<?
#################################################################################################
#
# project : phpBannerEx
# filename : library.php
# last modified by :
# e-mail : hide@address.com
# purpose : Functions-Library File
#
#################################################################################################
# constatnts (!!!DO NOT CHANGE!!!)
#################################################################################################
$session_name = "BESession";
$session_limit = 20; //minutes
$session_magic = "BESession-Magic";
$session_debug = true;
$crypt_password = 0;
$db_session_table = "sess";
$db_session_sid = "sid"; //must be varchar(32)
$db_session_uid = "uid";
$db_session_exp = "exp"; //must be datetime
$db_user_table = "user";
$db_user_uid = "ur_id";
$db_user_log = "ur_name"; //must be varchar(32)
$db_user_pwd = "ur_pasw"; //must be varchar(32)
$db_var_table = "svar";
$db_var_sid = "sid";
$db_var_name = "name";
$db_var_value = "value";
# variables
$db = NULL;
# functions
#################################################################################################
function db_connect() {
global $db, $server, $db_user, $db_pass, $database;
$db = mysql_connect($server, $db_user, $db_pass);
if (!$db) die("Cannot connect mysql server\n");
if (!mysql_select_db($database, $db)) die("Cannot select database\n");
}
function db_query($sql, $msg = "") {
global $db, $session_debug;
$res = mysql_query($sql, $db);
if(!$res) {
if($session_debug) echo "ERROR: ".mysql_error()." in SQL:[$sql]<br>";
if($msg){
echo "$msg <br>";
die();
}
}
return $res;
}
function session_clear() {
global $db_session_table, $db_session_exp, $session_limit, $db_session_sid, $db_var_sid, $db_var_table;
$time = strftime("%Y-%m-%d %H:%M:%S");
$sql = "SELECT $db_session_sid FROM $db_session_table
WHERE $db_session_exp < date_sub('$time', interval $session_limit minute)";
$res = db_query($sql, "Cannot select session\n");
while (list($sid) = mysql_fetch_row($res)) {
$sql = "DELETE FROM $db_var_table WHERE $db_var_sid = '$sid'";
db_query($sql,"Cannot clear session variables\n");
}
$sql = "DELETE FROM $db_session_table
WHERE $db_session_exp < date_sub('$time', interval $session_limit minute)";
db_query($sql,"Cannot clear session\n");
}
function get_user($username, $password) {
global $db_user_table, $db_user_uid, $db_user_log, $db_user_pwd, $crypt_password;
if($crypt_password) {
$pwd = md5($password);
} else {
$pwd = $password;
}
$sql = "SELECT *
FROM $db_user_table
WHERE $db_user_log = '$username' AND $db_user_pwd = '$pwd' ";
$res = db_query($sql,"Cannot get user info\n");
$auth_user = mysql_fetch_array($res);
return $auth_user;
}
function login_form(){
global $PATH_INFO, $QUERY_STRING;
$url = $PATH_INFO.((isset($QUERY_STRING) && ("" != $QUERY_STRING)) ? "?".$QUERY_STRING : "");
include("loginform.inc");
die();
}
function session_new($uid) {
global $session_magic, $db_session_table, $session_name, $db_session_sid, $db_session_uid, $db_session_exp;
$sid = md5(uniqid($session_magic));
$exp = strftime("%Y-%m-%d %H:%M:%S");
$sql = "INSERT INTO $db_session_table
($db_session_sid, $db_session_uid, $db_session_exp) VALUES('$sid', '$uid', '$exp')";
$res = db_query($sql,"Cannot create new session\n");
SetCookie($session_name, $sid, 0, "/");
}
function session_get() {
global $HTTP_COOKIE_VARS,$session_name, $db_session_table, $db_session_sid, $db_session_uid;
$sid = isset($HTTP_COOKIE_VARS[$session_name]) ? $HTTP_COOKIE_VARS[$session_name] : "";
if($sid) {
$sql = "SELECT $db_session_sid FROM $db_session_table WHERE $db_session_sid='$sid'";
$res = db_query($sql,"Cannot get existing session\n");
list($sid) = mysql_fetch_row($res);
}
return $sid;
}
function session_get_user($sid){
global $db_session_table, $db_session_sid, $db_session_uid,
$db_user_table, $db_user_uid;
$sql = "SELECT $db_session_uid
FROM $db_session_table
WHERE $db_session_sid='$sid'";
$res = db_query($sql,"Cannot get user from session\n");
list($uid) = mysql_fetch_row($res);
$sql = "SELECT *
FROM $db_user_table
