<?php // 8/9/2002 8:54AM
/*
Name: phpSecurityAdmin
Author: Justin Koivisto (hide@address.com)
Version: 2.3.2
Date: 8/9/2002 8:55AM GMT-6:00
Copyright (C) 2001,2002
This program is free software; you can redistribute it and/or modify it under the terms of
the GNU General Public License as published by the Free Software Foundation; either version
2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
See the GNU General Public License for more details. (Found in the LICENSE file.)
You should have received a copy of the GNU General Public License along with this program;
if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston,
MA 02111-1307 USA
*/
// make sure this file is only included once
if(isset($SECURITY_CLASS_INC)) return;
$SECURITY_CLASS_INC=TRUE;
require dirname(__FILE__).'/class.phpMysqlConnection.php';
// start defining security_class
class phpSecurityAdmin extends phpMysqlConnection{
var $SQL_HOST='';
var $SQL_DB='';
var $SQL_USER='';
var $SQL_PASS='';
var $LANGUAGE='';
var $VERSION='2.3.1';
var $PHPSECURITYADMIN_HOST='';
// This is the class constructor
function phpSecurityAdmin($lang,$user='phpuser',$pass='php',$db='security',$host='localhost',$site=''){
global $PHPSECURITYADMIN_PATH;
// include the correct language file.
// the passed value of $lang would be the prefix of the
// language file to use from the "lang" directory.
include $PHPSECURITYADMIN_PATH.'/lang/'.$lang.'.lang.php';
$this->SQL_HOST=$host;
$this->SQL_DB=$db;
$this->SQL_USER=$user;
$this->SQL_PASS=$pass;
$this->LANGUAGE=$lang;
if(!empty($site))
$this->PHPSECURITYADMIN_HOST=$site;
else
$this->PHPSECURITYADMIN_HOST=$_SERVER['HTTP_HOST'];
// connect to the database - errors are output by the phpMysqlConnection
$this->phpMysqlConnection($user,$pass,$host);
$this->SelectDB($db);
}
//-----------------------------------------------------------------------------------------------------------
/*
isLoggedIn: Checks to see if the user is logged in through the session variables.
returns: TRUE or FALSE
*/
function isLoggedIn(){
// if session remote value doesn't equal the remote address, don't allow access.
if(isset($_SESSION['psaun']) && isset($_SESSION['remote']) &&
($_SESSION['remote'] == $_SERVER['REMOTE_ADDR'])){
return TRUE;
}
return FALSE;
}
//-----------------------------------------------------------------------------------------------------------
/*
Login: Performs the actual login procedure with all error checking.
returns: FALSE if successful login or error message stringaccording to locale on failure.
param: user [string] The username to log in with.
param: pass [string] The password to log in with.
*/
function Login($user='',$pass=''){
if($user=='')
return $this->PHPSECURITYADMIN_NO_USERNAME;
if($pass=='')
return sprintf($this->PHPSECURITYADMIN_BAD_PASSWORD,$user);
// I want to make sure that there are no sneaks trying to pass SQL queries!
$user=str_replace(' ','',$user);
// password is md5() encoded before comparison - no need to check value (might want spaces in password)
// clear session variables
session_unset();
// check if username is in the system
if($this->isSystemUser($user)){
// get user info from the database
$query="SELECT `pass`,`hash`,`active`,`lockcount`,`connection`,`uid`,`gid` FROM `security_users` WHERE `id`='".
trim($user)."'";
$this->QueryRow($query);
$connection=explode("'",$this->data['connection']);
$db_pass=$this->data['pass'];
$db_hash=$this->data['hash'];
$active=$this->data['active'];
$psau=$this->data['uid'];
$psag=$this->data['gid'];
$lockcount=$this->data['lockcount']+1;
// get the system lockout number
$query="SELECT `value` FROM `security_settings` WHERE `name`='lockcount'";
$sys_lock=$this->QueryItem($query);
if($lockcount>$sys_lock){
$query="UPDATE `security_users` SET `updated`='".date('Y-m-d H:i:s').
"', `active`='0',`lockcount`='0' WHERE `id`='".$user."'";
$this->Update($query);
return $this->PHPSECURITYADMIN_ACCOUNT_LOCK;
}
// check if user account is active
if(!$active)
return $this->PHPSECURITYADMIN_ACCOUNT_LOCK;
// check if connection is allowed
if(!$this->checkConnection($user)){
// connection not allowed!
