"; } //========================================// /** * Connects to Database * * Returns error upon failure. * * @param * * @return nothing */ //========================================// /******************************************************\ * Function Name : connectToDB() * * Task : create connection to db * * Arguments : none * * Globals: all defined in config.php * * Returns : none, sets $link * \******************************************************/ function connectToDB() { global $ee_link; // use pconnect - can be changed to just connect: $ee_link = mysql_connect(EE_DBHOST, EE_DBUSER, EE_DBPASS); if (!$ee_link) { // mail(EE_FAIL_NOTIFY, "database ".EE_DBHOST." down on ".$_SERVER["SERVER_NAME"], mysql_error()." from ".$_SERVER["SCRIPT_FILENAME"]); die("Couldn't connect to MySQL"); } // select db: mysql_select_db(EE_DBNAME, $ee_link) || die("Couldn't open db: " . EE_DBNAME . ". Error if any was: ".mysql_error() ); } // end func dbConnect(); function connectToAnyDB($ee_dbhost) { global $ee_link; // use pconnect - can be changed to just connect: $ee_link = mysql_connect($ee_dbhost, EE_DBUSER, EE_DBPASS); if (!$ee_link) { //mail(EE_FAIL_NOTIFY, "database ".EE_DBHOST." down on ".$_SERVER["SERVER_NAME"], mysql_error()." from ".$_SERVER["SCRIPT_FILENAME"]); die("Couldn't connect to MySQL"); } // select db: mysql_select_db(EE_DBNAME, $ee_link) || die("Couldn't open db: " . EE_DBNAME . ". Error if any was: ".mysql_error() ); } // end func dbConnect(); function connectToSlaveDB() { global $ee_slave_link; // use pconnect - can be changed to just connect: ($ee_slave_link = mysql_connect(EE_SLAVE_DBHOST, EE_SLAVE_DBUSER, EE_SLAVE_DBPASS)) || die("Couldn't connect to MySQL"); // select db: mysql_select_db(EE_SLAVE_DBNAME, $ee_slave_link) || die("Couldn't open db: " . EE_SLAVE_DBNAME . ". Error if any was: ".mysql_error() ); } // end func dbConnect(); function connectToDataDB() { global $ee_data_link; // use pconnect - can be changed to just connect: ($ee_data_link = mysql_connect(EE_DBHOST, EE_DBUSER, EE_DBPASS)) || die("Couldn't connect to MySQL"); // select db: mysql_select_db(EE_DATA_DBNAME, $ee_data_link) || die("Couldn't open db: " . EE_DATA_DBNAME . ". Error if any was: ".mysql_error() ); } // end func dbConnect(); //========================================// /** * Returns query in array form * * Returns error upon failure. * * @param $query text string for query * * @return $return_array array of results */ //========================================// function sql_query ($query) { $result = mysql_query($query) or die(mysql_error()); $return_array = array(); while ($row = mysql_fetch_array($result)) { array_push($return_array, $row); } mysql_free_result($result); return $return_array; } /******************************************************\ * Function Name : closeDB() * * Task : closes the open database connection * * Arguments : none * * Returns : none * \******************************************************/ function closeDB() { global $ee_link; mysql_close($ee_link); } function closeSlaveDB() { global $ee_slave_link; mysql_close($ee_slave_link); } /******************************************************\ * Function Name : closeDataDB() * * Task : closes the data open database connection * * Arguments : none * * Returns : none * \******************************************************/ function closeDataDB() { global $ee_data_link; mysql_close($ee_data_link); } /******************************************************\ * Function Name : getRow($table, $key, $val) * * Task : get a single row of info from db based on args passed * * Arguments : string ($table, $key, $val) * * Returns : array $row * \******************************************************/ function getRow($table, $key, $val) { global $ee_link; // build query: $query="SELECT * FROM $table WHERE $key='$val'"; // Run query: $result=mysql_query($query, $ee_link) or die("getRow fatal error: ".mysql_error()); // Retrieve info: $row=mysql_fetch_array($result); return $row; } // end func getRow($table, $key, $val) function addsqlarray($cnt, &$colname, &$content, &$type,$incolname, $incontent, $intype) { //$colname, $content, $type, $colname[$cnt] = $incolname; $content[$cnt] = $incontent; $type[$cnt] = $intype; $cnt++; return $cnt; } /******************************************************\ * Function Name : genInsertSql($tablename, $colname, $content, $type, $count) * * Task :generates insert statement for sql; * * Arguments : string $tablename, string $colname, string $type, number $count * * Returns : string $sql; * \******************************************************/ function genInsertSql($tablename,&$colname, &$content, &$type, $count) { //$colname, $content, $type, $argcnt = 0; $sql = "insert into $tablename ("; for ($i = 0; $i < $count; $i++) { if (!empty($content[$i])) { if ($argcnt > 0) $sql .