From 75160b12821f7f4299cce7f0b69c83c1502ae071 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Anton=20Luka=20=C5=A0ijanec?= Date: Mon, 27 May 2024 13:08:29 +0200 Subject: 2024-02-19 upstream --- function.php | 787 +++++++++++------------------------------------------------ 1 file changed, 138 insertions(+), 649 deletions(-) (limited to 'function.php') diff --git a/function.php b/function.php index 0bc0eab..373bdab 100644 --- a/function.php +++ b/function.php @@ -26,9 +26,7 @@ if (!function_exists('apache_request_headers')) { } -/** - * Osnovne nastavitve instalacije (path, sql baza) - */ +// Osnovne nastavitve instalacije (path, sql baza) include('settings.php'); // overridi za kopije @@ -42,41 +40,24 @@ if (getenv('apache_keep_domain') != '') $keep_domain = getenv('apache_keep_domai if (getenv('apache_facebook_appid') != '') $facebook_appid = getenv('apache_facebook_appid'); if (getenv('apache_facebook_appsecret') != '') $facebook_appsecret = getenv('apache_facebook_appsecret'); - if ($pass_salt == "") die ("Please set unique pass_salt in settings.php!"); -/** - * Dodatne opcijske nastavitve - * Če se ne potrebujejo ni potrebno da datoteka obstaja - */ -if(file_exists($site_path.'settings_optional.php')){ - include $site_path.'settings_optional.php'; -} - - // igramo se z jezikom... if (isset ($_GET['overridelang']) && is_numeric($_GET['overridelang'])) { $_SESSION['overridelang'] = $_GET['overridelang']; } -if (is_file($site_path . 'install')) die ("Please, finish instalation with removing 'install/' folder."); - -// Aplication type -- tip aplikacije -$aplication_type = 1; // 1 - navadna z backupom -// 2 - arhivska -// 3 - navadna brez backupa +// Nastavimo site_url v session +$_SESSION['site_url'] = $site_url; -// Za 1 je treba spremeniti pot v /admin/backup.php -// Za 2 je treba spremeniti pot v /admin/install.php -$_SESSION['site_url'] = $site_url; +// Povezemo z bazo if (!$connect_db = mysqli_connect($mysql_server, $mysql_username, $mysql_password, $mysql_database_name)) { die ('Please try again later [ERR: DB])'); } - // To je ostanek sispleta in verjetno ne sme biti več prisotno? //sisplet_query("SET character_set_results=latin1"); @@ -115,17 +96,22 @@ function sisplet_query($q, $special_connect_db = null, $single = false) //ce je nastavljen drugi parameter == multi_query, potem zazeni opcijo za multi_query $res; - if($special_connect_db != 'multi_query') - $res = mysqli_query($connect_db, $q); - else - $res = mysqli_multi_query($connect_db, $q); + try{ + if($special_connect_db != 'multi_query') + $res = mysqli_query($connect_db, $q); + else + $res = mysqli_multi_query($connect_db, $q); + } + catch(Exception $e) { + return false; + } mysqli_store_result($connect_db); // Za razvoj in test SQL napake prikažemo, za ostale inštlacije pa zapišemo v error log // V kolikor je napaka potem beležimo v error log za naštete domene if (!