//functions.php function redirect_ee($url, $message="", $delay=0) { echo ""; } //========================================// /** * Connects to Database * * Returns error upon failure. * * @param * * @return nothing */ //========================================// /******************************************************\ * Function Name : connectToDB() * * Task : create connection to db * * Arguments : none * * Globals: all defined in config.php * * Returns : none, sets $link * \******************************************************/ function connectToDB() { global $ee_link; // use pconnect - can be changed to just connect: $ee_link = mysql_connect(EE_DBHOST, EE_DBUSER, EE_DBPASS); if (!$ee_link) { // mail(EE_FAIL_NOTIFY, "database ".EE_DBHOST." down on ".$_SERVER["SERVER_NAME"], mysql_error()." from ".$_SERVER["SCRIPT_FILENAME"]); die("Couldn't connect to MySQL"); } // select db: mysql_select_db(EE_DBNAME, $ee_link) || die("Couldn't open db: " . EE_DBNAME . ". Error if any was: ".mysql_error() ); } // end func dbConnect(); function connectToAnyDB($ee_dbhost) { global $ee_link; // use pconnect - can be changed to just connect: $ee_link = mysql_connect($ee_dbhost, EE_DBUSER, EE_DBPASS); if (!$ee_link) { //mail(EE_FAIL_NOTIFY, "database ".EE_DBHOST." down on ".$_SERVER["SERVER_NAME"], mysql_error()." from ".$_SERVER["SCRIPT_FILENAME"]); die("Couldn't connect to MySQL"); } // select db: mysql_select_db(EE_DBNAME, $ee_link) || die("Couldn't open db: " . EE_DBNAME . ". Error if any was: ".mysql_error() ); } // end func dbConnect(); function connectToSlaveDB() { global $ee_slave_link; // use pconnect - can be changed to just connect: ($ee_slave_link = mysql_connect(EE_SLAVE_DBHOST, EE_SLAVE_DBUSER, EE_SLAVE_DBPASS)) || die("Couldn't connect to MySQL"); // select db: mysql_select_db(EE_SLAVE_DBNAME, $ee_slave_link) || die("Couldn't open db: " . EE_SLAVE_DBNAME . ". Error if any was: ".mysql_error() ); } // end func dbConnect(); function connectToDataDB() { global $ee_data_link; // use pconnect - can be changed to just connect: ($ee_data_link = mysql_connect(EE_DBHOST, EE_DBUSER, EE_DBPASS)) || die("Couldn't connect to MySQL"); // select db: mysql_select_db(EE_DATA_DBNAME, $ee_data_link) || die("Couldn't open db: " . EE_DATA_DBNAME . ". Error if any was: ".mysql_error() ); } // end func dbConnect(); //========================================// /** * Returns query in array form * * Returns error upon failure. * * @param $query text string for query * * @return $return_array array of results */ //========================================// function sql_query ($query) { $result = mysql_query($query) or die(mysql_error()); $return_array = array(); while ($row = mysql_fetch_array($result)) { array_push($return_array, $row); } mysql_free_result($result); return $return_array; } /******************************************************\ * Function Name : closeDB() * * Task : closes the open database connection * * Arguments : none * * Returns : none * \******************************************************/ function closeDB() { global $ee_link; mysql_close($ee_link); } function closeSlaveDB() { global $ee_slave_link; mysql_close($ee_slave_link); } /******************************************************\ * Function Name : closeDataDB() * * Task : closes the data open database connection * * Arguments : none * * Returns : none * \******************************************************/ function closeDataDB() { global $ee_data_link; mysql_close($ee_data_link); } /******************************************************\ * Function Name : getRow($table, $key, $val) * * Task : get a single row of info from db based on args passed * * Arguments : string ($table, $key, $val) * * Returns : array $row * \******************************************************/ function getRow($table, $key, $val) { global $ee_link; // build query: $query="SELECT * FROM $table WHERE $key='$val'"; // Run query: $result=mysql_query($query, $ee_link) or die("getRow fatal error: ".mysql_error()); // Retrieve info: $row=mysql_fetch_array($result); return $row; } // end func getRow($table, $key, $val) function