@ -359,7 +359,7 @@ function encode_querystring($querystring)
359 359
         $querystring = 'debug&'.$querystring;
360 360
     }
361 361
     $query = explode('&', $querystring);
362
-    $new_query = array();
362
+    $new_query = [];
363 363
     foreach ($query as $item) {
364 364
         if ($item != '') {
365 365
             $split = explode('=', $item, 2);
... ...
@@ -433,22 +433,22 @@ function html_select($name, $options, $default='', $free='')
433 433
 
434 434
 function html_datepicker($nameprefix, $timestamp)
435 435
 {
436
-    $valid_days = array( 1 =>  1,  2 =>  2,  3 =>  3,  4 =>  4,  5 =>  5,
436
+    $valid_days = [ 1 =>  1,  2 =>  2,  3 =>  3,  4 =>  4,  5 =>  5,
437 437
                        6 =>  6,  7 =>  7,  8 =>  8,  9 =>  9, 10 => 10,
438 438
                       11 => 11, 12 => 12, 13 => 13, 14 => 14, 15 => 15,
439 439
                       16 => 16, 17 => 17, 18 => 18, 19 => 19, 20 => 20,
440 440
                       21 => 21, 22 => 22, 23 => 23, 24 => 24, 25 => 25,
441 441
                       26 => 26, 27 => 27, 28 => 28, 29 => 29, 30 => 30,
442
-                      31 => 31);
443
-    $valid_months = array( 1 =>  1,  2 =>  2,  3 =>  3,  4 =>  4,  5 =>  5,
442
+                      31 => 31, ];
443
+    $valid_months = [ 1 =>  1,  2 =>  2,  3 =>  3,  4 =>  4,  5 =>  5,
444 444
                          6 =>  6,  7 =>  7,  8 =>  8,  9 =>  9, 10 => 10,
445
-                        11 => 11, 12 => 12);
445
+                        11 => 11, 12 => 12, ];
446 446
     $current_year = (int) date('Y');
447
-    $valid_years = array($current_year => $current_year,
447
+    $valid_years = [$current_year => $current_year,
448 448
                        $current_year+1 => $current_year+1,
449 449
                        $current_year+2 => $current_year+2,
450 450
                        $current_year+3 => $current_year+3,
451
-                       $current_year+4 => $current_year+4);
451
+                       $current_year+4 => $current_year+4, ];
452 452
 
453 453
     $selected_day = date('d', $timestamp);
454 454
     $selected_month = date('m', $timestamp);
... ...
@@ -463,7 +463,7 @@ function html_datepicker($nameprefix, $timestamp)
463 463
 function get_modules_info()
464 464
 {
465 465
     $modules = config('modules');
466
-    $modconfig = array();
466
+    $modconfig = [];
467 467
     foreach ($modules as $name) {
468 468
         $modconfig[$name] = null;
469 469
         if (file_exists('modules/'.$name.'/module.info')) {
Browse code

set admin address as sender for messages / use company name if defined

Bernd Wurst authored on 17/06/2021 15:58:21
Showing 1 changed files
... ...
@@ -479,7 +479,7 @@ function send_mail($address, $subject, $body)
479 479
     if (strstr($subject, "\n") !== false) {
480 480
         die("Zeilenumbruch im subject!");
481 481
     }
482
-    $header = "From: ".config('company_name')." Web Administration <noreply@".config('masterdomain').">\r\nReply-To: ".config('adminmail')."\r\nCc: ".config('adminmail')."\r\nContent-Type: text/plain; charset=\"utf-8\"\r\nContent-Transfer-Encoding: quoted-printable\r\nX-schokokeks-org-message: webinterface";
482
+    $header = "From: ".config('company_name')." Web Administration <".config('adminmail').">\r\nCc: ".config('adminmail')."\r\nContent-Type: text/plain; charset=\"utf-8\"\r\nContent-Transfer-Encoding: quoted-printable\r\nX-schokokeks-org-message: webinterface";
483 483
     $subject = mb_encode_mimeheader($subject, "utf-8", "Q");
484 484
     $body = quoted_printable_encode($body);
485 485
     mail($address, $subject, $body, $header);
Browse code

Use mb_encode_mimeheader instead of quoted_printable_encode to ensure properly encoded subjects, add custom mail header

