Location: PHPKode > projects > phpBannerEx > library.php
<?
#################################################################################################
#
#  project            	: phpBannerEx
#  filename           	: library.php
#  last modified by   	: 
#  e-mail             	: hide@address.com
#  purpose            	: Functions-Library File
#
#################################################################################################

#  constatnts (!!!DO NOT CHANGE!!!)
#################################################################################################
$session_name   = "BESession";
$session_limit  = 20; //minutes
$session_magic  = "BESession-Magic";
$session_debug  = true;

$crypt_password = 0;

$db_session_table = "sess";
$db_session_sid   = "sid"; //must be varchar(32)
$db_session_uid   = "uid";
$db_session_exp   = "exp"; //must be datetime

$db_user_table    = "user";
$db_user_uid      = "ur_id";
$db_user_log      = "ur_name"; //must be varchar(32)
$db_user_pwd      = "ur_pasw";  //must be varchar(32)

$db_var_table     = "svar";
$db_var_sid       = "sid";
$db_var_name      = "name";
$db_var_value     = "value";

# variables

$db = NULL;

#  functions
#################################################################################################

function db_connect() {
  global $db, $server, $db_user, $db_pass, $database;
  $db = mysql_connect($server, $db_user, $db_pass);
  if (!$db) die("Cannot connect mysql server\n");
  if (!mysql_select_db($database, $db)) die("Cannot select database\n");
}

function db_query($sql, $msg = "") {
  global $db, $session_debug;
  $res = mysql_query($sql, $db);
  if(!$res) {
    if($session_debug) echo "ERROR: ".mysql_error()." in SQL:[$sql]<br>";
    if($msg){
      echo "$msg <br>";
      die();
    }
  }
  return $res;
}

function session_clear() {
  global $db_session_table, $db_session_exp, $session_limit, $db_session_sid, $db_var_sid, $db_var_table;
  $time = strftime("%Y-%m-%d %H:%M:%S");

  $sql = "SELECT $db_session_sid FROM $db_session_table
          WHERE $db_session_exp < date_sub('$time', interval $session_limit minute)";
  $res = db_query($sql, "Cannot select session\n");

  while (list($sid) = mysql_fetch_row($res)) {
     $sql = "DELETE FROM $db_var_table WHERE $db_var_sid = '$sid'";
     db_query($sql,"Cannot clear session variables\n");
  }

  $sql = "DELETE FROM $db_session_table
          WHERE $db_session_exp < date_sub('$time', interval $session_limit minute)";
  db_query($sql,"Cannot clear session\n");

}

function get_user($username, $password) {
  global $db_user_table, $db_user_uid, $db_user_log, $db_user_pwd, $crypt_password;

  if($crypt_password) {
    $pwd = md5($password);
  } else {
    $pwd = $password;
  }

  $sql = "SELECT *
          FROM $db_user_table
          WHERE $db_user_log = '$username' AND $db_user_pwd = '$pwd' ";
  $res = db_query($sql,"Cannot get user info\n");
  $auth_user = mysql_fetch_array($res);
  return $auth_user;
}

function login_form(){
  global $PATH_INFO, $QUERY_STRING;
  $url = $PATH_INFO.((isset($QUERY_STRING) && ("" != $QUERY_STRING)) ? "?".$QUERY_STRING : "");
  include("loginform.inc");
  die();
}

function session_new($uid) {
  global $session_magic, $db_session_table, $session_name, $db_session_sid, $db_session_uid, $db_session_exp;
  $sid = md5(uniqid($session_magic));
  $exp = strftime("%Y-%m-%d %H:%M:%S");
  $sql = "INSERT INTO $db_session_table
          ($db_session_sid, $db_session_uid, $db_session_exp) VALUES('$sid', '$uid', '$exp')";
  $res = db_query($sql,"Cannot create new session\n");
  SetCookie($session_name, $sid, 0, "/");
}

function session_get() {
  global $HTTP_COOKIE_VARS,$session_name, $db_session_table, $db_session_sid, $db_session_uid;
  $sid = isset($HTTP_COOKIE_VARS[$session_name]) ? $HTTP_COOKIE_VARS[$session_name] : "";
  if($sid) {
    $sql = "SELECT $db_session_sid FROM $db_session_table WHERE $db_session_sid='$sid'";
    $res = db_query($sql,"Cannot get existing session\n");
    list($sid) = mysql_fetch_row($res);
  }
  return $sid;
}

function session_get_user($sid){
  global $db_session_table, $db_session_sid, $db_session_uid,
         $db_user_table, $db_user_uid;
  $sql = "SELECT $db_session_uid
          FROM $db_session_table
          WHERE $db_session_sid='$sid'";
  $res = db_query($sql,"Cannot get user from session\n");
  list($uid) = mysql_fetch_row($res);
  $sql = "SELECT *
          FROM $db_user_table
          WHERE $db_user_uid='$uid'";
  $res = db_query($sql,"Cannot get user\n");
  $auth_user = mysql_fetch_array($res);
  return $auth_user;
}