$res && in_array($site_domain, ['localhost', '1ka.test', 'test.1ka.si'])) { - error_log(mysqli_error($connect_db)); + error_log(mysqli_error($connect_db)); } // V kolikor imamo posebne zahteve, če v bazi ne obstaja query, potem vrnemo FALSE @@ -201,7 +187,7 @@ if (isset($_COOKIE)) { // SQL INJECT CHECK END -// Pohendlamo language +// POHENDLAMO LANGUAGE unset ($lang); if (isset ($_SESSION['overridelang']) && is_numeric($_SESSION['overridelang'])) { @@ -219,8 +205,7 @@ if (!isset ($lang)) { } -// Preberemo uid uporabnika -// Uporabi global admin_type namesto da klices login 100x! +// NASTAVIMO TIP UPRABNIKA $admin_type = login(); if ($admin_type > -1) { @@ -229,7 +214,8 @@ if ($admin_type > -1) { if (mysqli_num_rows($result) > 0) { $r = mysqli_fetch_row($result); $global_user_id = $r[0]; - } elseif (isset ($_COOKIE['ME'])) { + } + elseif (isset ($_COOKIE['ME'])) { $db_meta_exists = mysqli_select_db($GLOBALS['connect_db'], "meta"); if ($db_meta_exists) $result = sisplet_query("SELECT aid FROM administratorji WHERE email='" . base64_decode($_COOKIE['uid']) . "'"); @@ -242,95 +228,42 @@ if ($admin_type > -1) { } mysqli_select_db($GLOBALS['connect_db'], $mysql_database_name); - } else { + } + else { $global_user_id = 0; } } -// Preverimo ce je spremenljivka countable (zaradi ogromno warningov v kodi, kjer se counta prazno spremenljivko) -if (!function_exists('is_countable')) { - function is_countable($var) { - return (is_array($var) || $var instanceof Countable); - } -} - +// Preverimo tip hierarhije +$hierarhija_type = preveriTipHierarhije(); -// Preverimo klike na minuto pri izpolnjevanju anekte da se ne zapolni sql -if(!checkClicksPerMinute()){ - global $site_url; - $refresh_every = 5; +// Dodatni includi (nastavitve aplikacije in omejitve anket) +require_once('admin/survey/classes/class.AppSettings.php'); +require_once('admin/survey/classes/class.SurveyCheck.php'); - echo ''; - echo ''; +// Preverimo klike na minuto pri izpolnjevanju anekte da se ne zapolni sql +if(isset($_GET['anketa'])){ - echo ''; - echo ' Server Limit Reached'; - echo ' '; - echo ' '; - - echo ' '; - echo ''; - - echo '
'; - echo '
'; - echo '

Dosežena omejitev strežnika

'; - echo '

Prosimo, počakajte nekaj trenutkov. Trenutno je doseženo maksimalno število vnosov ankete na minuto.

'; - echo '
'; - echo '

Server Limit Reached

'; - echo '

Please wait a few moments. Currently, the maximum number of survey entries per minute has been reached.

'; - echo '
'; - - echo ''; - - die(); + $survey_check = new SurveyCheck($anketa_id); + $survey_check->checkClicksPerMinute(); } -// Preverimo tip hierarhije -$hierarhija_type = preveriTipHierarhije(); - /******* SPLOSNE FUNKCIJE *******/ +// Preverimo ce je spremenljivka countable (zaradi ogromno warningov v kodi, kjer se counta prazno spremenljivko) +if (!function_exists('is_countable')) { + function is_countable($var) { + return (is_array($var) || $var instanceof Countable); + } +} + // Skrajsa string, in ga odreze lepo za besedo in ne kar vmes :) function skrajsaj($string, $dolzina) { @@ -348,13 +281,11 @@ function login() global $global_user_id; global $mysql_database_name; global $pass_salt; - global $is_meta; global $cookie_domain; - $is_meta = 0; $global_user_id = 0; $admin_type = 3; - $cookie_pass = $_COOKIE['secret']; + $cookie_pass = $_COOKIE['secret'] ?? null; // UID je v resnici base64 od emaila, ker sicer odpove meta!!! // najprej testiram meto, potem sele userje. @@ -363,17 +294,25 @@ function login() $user_email = base64_decode($_COOKIE['uid']); - $db_meta_exists = mysqli_select_db($GLOBALS['connect_db'], "meta"); - if ($db_meta_exists) - $result = sisplet_query("SELECT geslo, aid, 0 as type FROM administratorji WHERE email='$user_email'"); - - // NI META + $result = sisplet_query("SELECT pass, id, type FROM users WHERE email='$user_email'"); if (!