addsqlarray($cnt, &$colname, &$content, &$type,$incolname, $incontent, $intype) { //$colname, $content, $type, $colname[$cnt] = $incolname; $content[$cnt] = $incontent; $type[$cnt] = $intype; $cnt++; return $cnt; } /******************************************************\ * Function Name : genInsertSql($tablename, $colname, $content, $type, $count) * * Task :generates insert statement for sql; * * Arguments : string $tablename, string $colname, string $type, number $count * * Returns : string $sql; * \******************************************************/ function genInsertSql($tablename,&$colname, &$content, &$type, $count) { //$colname, $content, $type, $argcnt = 0; $sql = "insert into $tablename ("; for ($i = 0; $i < $count; $i++) { if (!empty($content[$i])) { if ($argcnt > 0) $sql .= ", "; $sql .= $colname[$i]; $argcnt++; } } $sql .= ") values ("; $argcnt = 0; for ($i = 0; $i < $count; $i++) { if (!empty($content[$i])) { if ($argcnt > 0) $sql .= ", "; if ($type[$i] == "s") $sql .= "'"; $sql .= $content[$i]; if ($type[$i] == "s") $sql .= "'"; $argcnt++; } } $sql .= ")"; return $sql; } /******************************************************\ * Function Name :genUpdateSql($tablename, $colname, $content, $type, $count, $condition) * * Task : generates update statement for sql * * Arguments : * * Returns : string $sql * \******************************************************/ function genUpdateSql($tablename, $colname, $content, $type, $count, $condition) { $sql = "update $tablename set "; for ($i = 0; $i < $count; $i++) { if ($type[$i] != "i" && $content[$i] != "Now()") { if ($i > 0) $sql .= ", "; $sql .= $colname[$i]; $sql .= "="; $sql .= "'". $content[$i] ."'"; } else { if (!empty($content[$i])) { if ($i > 0) $sql .= ", "; $sql .= $colname[$i]; $sql .= "="; $sql .= $content[$i]; } } } $sql .= " where $condition"; return $sql; } /******************************************************\ * Function Name : field_validator($field_descr, $field_data, $field_type, $min_length="", $max_length="", $field_required=1) * * Task : Validate an HTML form field based on the data passed to it * * Arguments : string ($field description, $field data, $field type, $minimum length, maximum length, $is the field required) * * Returns : array $messages on error * \******************************************************/ function field_validator($field_descr, $field_data, $field_type, $min_length="", $max_length="", $field_required=1) { # array for storing error messages global $messages; # first, if no data and field is not required, just return now: if(!$field_data && !$field_required){ return; } # initialize a flag variable - used to flag whether data is valid or not $field_ok=false; # this is the regexp for email validation: $email_regexp="^([a-zA-Z0-9_\-\.]+)@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.)|"; $email_regexp.="(([a-zA-Z0-9\-]+\.)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\]?)$"; # a hash array of "types of data" pointing to "regexps" used to validate the data: $data_types=array( "email"=>$email_regexp, "digit"=>"^[0-9]$", "number"=>"^[0-9]+$", "alpha"=>"^[a-zA-Z]+$", "alpha_space"=>"^[a-zA-Z ]+$", "alphanumeric"=>"^[a-zA-Z0-9]+$", "alphanumeric_space"=>"^[a-zA-Z0-9 ]+$", "string"=>"" ); # check for required fields if ($field_required && empty($field_data)) { $messages[] = "$field_descr is a required field."; return; } # if field type is a string, no need to check regexp: if ($field_type == "string") { $field_ok = true; } else { # Check the field data against the regexp pattern: $field_ok = ereg($data_types[$field_type], $field_data); } # if field data is bad, add message: if (!