$query="UPDATE `security_users` SET `updated`='".date("Y-m-d H:i:s")."', `lockcount`='".
$lockcount."' WHERE `id`='".$user."'";
$this->Update($query);
return sprintf($this->PHPSECURITYADMIN_BAD_CONNECTION,$_SERVER['REMOTE_ADDR']);
}
// check the password
$pass=trim($pass);
if(strlen($pass)>0 && md5($pass.$db_hash)==$db_pass){
$query="UPDATE `security_users` SET `updated`='".date("Y-m-d H:i:s").
"', `lockcount`='0' WHERE `id`='".$user."'";
$this->Update($query);
$psaun=$user;
$remote=$_SERVER['REMOTE_ADDR'];
$_SESSION['psaun']=$psaun;
$_SESSION['remote']=$remote;
$_SESSION['psag']=$psag;
$_SESSION['psau']=$psau;
return FALSE;
}else{
$query="UPDATE `security_users` SET `updated`='".date("Y-m-d H:i:s")."', `lockcount`='".$lockcount.
"' WHERE `id`='".$user."'";
$this->Update($query);
return sprintf($this->PHPSECURITYADMIN_BAD_PASSWORD,$user);
}
}else
return sprintf($this->PHPSECURITYADMIN_USER_DOES_NOT_EXIST,$user);
}
//-----------------------------------------------------------------------------------------------------------
/*
Logout: Logs out the user and destroys the session.
*/
function Logout(){
if(isset($_SESSION['psaun'])){
session_unset();
session_destroy();
}
}
//-----------------------------------------------------------------------------------------------------------
/*
checkConnection: Check to see if the user is allowed to connect from the current address
return: TRUE or FALSE
param: user [string] The username that is trying to log in.
*/
function checkConnection($user){
$SYSFLAG=FALSE;
$ipsegs=explode('.',$_SERVER['REMOTE_ADDR']);
$pattern='^('.$ipsegs[0].'){1,}\.('.$ipsegs[1].')+\.('.$ipsegs[2].')+\.('.$ipsegs[3].')+$';
// check system permission first
$query="SELECT `value` FROM `security_settings` WHERE `name`='connection'";
$connection=$this->QueryItem($query);
if($connection){
// for each of the listed accepted address ranges, check if it matches
$connections=explode(',',$connection); // separate multiples
while(list($x,$conn)=@each($connections)){
$pattern='^'.str_replace('.','\.',trim($conn));
if(ereg($pattern,$_SERVER['REMOTE_ADDR'])) $SYSFLAG=TRUE;
}
}else{
$SYSFLAG=TRUE;
}
if($SYSFLAG){
$USERFLAG=FALSE;
$query="SELECT `connection` FROM `security_users` WHERE `id`='".$user."'";
$connection=$this->QueryItem($query);
if($connection){
// for each of the listed accepted address ranges, check if it matches
$connections=explode(',',$connection); // separate multiples
while(list($x,$conn)=@each($connections)){
$pattern='^'.str_replace('.','\.',trim($conn));
if(ereg($pattern,$_SERVER['REMOTE_ADDR'])) $USERFLAG=TRUE;
}
}else{
$USERFLAG=TRUE;
}
}
return ($SYSFLAG && $USERFLAG);
}
//-----------------------------------------------------------------------------------------------------------
/*
isSystemUser: Check to see if username exists on system.
return: TRUE or FALSE
param: user [string] The username to check for.
*/
function isSystemUser($user){
// don't even look up if not in valid format
if(!$this->isValidUsername($user))
return FALSE;
if($this->Exists("SELECT `id` FROM `security_users` WHERE `id`='".$user."'"))
return TRUE;
return FALSE;
}
//-----------------------------------------------------------------------------------------------------------
/*
isValidUsername: Check to see if the username is only alpha-numeric characters and is of the proper length according to the system settings.
return: array('result','max','min')
Result Values:
0 if good
-1 if too short
-2 if too long
-3 if invalid characters
param: user [string] The username to check.