= ", "; $sql .= $colname[$i]; $argcnt++; } } $sql .= ") values ("; $argcnt = 0; for ($i = 0; $i < $count; $i++) { if (!empty($content[$i])) { if ($argcnt > 0) $sql .= ", "; if ($type[$i] == "s") $sql .= "'"; $sql .= $content[$i]; if ($type[$i] == "s") $sql .= "'"; $argcnt++; } } $sql .= ")"; return $sql; } /******************************************************\ * Function Name :genUpdateSql($tablename, $colname, $content, $type, $count, $condition) * * Task : generates update statement for sql * * Arguments : * * Returns : string $sql * \******************************************************/ function genUpdateSql($tablename, $colname, $content, $type, $count, $condition) { $sql = "update $tablename set "; for ($i = 0; $i < $count; $i++) { if ($type[$i] != "i" && $content[$i] != "Now()") { if ($i > 0) $sql .= ", "; $sql .= $colname[$i]; $sql .= "="; $sql .= "'". $content[$i] ."'"; } else { if (!empty($content[$i])) { if ($i > 0) $sql .= ", "; $sql .= $colname[$i]; $sql .= "="; $sql .= $content[$i]; } } } $sql .= " where $condition"; return $sql; } /******************************************************\ * Function Name : field_validator($field_descr, $field_data, $field_type, $min_length="", $max_length="", $field_required=1) * * Task : Validate an HTML form field based on the data passed to it * * Arguments : string ($field description, $field data, $field type, $minimum length, maximum length, $is the field required) * * Returns : array $messages on error * \******************************************************/ function field_validator($field_descr, $field_data, $field_type, $min_length="", $max_length="", $field_required=1) { # array for storing error messages global $messages; # first, if no data and field is not required, just return now: if(!$field_data && !$field_required){ return; } # initialize a flag variable - used to flag whether data is valid or not $field_ok=false; # this is the regexp for email validation: $email_regexp="^([a-zA-Z0-9_\-\.]+)@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.)|"; $email_regexp.="(([a-zA-Z0-9\-]+\.)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\]?)$"; # a hash array of "types of data" pointing to "regexps" used to validate the data: $data_types=array( "email"=>$email_regexp, "digit"=>"^[0-9]$", "number"=>"^[0-9]+$", "alpha"=>"^[a-zA-Z]+$", "alpha_space"=>"^[a-zA-Z ]+$", "alphanumeric"=>"^[a-zA-Z0-9]+$", "alphanumeric_space"=>"^[a-zA-Z0-9 ]+$", "string"=>"" ); # check for required fields if ($field_required && empty($field_data)) { $messages[] = "$field_descr is a required field."; return; } # if field type is a string, no need to check regexp: if ($field_type == "string") { $field_ok = true; } else { # Check the field data against the regexp pattern: $field_ok = ereg($data_types[$field_type], $field_data); } # if field data is bad, add message: if (!$field_ok) { $messages[] = "Please enter a valid $field_descr."; return; } # field data min length checking: if ($field_ok && $min_length) { if (strlen($field_data) < $min_length) { $messages[] = "$field_descr is invalid, it should be at least $min_length character(s)."; return; } } # field data max length checking: if ($field_ok && $max_length) { if (strlen($field_data) > $max_length) { $messages[] = "$field_descr is invalid, it should be less than $max_length characters."; return; } } } /******************************************************\ * Function Name : returnNavHTML($currpage, $pagenums,url) * * Task : builds the navigation page breakdown * * Arguments : number ($currnet page number , $number of pages in total, $url to link to) * * Returns : $start number * \******************************************************/ function returnNavHTML ($currpage,$pagenums, $url) { $return_string=""; for ($i=1; $i<$pagenums; $i++) { if ($i!