/** * Function to display banners in all pages */ function pnBannerDisplay($type = 0) { // test on config settings if (pnConfigGetVar('banners') != 1) { return ' '; } // added check for numeric type - markwest if (!is_numeric($type)) { return ' '; } $dbconn =& pnDBGetConn(true); $pntable =& pnDBGetTables(); $column =& $pntable['banner_column']; $bresult =& $dbconn->Execute("SELECT count(*) AS count FROM {$pntable['banner']}\n\t\t\t\t\t\t\t\tWHERE {$column['type']} = '" . (int) pnVarPrepForStore($type) . "'"); list($numrows) = $bresult->fields; // we no longer need this, free the resources $bresult->Close(); /* Get a random banner if exist any. */ /* More efficient random stuff, thanks to Cristian Arroyo from http://www.planetalinux.com.ar */ if ($numrows > 1) { $numrows = $numrows - 1; mt_srand((double) microtime() * 1000000); $bannum = mt_rand(0, $numrows); } else { $bannum = 0; } $column =& $pntable['banner_column']; //$query = buildSimpleQuery ('banner', array ('bid', 'imageurl','clickurl'), "$column[type] = $type", '', 1, $bannum); $query = "SELECT {$column['bid']}, {$column['imageurl']}, {$column['clickurl']}\n\t\t\t\tFROM {$pntable['banner']}\n\t\t\t\tWHERE {$column['type']} = '" . (int) pnVarPrepForStore($type) . "'"; $bresult2 =& $dbconn->SelectLimit($query, 1, $bannum); list($bid, $imageurl, $clickurl) = $bresult2->fields; // we no longer need this, free the resources $bresult2->Close(); $myIP = pnConfigGetVar('myIP'); $myhost = pnServerGetVar("REMOTE_ADDR"); if (!empty($myIP) && substr($myhost, 0, strlen($myIP)) == $myIP) { // itevo, MNA: added temporary variable to check when inserting a finished banner (insert only when variable is not set) $ignore_bannerfinish = 1; } else { $dbconn->Execute("UPDATE {$pntable['banner']}\n SET {$column['impmade']}={$column['impmade']}+1\n WHERE {$column['bid']}=" . (int) pnVarPrepForStore($bid) . ""); } if ($numrows > 0) { $aborrar =& $dbconn->Execute("SELECT {$column['cid']},{$column['imptotal']},\n {$column['impmade']}, {$column['clicks']},\n {$column['date']}\n FROM {$pntable['banner']}\n WHERE {$column['bid']}=" . (int) pnVarPrepForStore($bid) . ""); list($cid, $imptotal, $impmade, $clicks, $date) = $aborrar->fields; $aborrar->Close(); /* Check if this impression is the last one and print the banner */ if ($imptotal == $impmade && !isset($ignore_bannerfinish)) { $column =& $pntable['bannerfinish_column']; $dbconn->Execute("INSERT INTO {$pntable['bannerfinish']}\n ( {$column['bid']}, {$column['cid']}, {$column['impressions']}, {$column['clicks']}, {$column['datestart']}, {$column['dateend']} )\n VALUES (NULL, '" . pnVarPrepForStore($cid) . "', '" . pnVarPrepForStore($impmade) . "', '" . pnVarPrepForStore($clicks) . "', '" . pnVarPrepForStore($date) . "', now())"); $dbconn->Execute("DELETE FROM {$pntable['banner']} WHERE {$column['bid']}=" . (int) pnVarPrepForStore($bid) . ""); } list($bid, $clickurl, $imageurl) = pnVarPrepForDisplay($bid, $clickurl, $imageurl); if ($type == 1 or $type == 2 or $type == 0) { echo "<a href=\"banners.php?op=click&bid={$bid}\" title=\"{$clickurl}\"><img src=\"{$imageurl}\" alt=\"{$clickurl}\" /></a>"; } else { $content = "<a href=\"banners.php?op=click&bid={$bid}\" title=\"{$clickurl}\"><img src=\"{$imageurl}\" alt=\"{$clickurl}\" /></a>"; return $content; } } }