*/
function isValidUsername($user){
$query="SELECT `value` FROM `security_settings` WHERE `name`='max_username_length'";
$max_username_length=$this->QueryItem($query);
$query="SELECT `value` FROM `security_settings` WHERE `name`='min_username_length'";
$min_username_length=$this->QueryItem($query);
$regex='/^[a-zA-Z0-9]+$/';
$test=strlen($user);
if($test > $max_username_length)
return array('result'=>-2,'max'=>$max_username_length,'min'=>$min_username_length);
if($test < $min_username_length)
return array('result'=>-1,'max'=>$max_username_length,'min'=>$min_username_length);
if(!preg_match($regex,$user))
return array('result'=>-3,'max'=>$max_username_length,'min'=>$min_username_length);
return array('result'=>1,'max'=>$max_username_length,'min'=>$min_username_length);
}
//-----------------------------------------------------------------------------------------------------------
/*
isValidPassword: Check to make sure the password is of proper length.
return: array('result','min','max')
Result values:
1 if good
-1 if too short
-2 if too long
param: pass [string] The password to check.
*/
function isValidPassword($pass){
$query="SELECT `value` FROM `security_settings` WHERE `name`='max_password_length'";
$max_password_length=$this->QueryItem($query);
$query="SELECT `value` FROM `security_settings` WHERE `name`='min_password_length'";
$min_password_length=$this->QueryItem($query);
$test=strlen($pass);
if($test > $max_password_length)
$result=-2;
else if($test < $min_password_length)
$result=-1;
else
$result=1;
return array('result'=>$result,'min'=>$min_password_length,'max'=>$max_password_length);
}
//-----------------------------------------------------------------------------------------------------------
/*
isAdmin
return: TRUE of FALSE
param: user [string] The username to lookup and test.: Check if the user has administrative privileges.
*/
function isAdmin($user){
$query="SELECT `gid` FROM `security_users` WHERE `id`='".$user."'";
$gid=$this->QueryItem($query);
$query="SELECT `admin` FROM `security_profiles` WHERE `id`='".$gid."'";
if($this->QueryItem($query))
return TRUE;
return FALSE;
}
//-----------------------------------------------------------------------------------------------------------
/*
hasRights: Check to see if the user has rights to view this page. Use $_SERVER['PHP_SELF'] as the url.
return: Returns TRUE or FALSE.
param: url [string] The filename of the page.
*/
function hasRights($url,$url2=''){
// Make sure that the database will contain the full URI for the page
// $PHP_SELF should be used to pass the url to this function
$url=ereg_replace('(\?|&)PHPSESSID=[a-zA-Z0-9]{32}','',$url);
$url2=ereg_replace('(\?|&)PHPSESSID=[a-zA-Z0-9]{32}','',$url2);
$query="SELECT `id` FROM `security_pages` WHERE `page`='".$url."' OR `page`='".$url2."'";
if($this->Exists($query))
$pageid=$this->QueryItem($query);
$query="SELECT `gid` FROM `security_users` WHERE `id`='".$_SESSION['psaun']."'";
$gid=$this->QueryItem($query);
$tmp=$this->getProfiles();
$rightsar=$this->getProfile($gid);
if(isset($rightsar[$pageid]))
return TRUE;
// 6/6/02 12:11PM - this was still set to echo the output rather than return the string
return $this->PHPSECURITYADMIN_NO_ACCESS."<br><br>\n";
}
//-----------------------------------------------------------------------------------------------------------
/*
createRights: Takes an array and creates a field value for rights (users/profiles). Only adds rights to pages that are in the database.
return: Returns a serialized array for storing in the rights field of the security_users table.
param: ar array[page id]=access right
*/
function createRights($ar){
$i=0; $retarr=array();
$pages=$this->getPages();
while(list($key,$val)=@each($ar)){
if(isset($pages[$key]))
$retarr[$key]=$val;
$i++;
}
return serialize($retarr);
}
//-----------------------------------------------------------------------------------------------------------
/*
deleteUser: Remove a user from the system.
param: user [string] The username you wish to delete from the database.
*/
function deleteUser($user){
$this->Delete("DELETE FROM `security_users` WHERE `id`='$user'");
}
//-----------------------------------------------------------------------------------------------------------
/*
addProfile: Takes an array and creates a system user profile based on it.
param: ar array[field]=bool
*/
function addProfile($ar){
$name=$ar['name'];
if(isset($ar['admin']))
$admin=1;
else
$admin=0;
unset($ar['admin']);
unset($ar['name']);
$ar=$this->createRights($ar);
$query="INSERT INTO `security_profiles` SET `name`='".$name."', `value`='".$ar."',`admin`='".$admin."'";
$this->Insert($query);
}
//-----------------------------------------------------------------------------------------------------------
/*
editProfile: Takes an array and updates a profile based on it.
param: ar array[field]=bool
*/
function editProfile($ar){
$id=$ar['id'];
$name=$ar['name'];
if(isset($ar['admin']))
$admin=$ar['admin'];
else
$admin=0;
$ar=$this->createRights($ar);
$query="UPDATE `security_profiles` SET `name`='".$name."',`value`='".$ar."',`admin`='".$admin."' WHERE `id`='".$id."'";
$this->Update($query);
}
//-----------------------------------------------------------------------------------------------------------
/*
deleteProfile: Takes a profile id and deletes the profile.
param: id [int] The profile's database row id.
