Location: PHPKode > projects > Moers - Event Registration System > moers-1.046/include/functions.php
<?php
/************************************************************************************
    Copyright © 2008 xhub.com

    Bill Bennert
    5 Hooksett Tpke
    Bow, NH 03304-4414
    hide@address.com

    This file is part of the SCCNH Online Registration System.

    This program is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program.  If not, see <http://www.gnu.org/licenses/>.

    Any system sensitive data such as IP addresses, usernames, and passwords 
    must be removed from this file before distribution.

************************************************************************************/

/////////////////////////////////////////////
// Function to check user info is filled out
function isUserInfoComplete($dbarray)
{
  if (!$dbarray['fname'] |
      !$dbarray['lname'] |
      !$dbarray['addr1'] |
      !$dbarray['city'] |
      !$dbarray['state'] |
      !$dbarray['zip'] |
      !$dbarray['hphone'] |
      !$dbarray['email'] |
      !$dbarray['econtact'] |
      !$dbarray['econtact_phone'] |
      !$dbarray['econtact_rel'])
  {
    return 0;
  }
  else
  {
    return 1;
  }
}

/////////////////////////////////////////////////////////////////////////////////////////////////
// Function 'rand_string' from http://us3.php.net/manual/en/function.mt-rand.php#76658
// posted by 'www.mrnaz.com'
// 
// 2/19/08 - added lowercase letters
function rand_string($len, $chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789')
{
    $string = '';
    for ($i = 0; $i < $len; $i++)
    {
        $pos = rand(0, strlen($chars)-1);
        $string .= $chars{$pos};
    }
    return $string;
}

////////////////////////////////////////////////////////////////////////
// This function will change the session_id everytime called.
// Purpose: to keep the session_id changing to help prevent spoofing
function changeCookie()
{
	header("Content-Type: text/html; charset=utf-8");

	//Checks if there is a login cookie
	if(isset($_COOKIE['SCCNH_ID']))
	{
		if (!get_magic_quotes_gpc())
		{
			$funcHash = addslashes($_COOKIE['SCCNH_ID']);
			$funcSession = addslashes($_COOKIE['SCCNH_Session_ID']);
		}
		else
		{
			$funcHash = $_COOKIE['SCCNH_ID'];
			$funcSession = $_COOKIE['SCCNH_Session_ID'];
		}

		$funcCheck = mysql_query("SELECT * FROM users WHERE user_hash = '$funcHash'");
		if ($funcCheck)
		{
			while($funcInfo = mysql_fetch_array( $funcCheck ))
			{
				// this resets the stored session id
				$funcNewSession = rand_string(32);
				$funcUpdate = "UPDATE users SET session_id='$funcNewSession' WHERE user_hash='$funcHash'";
				$funcResult = mysql_query($funcUpdate);				

				if ($funcSession != $funcInfo['session_id']) // Not a valid user, clear codes, log them out.
				{
					//this deletes the cookie
					setcookie("SCCNH_ID", "", -1, '/xhub.com/sccnh/', "secure.netsolhost.com", FALSE);
					setcookie("SCCNH_Session_ID", "", -1, '/xhub.com/sccnh/', "secure.netsolhost.com", FALSE);

					// clear the variable values
					$funcHash = rand_string(32);
					$funcSession = rand_string(32);
					$funcNewSession = rand_string(32);
					$funcCheck = rand_string(32);
					$funcInfo = rand_string(32);

					// kick them out				
					header('Location: logout.php');
				}
				else
				{
					// reset the cookie
					setcookie("SCCNH_ID", $funcHash, FALSE, '/xhub.com/sccnh/', "secure.netsolhost.com", FALSE);
					setcookie("SCCNH_Session_ID", $funcNewSession, FALSE, '/xhub.com/sccnh/', "secure.netsolhost.com", FALSE);
				}
			}
		}
		else
		{
			//this deletes the cookie
			setcookie("SCCNH_ID", "", -1, '/xhub.com/sccnh/', "secure.netsolhost.com", FALSE);
			setcookie("SCCNH_Session_ID", "", -1, '/xhub.com/sccnh/', "secure.netsolhost.com", FALSE);
	
			// clear the variable values
			$funcHash = rand_string(32);
			$funcSession = rand_string(32);
			$funcNewSession = rand_string(32);
			$funcCheck = rand_string(32);
			$funcInfo = rand_string(32);

