include/incl.php

   1 <?php
   2 /*************************************************/
   3 /* Main Include Library for Application Database */
   4 /*************************************************/
   5
   6 // get modules
   7 ini_set("memory_limit","64M");
   8 require_once(BASE."include/config.php");
   9 require(BASE."include/util.php");
  10 require(BASE."include/user.php");
  11 require(BASE."include/session.php");
  12 require(BASE."include/menu.php");
  13 require(BASE."include/html.php");
  14 require(BASE."include/error_log.php");
  15 require(BASE."include/query.php");
  16 require(BASE."include/table.php");
  17 require_once(BASE."include/objectManager.php");
  18
  19 /* if magic quotes are enabled make sure the user disables them */
  20 /* otherwise they will see all kinds of odd effects that are difficult */
  21 /* to track down */
  22 if(get_magic_quotes_gpc())
  23 {
  24     echo "<b>Please disable the magic quotes GPC PHP setting. See <a href=\"http://us2.php.net/manual/en/ref.info.php#ini.magic-quotes-gpc\"> this page</a> for more information</b><br><br>";
  25     echo "AppDB php code assumes magic quotes are disabled.<br><br>";
  26     echo "Magic quotes are a bad idea for a few reasons.<br><br>";
  27     echo "First is that php calls <b>addslashes()</b> on all \$_POST, \$_REQUEST and cookie variables ";
  28     echo "if magic quotes is enabled. ";
  29     echo "Ooooooh you say.<br>";
  30     echo "<i>\"Aren't magic quotes a convienent way to protect my php code from sql injection attacks?\"</i><br><br>";
  31     echo "No!  <b>addslashes()</b> isn't adequate.  You should use <b>query_escape_string()</b> or some other function";
  32     echo " that will handle multi-byte characters.  See <a href=\"http://shiflett.org/archive/184\">this article</a>";
  33     echo " for a way to exploit <b>addslash()</b>ed parameters.<br><br>";
  34     echo "A second reason is that with magic quotes enabled, due to the use of <b>query_escape_string()</b> to";
  35     echo " protect from sql injection attacks we'll end up with variables that have been addslash()ed and";
  36     echo " <b>query_escape_string()</b>ed.  So you end up having to call stripslashes() on EVERY variable. ";
  37     exit;
  38 }
  39
  40 /**
  41  * rename $_REQUEST variables to preserve backwards compatibility
  42  * with bugzilla links and urls in emails and on google from before our
  43  * mass rename of GPC variables to use our coding standard prefixing
  44  *
  45  * NOTE: we may be able to remove these backwareds compatibility changes
  46  *       in a few years, check in mid 2007 to see how many old
  47  *       links are still poping up in google then
  48  */
  49 if(isset($_REQUEST['versionId']))
  50 {
  51    $_REQUEST['iVersionId'] = $_REQUEST['versionId'];
  52    unset($_REQUEST['versionId']);
  53 }
  54 if(isset($_REQUEST['appId']))
  55 {
  56    $_REQUEST['iAppId'] = $_REQUEST['appId'];
  57    unset($_REQUEST['appId']);
  58 }
  59 if(isset($_REQUEST['bug_id']))
  60 {
  61     $_REQUEST['iBugId'] = $_REQUEST['bug_id'];
  62     unset($_REQUEST['bug_id']);
  63 }
  64 if(isset($_REQUEST['catId']))
  65 {
  66     $_REQUEST['iCatId'] = $_REQUEST['catId'];
  67     unset($_REQUEST['catId']);
  68 }
  69 if(isset($_REQUEST['sub']))
  70 {
  71     $_REQUEST['sSub'] = $_REQUEST['sub'];
  72     unset($_REQUEST['sub']);
  73 }
  74 if(isset($_REQUEST['topic']))
  75 {
  76     $_REQUEST['sTopic'] = $_REQUEST['topic'];
  77     unset($_REQUEST['topic']);
  78 }
  79 if(isset($_REQUEST['mode']))
  80 {
  81     $_REQUEST['sMode'] = $_REQUEST['mode'];
  82     unset($_REQUEST['mode']);
  83 }
  84 /* End backwards compatibility code */
  85
  86 // create arrays
  87 $sidebar_func_list = array();
  88 $help_list = array();
  89
  90 function apidb_help_add($desc, $id)
  91 {
  92     global $help_list;
  93     $help_list[] = array($desc, $id);
  94 }
  95
  96
  97 // return url with docroot prepended
  98 function apidb_url($path)
  99 {
 100     return BASE.$path;
 101 }
 102
 103 // return FULL url with docroot prepended
 104 function apidb_fullurl($path = "")
 105 {
 106     return BASE.$path;
 107 }
 108
 109 function appdb_fullpath($path)
 110 {
 111     /* IE: we know this file is in /yyy/xxx/include, we want to get the /yyy/xxx
 112     /* so we call dirname  on this file path twice */
 113     $fullpath = dirname(dirname(__FILE__))."//".$path;
 114     /* get rid of potential double slashes due to string concat */
 115     return str_replace("//", "/", $fullpath);
 116 }
 117
 118
 119 /*
 120  * output the common apidb header
 121  */
 122 function apidb_header($title = 0)
 123 {
 124     $realname = $_SESSION['current']->sRealname;
 125
 126     // Set Page Title
 127     $page_title = $title;
 128     if ($title)
 129          $title = " - $title";
 130
 131     // grab the starting time