*/
function deleteProfile($id){
$this->Delete("DELETE FROM `security_profiles` WHERE `id`='$id'");
}
//-----------------------------------------------------------------------------------------------------------
/*
addPage: Adds a page to the database to allow restrictions.
return: Returns TRUE or FALSE if filename or title already in use.
param: title [string] The name you want to see the page displayed as in the rights list.
param: page [string] The filename of the page.
*/
function addPage($title,$page){
$query="SELECT `id` FROM `security_pages` WHERE `title`='".$title."' OR `page`='".$page."'";
if($this->Exists($query))
return FALSE;
else{
$query="INSERT INTO `security_pages` SET `title`='".$title."',`page`='".$page."'";
$this->Insert($query);
return TRUE;
}
}
//-----------------------------------------------------------------------------------------------------------
/*
editPage: Edits a page in the database info that is sent via array.
param: ar [array] Use $_POST.
*/
function editPage($ar){
$query="UPDATE `security_pages` SET `page`='".
$ar['page']."', `title`='".$ar['title']."' WHERE `id`='".$ar['id']."'";
$this->Update($query);
}
//-----------------------------------------------------------------------------------------------------------
/*
deletePage: Deletes a page from the database. If this is done nobody can view that page unless the include _restrict.php line is removed from the file on the server.
param: id [int] The database row id of the page to delete.
*/
function deletePage($id){
$query="DELETE FROM `security_pages` WHERE `id`='".$id."'";
$this->Delete($query);
}
//-----------------------------------------------------------------------------------------------------------
/*
getPages: Get an array of all the page ids and titles.
return: array[page id]=title
*/
function getPages(){
$pages=array();
$query='SELECT `id`,`title` FROM `security_pages` ORDER BY `title`';
$this->Query($query);
for($i=0;$i<$this->rows;$i++){
$this->GetRow($i);
$id=$this->data['id'];
$title=$this->data['title'];
$pages[$id]=$title;
}
return $pages;
}
//-----------------------------------------------------------------------------------------------------------
/*
getPage: Get an array of the page values from the table.
return: array[field]=value
param: id [int] The page's database row id.
*/
function getPage($id){
$query="SELECT `id`,`page`,`title` FROM `security_pages` WHERE `id`='".$id."'";
$this->QueryRow($query);
$retarr['id']=$id;
$retarr['page']=$this->data['page'];
$retarr['title']=$this->data['title'];
return $retarr;
}
//-----------------------------------------------------------------------------------------------------------
/*
getProfiles: Get an array of all the profile ids and names in the system.
return: array[id]=name else FALSE if no profiles exist.
*/
function getProfiles(){
$profiles=FALSE;
$query='SELECT `id`,`name` FROM `security_profiles` ORDER BY `name`';
$this->Query($query);
if($this->rows) $profiles=array();
for($i=0;$i<$this->rows;$i++){
$this->GetRow($i);
$id=$this->data['id'];
$name=$this->data['name'];
$profiles[$id]=$name;
}
return $profiles;
}
//-----------------------------------------------------------------------------------------------------------
/*
getProfile: Get the profile information from the database.
return: FALSE if profile doesn't extist.
Array[pageid]=$_GET['a']ccess_flag as well as array['name']=name and array['admin']=T/F if profile has been set else returns $array['name']=name if it is an empty profile.
param: id [int] The profile's database row id.
