/**
* Function to display banners in all pages
*/
function pnBannerDisplay($type = 0)
{
// test on config settings
if (pnConfigGetVar('banners') != 1) {
return ' ';
}
// added check for numeric type - markwest
if (!is_numeric($type)) {
return ' ';
}
$dbconn =& pnDBGetConn(true);
$pntable =& pnDBGetTables();
$column =& $pntable['banner_column'];
$bresult =& $dbconn->Execute("SELECT count(*) AS count FROM {$pntable['banner']}\n\t\t\t\t\t\t\t\tWHERE {$column['type']} = '" . (int) pnVarPrepForStore($type) . "'");
list($numrows) = $bresult->fields;
// we no longer need this, free the resources
$bresult->Close();
/* Get a random banner if exist any. */
/* More efficient random stuff, thanks to Cristian Arroyo from http://www.planetalinux.com.ar */
if ($numrows > 1) {
$numrows = $numrows - 1;
mt_srand((double) microtime() * 1000000);
$bannum = mt_rand(0, $numrows);
} else {
$bannum = 0;
}
$column =& $pntable['banner_column'];
//$query = buildSimpleQuery ('banner', array ('bid', 'imageurl','clickurl'), "$column[type] = $type", '', 1, $bannum);
$query = "SELECT {$column['bid']}, {$column['imageurl']}, {$column['clickurl']}\n\t\t\t\tFROM {$pntable['banner']}\n\t\t\t\tWHERE {$column['type']} = '" . (int) pnVarPrepForStore($type) . "'";
$bresult2 =& $dbconn->SelectLimit($query, 1, $bannum);
list($bid, $imageurl, $clickurl) = $bresult2->fields;
// we no longer need this, free the resources
$bresult2->Close();
$myIP = pnConfigGetVar('myIP');
$myhost = pnServerGetVar("REMOTE_ADDR");
if (!empty($myIP) && substr($myhost, 0, strlen($myIP)) == $myIP) {
// itevo, MNA: added temporary variable to check when inserting a finished banner (insert only when variable is not set)
$ignore_bannerfinish = 1;
} else {
$dbconn->Execute("UPDATE {$pntable['banner']}\n SET {$column['impmade']}={$column['impmade']}+1\n WHERE {$column['bid']}=" . (int) pnVarPrepForStore($bid) . "");
}
if ($numrows > 0) {
$aborrar =& $dbconn->Execute("SELECT {$column['cid']},{$column['imptotal']},\n {$column['impmade']}, {$column['clicks']},\n {$column['date']}\n FROM {$pntable['banner']}\n WHERE {$column['bid']}=" . (int) pnVarPrepForStore($bid) . "");
list($cid, $imptotal, $impmade, $clicks, $date) = $aborrar->fields;
$aborrar->Close();
/* Check if this impression is the last one and print the banner */
if ($imptotal == $impmade && !isset($ignore_bannerfinish)) {
$column =& $pntable['bannerfinish_column'];
$dbconn->Execute("INSERT INTO {$pntable['bannerfinish']}\n ( {$column['bid']}, {$column['cid']}, {$column['impressions']}, {$column['clicks']}, {$column['datestart']}, {$column['dateend']} )\n VALUES (NULL, '" . pnVarPrepForStore($cid) . "', '" . pnVarPrepForStore($impmade) . "', '" . pnVarPrepForStore($clicks) . "', '" . pnVarPrepForStore($date) . "', now())");
$dbconn->Execute("DELETE FROM {$pntable['banner']} WHERE {$column['bid']}=" . (int) pnVarPrepForStore($bid) . "");
}
list($bid, $clickurl, $imageurl) = pnVarPrepForDisplay($bid, $clickurl, $imageurl);
if ($type == 1 or $type == 2 or $type == 0) {
echo "<a href=\"banners.php?op=click&bid={$bid}\" title=\"{$clickurl}\"><img src=\"{$imageurl}\" alt=\"{$clickurl}\" /></a>";
} else {
$content = "<a href=\"banners.php?op=click&bid={$bid}\" title=\"{$clickurl}\"><img src=\"{$imageurl}\" alt=\"{$clickurl}\" /></a>";
return $content;
}
}
}
function send_email()
{
$adminmail = pnConfigGetVar('adminmail');
$subject = "" . _ERROR404_MAILSUBJECT . "";
$sitename = pnConfigGetVar('sitename');
$remote_addr = pnServerGetVar('REMOTE_ADDR');
$http_referer = pnServerGetVar('HTTP_REFERER');
$redirect_url = pnServerGetVar('REDIRECT_URL');
$server = pnServerGetVar('HTTP_HOST');
$errordoc = "http://{$server}{$redirect_url}";
$errortime = ml_ftime(_DATETIMEBRIEF, date(time()));
