Please disable the magic quotes GPC PHP setting. See this page for more information

"; echo "AppDB php code assumes magic quotes are disabled.

"; echo "Magic quotes are a bad idea for a few reasons.

"; echo "First is that php calls addslashes() on all \$_POST, \$_REQUEST and cookie variables "; echo "if magic quotes is enabled. "; echo "Ooooooh you say.
"; echo "\"Aren't magic quotes a convienent way to protect my php code from sql injection attacks?\"

"; echo "No! addslashes() isn't adequate. You should use mysql_real_escape_string() or some other function"; echo " that will handle multi-byte characters. See this article"; echo " for a way to exploit addslash()ed parameters.

"; echo "A second reason is that with magic quotes enabled, due to the use of mysql_real_escape_string() to"; echo " protect from sql injection attacks we'll end up with variables that have been addslash()ed and"; echo " mysql_real_escape_string()ed. So you end up having to call stripslashes() on EVERY variable. "; exit; } // create arrays $sidebar_func_list = array(); $help_list = array(); function apidb_help_add($desc, $id) { global $help_list; $help_list[] = array($desc, $id); } // return url with docroot prepended function apidb_url($path) { return BASE.$path; } // return FULL url with docroot prepended function apidb_fullurl($path = "") { return BASE.$path; } function appdb_fullpath($path) { /* IE: we know this file is in /yyy/xxx/include, we want to get the /yyy/xxx /* so we call dirname on this file path twice */ $fullpath = dirname(dirname(__FILE__))."//".$path; /* get rid of potential double slashes due to string concat */ return str_replace("//", "/", $fullpath); } /* * output the common apidb header */ function apidb_header($title = 0) { $realname = $_SESSION['current']->sRealname; // Set Page Title $page_title = $title; if ($title) $title = " - $title"; // Display Header include(BASE."include/header.php"); // Display Sidebar echo "\n"; echo "\n"; echo "\n"; echo "

\n"; apidb_sidebar(); echo "

\n"; echo html_frame_start($page_title, '100%'); // Display Status Messages dumpmsgbuffer(); } /* * output the common apidb footer */ function apidb_footer() { echo html_frame_end(); //Close Sidebar and Content Well echo "

\n"; // Display Footer if(!isset($header_disabled)) include(BASE."include/"."footer.php"); } /* * output the sidebar, calls all functions registered with apidb_sidebar_add */ function apidb_sidebar() { global $sidebar_func_list; //TURN on GLOBAL ADMIN MENU if ($_SESSION['current']->hasPriv("admin")) { include(BASE."include/sidebar_admin.php"); apidb_sidebar_add("global_admin_menu"); } else if($_SESSION['current']->isMaintainer()) /* if the user maintains anything, add their menus */ { include(BASE."include/sidebar_maintainer_admin.php"); apidb_sidebar_add("global_maintainer_admin_menu"); } // Login Menu include(BASE."include/sidebar_login.php"); apidb_sidebar_add("global_sidebar_login"); // Main Menu include(BASE."include/sidebar.php"); apidb_sidebar_add("global_sidebar_menu"); //LOOP and display menus for($i = 0; $i < sizeof($sidebar_func_list); $i++) { $func = $sidebar_func_list[$i]; $func(); } } /** * register a sidebar menu function * the supplied function is called when the sidebar is built */ function apidb_sidebar_add($funcname) { global $sidebar_func_list; array_unshift($sidebar_func_list, $funcname); } function apidb_image($name) { return BASE."images/$name"; } /** * redirect to $url */ function redirect($url) { header("Location: ".$url); exit; } /** * format a date as required for HTTP by RFC 2068 sec 3.3.1 */ function fHttpDate($iDate) { return gmdate("D, d M Y H:i:s",$iDate)." GMT"; } /** * parse all the date formats required by HTTP 1.1 into PHP time values */ function pHttpDate($sDate) { $iDate = strtotime($sDate); if ($iDate != -1) return $iDate; /* the RFC also requires asctime() format... */ $aTs = strptime($sDate,"%a %b %e %H:%M:%S %Y"); $iDate = gmmktime($aTs[2],$aTs[1],$aTs[0],$aTs[4],$aTs[3],$aTs[5],0); return $iDate; } /** * msgs will be displayed on the Next page view of the same user */ function addmsg($text, $color = "black") { global $hAppdbLink; if(!is_resource($hAppdbLink)) { // The last argument makes sure we are really opening a new connection $hAppdbLink = mysql_connect(APPS_DBHOST, APPS_DBUSER, APPS_DBPASS,true); mysql_select_db(APPS_DB, $hAppdbLink); } if($color) $text = " $text \n"; $sQuery = "INSERT INTO sessionMessages VALUES (null, null, '?', '?')"; if (!query_parameters($sQuery, session_id(), $text)) { echo "An error has occurred in addmsg()"; echo $text; } } /** * output msg_buffer and clear it. */ function dumpmsgbuffer() { $hResult = query_parameters("SELECT * FROM sessionMessages WHERE sessionId = '?'", session_id()); if(!$hResult) return; while($oRow = mysql_fetch_object($hResult)) { echo html_frame_start("","300","",5); echo "

$oRow->message

"; echo html_frame_end(" "); echo "
\n"; } query_parameters("DELETE FROM sessionMessages WHERE sessionId = '?'", session_id()); } /** * Init Session (stores user info in session) */ $session = new session("whq_appdb"); $session->register("current"); if(!isset($_SESSION['current'])) $_SESSION['current'] = new User(); // if we are debugging we need to see all errors if($_SESSION['current']->showDebuggingInfos()) error_reporting(E_ALL ^ E_NOTICE); ?>