=$currpage) { $return_string .=" $i"; } else { $return_string .= " $i"; } } return $return_string; } function formatURL($url, $i) { $url = ereg_replace("XXcurrpageXX", "$i", $url); return $url; } function redirectURL ($url) { header("Location: $url"); exit(); } function sendmail($to, $to_name, $from, $from_name,$subject, $mailmessage, $reply="", $reply_name="",$ishtml="") { global $ee_message; /* if ($reply == "") { $reply = $ee_reply; } if ($reply_name =="") { $reply_name = $ee_reply_name; } */ $mail = new PHPMailer(); $mail->IsSMTP(); // send via SMTP $mail -> IsMail(); $mail->Host = EE_SMTP; // SMTP servers #$mail->SMTPAuth = true; // turn on SMTP authentication #$mail->Username = "jswan"; // SMTP username #$mail->Password = "secret"; // SMTP password $mail->From = $from; $mail->FromName = $from_name; if ($to_name != "") { $mail->AddAddress($to,$to_name); } if ($reply != "") { $mail->AddReplyTo($reply,$reply_name); } $mail->WordWrap = 70; // set word wrap /*if ($ishtml=true) { $mail->IsHTML(true); // send as HTML } else { $mail->IsHTML(false); }*/ $mail->IsHTML(false); $mail->Subject = $subject; $mail->Body = $mailmessage; // html body #$mail->AltBody = $message; //text body if(!$mail->Send()) { $ee_message = "Message was not sent

"; $ee_message .= "Mailer Error: " . $mail->ErrorInfo; } return; } function sendHTMLmail($to, $to_name, $from, $from_name,$subject, $mailmessage, $reply="", $reply_name="",$ishtml="") { global $ee_message; /* if ($reply == "") { $reply = $ee_reply; } if ($reply_name =="") { $reply_name = $ee_reply_name; } */ $mail = new PHPMailer(); $mail->IsSMTP(); // send via SMTP $mail -> IsMail(); $mail->Host = EE_SMTP; // SMTP servers #$mail->SMTPAuth = true; // turn on SMTP authentication #$mail->Username = "jswan"; // SMTP username #$mail->Password = "secret"; // SMTP password $mail->From = $from; $mail->FromName = $from_name; if ($to_name != "") { $mail->AddAddress($to,$to_name); } if ($reply != "") { $mail->AddReplyTo($reply,$reply_name); } $mail->WordWrap = 70; // set word wrap /*if ($ishtml=true) { $mail->IsHTML(true); // send as HTML } else { $mail->IsHTML(false); }*/ $mail->IsHTML(true); $mail->Subject = $subject; $mail->Body = $mailmessage; // html body #$mail->AltBody = $message; //text body if(!$mail->Send()) { $ee_message = "Message was not sent

"; $ee_message .= "Mailer Error: " . $mail->ErrorInfo; } return; } function CountryArray() { //MySQL Connection global $ee_link; //Site Name Query $countryname_query = "select printable_name, iso3 from country order by printable_name asc"; //print "$countryname_query"; $countryname_result = mysql_query($countryname_query,$ee_link); $countryArray = array(); if (mysql_affected_rows() > 0) { while ($row = mysql_fetch_array($countryname_result)) { $country = $row[0]; $country_code = $row[1]; $rowResult = array("CountryISO" => $country_code, "CountryName" => $country); array_push($countryArray, $rowResult); } } return $countryArray; } function ServiceArray() { //MySQL Connection global $ee_link; //Site Name Query $query = "select id, first_name from admin where status=1 and support='Y'"; //print "$countryname_query"; $result = mysql_query($query,$ee_link); $serviceArray = array(); if (mysql_affected_rows() > 0) { while ($row = mysql_fetch_array($result)) { $id = $row[0]; $name = $row[1]; $rowResult = array("id" => $id, "name"=> $name); array_push($serviceArray, $rowResult); //array_push($countryArray,array($country_code $country)); } } return $serviceArray; } /******************************************************\ * Function Name : WebsiteNameArray() * Task : Returns all website names and website ids as an array. * Returns : $website_name_array \******************************************************/ function WebsiteNameArray() { //MySQL Connection global $ee_link; $website_name_array = array(); $website_name_query = "select id, sitename from website"; //print "$website_name_query"; $website_name_result = mysql_query($website_name_query,$ee_link); if (!$website_name_result) { print mysql_error(); } if (mysql_affected_rows() > 0) { while ($row = mysql_fetch_array($website_name_result)) { $website_id = $row[0]; $website_name = $row[1]; $mysql_row = array("website_id" => $website_id, "website_name" => $website_name); array_push($website_name_array,$mysql_row); } } return $website_name_array; } function addComment ($comment,$webmaster_id, $admin_id, $flag,$payperiod_id=0) { global $ee_link; $add_query = "insert into webmaster_comments (date, webmaster_id, admin_id, payperiod_id, comment, flag) values (now(),$webmaster_id, $admin_id, $payperiod_id, \"$comment\", \"$flag\")"; //print "$add_query