Hanno Böck authored on 24/05/2020 09:46:55
Showing 1 changed files
... ...
@@ -479,8 +479,8 @@ function send_mail($address, $subject, $body)
479 479
     if (strstr($subject, "\n") !== false) {
480 480
         die("Zeilenumbruch im subject!");
481 481
     }
482
-    $header = "From: ".config('company_name')." Web Administration <noreply@".config('masterdomain').">\r\nReply-To: ".config('adminmail')."\r\nCc: ".config('adminmail')."\r\nContent-Type: text/plain; charset=\"utf-8\"\r\nContent-Transfer-Encoding: quoted-printable";
483
-    $subject = "=?UTF-8?Q?".quoted_printable_encode($subject)."?=";
482
+    $header = "From: ".config('company_name')." Web Administration <noreply@".config('masterdomain').">\r\nReply-To: ".config('adminmail')."\r\nCc: ".config('adminmail')."\r\nContent-Type: text/plain; charset=\"utf-8\"\r\nContent-Transfer-Encoding: quoted-printable\r\nX-schokokeks-org-message: webinterface";
483
+    $subject = mb_encode_mimeheader($subject, "utf-8", "Q");
484 484
     $body = quoted_printable_encode($body);
485 485
     mail($address, $subject, $body, $header);
486 486
 }
Browse code

fix encoding mail headers and body as quoted printable

Bernd Wurst authored on 20/10/2019 12:02:54
Showing 1 changed files
... ...
@@ -479,7 +479,9 @@ function send_mail($address, $subject, $body)
479 479
     if (strstr($subject, "\n") !== false) {
480 480
         die("Zeilenumbruch im subject!");
481 481
     }
482
-    $header = "From: ".config('company_name')." Web Administration <noreply@".config('masterdomain').">\r\nReply-To: ".config('adminmail')."\r\nCc: ".config('adminmail')."\r\nContent-Type: text/plain; charset=\"utf-8\"\r\nContent-Transfer-Encoding: 8bit";
482
+    $header = "From: ".config('company_name')." Web Administration <noreply@".config('masterdomain').">\r\nReply-To: ".config('adminmail')."\r\nCc: ".config('adminmail')."\r\nContent-Type: text/plain; charset=\"utf-8\"\r\nContent-Transfer-Encoding: quoted-printable";
483
+    $subject = "=?UTF-8?Q?".quoted_printable_encode($subject)."?=";
484
+    $body = quoted_printable_encode($body);
483 485
     mail($address, $subject, $body, $header);
484 486
 }
485 487
 
Browse code

Funktion send_mail() global verfügbar gemacht.

Bernd Wurst authored on 15/10/2019 09:51:58
Showing 1 changed files
... ...
@@ -473,6 +473,16 @@ function get_modules_info()
473 473
     return $modconfig;
474 474
 }
475 475
 
476
+
477
+function send_mail($address, $subject, $body)
478
+{
479
+    if (strstr($subject, "\n") !== false) {
480
+        die("Zeilenumbruch im subject!");
481
+    }
482
+    $header = "From: ".config('company_name')." Web Administration <noreply@".config('masterdomain').">\r\nReply-To: ".config('adminmail')."\r\nCc: ".config('adminmail')."\r\nContent-Type: text/plain; charset=\"utf-8\"\r\nContent-Transfer-Encoding: 8bit";
483
+    mail($address, $subject, $body, $header);
484
+}
485
+
476 486
 function handle_exception($e)
477 487
 {
478 488
     if (config('enable_debug')) {
Browse code

accept integer parameters in filter_*() and use filter_output_html() in html_* functions

Bernd Wurst authored on 14/10/2019 11:50:19
Showing 1 changed files
... ...
@@ -422,8 +422,8 @@ function html_select($name, $options, $default='', $free='')
422 422
         if ($default == $key) {
423 423
             $selected = ' selected="selected" ';
424 424
         }
425
-        $key = filter_input_general($key);
426
-        $value = filter_input_general($value);
425
+        $key = filter_output_html($key);
426
+        $value = filter_output_html($value);
427 427
         $ret .= "  <option value=\"{$key}\"{$selected}>{$value}</option>\n";
428 428
     }
429 429
     $ret .= '</select>';
Browse code

disable brute force check when logging is disabled

Bernd Wurst authored on 11/04/2019 17:16:39
Showing 1 changed files
... ...
@@ -191,6 +191,10 @@ function logger($severity, $scriptname, $scope, $message)
191 191
 
192 192
 function count_failed_logins()
193 193
 {
194
+    if (config('logging') < LOG_WARNING) {
195
+        DEBUG("logging is disabled, no brute force check possible");
196
+        return;
197
+    }
194 198
     $result = db_query("SELECT count(*) AS num FROM misc.scriptlog WHERE user IS NULL AND scriptname='session/start' AND scope='login' AND message LIKE 'wrong user data%' AND remote=:remote AND `timestamp` > NOW() - INTERVAL 10 MINUTE", array(":remote" => $_SERVER['REMOTE_ADDR']));
195 199
     $data = $result->fetch();
196 200
     DEBUG('seen '.$data['num'].' failed logins from this address within 10 minutes');
Browse code

