search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Generated docs for classEditor.
[awl.git] / inc / AWLUtilities.php
blob2f0a900aaafe8321f5a45d91fbfe81102e2bfc66
1 <?php
2 /**
3 * Utility functions of a general nature which are used by
4 * most AWL library classes.
5 *
6 * @package awl
7 * @subpackage Utilities
8 * @author Andrew McMillan <andrew@mcmillan.net.nz>
9 * @copyright Catalyst IT Ltd, Morphoss Ltd <http://www.morphoss.com/>
10 * @license http://gnu.org/copyleft/gpl.html GNU GPL v2 or later
11 */
12
13 if ( !function_exists('dbg_error_log') ) {
14 /**
15 * Writes a debug message into the error log using printf syntax. If the first
16 * parameter is "ERROR" then the message will _always_ be logged.
17 * Otherwise, the first parameter is a "component" name, and will only be logged
18 * if $c->dbg["component"] is set to some non-null value.
19 *
20 * If you want to see every log message then $c->dbg["ALL"] can be set, to
21 * override the debugging status of the individual components.
22 *
23 * @var string $component The component to identify itself, or "ERROR", or "LOG:component"
24 * @var string $format A format string for the log message
25 * @var [string $parameter ...] Parameters for the format string.
26 */
27 function dbg_error_log() {
28 global $c;
29 $args = func_get_args();
30 $type = "DBG";
31 $component = array_shift($args);
32 if ( substr( $component, 0, 3) == "LOG" ) {
33 // Special escape case for stuff that always gets logged.
34 $type = 'LOG';
35 $component = substr($component,4);
36 }
37 else if ( $component == "ERROR" ) {
38 $type = "***";
39 }
40 else if ( isset($c->dbg["ALL"]) ) {
41 $type = "ALL";
42 }
43 else if ( !isset($c->dbg[strtolower($component)]) ) return;
44
45 $argc = func_num_args();
46 if ( 2 <= $argc ) {
47 $format = array_shift($args);
48 }
49 else {
50 $format = "%s";
51 }
52 @error_log( $c->sysabbr.": $type: $component:". vsprintf( $format, $args ) );
53 }
54 }
55
56
57
58 if ( !function_exists('apache_request_headers') ) {
59 /**
60 * Compatibility so we can use the apache function name and still work with CGI
61 * @package awl
62 */
63 function apache_request_headers() {
64 eval('
65 function apache_request_headers() {
66 foreach($_SERVER as $key=>$value) {
67 if (substr($key,0,5)=="HTTP_") {
68 $key=str_replace(" ","-",ucwords(strtolower(str_replace("_"," ",substr($key,5)))));
69 $out[$key]=$value;
70 }
71 }
72 return $out;
73 }
74 ');
75 }
76 }
77
78
79
80 if ( !function_exists('dbg_log_array') ) {
81 /**
82 * Function to dump an array to the error log, possibly recursively
83 *
84 * @var string $component Which component should this log message identify itself from
85 * @var string $name What name should this array dump identify itself as
86 * @var array $arr The array to be dumped.
87 * @var boolean $recursive Should the dump recurse into arrays/objects in the array
88 */
89 function dbg_log_array( $component, $name, $arr, $recursive = false ) {
90 if ( !isset($arr) || (gettype($arr) != 'array' && gettype($arr) != 'object') ) {
91 dbg_error_log( $component, "%s: array is not set, or is not an array!", $name);
92 return;
93 }
94 foreach ($arr as $key => $value) {
95 dbg_error_log( $component, "%s: >>%s<< = >>%s<<", $name, $key,
96 (gettype($value) == 'array' || gettype($value) == 'object' ? gettype($value) : $value) );
97 if ( $recursive && (gettype($value) == 'array' || (gettype($value) == 'object' && "$key" != 'self' && "$key" != 'parent') ) ) {
98 dbg_log_array( $component, "$name"."[$key]", $value, $recursive );
99 }
100 }
101 }
102 }
103
104
105
106 if ( !function_exists("session_simple_md5") ) {
107 /**
108 * Make a plain MD5 hash of a string, identifying the type of hash it is
109 *
110 * @param string $instr The string to be salted and MD5'd
111 * @return string The *MD5* and the MD5 of the string
112 */
113 function session_simple_md5( $instr ) {
114 dbg_error_log( "Login", "Making plain MD5: instr=$instr, md5($instr)=".md5($instr) );
115 return ( '*MD5*'. md5($instr) );
116 }
117 }
118
119
120
121 if ( !function_exists("session_salted_md5") ) {
122 /**
123 * Make a salted MD5 string, given a string and (possibly) a salt.