"; $add_result = mysql_query($add_query,$ee_link); if (!$add_result) { sendmail(EE_NOTIFY_EMAIL, EE_NOTIFY_NAME, EE_FROM,EE_FROM_NAME,"error adding comment","Query: $add_query \n ".mysql_error()); } return $add_result; } function addMemberComment ($comment,$member_id, $admin_id, $flag) { global $ee_link; $add_query = "insert into member_comments (date, member_id, admin_id, comment, flag) values (now(),$member_id, $admin_id, \"$comment\", \"$flag\")"; //print "$add_query
"; $add_result = mysql_query($add_query,$ee_link); if (!$add_result) { sendmail(EE_NOTIFY_EMAIL, EE_NOTIFY_NAME, EE_FROM,EE_FROM_NAME,"error adding comment","Query: $add_query \n ".mysql_error()); } return $add_result; } function GetSupportName($support) { global $ee_link; $supportname_query = "select first_name from admin where id = \"$support\""; //print $supportname_query; $support_name="Unknown"; $supportname_result = mysql_query($supportname_query,$ee_link); if (mysql_affected_rows() > 0) { while ($row = mysql_fetch_array($supportname_result)) { $support_name = $row[0]; } } return $support_name; } /* A note about the lookup_size directive: * This will make this script lookup the size of the original file on disk, * which may or may not be the same amount of data sent to the client. * It does give you a hint though.. * Oh, you have to set $document_root aswell if this should work.. */ function write_to_log($str) { global $logfile; $str .= "\n"; if($fd = @fopen($logfile, "a")) { fputs($fd, $str); fclose($fd); @chmod($logfile, 0777); } } function write_to_err_log($str) { global $logfile_err; $str .= "\n"; if($fd = @fopen($logfile, "a")) { fputs($fd, $str); fclose($fd); @chmod($logfile, 0777); } } function get_var($name,$default) { if($var = getenv($name)) { return $var; } else { return $default; } } /******************************************************\ * Function Name : ratio() * Task : Calculate conversion ratio. * Arguments : $hits,$signups * Globals: * Returns : $ratio \******************************************************/ function ratio($hits,$signups) { if ($signups >= $hits and $hits > 0) { $ratio = (integer)($signups/$hits).":1" ; } elseif ($signups < $hits and $signups > 0) { $ratio = "1:". (integer)($hits/$signups); } else { $ratio = "0:0"; } //print "
$hits,$signups, $ratio"; return $ratio; } /******************************************************\ * Function Name : AddCondition() * Task : Creates the where string for the searches. * Arguments : $where_string, $and_or, $condition * Returns : $where_string \******************************************************/ function AddCondition($where_string, $and_or, $condition) { if ($where_string == "") { $where_string .= $condition; } else { $where_string .= $and_or . " " . $condition; } return $where_string; } /*****************************************************\ * Function Name : findtable() * Task : Checking for the existence of a table * Arguments : $table * Returns : TRUE/FALSE \******************************************************/ function FindTable($table) { global $ee_link; $tables = mysql_list_tables(EE_DATA_DBNAME); while (list($temp) = mysql_fetch_array($tables)) { if($temp == $table) { return TRUE; } } return FALSE; } /*****************************************************\ * Function Name : findtable() * Task : Checking for the existence of a table * Arguments : $table * Returns : TRUE/FALSE \******************************************************/ function GetEmailTemplate($template_name) { global $ee_link, $ee_message; mysql_select_db(EE_DBNAME, $ee_link); $query ="select subject, body, is_html from email_template where name= \"$template_name\""; //print "
$query"; $result = mysql_query($query,$ee_link); if ($result) { if (mysql_affected_rows() > 0) { if ($row = mysql_fetch_array($result)) { $subject = $row[0]; $body = $row[1]; $is_html = $row[2]; $sql_row = array("subject" => $subject, "body"=> $body, "is_html" => $is_html); } } }else { $ee_message .= "An error occurred retrieving the email template.