$message = "{$subject}\n\n";
$message .= "TIME: {$errortime}\n";
$message .= "REMOTE_ADDR: {$remote_addr}\n";
$message .= "ERRORDOC: " . pnVarPrepForDisplay($errordoc) . "\n";
$message .= "HTTP_REFERER: {$http_referer}\n";
pnMail($adminmail, $subject, $message, "From: \"{$sitename}\" <{$adminmail}>\nX-Mailer: PHP/" . phpversion());
echo "<br /><br /><strong>" . _ERROR404_MAILED . "</strong>\n";
}
function FlashChatBridge_init()
{
$host = pnServerGetVar('HTTP_HOST');
$protocol = pnServerGetProtocol();
$adress = pnServerGetVar('SERVER_ADDR');
$server = $protocol . '://' . $host;
pnModSetVar('FlashChatBridge', 'width', 800);
pnModSetVar('FlashChatBridge', 'height', 600);
pnModSetVar('FlashChatBridge', 'autosize', 0);
pnModSetVar('FlashChatBridge', 'client_path', $server . ':35555/');
pnModSetVar('FlashChatBridge', 'server_data_path', 'somewhere/123flashchat/server/data/');
pnModSetVar('FlashChatBridge', 'init_room', 1);
pnModSetVar('FlashChatBridge', 'client_type', "standard");
pnModSetVar('FlashChatBridge', 'active_chat_standard', 1);
pnModSetVar('FlashChatBridge', 'init_host', $adress);
pnModSetVar('FlashChatBridge', 'init_port', '51127');
pnModSetVar('FlashChatBridge', 'init_host_s', $adress);
pnModSetVar('FlashChatBridge', 'init_port_s', '');
pnModSetVar('FlashChatBridge', 'init_host_h', $adress);
pnModSetVar('FlashChatBridge', 'init_port_h', '');
return true;
}
$os = "Windows";
} elseif (ereg("Mac", pnServerGetVar("HTTP_USER_AGENT")) || ereg("PPC", pnServerGetVar("HTTP_USER_AGENT"))) {
$os = "Mac";
} elseif (ereg("Linux", pnServerGetVar("HTTP_USER_AGENT"))) {
$os = "Linux";
} elseif (ereg("FreeBSD", pnServerGetVar("HTTP_USER_AGENT"))) {
$os = "FreeBSD";
} elseif (ereg("SunOS", pnServerGetVar("HTTP_USER_AGENT"))) {
$os = "SunOS";
} elseif (ereg("IRIX", pnServerGetVar("HTTP_USER_AGENT"))) {
$os = "IRIX";
} elseif (ereg("BeOS", pnServerGetVar("HTTP_USER_AGENT"))) {
$os = "BeOS";
} elseif (ereg("OS/2", pnServerGetVar("HTTP_USER_AGENT"))) {
$os = "OS/2";
} elseif (ereg("AIX", pnServerGetVar("HTTP_USER_AGENT"))) {
$os = "AIX";
} else {
$os = "Other";
}
/* Save on the databases the obtained values */
//global $pntable, $dbconn;
$dbconn =& pnDBGetConn(true);
$pntable =& pnDBGetTables();
$column =& $pntable['counter_column'];
$dbconn->Execute("UPDATE {$pntable['counter']}\n SET {$column['count']}={$column['count']}+1\n WHERE ({$column['type']}='total' AND {$column['var']}='hits')\n OR ({$column['var']}='" . pnVarPrepForStore($browser) . "' AND {$column['type']}='browser')\n OR ({$column['var']}='" . pnVarPrepForStore($os) . "' AND {$column['type']}='os')");
/* Per-Day-Counter */
$xydate = date("dmY");
$column =& $pntable['stats_date_column'];
$xyval =& $dbconn->Execute("SELECT {$column['hits']} as hits\n FROM {$pntable['stats_date']}\n WHERE {$column['date']}='" . pnVarPrepForStore($xydate) . "'");
if ($dbconn->ErrorNo() != 0) {
function pnMailHackAttempt($detecting_file = "(no filename available)", $detecting_line = "(no line number available)", $hack_type = "(no type given)", $message = "(no message given)")
{
$output = "Attention site admin of " . pnConfigGetVar('sitename') . ",\n";
$output .= "On " . ml_ftime(_DATEBRIEF, GetUserTime(time()));
$output .= " at " . ml_ftime(_TIMEBRIEF, GetUserTime(time()));
$output .= " the PostNuke code has detected that somebody tried to" . " send information to your site that may have been intended" . " as a hack. Do not panic, it may be harmless: maybe this" . " detection was triggered by something you did! Anyway, it" . " was detected and blocked. \n";
$output .= "The suspicious activity was recognized in {$detecting_file} " . "on line {$detecting_line}, and is of the type {$hack_type}. \n";
