<?php
/*******************************************************************/
/* vsecurity */
/* copyrights(c)2001 jan vilimek(hide@address.com) */
/* see gpl license in file license.txt */
/* and http://www.guanoweb.cz for more details */
/* */
/* function: secure your pages (functions) */
/* for instalation see readme.txt */
/*******************************************************************/
####################################################################################
# description of the file: some function for many reasons - see the desc. bellow #
####################################################################################
if (!defined("LOADED_PROPERLY"))die("<h1>Acess denied!</h1><br />-VSecurity required-<br /><br />get it on www.guanoweb.cz/");
/************************************************************/
/*Login form:outputs a login form acording to what's in $what*/
/* {only if login == anonym, else outputs nothing} */
/* */
/* what *outputs */
/*-----------------------------------------------------------*/
/* script * script for no form */
/* div * div with key catch */
/* /div * </div> */
/* login * login input */
/* 'anything' * anything */
/* password * password input */
/* ok * ok link */
/* <frm> * begin of form with hidden inputs */
/* </frm> * end of form */
/* ref_login * reference to login form */
/* send * OK as an button for login form */
/* */
/* */
/*Examples: */
/* login_form("login password ok ' (' ref_login ')'"); */
/* login_form("<frm>login password send <frm>"); */
/*************************************************************/
function login_form($what)
{
global $VSecure_path,$MAIN_URL,$ID_form_login,$login;
if ($login=='anonym')
{
echo "\n\n\n<!-- ***************** LOGIN LOGIN LOGIN ********************** -->\n";
// seed with microseconds since last "whole" second
mt_srand ((double) microtime() * 1000000000);
$_SESSION['ID_form_login']=(integer)mt_rand(0,999999999);
$style=explode(" ",$what);
reset ($style);
/*for each option get a result */
while (list ($key, $val) = each ($style)) {
if ($val=="login")
{
echo "Login: <input type=\"text\" name=\"login\" class=\"log\" size=\"10\" value=\"\" /> ";
}
elseif ($val=="script")
{
echo "<!-- ***************** LOGIN LOGIN LOGIN ********************** -->\n<script language=\"JavaScript\" type=\"text/javascript\">\n<!--\n";
@readfile(dirname(__FILE__)."/script.js");
echo "\nfunction _login()\n {\n window.open('${MAIN_URL}?action=iscorrect&login='+login.value+'&paswd='+MD5(paswd.value)+'&md5=true&id_form=".$_SESSION['ID_form_login']."', '_self', '');\n }\n//-->\n</script>\n";
}
elseif ($val=="div")
{
echo "\n<div onkeypress=\"getkey();margin:0px;\">\n";
}
elseif ($val=="/div")
{
echo "\n</div>\n";
}
elseif ($val=="password")
{
echo "Paswd: <input type=\"password\" name=\"paswd\" class=\"log\" size=10 value=\"\" /> \n";
}
elseif ($val=="ok")
{
echo "<a class=\"logok\" href='javascript:_login()'> OK </a>\n";
}
elseif ($val=="<frm>")
{
echo "<form action=\"".$MAIN_URL."\" method=\"post\" name=\"login_form\" id=\"login_form\" style=\"margin:0px;\">\n";
echo "<input type='hidden' name='action' value='iscorrect' />\n";
echo "<input type='hidden' name='id_form' value='".$_SESSION['ID_form_login']."' />\n";
}
elseif ($val=="</frm>")
{
echo "</form>\n";
}
elseif ($val=="send")
{
echo "<input type=\"submit\" name=\"send\" value=\"ok\" class=\"login_submit\" />\n";
}
elseif ($val=="ref_login")
{
echo "<a href='".$MAIN_URL."?login=login'>login</a>\n";
}
elseif (ereg("^'",$val))
{
echo ereg_replace("(^')|('$)",'',$val)."\n";
}
} /*for each option*/
echo "<!-- ***************** LOGIN LOGIN LOGIN ********************** -->\n\n\n";
}/*login!=anonym*/