$query
".mysql_error()."
"; } return $sql_row; } /** *@return mixed *@param string $varname *@desc Checks whether value is part of the Get or Post global, and returns it to the caller. Null otherwise. Post will override get if both are present. */ function script_param($varname) { $var = null; $val = null; if (isset ($_GET[$varname])) { $var = $_GET[$varname]; $val = trim($var); } if (isset ($_POST[$varname])) { $var = $_POST[$varname]; $val = trim($var); } //no post or get return $val; } function quote_smart($value) { // Stripslashes if (get_magic_quotes_gpc()) { $value = stripslashes($value); } $value = mysql_real_escape_string($value); return $value; } function quote_smart_encrypt($value) { $value = mysql_real_escape_string($value); return $value; } /** *@return void *@param string $message *@desc Echo a message to the html source using comment tags to wrap it. It references a global constant DEBUG which is set in the config.php file. If DEBUG is true, the thing echos the message. If not, nothing. */ function debug_message($message='') { if (DEBUG) { echo ""; } } function sort_by($array, $keyname, $mode = 'asc') { $newarray = Array(); for($i = 0; $i < count($array); $i++) { $newarray[$i] = $array[$i][$keyname]; } # Sort an array in reverse order and maintain index association if($mode = 'asc') { asort($newarray); } else { # Sort an array using a case insensitive "natural order" algorithm arsort($newarray); } $rebuiltarray = Array(); foreach($newarray as $key => $val) { $rebuiltarray[] = $array[$key]; } return $rebuiltarray; } // In here for compat, remove when everything switches to the other one. function date_dash_add($date) { if (!strstr($date, "-")){ $dash_date= substr($date,0,4) . "-" . substr($date,4,2) . "-" . substr($date,6,2); } else { $dash_date = $date; } return $dash_date; } // Cleaned up ver with a standard name. function dateDashAdd($date) { if(!strstr($date, "-")) { $dash_date = substr($date, 0, 4)."-".substr($date, 4, 2)."-".substr($date, 6, 2); } else { $dash_date = $date; } return $dash_date; } function getVar($name, $default = '') { if($var = getenv($name)) { return $var; } else { return $default; } } // Cleaned up version, still needs replacing. function writeToLog($str) { global $logfile; $str .= "\n"; if($fd = @fopen($logfile, 'a')) { fputs($fd, $str); fclose($fd); } } ?> $query
".mysql_error()."
"; // print $ee_message; $webmaster_id = -1; } else { if ((mysql_affected_rows() > 0) && ($found==0)) { $row = mysql_fetch_array($result); $webmaster_id = $row[0]; $on_hold = $row[3]; $password = $row[5]; if ($on_hold == 0) { //webmaster is logged in, regenerate the session //session_regenerate_id(); $_SESSION["username"]=$username; $_SESSION["webmaster_name"]=$row[1]; //$_SESSION["password"]=$row[2]; $_SESSION["program"]=$row[4]; $_SESSION["webmaster_id"]=$webmaster_id; $found=1; } else { //$ee_message .= "Webmaster ID = -2
"; $webmaster_id=-2; //we assign it a "-2" so that we can tell later on that this account is on hold. } } else { $webmaster_id=-1; } } return $webmaster_id; } //returns the name of the webmaster function return_name ($id) { global $ee_link; $query = "select Name from webmaster where ID=$id"; $result = mysql_query($query,$ee_link); if (mysql_affected_rows() > 0) { $row = mysql_fetch_array($result); $name = $row[0]; $_SESSION["name"]=$name; } else { $name =""; //no name, such a shame } return $name; } //returns the name of the webmaster function return_bb_id ($username) { global $ee_link,$ee_message; $query = "select id from phpbb_users where Username='$username'"; $result = mysql_query($query,$ee_link); if (mysql_affected_rows() > 0) { $row = mysql_fetch_array($result); $id = $row[0]; } else { $ee_message .= "Could not find a username for this webmaster in phpbb_users.
"; $id ="1"; //no name, such a shame } return $id; } // grab the posted username and password and see if it's valid // calls another function authenticate_user to see if it's the real thing. function handle_login () { $result = "false"; global $ee_message; $username= $_POST["act"]; $password = $_POST["pass"]; //print "inside handle_login()"; //print $username."|".$password."