print stack trace with exception

Bernd Wurst authored on 10/04/2019 20:58:00
Showing 1 changed files
... ...
@@ -472,8 +472,10 @@ function get_modules_info()
472 472
 function handle_exception($e)
473 473
 {
474 474
     if (config('enable_debug')) {
475
-        print_r($e->getMessage());
476
-        print_r(serialize($_POST));
475
+        print_r($e->getMessage()."<br>");
476
+        debug_print_backtrace();
477
+        echo("<br>");
478
+        print_r(serialize($_POST)."<br>");
477 479
         print_r(serialize($_SERVER));
478 480
     } else {
479 481
         $msg = "Exception caught:\n".$e->getMessage()."\n".serialize($_POST)."\n".serialize($_SERVER);
Browse code

fix codingstyle

Hanno authored on 10/04/2019 08:52:30
Showing 1 changed files
... ...
@@ -189,7 +189,8 @@ function logger($severity, $scriptname, $scope, $message)
189 189
     db_query("INSERT INTO misc.scriptlog (remote, user,scriptname,scope,message) VALUES (:remote, :user, :scriptname, :scope, :message)", $args);
190 190
 }
191 191
 
192
-function count_failed_logins() {
192
+function count_failed_logins()
193
+{
193 194
     $result = db_query("SELECT count(*) AS num FROM misc.scriptlog WHERE user IS NULL AND scriptname='session/start' AND scope='login' AND message LIKE 'wrong user data%' AND remote=:remote AND `timestamp` > NOW() - INTERVAL 10 MINUTE", array(":remote" => $_SERVER['REMOTE_ADDR']));
194 195
     $data = $result->fetch();
195 196
     DEBUG('seen '.$data['num'].' failed logins from this address within 10 minutes');
Browse code

send exception via mail only in non-debug-environments

Bernd Wurst authored on 10/04/2019 08:13:58
Showing 1 changed files
... ...
@@ -470,6 +470,12 @@ function get_modules_info()
470 470
 
471 471
 function handle_exception($e)
472 472
 {
473
-    $msg = "Exception caught:\n".$e->getMessage()."\n".serialize($_POST)."\n".serialize($_SERVER);
474
-    mail(config("adminmail"), "Exception on configinterface", $msg);
473
+    if (config('enable_debug')) {
474
+        print_r($e->getMessage());
475
+        print_r(serialize($_POST));
476
+        print_r(serialize($_SERVER));
477
+    } else {
478
+        $msg = "Exception caught:\n".$e->getMessage()."\n".serialize($_POST)."\n".serialize($_SERVER);
479
+        mail(config("adminmail"), "Exception on configinterface", $msg);
480
+    }
475 481
 }
Browse code

add brute force protection to login

Bernd Wurst authored on 10/04/2019 07:56:36
Showing 1 changed files
... ...
@@ -189,6 +189,13 @@ function logger($severity, $scriptname, $scope, $message)
189 189
     db_query("INSERT INTO misc.scriptlog (remote, user,scriptname,scope,message) VALUES (:remote, :user, :scriptname, :scope, :message)", $args);
190 190
 }
191 191
 
192
+function count_failed_logins() {
193
+    $result = db_query("SELECT count(*) AS num FROM misc.scriptlog WHERE user IS NULL AND scriptname='session/start' AND scope='login' AND message LIKE 'wrong user data%' AND remote=:remote AND `timestamp` > NOW() - INTERVAL 10 MINUTE", array(":remote" => $_SERVER['REMOTE_ADDR']));
194
+    $data = $result->fetch();
195
+    DEBUG('seen '.$data['num'].' failed logins from this address within 10 minutes');
196
+    return $data['num'];
197
+}
198
+
192 199
 function html_header($arg)
193 200
 {
194 201
     global $html_header;
Browse code

Default exception handler with warning mail to admin

Hanno authored on 05/01/2019 17:16:27
Showing 1 changed files
... ...
@@ -460,3 +460,9 @@ function get_modules_info()
460 460
     }
461 461
     return $modconfig;
462 462
 }
463
+
464
+function handle_exception($e)
465
+{
466
+    $msg = "Exception caught:\n".$e->getMessage()."\n".serialize($_POST)."\n".serialize($_SERVER);
467
+    mail(config("adminmail"), "Exception on configinterface", $msg);
468
+}
Browse code

Warnung wg. undefined index vermeiden wenn kein form_token gesetzt ist

Hanno Böck authored on 07/08/2018 20:28:46
Showing 1 changed files
... ...
@@ -292,7 +292,7 @@ function generate_form_token($form_id)
292 292
 
293 293
 function check_form_token($form_id, $formtoken = null)
294 294
 {
295
-    if ($formtoken == null) {
295
+    if ($formtoken == null && isset($_REQUEST['formtoken'])) {
296 296
         $formtoken = $_REQUEST['formtoken'];
297 297
     }
298 298
     $sessid = session_id();
Browse code

avoid undefined index

Hanno authored on 29/07/2018 09:09:05
Showing 1 changed files
... ...
@@ -260,7 +260,8 @@ function are_you_sure($query_string, $question)
260 260
 function user_is_sure()
261 261
 {
262 262
     if (isset($_POST['really'])) {
263
-        if ($_POST['random_token'] == $_SESSION['are_you_sure_token']) {
263
+        if (array_key_exists('random_token', $_POST) &&
264
+            ($_POST['random_token'] == $_SESSION['are_you_sure_token'])) {
264 265
             return true;
265 266
         } else {
266 267
             system_failure("Possible Cross-site-request-forgery detected!");
Browse code

Erzeuge Session-Token, falls es noch nicht existiert.