$field_ok) { $messages[] = "Please enter a valid $field_descr."; return; } # field data min length checking: if ($field_ok && $min_length) { if (strlen($field_data) < $min_length) { $messages[] = "$field_descr is invalid, it should be at least $min_length character(s)."; return; } } # field data max length checking: if ($field_ok && $max_length) { if (strlen($field_data) > $max_length) { $messages[] = "$field_descr is invalid, it should be less than $max_length characters."; return; } } } /******************************************************\ * Function Name : returnNavHTML($currpage, $pagenums,url) * * Task : builds the navigation page breakdown * * Arguments : number ($currnet page number , $number of pages in total, $url to link to) * * Returns : $start number * \******************************************************/ function returnNavHTML ($currpage,$pagenums, $url) { $return_string=""; for ($i=1; $i<$pagenums; $i++) { if ($i!=$currpage) { $return_string .=" $i"; } else { $return_string .= " $i"; } } return $return_string; } function formatURL($url, $i) { $url = ereg_replace("XXcurrpageXX", "$i", $url); return $url; } function redirectURL ($url) { header("Location: $url"); exit(); } function sendmail($to, $to_name, $from, $from_name,$subject, $mailmessage, $reply="", $reply_name="",$ishtml="") { global $ee_message; /* if ($reply == "") { $reply = $ee_reply; } if ($reply_name =="") { $reply_name = $ee_reply_name; } */ $mail = new PHPMailer(); $mail->IsSMTP(); // send via SMTP $mail -> IsMail(); $mail->Host = EE_SMTP; // SMTP servers #$mail->SMTPAuth = true; // turn on SMTP authentication #$mail->Username = "jswan"; // SMTP username #$mail->Password = "secret"; // SMTP password $mail->From = $from; $mail->FromName = $from_name; if ($to_name != "") { $mail->AddAddress($to,$to_name); } if ($reply != "") { $mail->AddReplyTo($reply,$reply_name); } $mail->WordWrap = 70; // set word wrap /*if ($ishtml=true) { $mail->IsHTML(true); // send as HTML } else { $mail->IsHTML(false); }*/ $mail->IsHTML(false); $mail->Subject = $subject; $mail->Body = $mailmessage; // html body #$mail->AltBody = $message; //text body if(!$mail->Send()) { $ee_message = "Message was not sent
"; $ee_message .= "Mailer Error: " . $mail->ErrorInfo; } return; } function sendHTMLmail($to, $to_name, $from, $from_name,$subject, $mailmessage, $reply="", $reply_name="",$ishtml="") { global $ee_message; /* if ($reply == "") { $reply = $ee_reply; } if ($reply_name =="") { $reply_name = $ee_reply_name; } */ $mail = new PHPMailer(); $mail->IsSMTP(); // send via SMTP $mail -> IsMail(); $mail->Host = EE_SMTP; // SMTP servers #$mail->SMTPAuth = true; // turn on SMTP authentication #$mail->Username = "jswan"; // SMTP username #$mail->Password = "secret"; // SMTP password $mail->From = $from; $mail->FromName = $from_name; if ($to_name != "") { $mail->AddAddress($to,$to_name); } if ($reply != "") { $mail->AddReplyTo($reply,$reply_name); } $mail->WordWrap = 70; // set word wrap /*if ($ishtml=true) { $mail->IsHTML(true); // send as HTML } else { $mail->IsHTML(false); }*/ $mail->IsHTML(true); $mail->Subject = $subject; $mail->Body = $mailmessage; // html body #$mail->AltBody = $message; //text body if(!$mail->Send()) { $ee_message = "Message was not sent
";
$ee_message .= "Mailer Error: " . $mail->ErrorInfo;
}
return;
}
function CountryArray() {
//MySQL Connection
global $ee_link;
//Site Name Query
$countryname_query = "select printable_name, iso3 from country order by printable_name asc";
//print "$countryname_query";
$countryname_result = mysql_query($countryname_query,$ee_link);
$countryArray = array();
if (mysql_affected_rows() > 0) {
while ($row = mysql_fetch_array($countryname_result)) {
$country = $row[0];
$country_code = $row[1];
$rowResult = array("CountryISO" => $country_code, "CountryName" => $country);
array_push($countryArray, $rowResult);
}
}
return $countryArray;
}
function ServiceArray() {
//MySQL Connection
global $ee_link;
//Site Name Query
$query = "select id, first_name from admin where status=1 and support='Y'";
//print "$countryname_query";
$result = mysql_query($query,$ee_link);
$serviceArray = array();
if (mysql_affected_rows() > 0) {
while ($row = mysql_fetch_array($result)) {
$id = $row[0];
$name = $row[1];
$rowResult = array("id" => $id, "name"=> $name);
array_push($serviceArray, $rowResult);
//array_push($countryArray,array($country_code $country));
}
}
return $serviceArray;
}
/******************************************************\
* Function Name : WebsiteNameArray()
* Task : Returns all website names and website ids as an array.