WHERE $db_user_uid='$uid'";
$res = db_query($sql,"Cannot get user\n");
$auth_user = mysql_fetch_array($res);
return $auth_user;
}
function session_update($sid) {
global $db_session_table, $db_session_sid, $db_session_exp;
$time = strftime("%Y-%m-%d %H:%M:%S");
$sql = "UPDATE $db_session_table
SET $db_session_exp='$time'
WHERE $db_session_sid='$sid'";
$res = db_query($sql,"Cannot update session\n");
}
function authorize() {
global $username, $password, $db_user_uid;
db_connect();
session_clear();
if($username) {
$auth_user = get_user($username, $password);
if(!$auth_user) {
login_form();
} else {
session_new($auth_user[$db_user_uid]);
}
} else {
$sid = session_get();
if(!$sid) {
login_form();
} else {
$auth_user = session_get_user($sid);
session_update($sid);
}
}
$username = NULL;
$password = NULL;
if($auth_user) $auth_user["sid"] = $sid;
return $auth_user;
}
function unauthorize() {
global $session_name, $db_session_table, $db_session_sid,
$db_var_table, $db_var_sid;
db_connect();
$sid = session_get();
$sql = "DELETE FROM $db_var_table WHERE $db_var_sid = '$sid'";
db_query($sql,"Cannot clear session variables\n");
$sql = "DELETE FROM $db_session_table WHERE $db_session_sid='$sid'";
$res = db_query($sql, "Cannot unauthorize session\n");
}
function set_session_var($name, $value) {
global $db_var_table, $db_var_sid, $db_var_name, $db_var_value;
$sid = session_get();
if($sid) {
$sql = "DELETE FROM $db_var_table WHERE $db_var_name='$name' AND $db_var_sid='$sid'";
$res = db_query($sql, "Cannot delete session variable\n");
if($value) {
$name = addslashes($name);
$value = addslashes($value);
$sql = "INSERT INTO $db_var_table
($db_var_sid,$db_var_name,$db_var_value) VALUES('$sid','$name','$value')";
$res = db_query($sql, "Cannot insert session variable in database\n");
}
}
}
function get_session_var($name) {
global $db_var_table, $db_var_sid, $db_var_name, $db_var_value;
$sid = session_get();
if($sid) {
$sql ="SELECT $db_var_value FROM $db_var_table WHERE $db_var_name='$name' AND $db_var_sid='$sid'";
$res = db_query($sql, "Cannot get session variable from database\n");
list($value)=mysql_fetch_row($res);
}
return $value;
}
function get_msg($kw,$lang){
list($text) = mysql_fetch_row(db_query("SELECT ms_text FROM msg WHERE ms_kw='$kw' AND ms_lang_ref='$lang'"));
if(!$text) {
list($text) = mysql_fetch_row(db_query("SELECT ms_text FROM msg WHERE ms_kw='$kw' AND ms_lang_ref=0"));
}
return $text;
}
function ReadConfig() {
#
# scalar variables
#
$sql = "SELECT vr_name, vr_value FROM var WHERE vr_type='Scalar'";
$res = db_query($sql);
while($row = mysql_fetch_row($res)) {
eval("global \$$row[0];");
eval("\$$row[0] = \"$row[1]\";");
}
#
# array variables
#
$sql = "SELECT vr_id,vr_name FROM var WHERE vr_type='Array'";
$res = db_query($sql);
while (list($var,$name) = mysql_fetch_row($res)) {
eval("global \$$name;");
$sql = "SELECT vd_value FROM var_d WHERE vd_var_ref='$var'";
$resd = db_query($sql);
$i = 0;
while (list($val) = mysql_fetch_row($resd)) {
eval("\$$name".chr(91)."$i".chr(93)." = \"$val\";");
$i++;
}
}
}
function help($id) {
global $bannerex_name,$bannerex_url,$lang;
echo "<b>".get_msg(addbannercode,$lang)."</b>:<br>";
if (!$id) {
$id="<font color=red>XXXXXXXX</font>\n";
printf (get_msg(replaceid,$lang)."<br>\n", $id);
}
echo "<br>\n";
echo "
<!-- Begin $bannerex_name CODE --><br>
<SCRIPT LANGUAGE=\"JavaScript\" SRC=\"$bannerex_url/banner.php?id=$id\"><br>
</SCRIPT><br>
<NOSCRIPT><br>
<A HREF=\"$bannerex_url/bannerclick.php?id=$id\" TARGET=\"_top\"><br>
<IMG SRC=\"$bannerex_url/bannerdisplay.php?id=$id\" BORDER=\"0\"></A><br>
</NOSCRIPT><br>
<!-- End $bannerex_name CODE --><br>
";
}
function mail_newnotifyuser($user,$st_id,$st_name,$st_url,$st_desc) {
global $bannerex_name,$bannerex_url,$admin_email,$secret,
$webmasterapproval, $lang;
if ($webmasterapproval) {
$webmastermsg=get_msg(webmastermsg, $lang);
} else {
$webmastermsg="";
}
mail("$user[ur_mail]", get_msg(welcometo,$lang)." $bannerex_name",
"$user[ur_fname] $user[ur_lname],
".get_msg(tnxforjoin,$lang)." $bannerex_name.