Bernd Wurst authored on 20/07/2018 11:37:15
Showing 1 changed files
... ...
@@ -300,6 +300,9 @@ function check_form_token($form_id, $formtoken = null)
300 300
         system_failure("Internal error! (Session not running)");
301 301
     }
302 302
 
303
+    if (! isset($_SESSION['session_token'])) {
304
+        $_SESSION['session_token'] = random_string(10);
305
+    }
303 306
     $correct_formtoken = hash('sha256', $sessid.$form_id.$_SESSION['session_token']);
304 307
 
305 308
     if (! ($formtoken == $correct_formtoken)) {
Browse code

remove whitespace in empty lines

Hanno authored on 26/06/2018 23:36:40
Showing 1 changed files
... ...
@@ -45,14 +45,14 @@ function config($key, $localonly = false)
45 45
     if (array_key_exists($key, $config)) {
46 46
         return $config[$key];
47 47
     }
48
-  
48
+
49 49
     if ($localonly) {
50 50
         return null;
51 51
     }
52 52
 
53 53
     /* read configuration from database */
54 54
     $result = db_query("SELECT `key`, value FROM misc.config");
55
-  
55
+
56 56
     while ($object = $result->fetch()) {
57 57
         if (!array_key_exists($object['key'], $config)) {
58 58
             $config[$object['key']]=$object['value'];
... ...
@@ -433,7 +433,7 @@ function html_datepicker($nameprefix, $timestamp)
433 433
                        $current_year+2 => $current_year+2,
434 434
                        $current_year+3 => $current_year+3,
435 435
                        $current_year+4 => $current_year+4);
436
-              
436
+
437 437
     $selected_day = date('d', $timestamp);
438 438
     $selected_month = date('m', $timestamp);
439 439
     $selected_year = date('Y', $timestamp);
Browse code

Fix coding style with php-cs-checker, see https://cs.sensiolabs.org/

Hanno authored on 26/06/2018 13:58:19
Showing 1 changed files
... ...
@@ -8,7 +8,7 @@ Written 2008-2018 by schokokeks.org Hosting, namely
8 8
 
9 9
 To the extent possible under law, the author(s) have dedicated all copyright and related and neighboring rights to this software to the public domain worldwide. This software is distributed without any warranty.
10 10
 
11
-You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see 
11
+You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see
12 12
 http://creativecommons.org/publicdomain/zero/1.0/
13 13
 
14 14
 Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code.
... ...
@@ -19,57 +19,59 @@ require_once('inc/debug.php');
19 19
 
20 20
 function config($key, $localonly = false)
21 21
 {
22
-  global $config;
23
-
24
-  if ($key == "modules") {
25
-    // Stelle sicher, dass das "index"-Modul immer aktiv ist!
26
-    if (! in_array("index", $config['modules'])) {
27
-      $config['modules'][] = "index";
28
-    }
29
-    // Stelle sicher, dass das "about"-Modul immer aktiv ist!
30
-    if (! in_array("about", $config['modules'])) {
31
-      $config['modules'][] = "about";
22
+    global $config;
23
+
24
+    if ($key == "modules") {
25
+        // Stelle sicher, dass das "index"-Modul immer aktiv ist!
26
+        if (! in_array("index", $config['modules'])) {
27
+            $config['modules'][] = "index";
28
+        }
29
+        // Stelle sicher, dass das "about"-Modul immer aktiv ist!
30
+        if (! in_array("about", $config['modules'])) {
31
+            $config['modules'][] = "about";
32
+        }
32 33
     }
33
-  }
34 34
 
35
-  if ($key == 'modules' && isset($_SESSION['restrict_modules']))
36
-  {
37
-    $modules = array();
38
-    foreach ($config['modules'] as $mod)
39
-    {
40
-      if (in_array($mod, $_SESSION['restrict_modules']))
41
-        $modules[] = $mod;
35
+    if ($key == 'modules' && isset($_SESSION['restrict_modules'])) {
36
+        $modules = array();
37
+        foreach ($config['modules'] as $mod) {
38
+            if (in_array($mod, $_SESSION['restrict_modules'])) {
39
+                $modules[] = $mod;
40
+            }
41
+        }
42
+        return $modules;
42 43
     }
43
-    return $modules;
44
-  }
45 44
 
46
-  if (array_key_exists($key, $config))
47
-    return $config[$key];
45
+    if (array_key_exists($key, $config)) {
46
+        return $config[$key];
47
+    }
48 48
   