* Returns : $website_name_array
\******************************************************/
function WebsiteNameArray() {
//MySQL Connection
global $ee_link;
$website_name_array = array();
$website_name_query = "select id, sitename from website";
//print "$website_name_query";
$website_name_result = mysql_query($website_name_query,$ee_link);
if (!$website_name_result) {
print mysql_error();
}
if (mysql_affected_rows() > 0) {
while ($row = mysql_fetch_array($website_name_result)) {
$website_id = $row[0];
$website_name = $row[1];
$mysql_row = array("website_id" => $website_id, "website_name" => $website_name);
array_push($website_name_array,$mysql_row);
}
}
return $website_name_array;
}
function addComment ($comment,$webmaster_id, $admin_id, $flag,$payperiod_id=0) {
global $ee_link;
$add_query = "insert into webmaster_comments (date, webmaster_id, admin_id, payperiod_id, comment, flag) values (now(),$webmaster_id, $admin_id, $payperiod_id, \"$comment\", \"$flag\")";
//print "$add_query
";
$add_result = mysql_query($add_query,$ee_link);
if (!$add_result) {
sendmail(EE_NOTIFY_EMAIL, EE_NOTIFY_NAME, EE_FROM,EE_FROM_NAME,"error adding comment","Query: $add_query \n ".mysql_error());
}
return $add_result;
}
function addMemberComment ($comment,$member_id, $admin_id, $flag) {
global $ee_link;
$add_query = "insert into member_comments (date, member_id, admin_id, comment, flag) values (now(),$member_id, $admin_id, \"$comment\", \"$flag\")";
//print "$add_query
";
$add_result = mysql_query($add_query,$ee_link);
if (!$add_result) {
sendmail(EE_NOTIFY_EMAIL, EE_NOTIFY_NAME, EE_FROM,EE_FROM_NAME,"error adding comment","Query: $add_query \n ".mysql_error());
}
return $add_result;
}
function GetSupportName($support) {
global $ee_link;
$supportname_query = "select first_name from admin where id = \"$support\"";
//print $supportname_query;
$support_name="Unknown";
$supportname_result = mysql_query($supportname_query,$ee_link);
if (mysql_affected_rows() > 0) {
while ($row = mysql_fetch_array($supportname_result)) {
$support_name = $row[0];
}
}
return $support_name;
}
/* A note about the lookup_size directive:
* This will make this script lookup the size of the original file on disk,
* which may or may not be the same amount of data sent to the client.
* It does give you a hint though..
* Oh, you have to set $document_root aswell if this should work..
*/
function write_to_log($str) {
global $logfile;
$str .= "\n";
if($fd = @fopen($logfile, "a")) {
fputs($fd, $str);
fclose($fd);
@chmod($logfile, 0777);
}
}
function write_to_err_log($str) {
global $logfile_err;
$str .= "\n";
if($fd = @fopen($logfile, "a")) {
fputs($fd, $str);
fclose($fd);
@chmod($logfile, 0777);
}
}
function get_var($name,$default) {
if($var = getenv($name)) {
return $var;
} else {
return $default;
}
}
/******************************************************\
* Function Name : ratio()
* Task : Calculate conversion ratio.
* Arguments : $hits,$signups
* Globals:
* Returns : $ratio
\******************************************************/
function ratio($hits,$signups) {
if ($signups >= $hits and $hits > 0) {
$ratio = (integer)($signups/$hits).":1" ;
} elseif ($signups < $hits and $signups > 0) {
$ratio = "1:". (integer)($hits/$signups);
} else {
$ratio = "0:0";
}
//print "
$hits,$signups, $ratio";
return $ratio;
}
/******************************************************\
* Function Name : AddCondition()
* Task : Creates the where string for the searches.