}/*function login_form*/
/***********************************************************/
/*connects to database and check if this user session exist*/
/*should returns following: */
/*VS_NO_SESSION = no session with id SSid */
/*VS_BAD_IP = bad session - bad users ip address */
/*VS_BAD_USER = bad session - not users session */
/*VS_SESSION_OK = everithing seems to be all right */
/***********************************************************/
function is_user_session($SSid,$login,$ip)
{
global $MySQL_link,$VSecure_tbl_ss;
$qw="SELECT login,ip FROM $VSecure_tbl_ss WHERE session='".$SSid."' " ;
$result= @mysql_query ($qw , $MySQL_link)or
echo_error(__FILE__,__LINE__,ERR_MYSQL,"Could not find the session...");
if (!($session=mysql_fetch_array($result)))
{
/*no session with id SSid*/
return VS_NO_SESSION;
}
if ($session['login']!=md5($login))
{
/*bad session - not users session*/
return VS_BAD_USER;
}
if ($session['ip']!=$ip)
{
/*bad session - bad users ip address*/
return VS_BAD_IP;
}
mysql_free_result($result);
return VS_SESSION_OK;
}
/**************************/
/*updates the session */
/**************************/
function update_user_session()
{
global $VSecure_tbl_ss,$MySQL_link;
$qw="UPDATE $VSecure_tbl_ss SET timestamp=".time()." WHERE session='".$_SESSION['usrSSid']."' " ;
$result= @mysql_query ($qw , $MySQL_link) or
echo_error(__FILE__,__LINE__,ERR_MYSQL,"Could not update session...");
}
/**************************/
/*deletes old sessions */
/**************************/
function delete_old_sessions()
{
global $VSecure_tbl_ss,$MySQL_link;
$qw="DELETE FROM $VSecure_tbl_ss WHERE timestamp< ". (time() - 1200);
$result= @mysql_query ($qw , $MySQL_link);
if (!$result)return false;else return true;
}
/***********************************/
/*returns array of user name,... */
/***********************************/
function get_user_name_etc()
{
global $VSecure_tbl_usr,$MySQL_link,$login;
$qw="SELECT status,nick,name,email,id from $VSecure_tbl_usr where login='".md5($login)."' " ;
$result= @mysql_query ($qw , $MySQL_link) or
echo_error(__FILE__,__LINE__,ERR_MYSQL,"could not get user data...");
$RET= mysql_fetch_array($result);
mysql_free_result($result);
return $RET;
}
/***********************************/
/*returns all user data */
/***********************************/
function get_user_dats($login)
{
global $VSecure_tbl_usr,$MySQL_link;
return load_user_data(VS_LOAD_DATA_ALL,$login);
}
/*********************************************/
/*saves user data to theVSecure table */
/*Identifier=name of the data handler */
/*Data=string of data */
/*If Identifier exist, data will be replaced */
/*returns true if succeed */
/*********************************************/
function save_user_data($Identifier,$Data,$login)
{
global $VSecure_tbl_usr,$MySQL_link;
/*get prewious stored data*/
if (strlen($login)!=32)$mdlogin=md5($login);else $mdlogin=$login;
$qw="select data from $VSecure_tbl_usr where login='".$mdlogin."' " ;
$result= @mysql_query ($qw , $MySQL_link) or
echo_error(__FILE__,__LINE__,ERR_MYSQL,"could not get the user main data...");
$old_data= mysql_fetch_row($result);
$old_data=unserialize($old_data[0]);
$old_data[$Identifier]=$Data;
mysql_free_result($result);
/*save data*/
$new_data=serialize($old_data);
$qw="update $VSecure_tbl_usr set data='".addslashes($new_data)."' where login='".md5($login)."' " ;
$result= @mysql_query ($qw , $MySQL_link) or
echo_error(__FILE__,__LINE__,ERR_MYSQL,"could not save the user data...");
return true;
}
/*********************************************/
/*gets user data from the VSecure table */
/*Identifier=name of the data handler */
/*Data=string of data */
/*If Identifier daesnt exist, return false */