124 *
125 * If no salt is supplied we will generate a random one.
126 *
127 * @param string $instr The string to be salted and MD5'd
128 * @param string $salt Some salt to sprinkle into the string to be MD5'd so we don't get the same PW always hashing to the same value.
129 * @return string The salt, a * and the MD5 of the salted string, as in SALT*SALTEDHASH
130 */
131 function session_salted_md5( $instr, $salt = "" ) {
132 if ( $salt == "" ) $salt = substr( md5(rand(100000,999999)), 2, 8);
133 dbg_error_log( "Login", "Making salted MD5: salt=$salt, instr=$instr, md5($salt$instr)=".md5($salt . $instr) );
134 return ( sprintf("*%s*%s", $salt, md5($salt . $instr) ) );
135 }
136 }
137
138
139
140 if ( !function_exists("session_salted_sha1") ) {
141 /**
142 * Make a salted SHA1 string, given a string and (possibly) a salt. PHP5 only (although it
143 * could be made to work on PHP4 (@see http://www.openldap.org/faq/data/cache/347.html). The
144 * algorithm used here is compatible with OpenLDAP so passwords generated through this function
145 * should be able to be migrated to OpenLDAP by using the part following the second '*', i.e.
146 * the '{SSHA}....' part.
147 *
148 * If no salt is supplied we will generate a random one.
149 *
150 * @param string $instr The string to be salted and SHA1'd
151 * @param string $salt Some salt to sprinkle into the string to be SHA1'd so we don't get the same PW always hashing to the same value.
152 * @return string A *, the salt, a * and the SHA1 of the salted string, as in *SALT*SALTEDHASH
153 */
154 function session_salted_sha1( $instr, $salt = "" ) {
155 if ( $salt == "" ) $salt = substr( str_replace('*','',base64_encode(sha1(rand(100000,9999999),true))), 2, 9);
156 dbg_error_log( "Login", "Making salted SHA1: salt=$salt, instr=$instr, encoded($instr$salt)=".base64_encode(sha1($instr . $salt, true).$salt) );
157 return ( sprintf("*%s*{SSHA}%s", $salt, base64_encode(sha1($instr.$salt, true) . $salt ) ) );
158 }
159 }
160
161
162 if ( !function_exists("session_validate_password") ) {
163 /**
164 * Checks what a user entered against the actual password on their account.
165 * @param string $they_sent What the user entered.
166 * @param string $we_have What we have in the database as their password. Which may (or may not) be a salted MD5.
167 * @return boolean Whether or not the users attempt matches what is already on file.
168 */
169 function session_validate_password( $they_sent, $we_have ) {
170 if ( preg_match('/^\*\*.+$/', $we_have ) ) {
171 // The "forced" style of "**plaintext" to allow easier admin setting
172 return ( "**$they_sent" == $we_have );
173 }
174
175 if ( preg_match('/^\*(.+)\*{[A-Z]+}.+$/', $we_have, $regs ) ) {
176 if ( function_exists("session_salted_sha1") ) {
177 // A nicely salted sha1sum like "*<salt>*{SSHA}<salted_sha1>"
178 $salt = $regs[1];
179 $sha1_sent = session_salted_sha1( $they_sent, $salt ) ;
180 return ( $sha1_sent == $we_have );
181 }
182 else {
183 dbg_error_log( "ERROR", "Password is salted SHA-1 but you are using PHP4!" );
184 echo <<<EOERRMSG
185 <html>
186 <head>
187 <title>Salted SHA1 Password format not supported with PHP4</title>
188 </head>
189 <body>
190 <h1>Salted SHA1 Password format not supported with PHP4</h1>
191 <p>At some point you have used PHP5 to set the password for this user and now you are
192 using PHP4. You will need to assign a new password to this user using PHP4, or ensure
193 you use PHP5 everywhere (recommended).</p>
194 <p>AWL has now switched to using salted SHA-1 passwords by preference in a format
195 compatible with OpenLDAP.</p>
196 </body>
197 </html>
198 EOERRMSG;
199 exit;
200 }
201 }
202
203 if ( preg_match('/^\*MD5\*.+$/', $we_have, $regs ) ) {
204 // A crappy unsalted md5sum like "*MD5*<md5>"
205 $md5_sent = session_simple_md5( $they_sent ) ;
206 return ( $md5_sent == $we_have );
207 }
208 else if ( preg_match('/^\*(.+)\*.+$/', $we_have, $regs ) ) {
209 // A nicely salted md5sum like "*<salt>*<salted_md5>"
210 $salt = $regs[1];
211 $md5_sent = session_salted_md5( $they_sent, $salt ) ;
212 return ( $md5_sent == $we_have );
213 }
214
215 // Anything else is bad
216 return false;
217
218 }
219 }
220
221
222
223 if ( !function_exists("replace_uri_params") ) {
224 /**
225 * Given a URL (presumably the current one) and a parameter, replace the value of parameter,
226 * extending the URL as necessary if the parameter is not already there.