"; if ($username!="" && $password!="") { $webmaster_id=authenticate_user($username,$password); // print "userid = $userid
"; if ($webmaster_id > 0) { $_SESSION["loggedin"]=true; update_login($webmaster_id); $result = "true"; $autologin = 0; // I don't want anyone to automatically login //$uniqueuserid=return_bb_id($username); $user_ip=""; /*************** THE FOLLOWING IS FOR THE BULLETIN BOARD ... MAY OR MAY NOT BE USED ************/ //$session_id = session_begin($uniqueuserid, $webmaster_id, PAGE_INDEX, FALSE, $autologin); //init_userprefs($session_id); // print "session ID retrieved"; } elseif ($webmaster_id == -1) { $result = "failed"; } elseif ($webmaster_id == -2) { $result = "on hold"; } } else { $result = "invalid"; } return $result; } /** *@return mysql_result *@param int $webmaster_id *@desc Update webmaster table and the webmaster custom table when the user logs in */ function update_login ($webmaster_id) { global $ee_link; global $ee_message; $webmaster_ip = $_SERVER["REMOTE_ADDR"]; //we're going to update the webmaster custom table here to log the hostname of the webmaster login, need the function in functions_webmaster_custom require_once('functions_webmaster_custom.php'); add_signup_host($webmaster_id,$webmaster_ip); //now, update the webmaster table $query = "update webmaster set LastLoggedIn=now(), LoginIP = '$webmaster_ip' where ID=$webmaster_id"; //print $query; $result = mysql_query($query,$ee_link); if (!$result) { //print mysql_error(); $ee_message .= "An error occured updating the webmaster login. Details about this error:
$query
".mysql_error()."
"; } return $result; } ?> 0)){ if (strlen($data) < $min_length || strlen($data) > $max_length){ write_to_log("time: ". date("H:i:s")); write_to_log("error: ". $data ." - string length invalid."); write_to_log("host: " . $_SERVER['HTTP_HOST']); write_to_log("uri: ". $_SERVER["REQUEST_URI"]); write_to_log("line number: ". $line_number); write_to_log("form method: ".$_SERVER['REQUEST_METHOD']); write_to_log("query string: ".$_SERVER['QUERY_STRING']); write_to_log("IP address: ".$_SERVER['REMOTE_ADDR']); $print_r = print_r($_SESSION,true); write_to_log("session vars: " .$print_r); write_to_log("*************************\n"); $err = 1; } } if ($datatype == "integer"){ //use this for validating IDs if (!ctype_digit($data)){ write_to_log("time: ". date("H:i:s")); write_to_log("error: ". $data ." - Not an integer."); write_to_log("host: " . $_SERVER['HTTP_HOST']); write_to_log("uri: ". $_SERVER["REQUEST_URI"]); write_to_log("line number: ". $line_number); write_to_log("form method: ".$_SERVER['REQUEST_METHOD']); write_to_log("query string: ".$_SERVER['QUERY_STRING']); write_to_log("IP address: ".$_SERVER['REMOTE_ADDR']); $print_r = print_r($_SESSION,true); write_to_log("session vars: " .$print_r); write_to_log("*************************\n"); $err = 1; } } elseif ($datatype == "alphanum_nospace"){ //it should be all alpha numeric with no space //most useful when validating stats data if (!ctype_alnum($data)){ write_to_log("time: ". date("H:i:s")); write_to_log("error: ". $data ." - Not alphanumeric."); write_to_log("host: " . $_SERVER['HTTP_HOST']); write_to_log("uri: ". $_SERVER["REQUEST_URI"]); write_to_log("line number: ". $line_number); write_to_log("form method: ".$_SERVER['REQUEST_METHOD']); write_to_log("query string: ".$_SERVER['QUERY_STRING']); write_to_log("IP address: ".$_SERVER['REMOTE_ADDR']); $print_r = print_r($_SESSION,true); write_to_log("session vars: " .$print_r); write_to_log("*************************\n"); $err = 1; ; } if($date != "") { if (strstr(" ", $data)){ write_to_log("time: ". date("H:i:s")); write_to_log("error: ". $data ." - Space in string."); write_to_log("host: " . $_SERVER['HTTP_HOST']); write_to_log("uri: ". $_SERVER["REQUEST_URI"]); write_to_log("line number: ". $line_number); write_to_log("form method: ".