function send_email() { $adminmail = pnConfigGetVar('adminmail'); $subject = "" . _ERROR404_MAILSUBJECT . ""; $sitename = pnConfigGetVar('sitename'); $remote_addr = pnServerGetVar('REMOTE_ADDR'); $http_referer = pnServerGetVar('HTTP_REFERER'); $redirect_url = pnServerGetVar('REDIRECT_URL'); $server = pnServerGetVar('HTTP_HOST'); $errordoc = "http://{$server}{$redirect_url}"; $errortime = ml_ftime(_DATETIMEBRIEF, date(time())); $message = "{$subject}\n\n"; $message .= "TIME: {$errortime}\n"; $message .= "REMOTE_ADDR: {$remote_addr}\n"; $message .= "ERRORDOC: " . pnVarPrepForDisplay($errordoc) . "\n"; $message .= "HTTP_REFERER: {$http_referer}\n"; pnMail($adminmail, $subject, $message, "From: \"{$sitename}\" <{$adminmail}>\nX-Mailer: PHP/" . phpversion()); echo "<br /><br /><strong>" . _ERROR404_MAILED . "</strong>\n"; }
function FlashChatBridge_init() { $host = pnServerGetVar('HTTP_HOST'); $protocol = pnServerGetProtocol(); $adress = pnServerGetVar('SERVER_ADDR'); $server = $protocol . '://' . $host; pnModSetVar('FlashChatBridge', 'width', 800); pnModSetVar('FlashChatBridge', 'height', 600); pnModSetVar('FlashChatBridge', 'autosize', 0); pnModSetVar('FlashChatBridge', 'client_path', $server . ':35555/'); pnModSetVar('FlashChatBridge', 'server_data_path', 'somewhere/123flashchat/server/data/'); pnModSetVar('FlashChatBridge', 'init_room', 1); pnModSetVar('FlashChatBridge', 'client_type', "standard"); pnModSetVar('FlashChatBridge', 'active_chat_standard', 1); pnModSetVar('FlashChatBridge', 'init_host', $adress); pnModSetVar('FlashChatBridge', 'init_port', '51127'); pnModSetVar('FlashChatBridge', 'init_host_s', $adress); pnModSetVar('FlashChatBridge', 'init_port_s', ''); pnModSetVar('FlashChatBridge', 'init_host_h', $adress); pnModSetVar('FlashChatBridge', 'init_port_h', ''); return true; }
$os = "Windows"; } elseif (ereg("Mac", pnServerGetVar("HTTP_USER_AGENT")) || ereg("PPC", pnServerGetVar("HTTP_USER_AGENT"))) { $os = "Mac"; } elseif (ereg("Linux", pnServerGetVar("HTTP_USER_AGENT"))) { $os = "Linux"; } elseif (ereg("FreeBSD", pnServerGetVar("HTTP_USER_AGENT"))) { $os = "FreeBSD"; } elseif (ereg("SunOS", pnServerGetVar("HTTP_USER_AGENT"))) { $os = "SunOS"; } elseif (ereg("IRIX", pnServerGetVar("HTTP_USER_AGENT"))) { $os = "IRIX"; } elseif (ereg("BeOS", pnServerGetVar("HTTP_USER_AGENT"))) { $os = "BeOS"; } elseif (ereg("OS/2", pnServerGetVar("HTTP_USER_AGENT"))) { $os = "OS/2"; } elseif (ereg("AIX", pnServerGetVar("HTTP_USER_AGENT"))) { $os = "AIX"; } else { $os = "Other"; } /* Save on the databases the obtained values */ //global $pntable, $dbconn; $dbconn =& pnDBGetConn(true); $pntable =& pnDBGetTables(); $column =& $pntable['counter_column']; $dbconn->Execute("UPDATE {$pntable['counter']}\n SET {$column['count']}={$column['count']}+1\n WHERE ({$column['type']}='total' AND {$column['var']}='hits')\n OR ({$column['var']}='" . pnVarPrepForStore($browser) . "' AND {$column['type']}='browser')\n OR ({$column['var']}='" . pnVarPrepForStore($os) . "' AND {$column['type']}='os')"); /* Per-Day-Counter */ $xydate = date("dmY"); $column =& $pntable['stats_date_column']; $xyval =& $dbconn->Execute("SELECT {$column['hits']} as hits\n FROM {$pntable['stats_date']}\n WHERE {$column['date']}='" . pnVarPrepForStore($xydate) . "'"); if ($dbconn->ErrorNo() != 0) {
function pnMailHackAttempt($detecting_file = "(no filename available)", $detecting_line = "(no line number available)", $hack_type = "(no type given)", $message = "(no message given)") { $output = "Attention site admin of " . pnConfigGetVar('sitename') . ",\n"; $output .= "On " . ml_ftime(_DATEBRIEF, GetUserTime(time())); $output .= " at " . ml_ftime(_TIMEBRIEF, GetUserTime(time())); $output .= " the PostNuke code has detected that somebody tried to" . " send information to your site that may have been intended" . " as a hack. Do not panic, it may be harmless: maybe this" . " detection was triggered by something you did! Anyway, it" . " was detected and blocked. \n"; $output .