$webmastermsg
".get_msg(yoursite,$lang).": $st_name ($st_url)
".get_msg(dontforget,$lang)."
".get_msg(sitecode,$lang).": $st_id
", "From: $admin_email");
}
function mail_addnotifyuser($ur_name, $ur_pasw, $ur_fname, $ur_lname, $ur_mail){
global $bannerex_name,$bannerex_url,$admin_email,$secret,
$webmasterapproval, $lang;
mail($ur_mail, get_msg(welcometo,$lang)." $bannerex_name",
"$ur_fname $ur_lname,
".get_msg(welcometo,$lang)." $bannerex_name
".get_msg(dontforget,$lang)."
".get_msg(username,$lang).": $ur_name
".get_msg(password,$lang).": $ur_pasw
", "From: $admin_email");
}
function mail_appnotifyuser($ur_name, $ur_pasw, $ur_fname, $ur_lname, $ur_mail){
global $bannerex_name,$bannerex_url,$admin_email,$secret,$lang;
mail($ur_mail, get_msg(appsite,$lang)." $bannerex_name",
"$ur_fname $ur_lname,
".get_msg(appsite,$lang)." $bannerex_name
".get_msg(dontforget,$lang)."
".get_msg(username,$lang).": $ur_name
".get_msg(password,$lang).": $ur_pasw
", "From: $admin_email");
}
function mail_newnotifyadm($user,$st_id,$st_name,$st_url,$st_desc) {
global $bannerex_name,$bannerex_url,$admin_email,$notify_email,$lang;
mail("$notify_email", get_msg(notifynewsite, $lang),
"$user[ur_fname] $user[ur_lname] ($user[ur_name])
".get_msg(isaddsite,$lang)." $bannerex_name.
".get_msg(sitecode,$lang).": $st_id
".get_msg(sitetitle,$lang).": $st_name
".get_msg(siteurl,$lang).": $st_url
".get_msg(sitedesc,$lang).": $st_desc
", "From: $admin_email");
}
function mail_forgotpasw($ur_name, $ur_mail, $ur_pasw){
global $bannerex_name,$bannerex_url,$admin_email,$secret,
$webmasterapproval, $lang;
mail($ur_mail, get_msg(password,$lang)." $bannerex_name", "
".get_msg(dontforget,$lang)."
".get_msg(username,$lang).": $ur_name
".get_msg(password,$lang).": $ur_pasw
", "From: $admin_email");
}
function mail_addnotifyadm($ur_name, $ur_pasw, $ur_fname, $ur_lname, $ur_mail) {
global $bannerex_name,$bannerex_url,$admin_email,$notify_email,$lang;
mail("$notify_email", get_msg(notifynewuser, $lang),
"$ur_fname $ur_lname ($ur_name)
".get_msg(isnewuser,$lang)." $bannerex_name.
".get_msg(username,$lang).": $ur_name
".get_msg(email,$lang).": $ur_mail
", "From: $admin_email");
}
function geterrdesc($sql) {
$error = mysql_error() . "<BR>\n Error caused by statement: $sql";
return $error;
}
function encrypt ($number,$password) {
$random=rand(0,1629892229);
$crypt=15278902349-strlen($password);
$encrypted=$number+$crypt-$random."A".$random;
return $encrypted;
}
function decrypt ($number,$password) {
$array=explode("A",$number);
$crypt=15278902349-strlen($password);
$decrypted=$array[0]-$crypt+$array[1];
return $decrypted;
}
function check_bad_words($string) {
global $bad_words;
if($bad_words) {
reset($bad_words);
while(list($key,$val) = each($bad_words)) {
if (strstr(strtoupper($string), strtoupper($val))) {
return true;
}
}
}
return false;
}
function check_bad_ips($string) {
global $bad_ips;
if($bad_ips) {
reset($bad_ips);
while(list($key,$val) = each($bad_ips)) {
if (strstr($string,$val)) {
return true;
}
}
}
return false;
}
function addslashesnew($string) {
if (get_magic_quotes_gpc()==1) {
return $string;
} else {
return addslashes($string);
}
}
function getbannersize($url) {
$fp = @fopen ($url, "r");
if ($fp) {
while (!feof($fp)) {
$contents .= fread($fp, 1000);
}
fclose($fp);
$fsize=strlen($contents);
if ($fsize>0) {
# print "filesize: $fsize";
return $fsize;
}
}
return false;
}
?>