3096e63828
so it is explicit that we exit in those functions that so we know it isn't necessary to put an exit after we call them
244 lines
6.7 KiB
PHP
244 lines
6.7 KiB
PHP
<?php
|
|
/*************************************************/
|
|
/* Main Include Library for Application Database */
|
|
/*************************************************/
|
|
|
|
// get modules
|
|
ini_set("memory_limit","64M");
|
|
require(BASE."include/config.php");
|
|
require(BASE."include/util.php");
|
|
require(BASE."include/user.php");
|
|
require(BASE."include/session.php");
|
|
require(BASE."include/menu.php");
|
|
require(BASE."include/html.php");
|
|
require(BASE."include/db.php");
|
|
|
|
/* if magic quotes are enabled make sure the user disables them */
|
|
/* otherwise they will see all kinds of odd effects that are difficult */
|
|
/* to track down */
|
|
if(get_magic_quotes_gpc())
|
|
{
|
|
echo "<b>Please disable the magic quotes GPC PHP setting. See <a href=\"http://us2.php.net/manual/en/ref.info.php#ini.magic-quotes-gpc\"> this page</a> for more information</b><br/><br/>";
|
|
echo "AppDB php code assumes magic quotes are disabled.<br/><br/>";
|
|
echo "Magic quotes are a bad idea for a few reasons.<br/><br/>";
|
|
echo "First is that php calls <b>addslashes()</b> on all \$_POST, \$_REQUEST and cookie variables ";
|
|
echo "if magic quotes is enabled. ";
|
|
echo "Ooooooh you say.<br/>";
|
|
echo "<i>\"Aren't magic quotes a convienent way to protect my php code from sql injection attacks?\"</i><br/><br/>";
|
|
echo "No! <b>addslashes()</b> isn't adequate. You should use <b>mysql_real_escape_string()</b> or some other function";
|
|
echo " that will handle multi-byte characters. See <a href=\"http://shiflett.org/archive/184\">this article</a>";
|
|
echo " for a way to exploit <b>addslash()</b>ed parameters.<br/><br/>";
|
|
echo "A second reason is that with magic quotes enabled, due to the use of <b>mysql_real_escape_string()</b> to";
|
|
echo " protect from sql injection attacks we'll end up with variables that have been addslash()ed and";
|
|
echo " <b>mysql_real_escape_string()</b>ed. So you end up having to call stripslashes() on EVERY variable. ";
|
|
exit;
|
|
}
|
|
|
|
// create arrays
|
|
$sidebar_func_list = array();
|
|
$help_list = array();
|
|
|
|
function apidb_help_add($desc, $id)
|
|
{
|
|
global $help_list;
|
|
$help_list[] = array($desc, $id);
|
|
}
|
|
|
|
|
|
// return url with docroot prepended
|
|
function apidb_url($path)
|
|
{
|
|
return BASE.$path;
|
|
}
|
|
|
|
// return FULL url with docroot prepended
|
|
function apidb_fullurl($path = "")
|
|
{
|
|
return BASE.$path;
|
|
}
|
|
|
|
function appdb_fullpath($path)
|
|
{
|
|
/* IE: we know this file is in /yyy/xxx/include, we want to get the /yyy/xxx
|
|
/* so we call dirname on this file path twice */
|
|
$fullpath = dirname(dirname(__FILE__))."//".$path;
|
|
/* get rid of potential double slashes due to string concat */
|
|
return str_replace("//", "/", $fullpath);
|
|
}
|
|
|
|
|
|
/*
|
|
* output the common apidb header
|
|
*/
|
|
function apidb_header($title = 0)
|
|
{
|
|
$realname = $_SESSION['current']->sRealname;
|
|
|
|
// Set Page Title
|
|
$page_title = $title;
|
|
if ($title)
|
|
$title = " - $title";
|
|
|
|
// Display Header
|
|
include(BASE."include/header.php");
|
|
|
|
// Display Sidebar
|
|
echo "<table width='100%' border=0 cellspacing=0 cellpadding=0>\n";
|
|
echo "<tr valign='top'>\n";
|
|
echo "<td width=150>\n";
|
|
apidb_sidebar();
|
|
echo "</td>\n";
|
|
echo "<td width='100%'>\n";
|
|
|
|
echo html_frame_start($page_title, '100%');
|
|
|
|
// Display Status Messages
|
|
dumpmsgbuffer();
|
|
}
|
|
|
|
|
|
/*
|
|
* output the common apidb footer
|
|
*/
|
|
function apidb_footer()