* Arguments : $where_string, $and_or, $condition
* Returns : $where_string
\******************************************************/
function AddCondition($where_string, $and_or, $condition) {
if ($where_string == "") {
$where_string .= $condition;
} else {
$where_string .= $and_or . " " . $condition;
}
return $where_string;
}
/*****************************************************\
* Function Name : findtable()
* Task : Checking for the existence of a table
* Arguments : $table
* Returns : TRUE/FALSE
\******************************************************/
function FindTable($table) {
global $ee_link;
$tables = mysql_list_tables(EE_DATA_DBNAME);
while (list($temp) = mysql_fetch_array($tables)) {
if($temp == $table) {
return TRUE;
}
}
return FALSE;
}
/*****************************************************\
* Function Name : findtable()
* Task : Checking for the existence of a table
* Arguments : $table
* Returns : TRUE/FALSE
\******************************************************/
function GetEmailTemplate($template_name) {
global $ee_link, $ee_message;
mysql_select_db(EE_DBNAME, $ee_link);
$query ="select subject, body, is_html from email_template where name= \"$template_name\"";
//print "
$query";
$result = mysql_query($query,$ee_link);
if ($result) {
if (mysql_affected_rows() > 0) {
if ($row = mysql_fetch_array($result)) {
$subject = $row[0];
$body = $row[1];
$is_html = $row[2];
$sql_row = array("subject" => $subject, "body"=> $body, "is_html" => $is_html);
}
}
}else {
$ee_message .= "An error occurred retrieving the email template.
$query
".mysql_error()."
";
}
return $sql_row;
}
/**
*@return mixed
*@param string $varname
*@desc Checks whether value is part of the Get or Post global, and returns it to the caller. Null otherwise. Post will override get if both are present.
*/
function script_param($varname) {
$var = null;
$val = null;
if (isset ($_GET[$varname])) {
$var = $_GET[$varname];
$val = trim($var);
}
if (isset ($_POST[$varname])) {
$var = $_POST[$varname];
$val = trim($var);
}
//no post or get
return $val;
}
function quote_smart($value)
{
// Stripslashes
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}
$value = mysql_real_escape_string($value);
return $value;
}
function quote_smart_encrypt($value)
{
$value = mysql_real_escape_string($value);
return $value;
}
/**
*@return void
*@param string $message
*@desc Echo a message to the html source using comment tags to wrap it. It references a global constant DEBUG which is set in the config.php file. If DEBUG is true, the thing echos the message. If not, nothing.
*/
function debug_message($message='') {
if (DEBUG) {
echo "";
}
}
function sort_by($array, $keyname, $mode = 'asc') {
$newarray = Array();
for($i = 0; $i < count($array); $i++) {
$newarray[$i] = $array[$i][$keyname];
}
# Sort an array in reverse order and maintain index association
if($mode = 'asc') {
asort($newarray);
} else {
# Sort an array using a case insensitive "natural order" algorithm
arsort($newarray);
}
$rebuiltarray = Array();
foreach($newarray as $key => $val) {
$rebuiltarray[] = $array[$key];
}
return $rebuiltarray;
}
// In here for compat, remove when everything switches to the other one.
function date_dash_add($date) {
if (!strstr($date, "-")){
$dash_date= substr($date,0,4) . "-" . substr($date,4,2) . "-" . substr($date,6,2);
} else {
$dash_date = $date;
}
return $dash_date;
}
// Cleaned up ver with a standard name.
function dateDashAdd($date) {
if(!strstr($date, "-")) {
$dash_date = substr($date, 0, 4)."-".substr($date, 4, 2)."-".substr($date, 6, 2);
}
else {
$dash_date = $date;
}
return $dash_date;
}
function getVar($name, $default = '') {
if($var = getenv($name)) {
return $var;
}
else {
return $default;
}
}
// Cleaned up version, still needs replacing.
function writeToLog($str) {
global $logfile;
$str .= "\n";
if($fd = @fopen($logfile, 'a')) {
fputs($fd, $str);
fclose($fd);
}
}
?>
//returns the ID of the authenticated user
function authenticate_user($username, $password_in) {
global $ee_link;
global $ee_message;
$found = 0;
/* very shitty filter input ... to be replaced by function later, password text should be protected by base_64 encoding. */
$webmaster_id=-1; //we assign it a "-1" so that we can tell later on that something else has gone wrong.