$_SERVER['REQUEST_METHOD']); write_to_log("query string: ".$_SERVER['QUERY_STRING']); write_to_log("IP address: ".$_SERVER['REMOTE_ADDR']); $print_r = print_r($_SESSION,true); write_to_log("session vars: " .$print_r); write_to_log("*************************\n"); $err = 1; } } } elseif ($datatype == "date"){ //validating dates list($year,$month,$day) = explode("-", $data); if (!ctype_digit($year) || !ctype_digit($month) || !ctype_digit($day)){ $err = 1; write_to_log("time: ". date("H:i:s")); write_to_log("error: ". $data ." wtf."); write_to_log("host: " . $_SERVER['HTTP_HOST']); write_to_log("uri: ". $_SERVER["REQUEST_URI"]); write_to_log("line number: ". $line_number); write_to_log("form method: ".$_SERVER['REQUEST_METHOD']); write_to_log("query string: ".$_SERVER['QUERY_STRING']); write_to_log("IP address: ".$_SERVER['REMOTE_ADDR']); $print_r = print_r($_SESSION,true); write_to_log("session vars: " .$print_r); write_to_log("*************************\n"); $err = 1; } elseif ((strlen($year) != 4) || (strlen($month) != 2) || (strlen($day) != 2)) { write_to_log("time: ". date("H:i:s")); write_to_log("error: ". $data ." wtf."); write_to_log("host: " . $_SERVER['HTTP_HOST']); write_to_log("uri: ". $_SERVER["REQUEST_URI"]); write_to_log("line number: ". $line_number); write_to_log("form method: ".$_SERVER['REQUEST_METHOD']); write_to_log("query string: ".$_SERVER['QUERY_STRING']); write_to_log("IP address: ".$_SERVER['REMOTE_ADDR']); $print_r = print_r($_SESSION,true); write_to_log("session vars: " .$print_r); write_to_log("*************************\n"); $err = 1; } } elseif ($datatype == "underscore"){ //validating data for specified datatypes using underscore if (!ctype_alnum(str_replace("_", "", $data))){ write_to_log("time: ". date("H:i:s")); write_to_log("error: ". $data ." - Not alphanumeric."); write_to_log("host: " . $_SERVER['HTTP_HOST']); write_to_log("uri: ". $_SERVER["REQUEST_URI"]); write_to_log("line number: ". $line_number); write_to_log("form method: ".$_SERVER['REQUEST_METHOD']); write_to_log("query string: ".$_SERVER['QUERY_STRING']); write_to_log("IP address: ".$_SERVER['REMOTE_ADDR']); $print_r = print_r($_SESSION,true); write_to_log("session vars: " .$print_r); write_to_log("*************************\n"); $err = 1; } if (strstr(" ", $data)){ write_to_log("time: ". date("H:i:s")); write_to_log("error: ". $data ." - Space in string."); write_to_log("host: " . $_SERVER['HTTP_HOST']); write_to_log("uri: ". $_SERVER["REQUEST_URI"]); write_to_log("line number: ". $line_number); write_to_log("form method: ".$_SERVER['REQUEST_METHOD']); write_to_log("query string: ".$_SERVER['QUERY_STRING']); write_to_log("IP address: ".$_SERVER['REMOTE_ADDR']); $print_r = print_r($_SESSION,true); write_to_log("session vars: " .$print_r); write_to_log("*************************\n"); $err = 1; } //check to see if the data with underscores meets our criteria //hits_summary_ or sessions_ if (substr($data, 0, 13) == "hits_summary_" || substr($data, 0, 9) == "sessions_"){ } else { write_to_log("time: ". date("H:i:s")); write_to_log("error: ". $data ." - bad table name."); write_to_log("host: " . $_SERVER['HTTP_HOST']); write_to_log("uri: ". $_SERVER["REQUEST_URI"]); write_to_log("line number: ". $line_number); write_to_log("form method: ".$_SERVER['REQUEST_METHOD']); write_to_log("query string: ".$_SERVER['QUERY_STRING']); write_to_log("IP address: ".$_SERVER['REMOTE_ADDR']); $print_r = print_r($_SESSION,true); write_to_log("session vars: " .$print_r); write_to_log("*************************\n"); $err = 1; } } //after all is said and done if ($err != 0){ print("

Form Error

A required field is missing. Please press back and make a selection."); die; } else { return $data; } } ?>