49
-  if ($localonly) {
50
-    return NULL;
51
-  }  
49
+    if ($localonly) {
50
+        return null;
51
+    }
52 52
 
53
-  /* read configuration from database */
54
-  $result = db_query( "SELECT `key`, value FROM misc.config" );
53
+    /* read configuration from database */
54
+    $result = db_query("SELECT `key`, value FROM misc.config");
55 55
   
56
-  while( $object = $result->fetch() ) {
57
-    if (!array_key_exists($object['key'], $config)) {
58
-	    $config[$object['key']]=$object['value'];
59
-    }
60
-  }
61
-  // Sonst wird das Passwort des webadmin-Users mit ausgegeben
62
-  $debug_config = $config;
63
-  unset($debug_config['db_pass']);
64
-  DEBUG($debug_config);
65
-  if (array_key_exists($key, $config))
66
-    return $config[$key];
67
-  else
68
-    logger(LOG_ERR, "inc/base", "config", "Request to read nonexistant config option »{$key}«.");
69
-    return NULL;
56
+    while ($object = $result->fetch()) {
57
+        if (!array_key_exists($object['key'], $config)) {
58
+            $config[$object['key']]=$object['value'];
59
+        }
60
+    }
61
+    // Sonst wird das Passwort des webadmin-Users mit ausgegeben
62
+    $debug_config = $config;
63
+    unset($debug_config['db_pass']);
64
+    DEBUG($debug_config);
65
+    if (array_key_exists($key, $config)) {
66
+        return $config[$key];
67
+    } else {
68
+        logger(LOG_ERR, "inc/base", "config", "Request to read nonexistant config option »{$key}«.");
69
+    }
70
+    return null;
70 71
 }
71 72
 
72
-function have_role($role) {
73
+function have_role($role)
74
+{
73 75
     $have = $_SESSION['role'] & $role;
74 76
     if ($have) {
75 77
         DEBUG("Current user has role ".$role);
... ...
@@ -79,76 +81,81 @@ function have_role($role) {
79 81
     return $have;
80 82
 }
81 83
 
82
-function get_server_by_id($id) {
83
-  $id = (int) $id;
84
-  $result = db_query("SELECT hostname FROM system.servers WHERE id=?", array($id));
85
-  $ret = $result->fetch();
86
-  return $ret['hostname'];
84
+function get_server_by_id($id)
85
+{
86
+    $id = (int) $id;
87
+    $result = db_query("SELECT hostname FROM system.servers WHERE id=?", array($id));
88
+    $ret = $result->fetch();
89
+    return $ret['hostname'];
87 90
 }
88 91
 
89 92
 
90 93
 function redirect($target)
91 94
 {
92
-  global $debugmode;
93
-  if ($target == '') {
94
-      $target = $_SERVER['REQUEST_URI'];
95
-  }
96
-  if (! $debugmode) {
97
-    header("Location: {$target}");
98
-  } else {
99
-      if (strpos($target, '?') === false) {
100
-        print 'REDIRECT: '.internal_link($target, $target);
101
-      } else {
102
-          list($file, $qs) = explode('?', $target, 2);
103
-          print 'REDIRECT: '.internal_link($file, $target, $qs);
104
-      }
105
-  }
106
-  die();
95
+    global $debugmode;
96
+    if ($target == '') {
97
+        $target = $_SERVER['REQUEST_URI'];
98
+    }
99
+    if (! $debugmode) {
100
+        header("Location: {$target}");
101
+    } else {
102
+        if (strpos($target, '?') === false) {
103
+            print 'REDIRECT: '.internal_link($target, $target);
104
+        } else {
105
+            list($file, $qs) = explode('?', $target, 2);
106
+            print 'REDIRECT: '.internal_link($file, $target, $qs);
107
+        }
108
+    }
109
+    die();
107 110
 }
108 111
 
109 112
 
110 113
 function my_server_id()
111 114
 {
112
-  $uid = (int) $_SESSION['userinfo']['uid'];
113
-  $result = db_query("SELECT server FROM system.useraccounts WHERE uid=?", array($uid));
114
-  $r = $result->fetch();
115
-  DEBUG($r);
116
-  return $r['server'];
115
+    $uid = (int) $_SESSION['userinfo']['uid'];
116
+    $result = db_query("SELECT server FROM system.useraccounts WHERE uid=?", array($uid));
117
+    $r = $result->fetch();
118
+    DEBUG($r);
119
+    return $r['server'];
117 120
 }
118 121
 