			// kick them out				
			header('Location: logout.php');
		}
	}
	else
	{
				//this deletes the cookie
				setcookie("SCCNH_ID", "", -1, '/xhub.com/sccnh/', "secure.netsolhost.com", FALSE);
				setcookie("SCCNH_Session_ID", "", -1, '/xhub.com/sccnh/', "secure.netsolhost.com", FALSE);
				
				// clear the variable values
				$funcHash = rand_string(32);
				$funcSession = rand_string(32);
				$funcNewSession = rand_string(32);
				$funcCheck = rand_string(32);
				$funcInfo = rand_string(32);

				// kick them out				
				header('Location: logout.php');
	}

	// clear the variable values
	$funcHash = rand_string(32);
	$funcNewSession = rand_string(32);
	$funcSession = rand_string(32);
	$funcCheck = rand_string(32);
	$funcInfo = rand_string(32);
}

function isPasswordValid($funcInput)
{
  if (strlen($funcInput) >= 8 &&
      strpbrk($funcInput, 'abcdefghijklmnopqrstuvwxyz') != FALSE &&
      strpbrk($funcInput, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ') != FALSE &&
      strpbrk($funcInput, '0123456789') != FALSE &&
      strpbrk($funcInput, '@.-_~!#%^&*()+`=[]{};:,<>/?|\\\'\$ ') == FALSE)
  {
    return TRUE;
  }
  else
  {
    return FALSE;
  }
}

function isUsernameValid($funcInput)
{
  if (strlen($funcInput) < 4 ||
      strpbrk($funcInput, '~!#%^&*()+`=[]{};:,<>/?|\\\'\$ ') != FALSE)
  {
    return FALSE;
  }
  else
  {
    return TRUE;
  }
}

function slashArray(&$funcInput)
{
  if (is_array($funcInput))
  {
    foreach($funcInput as &$value)
    {
      if (!is_array($value))
      {
        if (!get_magic_quotes_gpc())
        {
          $value = addslashes($value);
        }
      }
      else
      {
        slashArray($value);
      }
    }
    unset($value);
  }
}

function stripArray(&$funcInput)
{
  if (is_array($func_input))
  {
    foreach($funcInput as &$value)
    {
      if (!is_array($value))
      {
        if(!get_magic_quotes_gpc())
        {
          $value = stripslashes($value);
        }
      }
      else
      {
        stripArray($value);
      }
    }
    unset($value);
  }
}

// Connect to database
function connectDatabase()
{
  include 'include/config_database.php';

  mysql_connect($database_IP, $database_Username, $database_Password) or 
    dieError("mySQL connection error. Please notify administrator.");

  mysql_select_db($database_Name) or 
    dieError("mySQL connection error. Please notify administrator.");
}

function dieError($error)
{
  echo file_get_contents("header.html");
  echo $error;
  echo file_get_contents("footer.html");
  die(' ');
}

// verifies user, pass $_COOKIE to this function.
function isValidUser(&$slashedArray)
{
  $query = "SELECT * FROM users WHERE user_hash = '".$slashedArray['SCCNH_ID']."'";

  $check = mysql_query($query);

  if (!$check)
  {
    return FALSE;
  }
  while($info = mysql_fetch_array( $check ))
  {
    //if the cookie has the wrong sessionID, they are taken to the login page
    if ($slashedArray['SCCNH_Session_ID'] != $info['session_id'])
    {
      return FALSE;
    }
    else
    {
      return TRUE;
    }
  }
  return FALSE;
}

// simple function to call in each script. if they are not valid, kick them out.
function validateUser()
{
  if (isValidUser($_COOKIE))
  {
    logVerify($_COOKIE['SCCNH_ID'], "OK");
    changeCookie();
  }
  else
  {
    logVerify($_COOKIE['SCCNH_ID'], "INVALID");
    header("Location: logout.php");
  }
}

// This function will need to be modified for your evironment depending on the server variables available
function isSSL()
{
  if ($_SERVER['HTTP_X_FORWARDED_SERVER'] == "ssl")
  {
    return TRUE;
  }
  else
  {
    return FALSE;
  }
}