/*returns true if succeed */
/*Id=VS_LOAD_DATA_ALL => get array of vars */
/*********************************************/
function load_user_data($Identifier,$login)
{
global $VSecure_tbl_usr,$MySQL_link;
/*get prewious stored data*/
if (strlen($login)!=32)$mdlogin=md5($login);else $mdlogin=$login;
$qw="SELECT DATA FROM $VSecure_tbl_usr WHERE login='".$mdlogin."' " ;
$result= @mysql_query ($qw , $MySQL_link) or
echo_error(__FILE__,__LINE__,ERR_MYSQL,"Could not get the user data...");
$_data= mysql_fetch_row($result);
$_data=unserialize($_data[0]);
mysql_free_result($result);
if ($Identifier==VS_LOAD_DATA_ALL)
{ return $_data; }else
{ if (isset($_data[$Identifier])) { return $_data[$Identifier]; }else { return false; } }
}
/*********************************************/
/*deletes user data from theVSecure table */
/*Identifier=name of the data handler */
/*If Identifier exist, data will be deleted */
/*returns true if succeed */
/*Id=VS_DESTROY_DATA_ALL =>all data will be lost*/
/*********************************************/
function delete_user_data($Identifier,$login)
{
global $VSecure_tbl_usr,$MySQL_link,$login;
/*get prewious stored data*/
if (strlen($login)!=32)$mdlogin=md5($login);else $mdlogin=$login;
$qw="SELECT DATA FROM $VSecure_tbl_usr WHERE login='".$mdlogin."' " ;
$result= @mysql_query ($qw , $MySQL_link) or
echo_error(__FILE__,__LINE__,ERR_MYSQL,"Could not get the user data...");
$old_data= mysql_fetch_row($result);
$old_data=unserialize($old_data[0]);
if (($Identifier!=VS_DESTROY_DATA_ALL)&&($old_data))
{
while (list ($key, $val) = each ($old_data))
{if ($key!=$Identifier) $new_data[$key] = $val; }
mysql_free_result($result);
/*save data*/
$new_data=serialize($new_data);
}else $new_data="";
$qw="UPDATE $VSecure_tbl_usr set DATA='".addslashes($new_data)."' WHERE login='".md5($login)."' " ;
$result= @mysql_query ($qw , $MySQL_link) or
echo_error(__FILE__,__LINE__,ERR_MYSQL,"Could not save the user data...");
return true;
}
/************************************************************/
/*Echo_error:outputs a ERROR OCCURED form acording to what's */
/* in $which_err */
/* */
/*from_file - please, input __FILE__ const. */
/*from_line - please, input __LINE__ const. */
/* */
/*which_err: ERR_MYSQL */
/* err_report: which mysql error occured */
/* example of err_report: "Could not connect to SQL database"*/
/* */
/*which_err: ERR_SESSION */
/* err_report: 1st word: which user can not be created */
/* following: which error occured */
/* example of err_report: "Anonym can not delete session..." */
/* */
/*which_err: ERR_FILE */
/* err_report: which file */
/* example of err_report: "/data/files/datafile.dat" */
/* */
/*Examples: */
/* echo_error(__FILE__,__LINE__,ERR_MYSQL, */
/* "Could not connect to SQL database"); */
/*************************************************************/
function echo_error($from_file,$from_line,$which_err,$err_report)
{
global $login, $user_email,$user_name, $user_nick, $user_status;
echo " <style type=\"text/css\"> <!--
BODY{
background-color : #EEEEEE;
}
H1{
color : #8B0000;
font-family : Arial, Helvetica, sans-serif;
font-size : 40;
font-weight : bold;
letter-spacing : 2;
}
.ERR{
background-color : #FEBDA7;
margin-left : 20%;
margin-right : 20%;
}
.CR{
background-color : White;
border : 1px solid Black;
margin-left : 3;
margin-right : 3;
margin-top : 3;
text-align : justify;
scrollbar-track-color : White;
scrollbar-darkshadow-color : white;
scrollbar-arrow-color : Black;
scrollbar-highlight-color : black;
scrollbar-shadow-color : black;
scrollbar-base-color : white;
scrollbar-3dlight-color : white;
scrollbar-face-color : white;
}
-->
</style>";
echo "<div align=\"center\"><br /><br />\n";
