qemudb/include/incl.php

<?php
/*************************************************/
/* Main Include Library for Application Database */
/*************************************************/

// get modules
ini_set("memory_limit","64M");
require_once(BASE."include/config.php");
require(BASE."include/util.php");
require(BASE."include/user.php");
require(BASE."include/session.php");
require(BASE."include/menu.php");
require(BASE."include/html.php");
require(BASE."include/error_log.php");
require(BASE."include/query.php");
require(BASE."include/table.php");
require_once(BASE."include/objectManager.php");

/* if magic quotes are enabled make sure the user disables them */
/* otherwise they will see all kinds of odd effects that are difficult */
/* to track down */
if(get_magic_quotes_gpc())
{
    echo "<b>Please disable the magic quotes GPC PHP setting. See <a href=\"http://us2.php.net/manual/en/ref.info.php#ini.magic-quotes-gpc\"> this page</a> for more information</b><br><br>";
    echo "AppDB php code assumes magic quotes are disabled.<br><br>";
    echo "Magic quotes are a bad idea for a few reasons.<br><br>";
    echo "First is that php calls <b>addslashes()</b> on all \$_POST, \$_REQUEST and cookie variables ";
    echo "if magic quotes is enabled. ";
    echo "Ooooooh you say.<br>";
    echo "<i>\"Aren't magic quotes a convienent way to protect my php code from sql injection attacks?\"</i><br><br>";
    echo "No!  <b>addslashes()</b> isn't adequate.  You should use <b>query_escape_string()</b> or some other function";
    echo " that will handle multi-byte characters.  See <a href=\"http://shiflett.org/archive/184\">this article</a>";
    echo " for a way to exploit <b>addslash()</b>ed parameters.<br><br>";
    echo "A second reason is that with magic quotes enabled, due to the use of <b>query_escape_string()</b> to";
    echo " protect from sql injection attacks we'll end up with variables that have been addslash()ed and";
    echo " <b>query_escape_string()</b>ed.  So you end up having to call stripslashes() on EVERY variable. ";
    exit;
}

/**
 * rename $_REQUEST variables to preserve backwards compatibility
 * with bugzilla links and urls in emails and on google from before our
 * mass rename of GPC variables to use our coding standard prefixing
 *
 * NOTE: we may be able to remove these backwareds compatibility changes
 *       in a few years, check in mid 2007 to see how many old
 *       links are still poping up in google then
 */
if(isset($_REQUEST['versionId']))
{
   $_REQUEST['iVersionId'] = $_REQUEST['versionId'];
   unset($_REQUEST['versionId']);
}
if(isset($_REQUEST['appId']))
{
   $_REQUEST['iAppId'] = $_REQUEST['appId'];
   unset($_REQUEST['appId']);
}
if(isset($_REQUEST['bug_id']))
{
    $_REQUEST['iBugId'] = $_REQUEST['bug_id'];
    unset($_REQUEST['bug_id']);
}
if(isset($_REQUEST['catId']))
{
    $_REQUEST['iCatId'] = $_REQUEST['catId'];
    unset($_REQUEST['catId']);
}
if(isset($_REQUEST['sub']))
{
    $_REQUEST['sSub'] = $_REQUEST['sub'];
    unset($_REQUEST['sub']);
}
if(isset($_REQUEST['topic']))
{
    $_REQUEST['sTopic'] = $_REQUEST['topic'];
    unset($_REQUEST['topic']);
}
if(isset($_REQUEST['mode']))
{
    $_REQUEST['sMode'] = $_REQUEST['mode'];
    unset($_REQUEST['mode']);
}
/* End backwards compatibility code */

// create arrays
$sidebar_func_list = array();
$help_list = array();

function apidb_help_add($desc, $id)
{
    global $help_list;
    $help_list[] = array($desc, $id);
}


// return url with docroot prepended 
function apidb_url($path)
{
    return BASE.$path;
}

// return FULL url with docroot prepended
function apidb_fullurl($path = "")
{
    return BASE.$path;
}

function appdb_fullpath($path)
{
    /* IE: we know this file is in /yyy/xxx/include, we want to get the /yyy/xxx 
    /* so we call dirname  on this file path twice */
    $fullpath = dirname(dirname(__FILE__))."//".$path;
    /* get rid of potential double slashes due to string concat */
    return str_replace("//", "/", $fullpath); 
}


/*
 * output the common apidb header
 */
function apidb_header($title = 0)
{
    $realname = $_SESSION['current']->sRealname;

    // Set Page Title
    $page_title = $title;
    if ($title)
         $title = " - $title";