= "The suspicious activity was recognized in {$detecting_file} " . "on line {$detecting_line}, and is of the type {$hack_type}. \n"; $output .= "Additional information given by the code which detected this: " . $message; $output .= "\n\nBelow you will find a lot of information obtained about " . "this attempt, that may help you to find what happened and " . "maybe who did it.\n\n"; $output .= "\n=====================================\n"; $output .= "Information about this user:\n"; $output .= "=====================================\n"; if (!pnUserLoggedIn()) { $output .= "This person is not logged in.\n"; } else { $output .= "PostNuke username: "******"\n" . "Registered email of this PostNuke user: "******"\n" . "Registered real name of this PostNuke user: "******"\n"; } $output .= "IP numbers: [note: when you are dealing with a real cracker " . "these IP numbers might not be from the actual computer he is " . "working on]" . "\n\t IP according to HTTP_CLIENT_IP: " . pnServerGetVar('HTTP_CLIENT_IP') . "\n\t IP according to REMOTE_ADDR: " . pnServerGetVar('REMOTE_ADDR') . "\n\t IP according to GetHostByName(\$_SERVER['REMOTE_ADDR']): " . GetHostByName($_SERVER['REMOTE_ADDR']) . "\n\n"; $output .= "\n=====================================\n"; $output .= "Browser information\n"; $output .= "=====================================\n"; $output .= "HTTP_USER_AGENT: " . $_SERVER['HTTP_USER_AGENT'] . "\n"; $browser = (array) get_browser(); while (list($key, $value) = each($browser)) { $output .= "BROWSER * {$key} : {$value}\n"; } $output .= "\n=====================================\n"; $output .= "Information in the \$_GET array\n"; $output .= "This is about variables that may have been "; $output .= "in the URL string or in a 'GET' type form.\n"; $output .= "=====================================\n"; while (list($key, $value) = each($_GET)) { $output .= "GET * {$key} : {$value}\n"; } $output .= "\n=====================================\n"; $output .= "Information in the \$_POST array\n"; $output .= "This is about visible and invisible form elements.\n"; $output .= "=====================================\n"; while (list($key, $value) = each($_POST)) { $output .= "POST * {$key} : {$value}\n"; } $output .= "\n=====================================\n"; $output .= "Information in the \$_COOKIE array\n"; $output .= "=====================================\n"; while (list($key, $value) = each($_COOKIE)) { $output .= "COOKIE * {$key} : {$value}\n"; } $output .= "\n=====================================\n"; $output .= "Information in the \$_FILES array\n"; $output .= "=====================================\n"; while (list($key, $value) = each($_FILES)) { $output .= "FILES * {$key} : {$value}\n"; } $output .= "\n=====================================\n"; $output .= "Information in the \$_SESSION array\n"; $output .= "This is session info. The variables\n"; $output .= " starting with PNSV are PostNukeSessionVariables.\n"; $output .= "=====================================\n"; while (list($key, $value) = each($_SESSION)) { $output .= "SESSION * {$key} : {$value}\n"; } $headers = "From: " . pnConfigGetVar('sitename') . "<" . pnConfigGetVar('adminmail') . ">\n"; $headers .= "X-Priority: 1 (Highest)"; pnMail(pnConfigGetVar('adminmail'), 'Attempted hack on your site? (type: ' . $hack_type . ')', $output, $headers); return; }