function session_update($sid) {
  global $db_session_table, $db_session_sid, $db_session_exp;
  $time = strftime("%Y-%m-%d %H:%M:%S");
  $sql = "UPDATE $db_session_table
          SET $db_session_exp='$time'
          WHERE $db_session_sid='$sid'";
  $res = db_query($sql,"Cannot update session\n");
}

function authorize() {
  global $username, $password, $db_user_uid;
  db_connect();
  session_clear();
  if($username) {
    $auth_user = get_user($username, $password);
    if(!$auth_user) {
      login_form();
    } else {
      session_new($auth_user[$db_user_uid]);
    }
  } else {
    $sid = session_get();
    if(!$sid) {
      login_form();
    } else {
      $auth_user = session_get_user($sid);
      session_update($sid);
    }
  }
  $username = NULL;
  $password = NULL;

  if($auth_user) $auth_user["sid"] = $sid;

  return $auth_user;
}

function unauthorize() {
  global $session_name, $db_session_table, $db_session_sid,
    $db_var_table, $db_var_sid;

  db_connect();

  $sid = session_get();
  $sql = "DELETE FROM $db_var_table WHERE $db_var_sid = '$sid'";
  db_query($sql,"Cannot clear session variables\n");

  $sql = "DELETE FROM $db_session_table WHERE $db_session_sid='$sid'";
  $res = db_query($sql, "Cannot unauthorize session\n");
}


function set_session_var($name, $value) {
  global $db_var_table, $db_var_sid, $db_var_name, $db_var_value;
  $sid = session_get();
  if($sid) {
    $sql = "DELETE FROM $db_var_table WHERE $db_var_name='$name' AND $db_var_sid='$sid'";
    $res = db_query($sql, "Cannot delete session variable\n");
    if($value) {
      $name = addslashes($name);
      $value = addslashes($value);
      $sql = "INSERT INTO $db_var_table
              ($db_var_sid,$db_var_name,$db_var_value) VALUES('$sid','$name','$value')";
      $res = db_query($sql, "Cannot insert session variable in database\n");
    }
  }
}

function get_session_var($name) {
  global $db_var_table, $db_var_sid, $db_var_name, $db_var_value;
  $sid = session_get();
  if($sid) {
    $sql ="SELECT $db_var_value FROM $db_var_table WHERE $db_var_name='$name' AND $db_var_sid='$sid'";
    $res = db_query($sql, "Cannot get session variable from database\n");
    list($value)=mysql_fetch_row($res);
  }
  return $value;
}


function get_msg($kw,$lang){
  list($text) = mysql_fetch_row(db_query("SELECT ms_text FROM msg WHERE ms_kw='$kw' AND ms_lang_ref='$lang'"));
  if(!$text) {
    list($text) = mysql_fetch_row(db_query("SELECT ms_text FROM msg WHERE ms_kw='$kw' AND ms_lang_ref=0"));
  }
  return $text;
}

function ReadConfig() {
  #
  # scalar variables
  #
  $sql = "SELECT vr_name, vr_value FROM var WHERE vr_type='Scalar'";
  $res = db_query($sql);
  while($row = mysql_fetch_row($res)) {
    eval("global \$$row[0];");
    eval("\$$row[0] = \"$row[1]\";");
  }
  #
  # array variables
  #
  $sql = "SELECT vr_id,vr_name FROM var WHERE vr_type='Array'";
  $res = db_query($sql);
  while (list($var,$name) = mysql_fetch_row($res)) {
    eval("global \$$name;");
    $sql = "SELECT vd_value FROM var_d WHERE vd_var_ref='$var'";
    $resd = db_query($sql);
    $i = 0;
    while (list($val) = mysql_fetch_row($resd)) {
      eval("\$$name".chr(91)."$i".chr(93)." = \"$val\";");
      $i++;
    }
  }
}

function help($id) {
  global $bannerex_name,$bannerex_url,$lang;

  echo "<b>".get_msg(addbannercode,$lang)."</b>:<br>";

  if (!$id) {
    $id="<font color=red>XXXXXXXX</font>\n";
    printf (get_msg(replaceid,$lang)."<br>\n", $id);
  }

  echo "<br>\n";

  echo "
&lt;!-- Begin $bannerex_name CODE --&gt;<br>
&lt;SCRIPT LANGUAGE=\"JavaScript\" SRC=\"$bannerex_url/banner.php?id=$id\"&gt;<br>
&lt;/SCRIPT&gt;<br>
&lt;NOSCRIPT&gt;<br>
&lt;A HREF=\"$bannerex_url/bannerclick.php?id=$id\" TARGET=\"_top\"&gt;<br>
&lt;IMG SRC=\"$bannerex_url/bannerdisplay.php?id=$id\" BORDER=\"0\"&gt;&lt;/A&gt;<br>
&lt;/NOSCRIPT&gt;<br>
&lt;!-- End $bannerex_name CODE --&gt;<br>
";
}

function mail_newnotifyuser($user,$st_id,$st_name,$st_url,$st_desc) {
    global $bannerex_name,$bannerex_url,$admin_email,$secret,
    $webmasterapproval, $lang;

if ($webmasterapproval) {
  $webmastermsg=get_msg(webmastermsg, $lang);
} else {
  $webmastermsg="";
}

mail("$user[ur_mail]", get_msg(welcometo,$lang)." $bannerex_name",
"$user[ur_fname] $user[ur_lname],