$err = "<h1>Error</h1><br /><br />";
$err.= "<div class=err><br /> In file <b>".basename($from_file)."</b> on line <b>".$from_line."</b><br /><br />\n\n";
if ($which_err==ERR_MYSQL)
{
$err.= "<b>Something wrong with MySQL server, database, tables or querie</b><br />\n";
$err.= "<b><i>".$err_report."</i></b><br />\n";
$err.= "Got MySQL error: '".mysql_error()."' ";
}
elseif ($which_err==ERR_SESSION)
{
$err.= "<b>Can not set the user session!</b><br />\n";
$err.= "<b>Something wrong with session table, MySQL server, database or querie</b><br />\n";
$c=strpos($err_report," ");
if ($c!=false)
{
$usr=substr($err_report,0,$c);
$warning=substr($err_report,$c);
}
$err.= "<b><i> USER: ".$usr."</i></b><br />\n";
$err.= "<b><i> WARNING: ".$warning."</i></b><br />\n";
$err.= "Got MySQL error: '".mysql_error()."' ";
}
elseif ($which_err==ERR_FILE)
{
$err.= "<b>Can not handle with file!</b><br />\n";
$err.= "<b>Probably you have no rights to acces to this file or file daes not exist.</b><br />\n";
$err.= "<b><i>FILE: ".$err_report."</i></b><br />\n";
}
else
{
$err.= "<b>Uknown error nr.</b><br />\n";
$err.= "<b><i>".$err_report."</i></b>";
}
$err.= "<br /><br /></div><br />\n\n";
echo $err;
echo "Please send a message to administrator:<form action='mailto:?subject=error' method=post enctype='text/plain' target= onClick=\"window.alert('Thanx for your time.');\">\n";
echo "<textarea cols=65 rows=7 name=error wrap=\"on\" class=cr>\n";
echo strip_tags($err);
echo "</textarea><br /><br />\n";
echo "<input type=\"submit\" />\n";
echo " <input type=\"hidden\" name=\"login\" value=\"".$login."\" />\n";
echo " <input type=\"hidden\" name=\"user_status\" value=\"".$user_status."\" />\n";
echo " <input type=\"hidden\" name=\"user_nick\" value=\"".$user_nick."\" />\n";
echo " <input type=\"hidden\" name=\"user_name\" value=\"".$user_name."\" />\n";
echo " <input type=\"hidden\" name=\"user_email\" value=\"".$user_email."\" />\n";
echo "</form></div>\n";
alert("Error occured - please send message to administrator...");
exit();
}
/***********************************/
/* basic information about VSecure */
/***********************************/
function VSecure_info()
{
global $VSecure_version,$MAIN_URL,$MAIN_QUERY,$language,$VSecure_magic_quotes;
global $adminEml,$adminname,$VSecure_tbl_usr,$VSecure_tbl_ss;
global $VSecure_Y,$VSecure_N,$VSecure_conf;
echo " <style type=\"text/css\"> <!--
BODY{
background-color : #EEEEEE;
}
.HH1{
color : #8B0000;
font-family : Arial, Helvetica, sans-serif;
font-size : 40;
font-weight : bold;
letter-spacing : 2;
}
-->
</style>";
echo "<div align=\"center\"><span class=hh1>Info</span><br /><b><i>- VSecure -</i></b></div>\n";
echo "<br />\n";
echo "<table width=\"80%\" border=\"1\" cellspacing=\"0\" cellpadding=\"2\" align=\"center\" bgcolor=\"#EEEEEE\" bordercolor=\"Black\" bordercolorlight=\"Black\" bordercolordark=\"Black\" frame=\"void\" rules=\"rows\">\n";
echo "<tr><td><b>Version</b>:</td><td align=\"right\"><b><i> ".$VSecure_version."</i></b></td></tr>\n";
echo "<tr><td><b>MAIN_URL</b>:</td><td align=\"right\"><b><i> ".$MAIN_URL."</i></b></td></tr>\n";
echo "<tr><td><b>REMOTE_ADDR</b>:</td><td align=\"right\"><b><i> ".$_SERVER['REMOTE_ADDR']."</i></b></td></tr>\n";
echo "<tr><td><b>MAIN_QUERY</b>:</td><td align=\"right\"><b><i> ".$MAIN_QUERY."</i></b></td></tr>\n";
echo "<tr><td><b>language</b>:</td><td align=\"right\"><b><i> ".$language."</i></b></td></tr>\n";
echo "<tr><td><b>VSecure_magic_quotes</b>:</td><td align=\"right\"><b><i> ";
if ($VSecure_magic_quotes) echo $VSecure_Y;else echo $VSecure_N;
echo "</i></b></td></tr>\n";
echo "</table><br />";