/** * Initialise session */ function pnSessionInit() { $dbconn =& pnDBGetConn(true); $pntable =& pnDBGetTables(); // First thing we do is ensure that there is no attempted pollution // of the session namespace foreach ($GLOBALS as $k => $v) { if (substr($k, 0, 4) == 'PNSV') { return false; } } // Kick it session_start(); // Have to re-write the cache control header to remove no-save, this // allows downloading of files to disk for application handlers // adam_baum - no-cache was stopping modules (andromeda) from caching the playlists, et al. // any strange behaviour encountered, revert to commented out code. // Header('Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0'); Header('Cache-Control: cache'); $sessid = session_id(); // Get (actual) client IP addr $ipaddr = pnServerGetVar('REMOTE_ADDR'); if (empty($ipaddr)) { $ipaddr = pnServerGetVar('HTTP_CLIENT_IP'); } $tmpipaddr = pnServerGetVar('HTTP_CLIENT_IP'); if (!empty($tmpipaddr)) { $ipaddr = $tmpipaddr; } $fwdipaddr = pnServerGetVar('HTTP_X_FORWARDED_FOR'); if (!empty($fwdipaddr) and strpos($fwdipaddr, ',') !== false) { $fwdipaddr = substr($fwdipaddr, 0, strpos($fwdipaddr, ',')); } $tmpipaddr = $fwdipaddr; if (!empty($tmpipaddr) and strpos($tmpipaddr, ',') !== false) { $ipaddr = substr($tmpipaddr, 0, strpos($tmpipaddr, ',')); } $sessioninfocolumn =& $pntable['session_info_column']; $sessioninfotable = $pntable['session_info']; $query = "SELECT {$sessioninfocolumn['ipaddr']}\n FROM {$sessioninfotable}\n WHERE {$sessioninfocolumn['sessid']} = '" . pnVarPrepForStore($sessid) . "'"; $result =& $dbconn->Execute($query); if ($dbconn->ErrorNo() != 0) { return false; } if (!$result->EOF) { // jgm - this has been commented out so that the nice AOL people // can view PN pages, will examine full implications of this // later // list($dbipaddr) = $result->fields; $result->Close(); // if ($ipaddr == $dbipaddr) { pnSessionCurrent($sessid); // } else { // // Mismatch - destroy the session // session_destroy(); // pnRedirect('index.php'); // return false; // } } else { pnSessionNew($sessid, $ipaddr); // Generate a random number, used for // some authentication srand((double) microtime() * 1000000); pnSessionSetVar('rand', rand()); } return true; }
/** * Redirect the user to another page * * This function is broken, do not use it! * * @access public * @param string $url URL to redirect to * @param integer $waittime Seconds to wait before redirecting * @return string An HTML string if <code>ReturnHTML()</code> has been called, * otherwise null * @todo This function is broken, do not use it! */ function Redirect($url, $waittime = 3) { $server = pnServerGetVar('HTTP_HOST'); $self = pnServerGetVar('PHP_SELF'); // Removing leading slashes from path $path = preg_replace('!^/*!', '', dirname($self)); // Removing leading slashes from redirect url $url = preg_replace('!^/*!', '', $url); // Make redirect line if (empty($path)) { $output = "Location: http://{$server}/{$url}"; } else { $output = "Location: http://{$server}/{$path}/{$url}"; } if ($this->GetOutputMode() == _PNH_RETURNOUTPUT) { return $output; } else { $this->header[] = $output; } }
function httpreferer() { /*** * Here we set up some variables for the rest of the script. * if you want to see whats going on, set $DEBUG to 1 * I use $httphost here because i dont want to deal with the need to have * to see if $nuke_url is set correctly and whatnot. if you prefer to use * $nuke_url isntead of HTTP_HOST, just uncomment the appropriate lines. */ $DEBUG = 0; $httpreferer = pnServerGetVar('HTTP_REFERER'); $httphost = pnServerGetVar('HTTP_HOST'); $dbconn =& pnDBGetConn(true); $pntable =& pnDBGetTables(); if ($DEBUG == 1) { echo 'HTTP_HOST = ' . pnVarPrepForDisplay($httphost) . '<br /> HTTP_REFERER = ' . pnVarPrepForDisplay($httpreferer) . '<br />'; } /*** * This is the first thing we need to check. what this does is see if * HTTP_HOST is anywhere in HTTP_REFERER. This is so we dont log hits coming * from our own domain. */ if (!ereg("{$httphost}", $httpreferer)) { /*** * If $httpreferer is not set, set $httpreferer to value "bookmark" * This is to show how many people have this bookmarked or type in the * URL into the browser. also so we dont have empty referers. */ if ($httpreferer == '') { $httpreferer = 'bookmark'; } $httpreferer = trim($httpreferer); $writeref = true; $refex = pnConfigGetVar('httprefexcluded'); if (!empty($refex)) { $refexclusion = explode(' ', $refex); $count = count($refexclusion); $eregicondition = "(("; for ($i = 0; $i < $count; $i++) { if ($i != $count - 1) { $eregicondition .