*/
function getProfile($id){
$query="SELECT `value`,`name`,`admin` FROM `security_profiles` WHERE `id`='".$id."'";
if($this->Exists($query)){
$this->QueryRow($query);
$rights=unserialize($this->data['value']);
$rights['rights']=$this->data['value'];
$rights['name']=$this->data['name'];
$rights['admin']=$this->data['admin'];
return $rights;
}else
return FALSE;
}
//-----------------------------------------------------------------------------------------------------------
/*
getUsers: Get array of users.
return: array(name,email,phone,connection,admin,active)
*/
function getUsers(){
$users=array();
$groups=array();
$q='SELECT `id`,`admin` FROM `security_profiles` ORDER BY `id`';
$this->Query($q);
for($i=0;$i<$this->rows;$i++){
$this->GetRow($i);
$groups[$this->data['id']]=$this->data['admin'];
}
$query='SELECT `id`,`fname`,`lname`,`mname`,`email`,`gid`,`uid`,`phone`,`connection`,`active` FROM `security_users`';
$this->Query($query);
for($i=0;$i<$this->rows;$i++){
$this->GetRow($i);
$id=$this->data['id'];
$fname=$this->data['fname'];
$lname=$this->data['lname'];
$mname=$this->data['mname'];
$email=$this->data['email'];
$phone=$this->data['phone'];
$gid=$this->data['gid'];
$uid=$this->data['uid'];
$connection=$this->data['connection'];
$active=$this->data['active'];
$name=$lname.', '.$fname;
$users[$id]=array('id'=>$id,'name'=>$name,'email'=>$email,'phone'=>$phone,
'connection'=>$connection,'admin'=>$groups[$gid],'active'=>$active,
'lname'=>$lname,'fname'=>$fname,'mname'=>$mname,'gid'=>$gid,'uid'=>$uid);
}
return $users;
}
//-----------------------------------------------------------------------------------------------------------
/*
loginForm: Displays a login form that posts to page that called function.
*/
function loginForm($custom=''){
if($custom){
include $custom;
return TRUE;
}else{
?>
<form method=post action="<?php echo $_SERVER['REQUEST_URI'] ?>">
<input type=hidden name="requested_uri" value="<?php echo $_SERVER['REQUEST_URI'] ?>">
<?php
while(list($k,$v)=@each($_POST)){
echo '<input type="hidden" name="'.$k.'" value="'.urlencode($v).'">'."\n";
}
?>
<pre><b><?php printf('%-15s',$this->PHPSECURITYADMIN_USERNAME.':') ?></b> <input type=text size=30 name=user>
<b><?php printf('%-15s',$this->PHPSECURITYADMIN_PASSWORD.':') ?></b> <input type=password size=30 name=pass></pre>
<input type=hidden name=language value="<?php echo $this->LANGUAGE?>">
<input type=submit name=LOGIN value="<?php echo $this->PHPSECURITYADMIN_LOGIN ?>">
</form>
<?php
return TRUE;
}
}
//-----------------------------------------------------------------------------------------------------------
/*
editUser: Updates the user information in the database based on the passed values. It does not matter which parameter (or both) you send.
return: Returns TRUE or FALSE if no array was sent.
param: ar [array] Use $_POST to send the user information to the function for updates.
param: rgt [array] Use $_POST to send the user rights to the function for updates.
*/
function editUser($ar){
$query="UPDATE `security_users` SET `updated`='".date('Y-m-d H:i:s')."'";
$pass_test=$this->isValidPassword($ar['pass1']);
if(isset($ar['pass1']) && $pass_test['result']==1)
$this->changePassword($ar['id'],$ar['pass1']);
while(list($field,$value)=@each($ar)){
if($field=='uid' || $field=='gid' || $field=='id' || $field=='lname' ||
$field=='fname' || $field=='mname' || $field=='email' || $field=='phone' ||
$field=='active' || $field=='connection')
$query.=",`".$field."`='".$value."'";
}
if(!isset($ar['active']))
$query.=",`active`='0'";
$query.=" WHERE `id`='".$ar['id']."'";
$this->Update($query);
return TRUE;
}
//-----------------------------------------------------------------------------------------------------------
/*
activateUser: [de]activates a user in the database.
param: $user [string] the user to activate/deactivate
param: $active [int] Pass as 0 to deactivate a user.
*/
function activateUser($user,$active=1){
$query="UPDATE `security_users` SET `updated`='".date('Y-m-d H:i:s')."', `active`='".$active.
"' WHERE `id`='".$user."'";
$this->Update($query);
}
//-----------------------------------------------------------------------------------------------------------
/*
changeProfile: Takes single array $ar to change a user's access rights profile.
param: ar [array] The fields posted from the form (use $_POST).
return: Updates the user's gid in the database.
*/
function changeProfile($ar){
$uid=$ar['uid'];
$gid=$ar['profile'];
$q="UPDATE `security_users` SET `updated`='".date('Y-m-d H:i:s')."', `gid`='".$gid."' WHERE `uid`='".$uid."'";
$this->Update($q);
}
//-----------------------------------------------------------------------------------------------------------
/*
addUser: Takes single array $ar to create a new user for the system.
return: Returns TRUE on success and FALSE if the user already exists.
param: ar [array] The fields posted from the form (use $_POST).