//$username = strip_codes($username);
//$password_in = strip_codes($password_in);
$query = "
SELECT ID, Name, SSN, OnHold,Program, Password
FROM webmaster
WHERE Username='" . quote_smart($username) . "'
and Password = '" . quote_smart_encrypt(linencrypt($password_in)) . "'
";
//echo "$query";
$result = mysql_query($query,$ee_link);
if (!$result) {
$ee_message .= "Error occured retrieving webmaster id. Details about this error:
$query
".mysql_error()."
";
// print $ee_message;
$webmaster_id = -1;
} else {
if ((mysql_affected_rows() > 0) && ($found==0)) {
$row = mysql_fetch_array($result);
$webmaster_id = $row[0];
$on_hold = $row[3];
$password = $row[5];
if ($on_hold == 0) {
//webmaster is logged in, regenerate the session
//session_regenerate_id();
$_SESSION["username"]=$username;
$_SESSION["webmaster_name"]=$row[1];
//$_SESSION["password"]=$row[2];
$_SESSION["program"]=$row[4];
$_SESSION["webmaster_id"]=$webmaster_id;
$found=1;
} else {
//$ee_message .= "Webmaster ID = -2
";
$webmaster_id=-2; //we assign it a "-2" so that we can tell later on that this account is on hold.
}
} else {
$webmaster_id=-1;
}
}
return $webmaster_id;
}
//returns the name of the webmaster
function return_name ($id) {
global $ee_link;
$query = "select Name from webmaster where ID=$id";
$result = mysql_query($query,$ee_link);
if (mysql_affected_rows() > 0) {
$row = mysql_fetch_array($result);
$name = $row[0];
$_SESSION["name"]=$name;
} else {
$name =""; //no name, such a shame
}
return $name;
}
//returns the name of the webmaster
function return_bb_id ($username) {
global $ee_link,$ee_message;
$query = "select id from phpbb_users where Username='$username'";
$result = mysql_query($query,$ee_link);
if (mysql_affected_rows() > 0) {
$row = mysql_fetch_array($result);
$id = $row[0];
} else {
$ee_message .= "Could not find a username for this webmaster in phpbb_users.
";
$id ="1"; //no name, such a shame
}
return $id;
}
// grab the posted username and password and see if it's valid
// calls another function authenticate_user to see if it's the real thing.
function handle_login () {
$result = "false";
global $ee_message;
$username= $_POST["act"];
$password = $_POST["pass"];
//print "inside handle_login()";
//print $username."|".$password."
";
if ($username!="" && $password!="") {
$webmaster_id=authenticate_user($username,$password);
// print "userid = $userid
";
if ($webmaster_id > 0) {
$_SESSION["loggedin"]=true;
update_login($webmaster_id);
$result = "true";
$autologin = 0; // I don't want anyone to automatically login
//$uniqueuserid=return_bb_id($username);
$user_ip="";
/*************** THE FOLLOWING IS FOR THE BULLETIN BOARD ... MAY OR MAY NOT BE USED ************/
//$session_id = session_begin($uniqueuserid, $webmaster_id, PAGE_INDEX, FALSE, $autologin);
//init_userprefs($session_id);
// print "session ID retrieved";
} elseif ($webmaster_id == -1) {
$result = "failed";
} elseif ($webmaster_id == -2) {
$result = "on hold";
}
} else {
$result = "invalid";
}
return $result;
}
/**
*@return mysql_result
*@param int $webmaster_id
*@desc Update webmaster table and the webmaster custom table when the user logs in
*/
function update_login ($webmaster_id) {
global $ee_link;
global $ee_message;
$webmaster_ip = $_SERVER["REMOTE_ADDR"];
//we're going to update the webmaster custom table here to log the hostname of the webmaster login, need the function in functions_webmaster_custom
require_once('functions_webmaster_custom.php');
add_signup_host($webmaster_id,$webmaster_ip);
//now, update the webmaster table
$query = "update webmaster set LastLoggedIn=now(), LoginIP = '$webmaster_ip' where ID=$webmaster_id";
//print $query;
$result = mysql_query($query,$ee_link);
if (!$result) {
//print mysql_error();
$ee_message .= "An error occured updating the webmaster login. Details about this error:
$query
".mysql_error()."