= $refexclusion[$i] . ")|("; } else { $eregicondition .= $refexclusion[$i] . "))"; } } if (eregi($eregicondition, $httpreferer)) { $writeref = false; } } if ($writeref == true) { // grab a reference to our table column defs for easier reading below $column =& $pntable['referer_column']; /*** * Lets select from the table where we have $httpreferer (whether it be * a valid referer or 'bookmark'. if we return 1 row, that means someones * used this referer before and update the set appropriatly. * * If we dont have any rows (it returns 0), we have a new entry in the * table, update accordingly. * * After we figure out what SQL statement we are using, lets perform the * query and we're done ! */ $check_sql = "SELECT count({$column['rid']}) as c\n FROM {$pntable['referer']}\n WHERE {$column['url']} = '" . pnVarPrepForStore($httpreferer) . "'"; $result =& $dbconn->Execute($check_sql); if ($dbconn->ErrorNo() != 0) { pnSessionSetVar('errormsg', 'Error: ' . $dbconn->ErrorNo() . ': ' . $dbconn->ErrorMsg()); return false; } $row = $result->fields; $count = $row[0]; if ($count == 1) { $update_sql = "UPDATE {$pntable['referer']}\n SET {$column['frequency']} = {$column['frequency']} + 1\n WHERE {$column['url']} = '" . pnVarPrepForStore($httpreferer) . "'"; } else { /*** * "auto-increment" isn't portable so we have to use the standard * interface for grabbing sequence numbers. The underlying * implementation handles the correct method for the RDBMS we are * using. */ $rid = $dbconn->GenId($pntable['referer'], true); $update_sql = "INSERT INTO {$pntable['referer']}\n ({$column['rid']},\n {$column['url']},\n {$column['frequency']})\n VALUES\n (" . pnVarPrepForStore($rid) . ",\n '" . pnVarPrepForStore($httpreferer) . "',\n 1)"; } $result =& $dbconn->Execute($update_sql); if ($dbconn->ErrorNo() != 0) { pnSessionSetVar('errormsg', 'Error: ' . $dbconn->ErrorNo() . ': ' . $dbconn->ErrorMsg()); return false; } if ($DEBUG == 1) { echo "<br />" . $check_sql . "<br />" . $update_sql . "<br />"; } } } }
function mediashare_userapi_getRelativeMediadir() { $zkroot = substr(pnServerGetVar('DOCUMENT_ROOT'), 0, -1) . pnGetBaseURI(); $mediaBase = substr(str_replace('\\', '/', realpath(pnModGetVar('mediashare', 'mediaDirName', 'mediashare'))), strlen($zkroot) + 1); return $mediaBase . '/'; }
/** * Get current URL * * @access public * @param args array additional parameters to be added to/replaced in the URL (e.g. theme, ...) * @return string current URL * @todo cfr. BaseURI() for other possible ways, or try PHP_SELF */ function pnGetCurrentURL() { $server = pnServerGetHost(); $protocol = pnServerGetProtocol(); $baseurl = "{$protocol}://{$server}"; // get current URI $request = pnServerGetVar('REQUEST_URI'); if (empty($request)) { // adapted patch from Chris van de Steeg for IIS // TODO: please test this :) $scriptname = pnServerGetVar('SCRIPT_NAME'); $pathinfo = pnServerGetVar('PATH_INFO'); if ($pathinfo == $scriptname) { $pathinfo = ''; } if (!empty($scriptname)) { $request = $scriptname . $pathinfo; $querystring = pnServerGetVar('QUERY_STRING'); if (!empty($querystring)) { $request .= '?' . $querystring; } } else { $request = '/'; } } return $baseurl . $request; }