227 * @param string $uri The URI we will be replacing parameters in.
228 * @param array $replacements An array of replacement pairs array( "replace_this" => "with this" )
229 * @return string The URI with the replacements done.
230 */
231 function replace_uri_params( $uri, $replacements ) {
232 $replaced = $uri;
233 foreach( $replacements AS $param => $new_value ) {
234 $rxp = preg_replace( '/([\[\]])/', '\\\\$1', $param ); // Some parameters may be arrays.
235 $regex = "/([&?])($rxp)=([^&]+)/";
236 dbg_error_log("core", "Looking for [%s] to replace with [%s] regex is %s and searching [%s]", $param, $new_value, $regex, $replaced );
237 if ( preg_match( $regex, $replaced ) )
238 $replaced = preg_replace( $regex, "\$1$param=$new_value", $replaced);
239 else
240 $replaced .= "&$param=$new_value";
241 }
242 if ( ! preg_match( '/\?/', $replaced ) ) {
243 $replaced = preg_replace("/&(.+)$/", "?\$1", $replaced);
244 }
245 $replaced = str_replace("&amp;", "--AmPeRsAnD--", $replaced);
246 $replaced = str_replace("&", "&amp;", $replaced);
247 $replaced = str_replace("--AmPeRsAnD--", "&amp;", $replaced);
248 dbg_error_log("core", "URI <<$uri>> morphed to <<$replaced>>");
249 return $replaced;
250 }
251 }
252
253
254 if ( !function_exists("uuid") ) {
255 /**
256 * Generates a Universally Unique IDentifier, version 4.
257 *
258 * RFC 4122 (http://www.ietf.org/rfc/rfc4122.txt) defines a special type of Globally
259 * Unique IDentifiers (GUID), as well as several methods for producing them. One
260 * such method, described in section 4.4, is based on truly random or pseudo-random
261 * number generators, and is therefore implementable in a language like PHP.
262 *
263 * We choose to produce pseudo-random numbers with the Mersenne Twister, and to always
264 * limit single generated numbers to 16 bits (ie. the decimal value 65535). That is
265 * because, even on 32-bit systems, PHP's RAND_MAX will often be the maximum *signed*
266 * value, with only the equivalent of 31 significant bits. Producing two 16-bit random
267 * numbers to make up a 32-bit one is less efficient, but guarantees that all 32 bits
268 * are random.
269 *
270 * The algorithm for version 4 UUIDs (ie. those based on random number generators)
271 * states that all 128 bits separated into the various fields (32 bits, 16 bits, 16 bits,
272 * 8 bits and 8 bits, 48 bits) should be random, except : (a) the version number should
273 * be the last 4 bits in the 3rd field, and (b) bits 6 and 7 of the 4th field should
274 * be 01. We try to conform to that definition as efficiently as possible, generating
275 * smaller values where possible, and minimizing the number of base conversions.
276 *
277 * @copyright Copyright (c) CFD Labs, 2006. This function may be used freely for
278 * any purpose ; it is distributed without any form of warranty whatsoever.