";
}
return $result;
}
?>
define("KEY","28kY@bf2cug&^3N@");
?>
function master_validate($data, $datatype, $line_number, $min_length, $max_length, $required=""){
global $logfile;
$logfile = FILTER_LOGS . date("Y-m-d"). "validationfilter.txt";
$err = 0;
//lets check string length
if ($required == 1 || ($required == "" && strlen($data) > 0)){
if (strlen($data) < $min_length || strlen($data) > $max_length){
write_to_log("time: ". date("H:i:s"));
write_to_log("error: ". $data ." - string length invalid.");
write_to_log("host: " . $_SERVER['HTTP_HOST']);
write_to_log("uri: ". $_SERVER["REQUEST_URI"]);
write_to_log("line number: ". $line_number);
write_to_log("form method: ".$_SERVER['REQUEST_METHOD']);
write_to_log("query string: ".$_SERVER['QUERY_STRING']);
write_to_log("IP address: ".$_SERVER['REMOTE_ADDR']);
$print_r = print_r($_SESSION,true);
write_to_log("session vars: " .$print_r);
write_to_log("*************************\n");
$err = 1;
}
}
if ($datatype == "integer"){
//use this for validating IDs
if (!ctype_digit($data)){
write_to_log("time: ". date("H:i:s"));
write_to_log("error: ". $data ." - Not an integer.");
write_to_log("host: " . $_SERVER['HTTP_HOST']);
write_to_log("uri: ". $_SERVER["REQUEST_URI"]);
write_to_log("line number: ". $line_number);
write_to_log("form method: ".$_SERVER['REQUEST_METHOD']);
write_to_log("query string: ".$_SERVER['QUERY_STRING']);
write_to_log("IP address: ".$_SERVER['REMOTE_ADDR']);
$print_r = print_r($_SESSION,true);
write_to_log("session vars: " .$print_r);
write_to_log("*************************\n");
$err = 1;
}
} elseif ($datatype == "alphanum_nospace"){
//it should be all alpha numeric with no space
//most useful when validating stats data
if (!ctype_alnum($data)){
write_to_log("time: ". date("H:i:s"));
write_to_log("error: ". $data ." - Not alphanumeric.");
write_to_log("host: " . $_SERVER['HTTP_HOST']);
write_to_log("uri: ". $_SERVER["REQUEST_URI"]);
write_to_log("line number: ". $line_number);
write_to_log("form method: ".$_SERVER['REQUEST_METHOD']);
write_to_log("query string: ".$_SERVER['QUERY_STRING']);
write_to_log("IP address: ".$_SERVER['REMOTE_ADDR']);
$print_r = print_r($_SESSION,true);
write_to_log("session vars: " .$print_r);
write_to_log("*************************\n");
$err = 1;
;
}
if($date != "") {
if (strstr(" ", $data)){
write_to_log("time: ". date("H:i:s"));
write_to_log("error: ". $data ." - Space in string.");
write_to_log("host: " . $_SERVER['HTTP_HOST']);
write_to_log("uri: ". $_SERVER["REQUEST_URI"]);
write_to_log("line number: ". $line_number);
write_to_log("form method: ".$_SERVER['REQUEST_METHOD']);
write_to_log("query string: ".$_SERVER['QUERY_STRING']);
write_to_log("IP address: ".$_SERVER['REMOTE_ADDR']);
$print_r = print_r($_SESSION,true);
write_to_log("session vars: " .$print_r);
write_to_log("*************************\n");
$err = 1;
}
}
} elseif ($datatype == "date"){
//validating dates
list($year,$month,$day) = explode("-", $data);
if (!ctype_digit($year) || !ctype_digit($month) || !ctype_digit($day)){
$err = 1;
write_to_log("time: ". date("H:i:s"));
write_to_log("error: ". $data ." wtf.");
write_to_log("host: " . $_SERVER['HTTP_HOST']);
