public function cdup() { $retval = FALSE; //easy way to go "up" a directory (just like doing "cd .." in linux) if (strlen($this->cwd) > 1) { $myCwd = preg_replace('/\\/$/', '', $this->cwd); if (!preg_match('/^\\//', $myCwd)) { $myCwd = '/' . $myCwd; } $myParts = explode('/', $myCwd); array_pop($myParts); $myCwd = ToolBox::string_from_array($myParts, NULL, '/'); $realCwd = ToolBox::create_list($this->root, $myCwd, '/'); if (file_exists($realCwd)) { $retval = TRUE; $this->realcwd = $realCwd; $this->cwd = '/' . $myCwd; } } return $retval; }
/** * TODO: this one needs a LOT more testing, or the underlying function needs to be * refactored. */ public function test_stringFromArray() { $this->assertEquals('one, two, three', ToolBox::string_from_array(array('one', 'two', 'three'))); }
private function build_special_vars() { $appUrl = $_SERVER['SCRIPT_NAME']; $bits = explode('/', $appUrl); if (!strlen($bits[0])) { array_shift($bits); } if (count($bits)) { array_pop($bits); } if (!count($bits)) { $appUrl = '/'; } else { $appUrl = '/' . ToolBox::string_from_array($bits, null, '/'); } $specialVars = array('_DIRNAMEOFFILE_' => $this->configDirname, '_CONFIGFILE_' => $this->configFile, '_THISFILE_' => $this->configFile, '_APPURL_' => $appUrl); return $specialVars; }
/** * The super-magical method that includes files & finalizes things using * the given templating engine. * NOTE: the local variable "$page" is made so that the included scripts * can make calls to the templating engine, just like they used to. It's * AWESOME. */ function finish() { //Avoid problems when REGISTER_GLOBALS is on... $badUrlVars = array('page', 'this'); foreach ($badUrlVars as $badVarName) { unset($_GET[$badVarName], $_POST[$badVarName]); } unset($badUrlVars, $badVarName); if (is_array($this->injectVars) && count($this->injectVars)) { $definedVars = get_defined_vars(); foreach ($this->injectVars as $myVarName => $myVarVal) { if (!isset($definedVars[$myVarName])) { ${$myVarName} = $myVarVal; } else { throw new exception(__METHOD__ . ": attempt to inject already defined var '" . $myVarName . "'"); } } } unset($definedVars, $myVarName, $myVarVal); if (isset($this->session) && is_object($this->session)) { $this->templateObj->session = $this->session; } //if we loaded an index, but there is no "content", then move 'em around so we have content. if (isset($this->templateObj->templateFiles['index']) && !isset($this->templateObj->templateFiles['content'])) { $this->add_template('content', $this->templateObj->templateFiles['index']); } //make the "final section" available to scripts. $finalSection = $this->finalSection; $sectionArr = $this->sectionArr; if (count($sectionArr) && $sectionArr[count($sectionArr) - 1] == "") { array_pop($sectionArr); } $fullSectionArr = $this->fullSectionArr; array_unshift($sectionArr, $this->baseDir); $finalURL = ToolBox::string_from_array($sectionArr, NULL, '/'); $this->templateObj->add_template_var('PHP_SELF', '/' . ToolBox::string_from_array($sectionArr, NULL, '/')); $page = $this->templateObj; //now include the includes scripts, if there are any. if (is_array($this->includesList) && count($this->includesList)) { try { foreach ($this->includesList as $myInternalIndex => $myInternalScriptName) { $this->myLastInclude = $myInternalScriptName; unset($myInternalScriptName, $myInternalIndex); include_once $this->myLastInclude; } //now load the "after" includes. if (is_array($this->afterIncludesList)) { foreach ($this->afterIncludesList as $myInternalIndex => $myInternalScriptName) { $this->myLastInclude = $myInternalScriptName; unset($myInternalScriptName, $myInternalIndex); include_once $this->myLastInclude; } } } catch (exception $e) { $myRoot = preg_replace('/\\//', '\\\\/', $this->incFs->root); $displayableInclude = preg_replace('/^' . $myRoot . '/', '', $this->myLastInclude); $page->set_message_wrapper(array('title' => "Fatal Error", 'message' => __METHOD__ . ": A fatal error occurred while processing <b>" . $displayableInclude . "</b>:<BR>\n<b>ERROR</b>: " . $e->getMessage(), 'type' => "fatal")); //try to pass the error on to the user's exception handler, if there is one. if (function_exists('exception_handler')) { exception_handler($e); } } unset($myInternalIndex); unset($myInternalScriptName); } if (is_bool($page->allow_invalid_urls() === TRUE) && $this->isValid === FALSE) { $this->isValid = $page->allow_invalid_urls(); } if ($this->isValid === TRUE) { if ($page->printOnFinish === true) { $page->print_page(); } } else { $this->die_gracefully($this->reason); } }