echo "<table width=\"80%\" border=\"1\" cellspacing=\"0\" cellpadding=\"2\" align=\"center\" bgcolor=\"#EEEEEE\" bordercolor=\"Black\" bordercolorlight=\"Black\" bordercolordark=\"Black\" frame=\"void\" rules=\"rows\">\n";
echo "<tr><td><b>\$VSecure_conf['admin_name']</b>:</td><td align=\"right\"><b><i> ".$VSecure_conf['admin_name']."</i></b></td></tr>\n";
echo "<tr><td><b>\$VSecure_conf['admin_email']</b>:</td><td align=\"right\"><b><i> ".$VSecure_conf['admin_email']."</i></b></td></tr>\n";
echo "<tr><td><b>VSecure_tbl_usr</b>:</td><td align=\"right\"><b><i> ".$VSecure_tbl_usr."</i></b></td></tr>\n";
echo "<tr><td><b>VSecure_tbl_ss</b>:</td><td align=\"right\"><b><i> ".$VSecure_tbl_ss."</i></b></td></tr>\n";
echo "<tr><td valign=\"top\"><b>\$VSecure_conf['status_level'][]</b>:</td><td align=\"right\"><b><i> ";
$i=0;
while (isset($VSecure_conf['status_level'][$i])){ echo $VSecure_conf['status_level'][$i]."<br /> ";$i++;}
echo "</i></b></td></tr>\n";
// echo "<tr><td><b></b>:</td><td align=\"right\"><b><i>".$."</i></b></td></tr>\n";
echo "</table><br />";
echo "<table width=\"80%\" border=\"1\" cellspacing=\"0\" cellpadding=\"2\" align=\"center\" bgcolor=\"#EEEEEE\" bordercolor=\"Black\" bordercolorlight=\"Black\" bordercolordark=\"Black\" frame=\"void\" rules=\"rows\">\n";
echo "<tr><td valign=\"top\" width=\"100%\"><b>Defined const.</b></td><td align=\"left\"><b>VS_NO_SESSION<br />VS_BAD_IP<br />VS_BAD_USER<br />VS_SESSION_OK<br />VS_LOAD_DATA_ALL<br />VS_DESTROY_DATA_ALL<br />ERR_MYSQL<br />ERR_SESSION<br />ERR_FILE</b><br /></td></tr>\n";
echo "</table>";
}
/******************************************/
/* returns true if the user is online */
/*(it means that he's got a valid session)*/
/******************************************/
function is_online($login)
{
global $MySQL_link,$VSecure_tbl_ss;
$qw="select login from $VSecure_tbl_ss WHERE login='".md5($login)."' " ;
$result= @mysql_query ($qw , $MySQL_link) or
echo_error(__FILE__,__LINE__,ERR_MYSQL,"Could not read in the session table...");
if ($row=mysql_fetch_row($result))return true;
return false;
}
/*********************************************/
/*set_user_session - sets new session in */
/* MySQL session table */
/* */
/*note: it is NOT controled, if session */
/* existed yet! (because of speed) */
/* */
/*login = login of the user */
/* */
/* */
/*returns true if succeed */
/*********************************************/
function set_user_session($login)
{
global $usrSSid,$usrlogin,$MySQL_link,$VSecure_tbl_ss;
// seed with microseconds since last "whole" second
mt_srand ((double) microtime() * 1000000000);
$session_=(string)mt_rand(0,999999999);
destroy_user_session();
$qw="INSERT INTO $VSecure_tbl_ss (session,login, ip,timestamp) VALUES ( $session_ , '".md5($login)."','".$_SERVER['REMOTE_ADDR']."',".time().")";
$result= @mysql_query ($qw , $MySQL_link)
or echo_error(__FILE__,__LINE__,ERR_SESSION, $login ." Can't write session...");
$usrSSid=$session_;
$usrlogin=$login;
return true;
}
/*********************************************/
/*destroy_user_session - deletes session from*/
/* MySQL session table */
/* */
/*note: it is NOT controled, if session */
/* existed! (because of speed) */
/* */
/*returns true if succeed */
/*********************************************/
function destroy_user_session()
{
global $usrSSid,$usrlogin,$MySQL_link,$REMOTE_ADDR,$VSecure_tbl_ss;
$qw="DELETE FROM $VSecure_tbl_ss WHERE session = '".$usrSSid."' ";
$result= @mysql_query ($qw , $MySQL_link)
or echo_error(__FILE__,__LINE__,ERR_SESSION, $login ." Can't delete session...");
$usrSSid="";
$usrlogin="";
return true;
}
/*********************************************/
/*logout - logouts user */
/* ==destroys session from MySQL table */
/* */
/* */