 132     global $sPageGeneratingStartTime;
 133     $sPageGeneratingStartTime = microtime();
 134     $aStartarray = explode(" ", $sPageGeneratingStartTime);
 135     $sPageGeneratingStartTime = $aStartarray[1] + $aStartarray[0];
 136
 137     // Display Header
 138     include(BASE."include/header.php");
 139
 140     // Display Sidebar
 141     apidb_sidebar();
 142
 143     // Display Status Messages
 144     dumpmsgbuffer();
 145 }
 146
 147
 148 /*
 149  * output the common apidb footer
 150  */
 151 function apidb_footer()
 152 {
 153     // grab the end of the page generating time
 154     global $sPageGeneratingStartTime;
 155     $sPageGeneratingEndTime = microtime();
 156     $aEndarray = explode(" ", $sPageGeneratingEndTime);
 157     $sPageGeneratingEndTime = $aEndarray[1] + $aEndarray[0];
 158     $sTotaltime = $sPageGeneratingEndTime - $sPageGeneratingStartTime;
 159     $sTotaltime = round($sTotaltime,5);
 160     echo "<center>Page loaded in <b>$sTotaltime</b> seconds.</center>";
 161
 162     // Display Footer
 163     if(!isset($header_disabled))
 164         include(BASE."include/"."footer.php");
 165 }
 166
 167 /*
 168  * output the sidebar, calls all functions registered with apidb_sidebar_add
 169  */
 170 function apidb_sidebar()
 171 {
 172     global $sidebar_func_list;
 173
 174 echo '
 175 <div id="sidebar">
 176     <ul>
 177 ';
 178
 179     //TURN on GLOBAL ADMIN MENU
 180     if ($_SESSION['current']->hasPriv("admin"))
 181     {
 182         include(BASE."include/sidebar_admin.php");
 183         apidb_sidebar_add("global_admin_menu");
 184     } else if($_SESSION['current']->isMaintainer()) /* if the user maintains anything, add their menus */
 185     {
 186         include(BASE."include/sidebar_maintainer_admin.php");
 187         apidb_sidebar_add("global_maintainer_admin_menu");
 188     }
 189
 190     // Login Menu
 191     include(BASE."include/sidebar_login.php");
 192     apidb_sidebar_add("global_sidebar_login");
 193
 194     // Main Menu
 195     include(BASE."include/sidebar.php");
 196     apidb_sidebar_add("global_sidebar_menu");
 197
 198     //LOOP and display menus
 199     for($i = 0; $i < sizeof($sidebar_func_list); $i++)
 200     {
 201         $func = $sidebar_func_list[$i];
 202         $func();
 203     }
 204
 205 echo '
 206     </ul>
 207 </div>
 208 ';
 209
 210 }
 211
 212
 213 /**
 214  * register a sidebar menu function
 215  * the supplied function is called when the sidebar is built
 216  */
 217 function apidb_sidebar_add($funcname)
 218 {
 219     global $sidebar_func_list;
 220     array_unshift($sidebar_func_list, $funcname);
 221 }
 222
 223
 224 function apidb_image($name)
 225 {
 226     return BASE."images/$name";
 227 }
 228
 229
 230 /**
 231  * format a date as required for HTTP by RFC 2068 sec 3.3.1
 232  */
 233 function fHttpDate($iDate) {
 234    return gmdate("D, d M Y H:i:s",$iDate)." GMT";
 235 }
 236
 237 /**
 238  *  parse all the date formats required by HTTP 1.1 into PHP time values
 239  */
 240 function pHttpDate($sDate) {
 241    $iDate = strtotime($sDate);
 242    if ($iDate != -1) return $iDate;
 243                 /* the RFC also requires asctime() format... */
 244    $aTs = strptime($sDate,"%a %b  %e %H:%M:%S %Y");
 245    $iDate = gmmktime($aTs[2],$aTs[1],$aTs[0],$aTs[4],$aTs[3],$aTs[5],0);
 246    return $iDate;
 247 }
 248
 249 /**
 250  * msgs will be displayed on the Next page view of the same user
 251  */
 252 function addmsg($shText, $color = "black")
 253 {
 254     $GLOBALS['session']->addmsg($shText, $color);
 255 }
 256
 257
 258 function purgeSessionMessages()
 259 {
 260   $GLOBALS['session']->purgemsg();
 261 }
 262
 263
 264 /**
 265  * output msg_buffer and clear it.
 266  */
 267 function dumpmsgbuffer()
 268 {
 269     $GLOBALS['session']->dumpmsgbuffer();
 270     if (is_array($GLOBALS['session']->msg) and count($GLOBALS['session']->msg) > 0)
 271     {
 272         echo html_frame_start("","300","",5);
 273         foreach ($GLOBALS['session']->msg as $msg)
 274         {
 275             if ($msg['color'] == "red")
 276                $msg['color'] = "{$msg['color']};text-decoration:blink";
 277             echo "<div align=\"center\" style=\"font-color:{$msg['color']};\"> {$msg['msg']} </div>";
 278         }
 279         echo html_frame_end("&nbsp;");
 280         echo "<br>\n";
 281     }
 282 }
 283
 284 /**
 285  * Init Session (stores user info in session)
 286  */
 287 $session = new session("whq_appdb");
 288 $session->register("current");
 289
 290 if(!isset($_SESSION['current']))
 291 {
 292     $_SESSION['current'] = new User();
 293 }
 294
 295 // if we are debugging we need to see all errors
 296 if($_SESSION['current']->showDebuggingInfos()) error_reporting(E_ALL ^ E_NOTICE);
 297
 298 // include filter.php to filter all REQUEST input
 299 require(BASE."include/filter.php");
 300
 301 ?>