$output .= "Additional information given by the code which detected this: " . $message;
$output .= "\n\nBelow you will find a lot of information obtained about " . "this attempt, that may help you to find what happened and " . "maybe who did it.\n\n";
$output .= "\n=====================================\n";
$output .= "Information about this user:\n";
$output .= "=====================================\n";
if (!pnUserLoggedIn()) {
$output .= "This person is not logged in.\n";
} else {
$output .= "PostNuke username: "******"\n" . "Registered email of this PostNuke user: "******"\n" . "Registered real name of this PostNuke user: "******"\n";
}
$output .= "IP numbers: [note: when you are dealing with a real cracker " . "these IP numbers might not be from the actual computer he is " . "working on]" . "\n\t IP according to HTTP_CLIENT_IP: " . pnServerGetVar('HTTP_CLIENT_IP') . "\n\t IP according to REMOTE_ADDR: " . pnServerGetVar('REMOTE_ADDR') . "\n\t IP according to GetHostByName(\$_SERVER['REMOTE_ADDR']): " . GetHostByName($_SERVER['REMOTE_ADDR']) . "\n\n";
$output .= "\n=====================================\n";
$output .= "Browser information\n";
$output .= "=====================================\n";
$output .= "HTTP_USER_AGENT: " . $_SERVER['HTTP_USER_AGENT'] . "\n";
$browser = (array) get_browser();
while (list($key, $value) = each($browser)) {
$output .= "BROWSER * {$key} : {$value}\n";
}
$output .= "\n=====================================\n";
$output .= "Information in the \$_GET array\n";
$output .= "This is about variables that may have been ";
$output .= "in the URL string or in a 'GET' type form.\n";
$output .= "=====================================\n";
while (list($key, $value) = each($_GET)) {
$output .= "GET * {$key} : {$value}\n";
}
$output .= "\n=====================================\n";
$output .= "Information in the \$_POST array\n";
$output .= "This is about visible and invisible form elements.\n";
$output .= "=====================================\n";
while (list($key, $value) = each($_POST)) {
$output .= "POST * {$key} : {$value}\n";
}
$output .= "\n=====================================\n";
$output .= "Information in the \$_COOKIE array\n";
$output .= "=====================================\n";
while (list($key, $value) = each($_COOKIE)) {
$output .= "COOKIE * {$key} : {$value}\n";
}
$output .= "\n=====================================\n";
$output .= "Information in the \$_FILES array\n";
$output .= "=====================================\n";
while (list($key, $value) = each($_FILES)) {
$output .= "FILES * {$key} : {$value}\n";
}
$output .= "\n=====================================\n";
$output .= "Information in the \$_SESSION array\n";
$output .= "This is session info. The variables\n";
$output .= " starting with PNSV are PostNukeSessionVariables.\n";
$output .= "=====================================\n";
while (list($key, $value) = each($_SESSION)) {
$output .= "SESSION * {$key} : {$value}\n";
}
$headers = "From: " . pnConfigGetVar('sitename') . "<" . pnConfigGetVar('adminmail') . ">\n";
$headers .= "X-Priority: 1 (Highest)";
pnMail(pnConfigGetVar('adminmail'), 'Attempted hack on your site? (type: ' . $hack_type . ')', $output, $headers);
return;
}
/**
* Initialise session
*/
function pnSessionInit()
{
$dbconn =& pnDBGetConn(true);
$pntable =& pnDBGetTables();
// First thing we do is ensure that there is no attempted pollution
// of the session namespace
foreach ($GLOBALS as $k => $v) {
if (substr($k, 0, 4) == 'PNSV') {
return false;
}
}
// Kick it
session_start();
// Have to re-write the cache control header to remove no-save, this
// allows downloading of files to disk for application handlers
// adam_baum - no-cache was stopping modules (andromeda) from caching the playlists, et al.