279 * @author David Holmes <dholmes@cfdsoftware.net>
280 *
281 * @return string A UUID, made up of 32 hex digits and 4 hyphens.
282 */
283
284 function uuid() {
285
286 // The field names refer to RFC 4122 section 4.1.2
287
288 return sprintf('%04x%04x-%04x-%03x4-%04x-%04x%04x%04x',
289 mt_rand(0, 65535), mt_rand(0, 65535), // 32 bits for "time_low"
290 mt_rand(0, 65535), // 16 bits for "time_mid"
291 mt_rand(0, 4095), // 12 bits before the 0100 of (version) 4 for "time_hi_and_version"
292 bindec(substr_replace(sprintf('%016b', mt_rand(0, 65535)), '01', 6, 2)),
293 // 8 bits, the last two of which (positions 6 and 7) are 01, for "clk_seq_hi_res"
294 // (hence, the 2nd hex digit after the 3rd hyphen can only be 1, 5, 9 or d)
295 // 8 bits for "clk_seq_low"
296 mt_rand(0, 65535), mt_rand(0, 65535), mt_rand(0, 65535) // 48 bits for "node"
297 );
298 }
299 }
300
301 if ( !function_exists("translate") ) {
302 require("Translation.php");
303 }
304
305 if ( !function_exists("clone") && version_compare(phpversion(), '5.0') < 0) {
306 /**
307 * PHP5 screws with the assignment operator changing so that $a = $b means that
308 * $a becomes a reference to $b. There is a clone() that we can use in PHP5, so
309 * we have to emulate that for PHP4. Bleargh.
310 */
311 eval( 'function clone($object) { return $object; }' );
312 }
313
314 if ( !function_exists("quoted_printable_encode") ) {
315 /**
316 * Process a string to fit the requirements of RFC2045 section 6.7. Note that
317 * this works, but replaces more characters than the minimum set. For readability
318 * the spaces aren't encoded as =20 though.
319 */
320 function quoted_printable_encode($string) {
321 return preg_replace('/[^\r\n]{73}[^=\r\n]{2}/', "$0=\r\n", str_replace("%","=",str_replace("%20"," ",rawurlencode($string))));
322 }
323 }
324
325
326 if ( !function_exists("clean_by_regex") ) {
327 /**
328 * Clean a value by applying a regex to it. If it is an array apply it to
329 * each element in the array recursively. If it is an object we don't mess
330 * with it.
331 */
332 function clean_by_regex( $val, $regex ) {
333 if ( is_null($val) ) return null;
334 switch( $regex ) {
335 case 'int': $regex = '#^\d+$#'; break;
336 }
337 if ( is_array($val) ) {
338 foreach( $val AS $k => $v ) {
339 $val[$k] = clean_by_regex($v,$regex);
340 }
341 }
342 else if ( ! is_object($val) ) {
343 if ( preg_match( $regex, $val, $matches) ) {
344 $val = $matches[0];
345 }
346 else {
347 $val = '';
348 }
349 }
350 return $val;
351 }
352 }
353
354
355 if ( !function_exists("param_to_global") ) {
356 /**
357 * Convert a parameter to a global. We first look in _POST and then in _GET,
358 * and if they passed in a bunch of valid characters, we will make sure the
359 * incoming is cleaned to only match that set.
360 *
361 * @param string $varname The name of the global variable to put the answer in
362 * @param string $match_regex The part of the parameter matching this regex will be returned
363 * @param string $alias1 An alias for the name that we should look for first.
364 * @param " ... More aliases, in the order which they should be examined. $varname will be appended to the end.
365 */
366 function param_to_global( ) {
367 $args = func_get_args();
368
369 $varname = array_shift($args);
370 $GLOBALS[$varname] = null;
371
372 $match_regex = null;
373 $argc = func_num_args();
374 if ( $argc > 1 ) {
375 $match_regex = array_shift($args);
376 }
377
378 $args[] = $varname;
379 foreach( $args AS $k => $name ) {
380 if ( isset($_POST[$name]) ) {
381 $result = $_POST[$name];
382 break;
383 }
384 else if ( isset($_GET[$name]) ) {
385 $result = $_GET[$name];
386 break;
387 }
388 }
389 if ( !isset($result) ) return null;
390
391 if ( isset($match_regex) ) {
392 $result = clean_by_regex( $result, $match_regex );
393 }
394
395 $GLOBALS[$varname] = $result;
396 return $result;
397 }
398 }
399
400
401 if ( !function_exists("get_fields") ) {
402 /**
403 * @var array $_AWL_field_cache is a cache of the field names for a table
404 */
405 $_AWL_field_cache = array();
406
407
408 /**
409 * Get the names of the fields for a particular table
410 * @param string $tablename The name of the table.