$result || mysqli_num_rows($result) == 0) { - mysqli_select_db($GLOBALS['connect_db'], $mysql_database_name); - $meta = 0; + // najprej poradiraij cookije! + setcookie('uid', "", time() - 3600, $cookie_domain); + setcookie('secret', "", time() - 3600, $cookie_domain); + + if (substr_count($cookie_domain, ".") > 1) { + $nd = substr($cookie_domain, strpos($cookie_domain, ".") + 1); + + setcookie('uid', "", time() - 3600, $nd); + setcookie('secret', "", time() - 3600, $nd); + } - $result = sisplet_query("SELECT pass, id, type FROM users WHERE email='$user_email'"); - if (!$result || mysqli_num_rows($result) == 0) { + return -1; + } + else { + $r = mysqli_fetch_row($result); + + if ($cookie_pass != $r[0]) { // najprej poradiraij cookije! setcookie('uid', "", time() - 3600, $cookie_domain); setcookie('secret', "", time() - 3600, $cookie_domain); @@ -384,81 +323,15 @@ function login() setcookie('uid', "", time() - 3600, $nd); setcookie('secret', "", time() - 3600, $nd); } - return -1; } else { - $r = mysqli_fetch_row($result); - - if ($cookie_pass != $r[0]) { - // najprej poradiraij cookije! - setcookie('uid', "", time() - 3600, $cookie_domain); - setcookie('secret', "", time() - 3600, $cookie_domain); - - if (substr_count($cookie_domain, ".") > 1) { - $nd = substr($cookie_domain, strpos($cookie_domain, ".") + 1); - - setcookie('uid', "", time() - 3600, $nd); - setcookie('secret', "", time() - 3600, $nd); - } - return -1; - } else { - $admin_type = $r[2]; - $global_user_id = $r[1]; - return $r[2]; - } - } - - } // JE META - else { - $r = mysqli_fetch_row($result); - - if ($cookie_pass == base64_encode((hash('SHA256', base64_decode($r[0]) . $pass_salt)))) { - - $is_meta = 1; - $admin_type = "0"; - - mysqli_select_db($GLOBALS['connect_db'], $mysql_database_name); - - $result = sisplet_query("SELECT pass, id, type FROM users WHERE email='$user_email'"); - if (mysqli_num_rows($result) > 0) { - $r = mysqli_fetch_row($result); - $global_user_id = $r[1]; - } - - return 0; - } else { - mysqli_select_db($GLOBALS['connect_db'], $mysql_database_name); - // Obstaja tudi primer ko je IN meta IN navaden- in se je pac prijavil kot navaden user - - - $result = sisplet_query("SELECT pass, id, type FROM users WHERE email='$user_email'"); - if (!$result || mysqli_num_rows($result) == 0) { - return -1; - } else { - $r = mysqli_fetch_row($result); - - if ($cookie_pass != $r[0]) { - // najprej poradiraij cookije! - setcookie('uid', "", time() - 3600, $cookie_domain); - setcookie('secret', "", time() - 3600, $cookie_domain); - - if (substr_count($cookie_domain, ".") > 1) { - $nd = substr($cookie_domain, strpos($cookie_domain, ".") + 1); - - setcookie('uid', "", time() - 3600, $nd); - setcookie('secret', "", time() - 3600, $nd); - } - - return -1; - } else { - $admin_type = $r[2]; - $global_user_id = $r[1]; - return $r[2]; - } - } + $admin_type = $r[2]; + $global_user_id = $r[1]; + return $r[2]; } } - } // Ni prijavljen + } + // Ni prijavljen else { $admin_type = -1; return -1; @@ -496,131 +369,6 @@ function redirect($to) } } -function DrawDate($Unformatted, $Type, $To = 0) -{ - $datum = $Unformatted; - - SWITCH ($Type) { - CASE 0: - $Clean = ""; - break; - - CASE 1: - $Clean = "" . $datum[8] . $datum[9] . "." . $datum[5] . $datum[6] . ""; - break; - - CASE 2: - $Clean = "" . $datum[8] . $datum[9] . "." . $datum[5] . $datum[6] . "." . $datum[2] . $datum[3] . ""; - break; - - CASE 3: - $Clean = "" . $datum[8] . $datum[9] . "." . $datum[5] . $datum[6] . "." . $datum[0] . $datum[1] . $datum[2] . $datum[3] . ""; - break; - - CASE 4: - $Mes = $datum[5] . $datum[6]; - if ($Mes == "01") $M = "Jan"; - elseif ($Mes == "02") $M = "Feb"; - elseif ($Mes == "03") $M = "Mar"; - elseif ($Mes == "04") $M = "Apr"; - elseif ($Mes == "05") $M = "May"; - elseif ($Mes == "06") $M = "Jun"; - elseif ($Mes == "07") $M = "Jul"; - elseif ($Mes == "08") $M = "Aug"; - elseif ($Mes == "09") $M = "Sep"; - elseif ($Mes == "10") $M = "Oct"; - elseif ($Mes == "11") $M = "Nov"; - elseif ($Mes == "12") $M = "Dec"; - - $Clean = "" . $M . " " . $datum[8] . $datum[9] . ""; - break; - - CASE 5: - $Mes = $datum[5] . $datum[6]; - if ($Mes == "01") $M = "Jan"; - elseif ($Mes == "02") $M = "Feb"; - elseif ($Mes == "03") $M = "Mar"; - elseif ($Mes == "04") $M = "Apr"; - elseif ($Mes == "05") $M = "May"; - elseif ($Mes == "06") $M = "Jun"; - elseif ($Mes == "07") $M = "Jul"; - elseif ($Mes == "08") $M = "Aug"; - elseif ($Mes == "09") $M = "Sep"; - elseif ($Mes == "10") $M = "Oct"; - elseif ($Mes == "11") $M = "Nov"; - elseif ($Mes == "12") $M = "Dec"; - - $Clean = "" . $M . " " . $datum[8] . $datum[9] . " " . $datum[0] . $datum[1] . $datum[2] . $datum[3] . ""; - break; - - CASE 6: - $MesA = $Unformatted[5] . $Unformatted[6]; - if ($MesA == "01") $MA = "Jan"; - elseif ($MesA == "02") $MA = "Feb"; - elseif ($MesA == "03") $MA = "Mar"; - elseif ($MesA == "04") $MA = "Apr"; - elseif ($MesA == "05") $MA = "May"; - elseif ($MesA == "06") $MA = "Jun"; - elseif ($MesA == "07") $MA = "Jul"; - elseif ($MesA == "08") $MA = "Aug"; - elseif ($MesA == "09") $MA = "Sep"; - elseif ($MesA == "10") $MA = "Oct"; - elseif ($MesA == "11") $MA = "Nov"; - elseif ($MesA == "12") $MA = "Dec"; - - $MesB = $Unformatted[5] . $Unformatted[6]; - if ($MesB == "01") $MB = "Jan"; - elseif ($MesB == "02") $MB = "Feb"; - elseif ($MesB == "03") $MB = "Mar"; - elseif ($MesB == "04") $MB = "Apr"; - elseif ($MesB == "05") $MB = "May"; - elseif ($MesB == "06") $MB = "Jun"; - elseif ($MesB == "07") $MB = "Jul"; - elseif ($MesB == "08") $MB = "Aug"; - elseif ($MesB == "09") $MB = "Sep"; - elseif ($MesB == "10") $MB = "Oct"; - elseif ($MesB == "11") $MB = "Nov"; - elseif ($MesB == "12") $MB = "Dec"; - - - $Clean = "" . $MA . " " . $Unformatted[8] . $Unformatted[9] . "-" . $MB . $To[8] . $To[9] . ", " . $To[0] . $To[1] . $To[2] . $To[3] . ""; - break; - - CASE 7: - $Clean = "" . $datum[5] . $datum[6] . "/" . $datum[8] . $datum[9] . ""; - break; - - CASE 8: - $Clean = "" . $datum[5] . $datum[6] . "/" . $datum[8] . $datum[9] . "/" . $datum[0] . $datum[1] . $datum[2] . $datum[3] . ""; - break; - - CASE 12: - $Mes = $datum[5] . $datum[6]; - if ($Mes == "01") $M = "Jan"; - elseif ($Mes == "02") $M = "Feb"; - elseif ($Mes == "03") $M = "Mar"; - elseif ($Mes == "04") $M = "Apr"; - elseif ($Mes == "05") $M = "May"; - elseif ($Mes == "06") $M = "Jun"; - elseif ($Mes == "07") $M = "Jul"; - elseif ($Mes == "08") $M = "Aug"; - elseif ($Mes == "09") $M = "Sep"; - elseif ($Mes == "10") $M = "Oct"; - elseif ($Mes == "11") $M = "Nov"; - elseif ($Mes == "12") $M = "Dec"; - - //$Clean = "
".$M."".$datum[8].$datum[9]."".$datum[0].$datum[1].$datum[2].$datum[3]."