// any strange behaviour encountered, revert to commented out code.
// Header('Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0');
Header('Cache-Control: cache');
$sessid = session_id();
// Get (actual) client IP addr
$ipaddr = pnServerGetVar('REMOTE_ADDR');
if (empty($ipaddr)) {
$ipaddr = pnServerGetVar('HTTP_CLIENT_IP');
}
$tmpipaddr = pnServerGetVar('HTTP_CLIENT_IP');
if (!empty($tmpipaddr)) {
$ipaddr = $tmpipaddr;
}
$fwdipaddr = pnServerGetVar('HTTP_X_FORWARDED_FOR');
if (!empty($fwdipaddr) and strpos($fwdipaddr, ',') !== false) {
$fwdipaddr = substr($fwdipaddr, 0, strpos($fwdipaddr, ','));
}
$tmpipaddr = $fwdipaddr;
if (!empty($tmpipaddr) and strpos($tmpipaddr, ',') !== false) {
$ipaddr = substr($tmpipaddr, 0, strpos($tmpipaddr, ','));
}
$sessioninfocolumn =& $pntable['session_info_column'];
$sessioninfotable = $pntable['session_info'];
$query = "SELECT {$sessioninfocolumn['ipaddr']}\n FROM {$sessioninfotable}\n WHERE {$sessioninfocolumn['sessid']} = '" . pnVarPrepForStore($sessid) . "'";
$result =& $dbconn->Execute($query);
if ($dbconn->ErrorNo() != 0) {
return false;
}
if (!$result->EOF) {
// jgm - this has been commented out so that the nice AOL people
// can view PN pages, will examine full implications of this
// later
// list($dbipaddr) = $result->fields;
$result->Close();
// if ($ipaddr == $dbipaddr) {
pnSessionCurrent($sessid);
// } else {
// // Mismatch - destroy the session
// session_destroy();
// pnRedirect('index.php');
// return false;
// }
} else {
pnSessionNew($sessid, $ipaddr);
// Generate a random number, used for
// some authentication
srand((double) microtime() * 1000000);
pnSessionSetVar('rand', rand());
}
return true;
}
/**
* Redirect the user to another page
*
* This function is broken, do not use it!
*
* @access public
* @param string $url URL to redirect to
* @param integer $waittime Seconds to wait before redirecting
* @return string An HTML string if <code>ReturnHTML()</code> has been called,
* otherwise null
* @todo This function is broken, do not use it!
*/
function Redirect($url, $waittime = 3)
{
$server = pnServerGetVar('HTTP_HOST');
$self = pnServerGetVar('PHP_SELF');
// Removing leading slashes from path
$path = preg_replace('!^/*!', '', dirname($self));
// Removing leading slashes from redirect url
$url = preg_replace('!^/*!', '', $url);
// Make redirect line
if (empty($path)) {
$output = "Location: http://{$server}/{$url}";
} else {
$output = "Location: http://{$server}/{$path}/{$url}";
}
if ($this->GetOutputMode() == _PNH_RETURNOUTPUT) {
return $output;
} else {
$this->header[] = $output;
}
}
function httpreferer()
{
/***
* Here we set up some variables for the rest of the script.
* if you want to see whats going on, set $DEBUG to 1
* I use $httphost here because i dont want to deal with the need to have
* to see if $nuke_url is set correctly and whatnot. if you prefer to use
* $nuke_url isntead of HTTP_HOST, just uncomment the appropriate lines.
*/
$DEBUG = 0;
$httpreferer = pnServerGetVar('HTTP_REFERER');
$httphost = pnServerGetVar('HTTP_HOST');
$dbconn =& pnDBGetConn(true);
$pntable =& pnDBGetTables();
if ($DEBUG == 1) {
echo 'HTTP_HOST = ' . pnVarPrepForDisplay($httphost) . '<br /> HTTP_REFERER = ' . pnVarPrepForDisplay($httpreferer) . '<br />';
}
/***
* This is the first thing we need to check. what this does is see if
* HTTP_HOST is anywhere in HTTP_REFERER. This is so we dont log hits coming
* from our own domain.