/** * Basically, just a wrapper for create_list(), which returns a list or * an array of lists, depending upon what was requested. * * @param $array <array> list for the array... * @param $style <str,optional> what "style" it should be returned * as (select, update, etc). * @param $separator <str,optional> what separattes key from value: see each * style for more information. * @param $cleanString <mixed,optional> clean the values in $array by sending it * to cleanString(), with this as the second argument. * @param $removeEmptyVals <bool,optional> If $cleanString is an ARRAY and this * evaluates as TRUE, indexes of $array whose values have * a length of 0 will be removed. */ public static function string_from_array($array, $style = NULL, $separator = NULL, $cleanString = NULL, $removeEmptyVals = FALSE) { $retval = NULL; //precheck... if it's not an array, kill it. if (!is_array($array)) { return NULL; } //make sure $style is valid. $style = strtolower($style); if (is_array($array)) { //if $cleanString is an array, assume it's arrayIndex => cleanStringArg if (is_array($cleanString) && (!is_null($style) && strlen($style))) { $cleanStringArr = array_intersect_key($cleanString, $array); if (count($cleanStringArr) > 0 && is_array($cleanStringArr)) { foreach ($cleanStringArr as $myIndex => $myCleanStringArg) { if ($removeEmptyVals && strlen($array[$myIndex]) == 0) { //remove the index. unset($array[$myIndex]); } else { //now format it properly. $myUseSqlQuotes = null; if (in_array($myCleanStringArg, array('int', 'integer', 'numeric', 'number', 'decimal', 'float'))) { $myUseSqlQuotes = false; } $array[$myIndex] = ToolBox::cleanString($array[$myIndex], $myCleanStringArg, $myUseSqlQuotes); unset($myUseSqlQuotes); } } } } switch ($style) { //++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ case "insert": if (!$separator) { $separator = " VALUES "; } //build temporary data... $tmp = array(); foreach ($array as $key => $value) { @($tmp[0] = ToolBox::create_list($tmp[0], $key)); //clean the string, if required. if (is_null($value)) { $value = "NULL"; } elseif ($cleanString) { //make sure it's not full of poo... $value = ToolBox::cleanString($value, "sql"); #$value = "'". $value ."'"; } @($tmp[1] = ToolBox::create_list($tmp[1], $value, ",", 1)); } //make the final product. $retval = "(" . $tmp[0] . ")" . $separator . "(" . $tmp[1] . ")"; break; //++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ //++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ //++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ //++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ case "update": if (!$separator) { $separator = "="; } //build final product. foreach ($array as $field => $value) { $sqlQuotes = 1; if ($value === "NULL" || $value === NULL) { $sqlQuotes = 0; } if ($cleanString && !(preg_match('/^\'/', $value) && preg_match('/\'$/', $value))) { //make sure it doesn't have crap in it... $value = ToolBox::cleanString($value, "sql", $sqlQuotes); } if ($value == "'") { //Fix possible SQL-injection. $value = "'\\''"; } elseif (!strlen($value)) { $value = "''"; } $retval = ToolBox::create_list($retval, $field . $separator . $value); } break; //++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ //++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ //++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ //++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ case "order": case "limit": //for creating the "limit 50 offset 35" part of a query... or at least using that "style". $separator = " "; //build final product. foreach ($array as $field => $value) { if ($cleanString) { //make sure it doesn't have crap in it... $value = ToolBox::cleanString($value, "sql"); $value = "'" . $value . "'"; } $retval = ToolBox::create_list($retval, $value, ", "); } if ($style == "order" && !preg_match('/order by/', strtolower($retval))) { $retval = "ORDER BY " . $retval; } break; //++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ //++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ //++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ //++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ case "select": //build final product. $separator = "="; foreach ($array as $field => $value) { //allow for tricksie things... /* * Example: * string_from_array(array("y"=>3, "x" => array(1,2,3))); * * would yield: "y=3 AND (x=1 OR x=2 OR x=3)" */ $delimiter = "AND"; if (is_array($value)) { //doing tricksie things!!! $retval = ToolBox::create_list($retval, $field . " IN (" . ToolBox::string_from_array($value) . ")", " {$delimiter} "); } else { //if there's already an operator ($separator), don't specify one. if (preg_match('/^[\\(<=>]/', $value)) { $separator = NULL; } if ($cleanString) { //make sure it doesn't have crap in it... $value = ToolBox::cleanString($value, "sql"); } if (isset($separator)) { $value = "'" . $value . "'"; } $retval = ToolBox::create_list($retval, $field . $separator . $value, " {$delimiter} "); } } break; //++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ //++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ //++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ //++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ case "url": //an array like "array('module'='todo','action'='view','ID'=164)" to "module=todo&action=view&ID=164" if (!$separator) { $separator = "&"; } foreach ($array as $field => $value) { if ($cleanString && !is_array($cleanString)) { $value = ToolBox::cleanString($value, $cleanString); } $retval = ToolBox::create_list($retval, "{$field}={$value}", $separator); } break; //++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ //++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ //++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ //++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ case "text_list": if (is_null($separator)) { $separator = '='; } foreach ($array as $field => $value) { $retval = ToolBox::create_list($retval, $field . $separator . $value, "\n"); } break; //++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ //++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ //++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ //++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ case "html_list": if (is_null($separator)) { $separator = '='; } foreach ($array as $field => $value) { $retval = ToolBox::create_list($retval, $field . $separator . $value, "<BR>\n"); } break; //++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ //++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ //++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ //++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ default: if (!$separator) { $separator = ", "; } foreach ($array as $field => $value) { if ($cleanString) { $value = ToolBox::cleanString($value, $cleanString); } $retval = ToolBox::create_list($retval, $value, $separator); } //++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ } } else { //not an array. $retval = NULL; } return $retval; }
/** * Should just check to see if they've authenticated. In reality, this * just performs blind redirection if $restrictedAccess is set (and if * redirecting is allowed). * * TODO: should be a simple check, returning true/false * TODO: ability to specify location of login (unambiguously) * TODO: specify location to redirect to, instead of accessing $_GET */ public function check_login($restrictedAccess) { if ($restrictedAccess) { $myUri = $_SERVER['SCRIPT_NAME']; $doNotRedirectArr = array('/login.php', '/admin/login.php', '/index.php', '/admin.php', '/content', '/content/index.php'); $myUrlString = ""; $myGetArr = $_GET; if (is_array($myGetArr) && count($myGetArr) > 0) { unset($myGetArr['PHPSESSID']); unset($myGetArr[CS - CONTENT_SESSION_NAME]); $myUrlString = ToolBox::string_from_array($myGetArr, NULL, 'url'); } //TODO: make the redirectHere variable dynamic--an argument, methinks. $redirectHere = '/login.php?destination=' . $myUrlString; //Not exitting after conditional_header() is... bad, m'kay? ToolBox::conditional_header($redirectHere, TRUE); exit; } }