    // grab the starting time
    global $sPageGeneratingStartTime;
    $sPageGeneratingStartTime = microtime();
    $aStartarray = explode(" ", $sPageGeneratingStartTime);
    $sPageGeneratingStartTime = $aStartarray[1] + $aStartarray[0]; 

    // Display Header
    include(BASE."include/header.php");

    // Display Sidebar
    apidb_sidebar();

    // Display Status Messages
    dumpmsgbuffer();
}


/*
 * output the common apidb footer
 */
function apidb_footer()
{
    // grab the end of the page generating time
    global $sPageGeneratingStartTime;
    $sPageGeneratingEndTime = microtime();
    $aEndarray = explode(" ", $sPageGeneratingEndTime);
    $sPageGeneratingEndTime = $aEndarray[1] + $aEndarray[0];
    $sTotaltime = $sPageGeneratingEndTime - $sPageGeneratingStartTime;
    $sTotaltime = round($sTotaltime,5);
    echo "<center>Page loaded in <b>$sTotaltime</b> seconds.</center>";

    // Display Footer
    if(!isset($header_disabled))
        include(BASE."include/"."footer.php");
}

/*
 * output the sidebar, calls all functions registered with apidb_sidebar_add
 */
function apidb_sidebar()
{
    global $sidebar_func_list;

echo '
<div id="sidebar">
    <ul>
';

    //TURN on GLOBAL ADMIN MENU
    if ($_SESSION['current']->hasPriv("admin"))
    {
        include(BASE."include/sidebar_admin.php");
        apidb_sidebar_add("global_admin_menu");
    } else if($_SESSION['current']->isMaintainer()) /* if the user maintains anything, add their menus */
    {
        include(BASE."include/sidebar_maintainer_admin.php");
        apidb_sidebar_add("global_maintainer_admin_menu");
    }

    // Login Menu
    include(BASE."include/sidebar_login.php");
    apidb_sidebar_add("global_sidebar_login");

    // Main Menu
    include(BASE."include/sidebar.php");
    apidb_sidebar_add("global_sidebar_menu");

    //LOOP and display menus
    for($i = 0; $i < sizeof($sidebar_func_list); $i++)
    {
        $func = $sidebar_func_list[$i];
        $func();
    }

echo '
    </ul>
</div>
';

}


/**
 * register a sidebar menu function
 * the supplied function is called when the sidebar is built
 */
function apidb_sidebar_add($funcname)
{
    global $sidebar_func_list;
    array_unshift($sidebar_func_list, $funcname);
}


function apidb_image($name)
{
    return BASE."images/$name";
}


/**
 * format a date as required for HTTP by RFC 2068 sec 3.3.1 
 */
function fHttpDate($iDate) {
   return gmdate("D, d M Y H:i:s",$iDate)." GMT";
}

/**
 *  parse all the date formats required by HTTP 1.1 into PHP time values
 */
function pHttpDate($sDate) {
   $iDate = strtotime($sDate);
   if ($iDate != -1) return $iDate;
		/* the RFC also requires asctime() format... */
   $aTs = strptime($sDate,"%a %b  %e %H:%M:%S %Y");
   $iDate = gmmktime($aTs[2],$aTs[1],$aTs[0],$aTs[4],$aTs[3],$aTs[5],0);
   return $iDate;
}

/**
 * msgs will be displayed on the Next page view of the same user
 */
function addmsg($shText, $color = "black")
{
    $GLOBALS['session']->addmsg($shText, $color);
}


function purgeSessionMessages()
{
  $GLOBALS['session']->purgemsg();
}


/**
 * output msg_buffer and clear it.
 */
function dumpmsgbuffer()
{
    $GLOBALS['session']->dumpmsgbuffer();
    if (is_array($GLOBALS['session']->msg) and count($GLOBALS['session']->msg) > 0)
    {
        echo html_frame_start("","300","",5);
        foreach ($GLOBALS['session']->msg as $msg)
        {
            if ($msg['color'] == "red")
               $msg['color'] = "{$msg['color']};text-decoration:blink";
            echo "<div align=\"center\" class=\"session_note\" style=\"font-color:{$msg['color']};\"> {$msg['msg']} </div>";
        }
        echo html_frame_end("&nbsp;");
        echo "<br>\n";
    }
}

/**
 * Init Session (stores user info in session)
 */
$session = new session("whq_appdb");
$session->register("current");

if(!isset($_SESSION['current']))
{
    $_SESSION['current'] = new User();
}

// if we are debugging we need to see all errors
if($_SESSION['current']->showDebuggingInfos()) error_reporting(E_ALL ^ E_NOTICE);

// include filter.php to filter all REQUEST input
require(BASE."include/filter.php");

?>