119 122
 
120 123
 function additional_servers()
121 124
 {
122
-  $uid = (int) $_SESSION['userinfo']['uid'];
123
-  $result = db_query("SELECT server FROM system.user_server WHERE uid=?", array($uid));
124
-  $servers = array();
125
-  while ($s = $result->fetch())
126
-    $servers[] = $s['server'];
127
-  DEBUG($servers);
128
-  return $servers;
125
+    $uid = (int) $_SESSION['userinfo']['uid'];
126
+    $result = db_query("SELECT server FROM system.user_server WHERE uid=?", array($uid));
127
+    $servers = array();
128
+    while ($s = $result->fetch()) {
129
+        $servers[] = $s['server'];
130
+    }
131
+    DEBUG($servers);
132
+    return $servers;
129 133
 }
130 134
 
131 135
 
132 136
 function server_names()
133 137
 {
134
-  $result = db_query("SELECT id, hostname FROM system.servers");
135
-  $servers = array();
136
-  while ($s = $result->fetch())
137
-    $servers[$s['id']] = $s['hostname'];
138
-  DEBUG($servers);
139
-  return $servers;
138
+    $result = db_query("SELECT id, hostname FROM system.servers");
139
+    $servers = array();
140
+    while ($s = $result->fetch()) {
141
+        $servers[$s['id']] = $s['hostname'];
142
+    }
143
+    DEBUG($servers);
144
+    return $servers;
140 145
 }
141 146
 
142 147
 
143 148
 function maybe_null($value)
144 149
 {
145
-  if (! $value)
146
-    return NULL;
150
+    if (! $value) {
151
+        return null;
152
+    }
147 153
 
148
-  if (strlen( (string) $value ) > 0)
149
-    return (string) $value;
150
-  else
151
-    return NULL;
154
+    if (strlen((string) $value) > 0) {
155
+        return (string) $value;
156
+    } else {
157
+        return null;
158
+    }
152 159
 }
153 160
 
154 161
 
... ...
@@ -158,51 +165,52 @@ function maybe_null($value)
158 165
 
159 166
 function logger($severity, $scriptname, $scope, $message)
160 167
 {
161
-  if (config('logging') < $severity) {
162
-    DEBUG("NOT LOGGING $scriptname:$scope:$message");
163
-    return;
164
-  }
165
-
166
-  DEBUG("LOGGING $scriptname:$scope:$message");
167
-  $user = NULL;
168
-  if (array_key_exists("role", $_SESSION)) {
169
-    if ($_SESSION['role'] & ROLE_SYSTEMUSER)
170
-      $user = $_SESSION['userinfo']['username'];
171
-    elseif ($_SESSION['role'] & ROLE_CUSTOMER)
172
-      $user = $_SESSION['customerinfo']['customerno'];
173
-  }
174
-
175
-  $args = array(":user" => $user,
168
+    if (config('logging') < $severity) {
169
+        DEBUG("NOT LOGGING $scriptname:$scope:$message");
170
+        return;
171
+    }
172
+
173
+    DEBUG("LOGGING $scriptname:$scope:$message");
174
+    $user = null;
175
+    if (array_key_exists("role", $_SESSION)) {
176
+        if ($_SESSION['role'] & ROLE_SYSTEMUSER) {
177
+            $user = $_SESSION['userinfo']['username'];
178
+        } elseif ($_SESSION['role'] & ROLE_CUSTOMER) {
179
+            $user = $_SESSION['customerinfo']['customerno'];
180
+        }
181
+    }
182
+
183
+    $args = array(":user" => $user,
176 184
                 ":remote" => $_SERVER['REMOTE_ADDR'],
177 185
                 ":scriptname" => $scriptname,
178 186
                 ":scope" => $scope,
179 187
                 ":message" => $message);
180 188
 
181
-  db_query("INSERT INTO misc.scriptlog (remote, user,scriptname,scope,message) VALUES (:remote, :user, :scriptname, :scope, :message)", $args);
189
+    db_query("INSERT INTO misc.scriptlog (remote, user,scriptname,scope,message) VALUES (:remote, :user, :scriptname, :scope, :message)", $args);
182 190
 }
183 191
 
184 192
 function html_header($arg)
185 193
 {
186
-  global $html_header;
187
-  $html_header .= $arg;
194
+    global $html_header;
195
+    $html_header .= $arg;
188 196
 }
189 197
 
190 198
 function title($arg)
191 199
 {
192
-  global $title;
193
-  $title = $arg;
200
+    global $title;
201
+    $title = $arg;
194 202
 }
195 203
 
196 204
 function headline($arg)
197 205
 {
198
-  global $headline;
199
-  $headline = $arg;
206
+    global $headline;
207
+    $headline = $arg;
200 208
 }
201 209
 
202 210
 function output($arg)
203 211
 {
204
-  global $output;
205
-  $output .= $arg;
212
+    global $output;
213
+    $output .= $arg;
206 214
 }
207 215
 
208 216
 function footnote($explaination)
... ...
@@ -213,7 +221,7 @@ function footnote($explaination)
213 221
     }
214 222
     $fnid = array_search($explaination, $footnotes);
215 223
     DEBUG($footnotes);
216
-    if ($fnid === FALSE) {
224
+    if ($fnid === false) {
217 225
         DEBUG("Footnote »{$explaination}« is not in footnotes!");
218 226
         $footnotes[] = $explaination;
219 227
     }
... ...
@@ -221,20 +229,20 @@ function footnote($explaination)
221 229
     return str_repeat('*', ($fnid+1));
222 230
 }
223 231
 