// this must be run at the beginning of every script before it interacts with the database
function validateSession()
{
  connectDatabase();

  slashArray($_COOKIE);
  slashArray($_POST);
  slashArray($_REQUEST);
  slashArray($_GET);
  slashArray($_SERVER);

  validateUser(); // if they are not valid, they don't come back from here.
}

// returns the stored hashed password
function getUserPasshash($userhash)
{
  $query = "SELECT * FROM users WHERE user_hash = '".$userhash."'";

  $check = mysql_query($query);

  if (!$check)
  {
    return "";
  }
  while($info = mysql_fetch_array( $check ))
  {
    return $info['pass'];
  }
  return "";
}

function logLogin($user_hash)
{
  $filename = "logs/login_".date('Y')."_".date('m')."_".date('d').".xml";
  if (!file_exists($filename))
  {
    file_put_contents($filename, "<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>\n", FILE_APPEND | LOCK_EX | FILE_TEXT);
    chmod($filename, 0600);
  }

  $entry = "<login date=\"".date('c')."\">\n";
  $entry .= "  <user_hash>".$user_hash."</user_hash>\n";
  foreach ($_SERVER as $key => $value)
  {
    $entry .= "  <".$key.">".$value."</".$key.">\n";
  }
  $entry .= "</login>\n";
  file_put_contents($filename, $entry, FILE_APPEND | LOCK_EX | FILE_TEXT);
}

function logLogout($user_hash)
{
  $filename = "logs/logout_".date('Y')."_".date('m')."_".date('d').".xml";
  if (!file_exists($filename))
  {
    file_put_contents($filename, "<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>\n", FILE_APPEND | LOCK_EX | FILE_TEXT);
    chmod($filename, 0600);
  }

  $entry = "<logout date=\"".date('c')."\">\n";
  $entry .= "  <user_hash>".$user_hash."</user_hash>\n";
  foreach ($_SERVER as $key => $value)
  {
    $entry .= "  <".$key.">".$value."</".$key.">\n";
  }
  $entry .= "</logout>\n";
  file_put_contents($filename, $entry, FILE_APPEND | LOCK_EX | FILE_TEXT);
}

function logVerify($user_hash, $valid)
{
  $filename = "logs/verify_".date('Y')."_".date('m')."_".date('d').".xml";
  if (!file_exists($filename))
  {
    file_put_contents($filename, "<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>\n", FILE_APPEND | LOCK_EX | FILE_TEXT);
    chmod($filename, 0600);
  }

  $entry = "<verify date=\"".date('c')."\">\n";
  $entry .= "  <isvalid>".$valid."</isvalid>\n";
  $entry .= "  <user_hash>".$user_hash."</user_hash>\n";

  if ($valid == "INVALID")
  {
    $entry = "  <SERVER>\n";
    foreach ($_SERVER as $key => $value)
    {
      $entry .= "    <".$key.">".$value."</".$key.">\n";
    }
    $entry .= "  </SERVER>\n";

    $entry .= "  <REQUEST>\n";
    foreach ($_REQUEST as $key => $value)
    {
      $entry .= "    <".$key.">".$value."</".$key.">\n";
    }
    $entry .= "  </REQUEST>\n";

    $entry .= "  <COOKIE>\n";
    foreach ($_COOKIE as $key => $value)
    {
      $entry .= "    <".$key.">".$value."</".$key.">\n";
    }
    $entry .= "  </COOKIE>\n";

    $entry .= "  <POST>\n";
    foreach ($_POST as $key => $value)
    {
      $entry .= "    <".$key.">".$value."</".$key.">\n";
    }
    $entry .= "  </POST>\n";

    $entry .= "  <GET>\n";
    foreach ($_GET as $key => $value)
    {
      $entry .= "    <".$key.">".$value."</".$key.">\n";
    }
    $entry .= "  </GET>\n";
  }
  $entry .= "</verify>\n";
  file_put_contents($filename, $entry, FILE_APPEND | LOCK_EX | FILE_TEXT);
}

function isNumberAvailable($username, $number)
{
    $check = mysql_query("SELECT * FROM vehicles");
    while($info = mysql_fetch_array( $check ))
    {
      if (($info['userOwner'] != $username) &&
          ($info['number'] == $number))
      {
        return FALSE;
      }
    }
    return TRUE;
}
?>
Return current item: Moers - Event Registration System