*/
if (!ereg("{$httphost}", $httpreferer)) {
/***
* If $httpreferer is not set, set $httpreferer to value "bookmark"
* This is to show how many people have this bookmarked or type in the
* URL into the browser. also so we dont have empty referers.
*/
if ($httpreferer == '') {
$httpreferer = 'bookmark';
}
$httpreferer = trim($httpreferer);
$writeref = true;
$refex = pnConfigGetVar('httprefexcluded');
if (!empty($refex)) {
$refexclusion = explode(' ', $refex);
$count = count($refexclusion);
$eregicondition = "((";
for ($i = 0; $i < $count; $i++) {
if ($i != $count - 1) {
$eregicondition .= $refexclusion[$i] . ")|(";
} else {
$eregicondition .= $refexclusion[$i] . "))";
}
}
if (eregi($eregicondition, $httpreferer)) {
$writeref = false;
}
}
if ($writeref == true) {
// grab a reference to our table column defs for easier reading below
$column =& $pntable['referer_column'];
/***
* Lets select from the table where we have $httpreferer (whether it be
* a valid referer or 'bookmark'. if we return 1 row, that means someones
* used this referer before and update the set appropriatly.
*
* If we dont have any rows (it returns 0), we have a new entry in the
* table, update accordingly.
*
* After we figure out what SQL statement we are using, lets perform the
* query and we're done !
*/
$check_sql = "SELECT count({$column['rid']}) as c\n FROM {$pntable['referer']}\n WHERE {$column['url']} = '" . pnVarPrepForStore($httpreferer) . "'";
$result =& $dbconn->Execute($check_sql);
if ($dbconn->ErrorNo() != 0) {
pnSessionSetVar('errormsg', 'Error: ' . $dbconn->ErrorNo() . ': ' . $dbconn->ErrorMsg());
return false;
}
$row = $result->fields;
$count = $row[0];
if ($count == 1) {
$update_sql = "UPDATE {$pntable['referer']}\n SET {$column['frequency']} = {$column['frequency']} + 1\n WHERE {$column['url']} = '" . pnVarPrepForStore($httpreferer) . "'";
} else {
/***
* "auto-increment" isn't portable so we have to use the standard
* interface for grabbing sequence numbers. The underlying
* implementation handles the correct method for the RDBMS we are
* using.
*/
$rid = $dbconn->GenId($pntable['referer'], true);
$update_sql = "INSERT INTO {$pntable['referer']}\n ({$column['rid']},\n {$column['url']},\n {$column['frequency']})\n VALUES\n (" . pnVarPrepForStore($rid) . ",\n '" . pnVarPrepForStore($httpreferer) . "',\n 1)";
}
$result =& $dbconn->Execute($update_sql);
if ($dbconn->ErrorNo() != 0) {
pnSessionSetVar('errormsg', 'Error: ' . $dbconn->ErrorNo() . ': ' . $dbconn->ErrorMsg());
return false;
}
if ($DEBUG == 1) {
echo "<br />" . $check_sql . "<br />" . $update_sql . "<br />";
}
}
}
}
function mediashare_userapi_getRelativeMediadir()
{
$zkroot = substr(pnServerGetVar('DOCUMENT_ROOT'), 0, -1) . pnGetBaseURI();
$mediaBase = substr(str_replace('\\', '/', realpath(pnModGetVar('mediashare', 'mediaDirName', 'mediashare'))), strlen($zkroot) + 1);
return $mediaBase . '/';
}
/**
* Get current URL
*
* @access public
* @param args array additional parameters to be added to/replaced in the URL (e.g. theme, ...)
* @return string current URL
* @todo cfr. BaseURI() for other possible ways, or try PHP_SELF
*/
function pnGetCurrentURL()
{
$server = pnServerGetHost();
$protocol = pnServerGetProtocol();
$baseurl = "{$protocol}://{$server}";
// get current URI
$request = pnServerGetVar('REQUEST_URI');
if (empty($request)) {
// adapted patch from Chris van de Steeg for IIS
// TODO: please test this :)
$scriptname = pnServerGetVar('SCRIPT_NAME');
$pathinfo = pnServerGetVar('PATH_INFO');
if ($pathinfo == $scriptname) {
$pathinfo = '';
}
if (!empty($scriptname)) {
$request = $scriptname . $pathinfo;
$querystring = pnServerGetVar('QUERY_STRING');
if (!empty($querystring)) {
$request .= '?' . $querystring;
}
} else {
$request = '/';
}
}
return $baseurl . $request;
}