224
-function random_string($len) 
232
+function random_string($len)
225 233
 {
226
-  $s = str_replace('+', '.', base64_encode(random_bytes(ceil($len*3/4))));
227
-  return substr($s, 0, $len);
234
+    $s = str_replace('+', '.', base64_encode(random_bytes(ceil($len*3/4))));
235
+    return substr($s, 0, $len);
228 236
 }
229 237
 
230 238
 
231 239
 function are_you_sure($query_string, $question)
232 240
 {
233
-  $query_string = encode_querystring($query_string);
234
-  $token = random_string(20);
235
-  $_SESSION['are_you_sure_token'] = $token;
236
-  title('Sicherheitsabfrage');
237
-  output("
241
+    $query_string = encode_querystring($query_string);
242
+    $token = random_string(20);
243
+    $_SESSION['are_you_sure_token'] = $token;
244
+    title('Sicherheitsabfrage');
245
+    output("
238 246
     <form action=\"{$query_string}\" method=\"post\">
239 247
     <div class=\"confirmation\">
240 248
       <div class=\"question\">{$question}</div>
... ...
@@ -245,68 +253,68 @@ function are_you_sure($query_string, $question)
245 253
         <input type=\"submit\" name=\"not_really\" value=\"Nein\" />
246 254
       </p>
247 255
     </div>");
248
-  output("</form>\n");
256
+    output("</form>\n");
249 257
 }
250 258
 
251 259
 
252 260
 function user_is_sure()
253 261
 {
254
-  if (isset($_POST['really']))
255
-  {
256
-    if ($_POST['random_token'] == $_SESSION['are_you_sure_token'])
257
-      return true;
258
-    else
259
-      system_failure("Possible Cross-site-request-forgery detected!");
260
-  }
261
-  elseif (isset($_POST['not_really']))
262
-    return false;
263
-  else
264
-    return NULL;
262
+    if (isset($_POST['really'])) {
263
+        if ($_POST['random_token'] == $_SESSION['are_you_sure_token']) {
264
+            return true;
265
+        } else {
266
+            system_failure("Possible Cross-site-request-forgery detected!");
267
+        }
268
+    } elseif (isset($_POST['not_really'])) {
269
+        return false;
270
+    } else {
271
+        return null;
272
+    }
265 273
 }
266 274
 
267 275
 
268 276
 
269 277
 function generate_form_token($form_id)
270 278
 {
271
-  require_once("inc/debug.php");
272
-  $sessid = session_id();
273
-  if ($sessid == "") 
274
-  {
275
-    DEBUG("Uh? Session not running? Wtf?");
276
-    system_failure("Internal error!");
277
-  }
278
-  if (! isset($_SESSION['session_token'])) {
279
-    $_SESSION['session_token'] = random_string(10);
280
-  }
281
-  return hash('sha256', $sessid.$form_id.$_SESSION['session_token']);
279
+    require_once("inc/debug.php");
280
+    $sessid = session_id();
281
+    if ($sessid == "") {
282
+        DEBUG("Uh? Session not running? Wtf?");
283
+        system_failure("Internal error!");
284
+    }
285
+    if (! isset($_SESSION['session_token'])) {
286
+        $_SESSION['session_token'] = random_string(10);
287
+    }
288
+    return hash('sha256', $sessid.$form_id.$_SESSION['session_token']);
282 289
 }
283 290
 
284 291
 
285
-function check_form_token($form_id, $formtoken = NULL)
292
+function check_form_token($form_id, $formtoken = null)
286 293
 {
287
-  if ($formtoken == NULL)
288
-    $formtoken = $_REQUEST['formtoken'];
289
-  $sessid = session_id();
290
-  if ($sessid == "") 
291
-  {
292
-    DEBUG("Uh? Session not running? Wtf?");
293
-    system_failure("Internal error! (Session not running)");
294
-  }
295
-
296
-  $correct_formtoken = hash('sha256', $sessid.$form_id.$_SESSION['session_token']);
297
-
298
-  if (! ($formtoken == $correct_formtoken))
299
-    system_failure("Possible cross-site-request-forgery!");
294
+    if ($formtoken == null) {
295
+        $formtoken = $_REQUEST['formtoken'];
296
+    }
297
+    $sessid = session_id();
298
+    if ($sessid == "") {
299
+        DEBUG("Uh? Session not running? Wtf?");
300
+        system_failure("Internal error! (Session not running)");
301
+    }
302
+
303
+    $correct_formtoken = hash('sha256', $sessid.$form_id.$_SESSION['session_token']);
304
+
305
+    if (! ($formtoken == $correct_formtoken)) {
306
+        system_failure("Possible cross-site-request-forgery!");
307
+    }
300 308
 }
301 309
 