*/
function addUser($ar){
$users=$this->getUsers();
if(!isset($users[$ar['id']])){
$query="SELECT `value` FROM `security_profiles` WHERE `id`='".$ar['profile']."'";
$rights=$this->QueryItem($query);
$query="INSERT INTO `security_users` SET `updated`='".date('Y-m-d H:i:s')."'";
$HASH_VAR=date('YmdHis').$_SERVER['REMOTE_ADDR'];
$hash=md5($HASH_VAR);
$password=md5($ar['pass'].$hash);
$query.=",`lname`='".$ar['lname']."',`fname`='".$ar['fname']."',`mname`='".$ar['mname']."'".
",`email`='".$ar['email']."',`phone`='".$ar['phone']."',`id`='".$ar['id']."',`pass`='".$password."'".
",`hash`='".$hash."',`gid`='".$ar['profile']."',`active`='1'";
$this->Insert($query);
return TRUE;
}else
return FALSE;
}
//-----------------------------------------------------------------------------------------------------------
/*
changePassword: Updates the user's password in the database. The logged in user must either be the same as the requested change or someone with administrative rights to the system.
return: TRUE or FALSE.
param: user [string] The username that the new password corresponds with.
param: pass [string] The new password.
*/
function changePassword($user,$pass){
if($_SESSION['psaun']==$user || $this->isAdmin($_SESSION['psaun'])){
$HASH_VAR=date('YmdHis').$_SERVER['REMOTE_ADDR'];
$hash=md5($HASH_VAR);
$password=md5($pass.$hash);
$query="UPDATE `security_users` SET `updated`='".date('Y-m-d H:i:s')."', `pass`='".$password."', ".
"`hash`='".$hash."', `lockcount`='0', `active`='1' WHERE `id`='".$user."'";
$this->Update($query);
return TRUE;
}else
return FALSE; // could possibly log these requests to show violations
}
//-----------------------------------------------------------------------------------------------------------
/*
updateSettings: Allows a user to change the security system settings
return: The database is updated.
param: array of posted values from form (Use $_POST)
*/
function updateSettings($ar){
while(list($name,$val)=@each($ar)){
if($name!='submit'){
$query="UPDATE `security_settings` SET `value`='".$val."' WHERE `name`='".$name."'";
$this->Update($query);
}
}
}
//-----------------------------------------------------------------------------------------------------------
/*
languageSelection: Displays a language selection from from data in security_languages
*/
function languageSelection($outofdate=0){
$retVal=' <form method=post action="'.$_SERVER['REQUEST_URI'].'">'."\n".
' <select name=language>'."\n";
$q='SELECT `id`,`name` FROM `security_languages`';
if($outofdate)
$q.=" WHERE `uptodate`='0'";
else
$q.=" WHERE `uptodate`='1'";
$q.=' ORDER BY `name`';
$this->Query($q);
for($i=0;$i<$this->rows;$i++){
$this->GetRow($i);
$retVal.=' <option value="'.$this->data['id'].'"';
if($this->data['id']==$this->LANGUAGE)
$retVal.=' selected';
$retVal.='>'.$this->data['name'].'</option>'."\n";
}
$retVal.=' </select>'."\n".
' <input type=submit value="'.$this->PHPSECURITYADMIN_TRANSLATE.'">'."\n".
' </form>'."\n";
return $retVal;
}
//-----------------------------------------------------------------------------------------------------------
/*
securityHeader: Starts the HTML output for the page.
*/
function securityHeader($charset='iso-8859-1'){
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//<?php echo strtoupper($this->LANGUAGE); ?>">
<html>
<head>
<title>phpSecurityAdmin <?php echo $this->VERSION ?>: <?php echo $this->PHPSECURITYADMIN_HOST ?></title>
<meta http-equiv="Content-Type" content="text/html; charset=<?php echo $charset ?>">
<link rel="stylesheet" href="styles.css" type="text/css">
</head>
<body style="background-color: #ffffff; color: #000000;">
<?php
}
//-----------------------------------------------------------------------------------------------------------
/*
securityFooter: Ends the HTML output for the page.
*/
function securityFooter(){
?>
</body>
</html>
<?php
}
} // end security_class
?>