"; - $Clean = "
" . $M . "" . $datum[8] . $datum[9] . "
"; - break; - - DEFAULT: - $Clean = ""; - } - - return $Clean; - -} - function hack() { die ("HACK ATTEMPT, BYE"); @@ -636,193 +384,6 @@ function CleanXSS($w) } -function str_replace_once($search, $replace, $subject) -{ - $firstChar = strpos($subject, $search); - - if ($firstChar !== false) { - $beforeStr = substr($subject, 0, $firstChar); - $afterStr = substr($subject, $firstChar + strlen($search)); - return $beforeStr . $replace . $afterStr; - } else { - return $subject; - } -} - -function GetHtaccessPath($NiceLink) -{ - global $site_url; - global $site_path; - - // lep link je http://url/NEKAJ/dalje - // zanima te NEKAJ - - $nl = str_replace($site_url, "", $NiceLink); - $KAJ = substr($nl, 0, strpos($nl, "/")); - $nl = substr($nl, (strpos($nl, "/") + 1)); - - if (!is_dir($site_path . str_replace("/", "", $KAJ))) { - mkdir($site_path . str_replace("/", "", $KAJ)); - - $fh = fopen($site_path . str_replace("/", "", $KAJ) . '/.htaccess', 'a'); - $stringData = "RewriteEngine On " . "\n\n"; - fwrite($fh, $stringData); - fclose($fh); - } - - return $KAJ . "|" . $nl; -} - -// NE POZABI PODATI DIREKTORIJA IZ KJER NAJ ODSTRANI!!!! -// brez prvega slasha. -function RemoveNiceLink($what, $dir) -{ - - global $site_path; - - exec('cat ' . $site_path . $dir . '.htaccess | grep -v "' . $what . '&%{QUERY_STRING}" > ' . $site_path . $dir . 'zacasno'); - exec('mv -f ' . $site_path . $dir . 'zacasno ' . $site_path . $dir . '.htaccess'); - -} - -// Odstrani celo drevo lepih linkov -// Primerno za brisanje drevesa navigacij ipd. -// povej mu da ves kaj delas (gl. parametre) -function RemoveNiceLinkRecursive($what, $check) -{ - global $site_path; - global $site_url; - - if ($check != "YES_I_AM_SURE") return; - - else { - // Noter dobis cel lep link. - // odstrani mu site_url in poglej prvi direktorij - $whole = $what; - $what = str_replace($site_url, "", $what); - $slash = strpos($what, "/"); - $dir = substr($what, 0, $slash); - $what = substr($what, $slash + 1); - - exec('cat ' . $site_path . $dir . '/.htaccess | grep -v "\^' . $what . '" | grep -v "' . $whole . '" > ' . $site_path . $dir . '/zacasno'); - exec('mv -f ' . $site_path . $dir . '/zacasno ' . $site_path . $dir . '/.htaccess'); - } -} - -function AddRedirect($what, $where) -{ - global $site_path; - global $site_url; - - // popravi, naj preveri ce je noter kaka crka a-zA-Z0-9 - // Noter morajo biti vsaj tri crke in stevilke, sicer ne bomo delali!! - - if ($what != $where && $what != "" && $where != "") { - // Najprej poglej direktorije!!!!! - - $path_what = explode("|", GetHtaccessPath($what)); - $path_where = explode("|", GetHtaccessPath($where)); - - if (strpos($path_what[1], "//") !== false || strpos($path_where[1], "//") !== false) return; - - // Odstrani obratnega da ne bos naredil endless loop!!! - exec('cat ' . $site_path . $path_where[0] . '/.htaccess | grep -v "Redirect ' . str_replace($site_url, "/", $where) . '" > ' . $site_path . $path_where[0] . '/zacasno'); - exec('mv -f ' . $site_path . $path_where[0] . '/zacasno ' . $site_path . $path_where[0] . '/.htaccess'); - - $what = str_replace($site_url, "/", $what); - - $fh = fopen($site_path . $path_what[0] . '/.htaccess', 'a'); - $stringData = "Redirect " . $what . "\t\t\t$where" . "\n"; - fwrite($fh, $stringData); - fclose($fh); - } -} - -function CleanNiceLinkText($what) -{ - $what = iconv("ISO-8859-2", "YU//TRANSLIT", $what); - $what = str_replace("š", "s", $what); - $what = str_replace("Š", "S", $what); - $what = str_replace("[", "S", $what); - $what = str_replace("{", "s", $what); - $what = str_replace("^", "C", $what); - $what = str_replace("~", "c", $what); - $what = str_replace("`", "z", $what); - $what = str_replace("@", "Z", $what); - - // % - $what = str_replace("%", "", $what); - - $what = str_replace(""", "_", $what); - - $what = str_replace(" ", "_", $what); - $what = preg_replace("/[^a-zA-Z0-9_\/]/", "", $what); - - return $what; -} - -// Vrne true ce so v tekstu vec kot MIN a-z,A-Z,0-1 -// Uporabljas da ne dobis praznih lepih linkov. -function ValidNiceLink($str, $min = 3) -{ - - if (strlen(CleanNiceLinkText($str)) >= $min) return true; - else return false; -} - -function browser_info($agent = null) -{ - // Declare known browsers to look for - $known = array('msie', 'firefox', 'safari', 'webkit', 'opera', 'netscape', 'konqueror', 'gecko'); - - // Clean up agent and build regex that matches phrases for known browsers - // (e.g. "Firefox/2.0" or "MSIE 6.0" (This only matches the major and minor - // version numbers. E.g. "2.0.0.6" is parsed as simply "2.0" - - $agent = strtolower($agent ? $agent : $_SERVER['HTTP_USER_AGENT']); - $pattern = '#(?' . join('|', $known) . ')[/ ]+(?[0-9]+?)#'; - - // Find all phrases (or return empty array if none found) - if (!preg_match_all($pattern, $agent, $matches)) return array(); - - // Since some UAs have more than one phrase (e.g Firefox has a Gecko phrase, - // Opera 7,8 have a MSIE phrase), use the last one found (the right-most one - // in the UA). That's usually the most correct. - $i = count($matches['browser']) - 1; - return array(0 => $matches['browser'][$i], 1 => $matches['version'][$i]); -} - -function GenerateRandomCode($len = 3) -{ - $RandomId = md5(uniqid(time())); - $confirm_chars = array('A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'Z', '1', '2', '3', '4', '5', '6', '7', '8', '9'); - list($usec, $sec) = explode(' ', microtime()); - mt_srand($sec * $usec); - $max_chars = count($confirm_chars) - 1; - $code = ''; - - for ($i = 0; $i < 3; $i++) { - $code .= $confirm_chars[mt_rand(0, $max_chars)]; - } - - // shrani kodo v bazo, ob tem izbrisi kode, starejse od 10 minut (600 sekund) - $cas = time(); - $casb = time() - 600; - - $headers = apache_request_headers(); - if (array_key_exists('X-Forwarded-For', $headers)) { - $hostname = $headers['X-Forwarded-For']; - } else { - $hostname = $_SERVER["REMOTE_ADDR"]; - } - - $result = sisplet_query("DELETE FROM registers WHERE lasttime<$casb"); - $result = sisplet_query("INSERT INTO registers (ip, lasttime, handle, code) VALUES ('$hostname', '$cas', '$RandomId', '$code')"); - - return $RandomId; - -} - function GetIP() { $headers = apache_request_headers(); @@ -836,77 +397,6 @@ function GetIP() return $_SERVER["REMOTE_ADDR"]; } -function CZSToSearch($what) -{ - - $originali = array("š", "&Scaron", "[", "{", "}", "]", "^", "~", "`", "@", "Č", "č", "Ž", "ž", "'", "č", "ž", "š", "Č", "Ž", "Š"); - $zamenjave = array("s", "S", "S", "s", "c", "C", "C", "c", "z", "Z", "C", "c", "Z", "z", "", "c", "z", "s", "C", "Z", "S"); - - $what = iconv("ISO-8859-2", "YU//TRANSLIT", $what); - $what = str_replace($originali, $zamenjave, $what); - /* - $what = str_replace ("š", "s", $what); - $what = str_replace ("Š", "S", $what); - $what = str_replace ("[", "S", $what); - $what = str_replace ("{", "s", $what); - $what = str_replace ("}", "c", $what); - $what = str_replace ("]", "C", $what); - $what = str_replace ("^", "C", $what); - $what = str_replace ("~", "c", $what); - $what = str_replace ("`", "z", $what); - $what = str_replace ("@", "Z", $what); - - - - // narekovaji - $what = str_replace ("'", "", $what); - */ - - return $what; -} - -function UlCounter($text) -{ - // enostavno ob urejanju vsebine spremeni /uploadi/editor v /ul - // /ul naj bo Rewrite na /uploadi/counter.php! - - return str_replace($site_url . 