/*returns true if succeed */
/*********************************************/
function logout()
{
global $usrSSid, $usrlogin,$MySQL_link,$warningalert,$MAIN_URL,$VSecure_tbl_ss,$url;
$whom=$usrSSid;
set_user_session("anonym");
if ($warningalert!="")alert($warningalert);
if ($url=="")$url=$MAIN_URL;
do_redir($url);
}
/*********************************************/
/*how_many -returns the count of logged users*/
/* */
/* */
/*type: "all" - count all users */
/* "anonymous" - count of no logged usrs*/
/* "logged" - count of logged users */
/* */
/*********************************************/
function how_many($type)
{
global $MySQL_link,$VSecure_tbl_ss;
if ($type=="all")
{
$qw="select * from $VSecure_tbl_ss ";
}
elseif ($type=="anonymous")
{
$qw="select * from $VSecure_tbl_ss where login='".md5('anonym')."' ";
}
elseif ($type=="logged")
{
$qw="select * from $VSecure_tbl_ss where login!='".md5('anonym')."' ";
}
else
{
return false;
}
$result=@mysql_query ($qw,$MySQL_link);
return mysql_num_rows ($result);
}
#########################################################
# return random password made only from numbers and a-Z #
#########################################################
function random_passwd($length_)
{
$passwd_="";$i=0;
for ($i=0;$i<$length_;$i++)
{
$rnd_=mt_rand(0,2);
if ($rnd_==0)$rnd_=mt_rand(48,57);
if ($rnd_==1)$rnd_=mt_rand(65,90);
if ($rnd_==2)$rnd_=mt_rand(97,122);
$passwd_.= chr($rnd_);
}
return $passwd_;
}
#########################################################
# outputs xhtml 1.1 header of document with title $TITLE#
#########################################################
function xhtml_header($TITLE,$styles = false,$script = false)
{
global $language,$charset;
echo '<?xml version="1.0" encoding="'.$charset.'"?>';
echo "\n<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.1//EN\" \"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd\">\n";
echo "<html xmlns=\"http://www.w3.org/1999/xhtml\">\n";
echo "<head>\n";
echo " <meta http-equiv=\"content-type\" content=\"text/html; charset=".$charset."\" />\n";
echo " <meta http-equiv=\"content-style-type\" content=\"text/css\" />\n";
echo " <meta http-equiv=\"content-language\" content=\"$language\" /> \n";
if ((file_exists('style.css'))&&($styles)) echo " <link rel=\"stylesheet\" type=\"text/css\" href=\"style.css\" />\n";
echo " <title> $TITLE</title>\n";
echo "</head>\n";
echo "<body bgcolor=\"#ffffff\" textcolor=\"#000000\" >\n";
if ((file_exists('script.js'))&&($script)) echo " <script language=\"JavaScript1.2\" src=\"script.js\" type=\"text/javascript\">\n</script>\n";
echo " <div style=\"margin:0px;\" >\n";
}
#########################################################
# outputs xhtml 1.1 foot of document and axits #
#########################################################
function xhtml_footer()
{
echo "\n\n <br />\n<br />\n";
echo "<div style=\"font-weight:bold;text-align:center;font-size:12px;color:Maroon;\">Jan Vilimek, <a href=\"mailto:hide@address.com?subject=VSecure".htmlentities (" on server ".$_SERVER['SERVER_NAME'])."\" title=\"mail me\">hide@address.com</a>, © 2001<br />\n";
echo "\n ...please check our pages <a href=\"http://www.guanoweb.cz\" title=\"Click here...\">www.guanoweb.cz</a> for new updates...</div>\n";
echo "\n </div>\n";
echo "</body>\n";
echo "</html>";
exit();
}
###########################################################
# returns shorted string with '...' on the end if shorted #
###########################################################
function str_shorten($str,$new_length)
{
if ((strlen($str)>$new_length)&&($new_length>4))
{
$newstr= substr ( $str, 0 , $new_length - 3);
$newstr.='...';
return $newstr;
}else return $str;
}
?>