302 310
 
303 311
 function have_module($modname)
304 312
 {
305
-  return in_array($modname, config('modules'));
313
+    return in_array($modname, config('modules'));
306 314
 }
307 315
 
308 316
 
309
-function use_module($modname) 
317
+function use_module($modname)
310 318
 {
311 319
     global $prefix, $needed_modules;
312 320
     if (! isset($needed_modules)) {
... ...
@@ -320,35 +328,37 @@ function use_module($modname)
320 328
         system_failure("Soll nicht verfügbares Modul laden!");
321 329
     }
322 330
     /* setup module include path */
323
-    ini_set('include_path',ini_get('include_path').':./modules/'.$modname.'/include:');
331
+    ini_set('include_path', ini_get('include_path').':./modules/'.$modname.'/include:');
324 332
     $style = 'modules/'.$modname.'/style.css';
325 333
     if (file_exists($style)) {
326 334
         html_header('<link rel="stylesheet" href="'.$prefix.$style.'" type="text/css" />'."\n");
327 335
     }
328
-
329 336
 }
330 337
 
331 338
 
332 339
 function encode_querystring($querystring)
333 340
 {
334
-  global $debugmode;
335
-  if ($debugmode)
336
-    $querystring = 'debug&'.$querystring;
337
-  $query = explode('&', $querystring);
338
-  $new_query = array();
339
-  foreach ($query AS $item)
340
-    if ($item != '')
341
-    {
342
-      $split = explode('=', $item, 2);
343
-      if (count($split) == 1)
344
-        $new_query[] = $split[0];
345
-      else
346
-        $new_query[] = $split[0].'='.urlencode($split[1]);
347
-    }
348
-  $querystring = implode('&amp;', $new_query);
349
-  if ($querystring)
350
-    $querystring = '?'.$querystring;
351
-  return $querystring;
341
+    global $debugmode;
342
+    if ($debugmode) {
343
+        $querystring = 'debug&'.$querystring;
344
+    }
345
+    $query = explode('&', $querystring);
346
+    $new_query = array();
347
+    foreach ($query as $item) {
348
+        if ($item != '') {
349
+            $split = explode('=', $item, 2);
350
+            if (count($split) == 1) {
351
+                $new_query[] = $split[0];
352
+            } else {
353
+                $new_query[] = $split[0].'='.urlencode($split[1]);
354
+            }
355
+        }
356
+    }
357
+    $querystring = implode('&amp;', $new_query);
358
+    if ($querystring) {
359
+        $querystring = '?'.$querystring;
360
+    }
361
+    return $querystring;
352 362
 }
353 363
 
354 364
 
... ...
@@ -360,94 +370,89 @@ function beta_notice()
360 370
 
361 371
 function addnew($file, $label, $querystring = '', $attribs = '')
362 372
 {
363
-  output('<p class="addnew">'.internal_link($file, $label, $querystring, $attribs).'</p>');
373
+    output('<p class="addnew">'.internal_link($file, $label, $querystring, $attribs).'</p>');
364 374
 }
365 375
 
366 376
 
367 377
 function internal_link($file, $label, $querystring = '', $attribs = '')
368 378
 {
369
-  global $prefix;
370
-  if (strpos($file, '/') === 0)
371
-  {
372
-    $file = $prefix.substr($file, 1);
373
-  }
374
-  $querystring = encode_querystring($querystring);
375
-  return "<a href=\"{$file}{$querystring}\" {$attribs} >{$label}</a>";
379
+    global $prefix;
380
+    if (strpos($file, '/') === 0) {
381
+        $file = $prefix.substr($file, 1);
382
+    }
383
+    $querystring = encode_querystring($querystring);
384
+    return "<a href=\"{$file}{$querystring}\" {$attribs} >{$label}</a>";
376 385
 }
377 386
 
378 387
 
379 388
 function html_form($form_id, $scriptname, $querystring, $content)
380 389
 {
381
-  $querystring = encode_querystring($querystring);
382
-  $ret = '';
383
-  $ret .= '<form id="'.$form_id.'" action="'.$scriptname.$querystring.'" method="post">'."\n";
384
-  $ret .= '<p style="display: none;"><input type="hidden" name="formtoken" value="'.generate_form_token($form_id).'" /></p>'."\n";
385
-  $ret .= $content;
386
-  $ret .= '</form>';
387
-  return $ret;  
390
+    $querystring = encode_querystring($querystring);
391
+    $ret = '';
392
+    $ret .= '<form id="'.$form_id.'" action="'.$scriptname.$querystring.'" method="post">'."\n";
393
+    $ret .= '<p style="display: none;"><input type="hidden" name="formtoken" value="'.generate_form_token($form_id).'" /></p>'."\n";
394
+    $ret .= $content;