".get_msg(tnxforjoin,$lang)." $bannerex_name.
$webmastermsg
".get_msg(yoursite,$lang).": $st_name ($st_url)

".get_msg(dontforget,$lang)."
".get_msg(sitecode,$lang).": $st_id
", "From: $admin_email");
}

function mail_addnotifyuser($ur_name, $ur_pasw, $ur_fname, $ur_lname, $ur_mail){
    global $bannerex_name,$bannerex_url,$admin_email,$secret,
    $webmasterapproval, $lang;

mail($ur_mail, get_msg(welcometo,$lang)." $bannerex_name",
"$ur_fname $ur_lname,

".get_msg(welcometo,$lang)." $bannerex_name

".get_msg(dontforget,$lang)."
".get_msg(username,$lang).": $ur_name
".get_msg(password,$lang).": $ur_pasw
", "From: $admin_email");
}

function mail_appnotifyuser($ur_name, $ur_pasw, $ur_fname, $ur_lname, $ur_mail){
    global $bannerex_name,$bannerex_url,$admin_email,$secret,$lang;

mail($ur_mail, get_msg(appsite,$lang)." $bannerex_name",
"$ur_fname $ur_lname,

".get_msg(appsite,$lang)." $bannerex_name

".get_msg(dontforget,$lang)."
".get_msg(username,$lang).": $ur_name
".get_msg(password,$lang).": $ur_pasw
", "From: $admin_email");
}


function mail_newnotifyadm($user,$st_id,$st_name,$st_url,$st_desc) {
    global $bannerex_name,$bannerex_url,$admin_email,$notify_email,$lang;

mail("$notify_email", get_msg(notifynewsite, $lang),
"$user[ur_fname] $user[ur_lname] ($user[ur_name])

".get_msg(isaddsite,$lang)." $bannerex_name.

".get_msg(sitecode,$lang).": $st_id
".get_msg(sitetitle,$lang).": $st_name
".get_msg(siteurl,$lang).": $st_url
".get_msg(sitedesc,$lang).": $st_desc

", "From: $admin_email");
}

function mail_forgotpasw($ur_name, $ur_mail, $ur_pasw){
    global $bannerex_name,$bannerex_url,$admin_email,$secret,
    $webmasterapproval, $lang;

mail($ur_mail, get_msg(password,$lang)." $bannerex_name", "
".get_msg(dontforget,$lang)."
".get_msg(username,$lang).": $ur_name
".get_msg(password,$lang).": $ur_pasw
", "From: $admin_email");
}

function mail_addnotifyadm($ur_name, $ur_pasw, $ur_fname, $ur_lname, $ur_mail) {
  global $bannerex_name,$bannerex_url,$admin_email,$notify_email,$lang;

mail("$notify_email", get_msg(notifynewuser, $lang),
"$ur_fname $ur_lname ($ur_name)

".get_msg(isnewuser,$lang)." $bannerex_name.

".get_msg(username,$lang).": $ur_name
".get_msg(email,$lang).": $ur_mail
", "From: $admin_email");
}

function geterrdesc($sql) {
    $error = mysql_error() . "<BR>\n Error caused by statement: $sql";
    return $error;
}

function encrypt ($number,$password) {
    $random=rand(0,1629892229);
    $crypt=15278902349-strlen($password);
    $encrypted=$number+$crypt-$random."A".$random;
    return $encrypted;
}

function decrypt ($number,$password) {
    $array=explode("A",$number);
    $crypt=15278902349-strlen($password);
    $decrypted=$array[0]-$crypt+$array[1];
    return $decrypted;
}

function check_bad_words($string) {
  global $bad_words;

  if($bad_words) {
    reset($bad_words);
    while(list($key,$val) = each($bad_words)) {
      if (strstr(strtoupper($string), strtoupper($val))) {
        return true;
      }
    }
  }
  return false;
}

function check_bad_ips($string) {
  global $bad_ips;

  if($bad_ips) {
    reset($bad_ips);
    while(list($key,$val) = each($bad_ips)) {
      if (strstr($string,$val)) {
        return true;
      }
    }
  }
  return false;
}


function addslashesnew($string) {
    if (get_magic_quotes_gpc()==1) {
  return $string;
    } else {
  return addslashes($string);
    }
}

function getbannersize($url) {
    $fp = @fopen ($url, "r");
    if ($fp) {
        while (!feof($fp)) {
      $contents .= fread($fp, 1000);
        }
  fclose($fp);

        $fsize=strlen($contents);
        if ($fsize>0) {
#     print "filesize: $fsize";
            return $fsize;
  }
    }

    return false;

}

?>
Return current item: phpBannerEx