|
|
{
|
|
echo html_frame_end();
|
|
|
|
//Close Sidebar and Content Well
|
|
echo "<br></td></tr></table>\n";
|
|
|
|
// Display Footer
|
|
if(!isset($header_disabled))
|
|
include(BASE."include/"."footer.php");
|
|
}
|
|
|
|
/*
|
|
* output the sidebar, calls all functions registered with apidb_sidebar_add
|
|
*/
|
|
function apidb_sidebar()
|
|
{
|
|
global $sidebar_func_list;
|
|
|
|
//TURN on GLOBAL ADMIN MENU
|
|
if ($_SESSION['current']->hasPriv("admin"))
|
|
{
|
|
include(BASE."include/sidebar_admin.php");
|
|
apidb_sidebar_add("global_admin_menu");
|
|
} else if($_SESSION['current']->isMaintainer()) /* if the user maintains anything, add their menus */
|
|
{
|
|
include(BASE."include/sidebar_maintainer_admin.php");
|
|
apidb_sidebar_add("global_maintainer_admin_menu");
|
|
}
|
|
|
|
// Login Menu
|
|
include(BASE."include/sidebar_login.php");
|
|
apidb_sidebar_add("global_sidebar_login");
|
|
|
|
// Main Menu
|
|
include(BASE."include/sidebar.php");
|
|
apidb_sidebar_add("global_sidebar_menu");
|
|
|
|
//LOOP and display menus
|
|
for($i = 0; $i < sizeof($sidebar_func_list); $i++)
|
|
{
|
|
$func = $sidebar_func_list[$i];
|
|
$func();
|
|
}
|
|
}
|
|
|
|
|
|
/**
|
|
* register a sidebar menu function
|
|
* the supplied function is called when the sidebar is built
|
|
*/
|
|
function apidb_sidebar_add($funcname)
|
|
{
|
|
global $sidebar_func_list;
|
|
array_unshift($sidebar_func_list, $funcname);
|
|
}
|
|
|
|
|
|
function apidb_image($name)
|
|
{
|
|
return BASE."images/$name";
|
|
}
|
|
|
|
|
|
/**
|
|
* format a date as required for HTTP by RFC 2068 sec 3.3.1
|
|
*/
|
|
function fHttpDate($iDate) {
|
|
return gmdate("D, d M Y H:i:s",$iDate)." GMT";
|
|
}
|
|
|
|
/**
|
|
* parse all the date formats required by HTTP 1.1 into PHP time values
|
|
*/
|
|
function pHttpDate($sDate) {
|
|
$iDate = strtotime($sDate);
|
|
if ($iDate != -1) return $iDate;
|
|
/* the RFC also requires asctime() format... */
|
|
$aTs = strptime($sDate,"%a %b %e %H:%M:%S %Y");
|
|
$iDate = gmmktime($aTs[2],$aTs[1],$aTs[0],$aTs[4],$aTs[3],$aTs[5],0);
|
|
return $iDate;
|
|
}
|
|
|
|
/**
|
|
* msgs will be displayed on the Next page view of the same user
|
|
*/
|
|
function addmsg($text, $color = "black")
|
|
{
|
|
global $hAppdbLink;
|
|
|
|
if(!is_resource($hAppdbLink))
|
|
{
|
|
// The last argument makes sure we are really opening a new connection
|
|
$hAppdbLink = mysql_connect(APPS_DBHOST, APPS_DBUSER, APPS_DBPASS,true);
|
|
mysql_select_db(APPS_DB, $hAppdbLink);
|
|
}
|
|
|
|
if($color)
|
|
$text = "<font color='$color'> $text </font>\n";
|
|
|
|
$sQuery = "INSERT INTO sessionMessages VALUES (null, null, '?', '?')";
|
|
if (!query_parameters($sQuery, session_id(), $text))
|
|
{
|
|
echo "An error has occurred in addmsg()";
|
|
echo $text;
|
|
}
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
* output msg_buffer and clear it.
|
|
*/
|
|
function dumpmsgbuffer()
|
|
{
|
|
$hResult = query_parameters("SELECT * FROM sessionMessages WHERE sessionId = '?'", session_id());
|
|
if(!$hResult)
|
|
return;
|
|
|
|
while($oRow = mysql_fetch_object($hResult))
|
|
{
|
|
echo html_frame_start("","300","",5);
|
|
echo "<div align=center> $oRow->message </div>";
|
|
echo html_frame_end(" ");
|
|
echo "<br>\n";
|
|
}
|
|
|
|
query_parameters("DELETE FROM sessionMessages WHERE sessionId = '?'", session_id());
|
|
}
|
|
|
|
/**
|
|
* Init Session (stores user info in session)
|
|
*/
|
|
$session = new session("whq_appdb");
|
|
$session->register("current");
|
|
|
|
if(!isset($_SESSION['current'])) $_SESSION['current'] = new User();
|
|
|
|
// if we are debugging we need to see all errors
|
|
if($_SESSION['current']->showDebuggingInfos()) error_reporting(E_ALL ^ E_NOTICE);
|
|
?>
|