'uploadi/editor/', $site_url . '/ul/', $text); -} - -function str_lreplace($search, $replace, $subject) -{ - $pos = strrpos($subject, $search); - - if ($pos === false) { - return $subject; - } else { - return substr_replace($subject, $replace, $pos, strlen($search)); - } -} - -function do_post_request($url, $data, $optional_headers = null) -{ - $params = array('http' => array('method' => 'POST', 'content' => $data)); - - if ($optional_headers !== null) { - $params['http']['header'] = $optional_headers; - } - - $ctx = stream_context_create($params); - $fp = @fopen($url, 'rb', false, $ctx); - - if (!$fp) { - throw new Exception("Napaka s postanjem na $url, $php_errormsg"); - } - - $response = @stream_get_contents($fp); - if ($response === false) { - throw new Exception("Napaka s prebiranjem podatkov iz $url, $php_errormsg"); - } - - return $response; -} - /* Zakodira get parametre urlja v serializiran array z funkcijo base64_encode * Tako da se iz urlja ne vidi direkt parametrov ankete * se uporablja za izvoz.php @@ -917,14 +407,14 @@ function makeEncodedIzvozUrlString($url = null) $decodedUrl = ''; $arrayUrl = array(); if ($url != null && trim($url) != '') { - list($base_link, $baseUrl) = explode('?', $url); + [$base_link, $baseUrl] = explode('?', $url); $resultString = $base_link; if ($baseUrl != null && trim($baseUrl) != '') { $urlGets = explode('&', $baseUrl); if (is_array($urlGets) && count($urlGets) > 0) { foreach ($urlGets AS $urlGet) { if ($urlGet != null && trim($urlGet) != '') { - list($attr, $value) = explode('=', $urlGet); + [$attr, $value] = explode('=', $urlGet); $arrayUrl[$attr] = $value; } @@ -1031,10 +521,15 @@ function complexPassword($password){ return false; } - // Geslo mora vsebovati vsaj 1 crko - if (!preg_match("#[a-zA-Z]+#", $password)) { + // Geslo mora vsebovati vsaj 1 malo črko + if (!preg_match("#[a-z]+#", $password)) { + return false; + } + + // Geslo mora vsebovati vsaj 1 veliko črko + if (!preg_match('#[A-Z]+#', $password)) { return false; - } + } return true; } @@ -1044,12 +539,13 @@ function complexPassword($password){ * * @return INT || null ************************************************/ -function preveriTipHierarhije() -{ - $type = null; - +function preveriTipHierarhije(){ global $global_user_id; - $anketa = isset($_REQUEST['anketa']) ? $_REQUEST['anketa'] : null; + + if(!isset($_REQUEST['anketa'])) + return false; + + $anketa = $_REQUEST['anketa']; if (!empty($_SESSION['hierarhija'][$anketa]['type'])) return false; @@ -1059,6 +555,10 @@ function preveriTipHierarhije() return false; } + // User id mora biti številka in ne sme bit 0, anketa ne sme vsebovati presledkov, ker gre za sql injection drugače + if(!is_numeric($global_user_id) || $global_user_id < 1 || preg_match('/(\s)/', $anketa)){ + return false; + } $sql = sisplet_query("SELECT type FROM srv_hierarhija_users WHERE user_id='" . $global_user_id . "' AND anketa_id='" . $anketa . "'"); @@ -1116,10 +616,11 @@ function unikatenEmail($email = null){ // Funkcija za debug function isDebug(){ - global $admin_type, $debug, $site_domain; + global $admin_type, $site_domain; - if(isset($debug) && $debug > 0){ - if ($admin_type == 0 || in_array($site_domain, ['test.1ka.si', 'localhost', '1ka.test'])) { + if(AppSettings::getInstance()->getSetting('debug') === true){ + + if ($admin_type == 0 || in_array($site_domain, ['test2.1ka.si', 'test.1ka.si', 'localhost', '1ka.test'])) { return true; } } @@ -1127,20 +628,61 @@ function isDebug(){ return false; } -/** - * Počasno nalaganje polja iz baze - * - * Funkcija naredi poizvedbo in vse rezultate shrani v polje, kar manj obremenjuje RAM - * - * @param $query - * @return \Generator - */ -function lazyLoadSqlArray($query) -{ - $polje = []; - while($row = mysqli_fetch_assoc($query)){ - yield $polje[] = $row; +// Funkcija za tip instalacije - lastna instalacija +function isLastnaInstalacija(){ + return (AppSettings::getInstance()->getSetting('installation_type') == '0') ? true : false; +} + +// Funkcija za tip instalacije - WWW +function isWWW(){ + return (AppSettings::getInstance()->getSetting('installation_type') === '1') ? true : false; +} + +// Funkcija za tip instalacije - AAI +function isAAI(){ + return (AppSettings::getInstance()->getSetting('installation_type') === '2') ? true : false; +} + +// Funkcija za tip instalacije - virtual domain +function isVirtual(){ + return (AppSettings::getInstance()->getSetting('installation_type') === '3') ? true : false; +} + +// Preveri ce gre za demo anketo (samo na www.1ka.si) +function isDemoSurvey($ank_id){ + global $admin_type, $site_domain; + + if($site_domain != 'www.1ka.si') + return false; + + if($ank_id == '' || $ank_id <= 0) + return false; + + // Slo in ang demo anketa + if($ank_id == '32173' || $ank_id == '16160'){ + return true; + } + + return false; +} + +// Dobimo id ankete iz hash-a +function getSurveyIdFromHash($hash){ + + $ank_id = null; + + // hash ne sme vsebovati presledkov + if(preg_match('/(\s)/', $hash)){ + return false; } + + $sql = sisplet_query("SELECT id FROM srv_anketa WHERE hash='".$hash."'"); + if (mysqli_num_rows($sql) > 0) { + $row = mysqli_fetch_array($sql); + $ank_id = $row['id']; + } + + return $ank_id; } /** @@ -1199,57 +741,4 @@ function root_dir($file = null) return __DIR__ .'/'. $file; } - -// Pri izpolnjevanju ankete preverimo stevilo klikov na minuto - ce jih je prevec, respondenta zavrnemo, drugace se lahko sql zafila in streznik ni vec odziven -function checkClicksPerMinute(){ - global $clicks_per_minute_limit; - - // Ce maximum na minuto ni nastavljen ignoriramo limit - if(!isset($clicks_per_minute_limit) || $clicks_per_minute_limit == 0) - return true; - - // Preverimo ce gre za izpolnjevanje ankete - if($_SERVER["SCRIPT_NAME"] != '/main/survey/index.php') - return true; - - // Preverimo ce gre za prvi prihod na doloceno stran ankete in ne na prvo stran - if(isset($_GET['grupa'])) - return true; - - // Preverimo ce je id ankete ustrezno nastavljen - if(!isset($_GET['anketa']) || $_GET['anketa'] <= 0) - return true; - - - $click_time = time(); - - $sql = sisplet_query("SELECT click_count, click_time FROM srv_clicks WHERE ank_id='".$_GET['anketa']."'"); - if (mysqli_num_rows($sql) > 0) { - - list($click_count, $first_click_time) = mysqli_fetch_array($sql); - - // Ce nismo znotraj minute vse resetiramo in pustimo naprej - if($click_time - $first_click_time > 60){ - $sqlI = sisplet_query("UPDATE srv_clicks SET click_count='1', click_time='".$click_time."' WHERE ank_id='".$_GET['anketa']."'"); - return true; - } - - // Click count je ok - pustimo naprej - if($click_count < $clicks_per_minute_limit){ - $sqlI = sisplet_query("UPDATE srv_clicks SET click_count=click_count+1 WHERE ank_id='".$_GET['anketa']."'"); - return true; - } - // Click count je previsok - ZAVRNEMO - else{ - return false; - } - } - else{ - $sqlI = sisplet_query("INSERT INTO srv_clicks (ank_id, click_count, click_time) VALUES ('".$_GET['anketa']."', '1', '".$click_time."')"); - } - - - return true; -} - ?> \ No newline at end of file -- cgit v1.2.3