write_to_log("uri: ". $_SERVER["REQUEST_URI"]);
write_to_log("line number: ". $line_number);
write_to_log("form method: ".$_SERVER['REQUEST_METHOD']);
write_to_log("query string: ".$_SERVER['QUERY_STRING']);
write_to_log("IP address: ".$_SERVER['REMOTE_ADDR']);
$print_r = print_r($_SESSION,true);
write_to_log("session vars: " .$print_r);
write_to_log("*************************\n");
$err = 1;
} elseif ((strlen($year) != 4) || (strlen($month) != 2) || (strlen($day) != 2)) {
write_to_log("time: ". date("H:i:s"));
write_to_log("error: ". $data ." wtf.");
write_to_log("host: " . $_SERVER['HTTP_HOST']);
write_to_log("uri: ". $_SERVER["REQUEST_URI"]);
write_to_log("line number: ". $line_number);
write_to_log("form method: ".$_SERVER['REQUEST_METHOD']);
write_to_log("query string: ".$_SERVER['QUERY_STRING']);
write_to_log("IP address: ".$_SERVER['REMOTE_ADDR']);
$print_r = print_r($_SESSION,true);
write_to_log("session vars: " .$print_r);
write_to_log("*************************\n");
$err = 1;
}
} elseif ($datatype == "underscore"){
//validating data for specified datatypes using underscore
if (!ctype_alnum(str_replace("_", "", $data))){
write_to_log("time: ". date("H:i:s"));
write_to_log("error: ". $data ." - Not alphanumeric.");
write_to_log("host: " . $_SERVER['HTTP_HOST']);
write_to_log("uri: ". $_SERVER["REQUEST_URI"]);
write_to_log("line number: ". $line_number);
write_to_log("form method: ".$_SERVER['REQUEST_METHOD']);
write_to_log("query string: ".$_SERVER['QUERY_STRING']);
write_to_log("IP address: ".$_SERVER['REMOTE_ADDR']);
$print_r = print_r($_SESSION,true);
write_to_log("session vars: " .$print_r);
write_to_log("*************************\n");
$err = 1;
}
if (strstr(" ", $data)){
write_to_log("time: ". date("H:i:s"));
write_to_log("error: ". $data ." - Space in string.");
write_to_log("host: " . $_SERVER['HTTP_HOST']);
write_to_log("uri: ". $_SERVER["REQUEST_URI"]);
write_to_log("line number: ". $line_number);
write_to_log("form method: ".$_SERVER['REQUEST_METHOD']);
write_to_log("query string: ".$_SERVER['QUERY_STRING']);
write_to_log("IP address: ".$_SERVER['REMOTE_ADDR']);
$print_r = print_r($_SESSION,true);
write_to_log("session vars: " .$print_r);
write_to_log("*************************\n");
$err = 1;
}
//check to see if the data with underscores meets our criteria
//hits_summary_ or sessions_
if (substr($data, 0, 13) == "hits_summary_" || substr($data, 0, 9) == "sessions_"){
} else {
write_to_log("time: ". date("H:i:s"));
write_to_log("error: ". $data ." - bad table name.");
write_to_log("host: " . $_SERVER['HTTP_HOST']);
write_to_log("uri: ". $_SERVER["REQUEST_URI"]);
write_to_log("line number: ". $line_number);
write_to_log("form method: ".$_SERVER['REQUEST_METHOD']);
write_to_log("query string: ".$_SERVER['QUERY_STRING']);
write_to_log("IP address: ".$_SERVER['REMOTE_ADDR']);
$print_r = print_r($_SESSION,true);
write_to_log("session vars: " .$print_r);
write_to_log("*************************\n");
$err = 1;
}
}
//after all is said and done
if ($err != 0){
print("
A required field is missing. Please press back and make a selection."); die; } else { return $data; } } ?>