411 * @return array of string The public fields in the table.
412 */
413 function get_fields( $tablename ) {
414 global $_AWL_field_cache;
415
416 if ( !isset($_AWL_field_cache[$tablename]) ) {
417 dbg_error_log( "DataUpdate", ":get_fields: Loaded fields for table '$tablename'" );
418 $sql = "SELECT f.attname, t.typname, f.atttypmod FROM pg_attribute f ";
419 $sql .= "JOIN pg_class c ON ( f.attrelid = c.oid ) ";
420 $sql .= "JOIN pg_type t ON ( f.atttypid = t.oid ) ";
421 $sql .= "WHERE relname = ? AND attnum >= 0 order by f.attnum;";
422 $qry = new PgQuery( $sql, $tablename );
423 $qry->Exec("DataUpdate");
424 $fields = array();
425 while( $row = $qry->Fetch() ) {
426 $fields["$row->attname"] = $row->typname . ($row->atttypmod != -1 ? sprintf('(%d)',$row->atttypmod) : '');
427 }
428 $_AWL_field_cache[$tablename] = $fields;
429 }
430 return $_AWL_field_cache[$tablename];
431 }
432 }
433
434
435 if ( !function_exists("force_utf8") ) {
436 function define_byte_mappings() {
437 global $byte_map, $nibble_good_chars;
438
439 # Needed for using Grant McLean's byte mappings code
440 $ascii_char = '[\x00-\x7F]';
441 $cont_byte = '[\x80-\xBF]';
442
443 $utf8_2 = '[\xC0-\xDF]' . $cont_byte;
444 $utf8_3 = '[\xE0-\xEF]' . $cont_byte . '{2}';
445 $utf8_4 = '[\xF0-\xF7]' . $cont_byte . '{3}';
446 $utf8_5 = '[\xF8-\xFB]' . $cont_byte . '{4}';
447
448 $nibble_good_chars = "/^($ascii_char+|$utf8_2|$utf8_3|$utf8_4|$utf8_5)(.*)$/s";
449
450 # From http://unicode.org/Public/MAPPINGS/VENDORS/MICSFT/WINDOWS/CP1252.TXT
451 $byte_map = array(
452 "\x80" => "\xE2\x82\xAC", # EURO SIGN
453 "\x82" => "\xE2\x80\x9A", # SINGLE LOW-9 QUOTATION MARK
454 "\x83" => "\xC6\x92", # LATIN SMALL LETTER F WITH HOOK
455 "\x84" => "\xE2\x80\x9E", # DOUBLE LOW-9 QUOTATION MARK
456 "\x85" => "\xE2\x80\xA6", # HORIZONTAL ELLIPSIS
457 "\x86" => "\xE2\x80\xA0", # DAGGER
458 "\x87" => "\xE2\x80\xA1", # DOUBLE DAGGER
459 "\x88" => "\xCB\x86", # MODIFIER LETTER CIRCUMFLEX ACCENT
460 "\x89" => "\xE2\x80\xB0", # PER MILLE SIGN
461 "\x8A" => "\xC5\xA0", # LATIN CAPITAL LETTER S WITH CARON
462 "\x8B" => "\xE2\x80\xB9", # SINGLE LEFT-POINTING ANGLE QUOTATION MARK
463 "\x8C" => "\xC5\x92", # LATIN CAPITAL LIGATURE OE
464 "\x8E" => "\xC5\xBD", # LATIN CAPITAL LETTER Z WITH CARON
465 "\x91" => "\xE2\x80\x98", # LEFT SINGLE QUOTATION MARK
466 "\x92" => "\xE2\x80\x99", # RIGHT SINGLE QUOTATION MARK
467 "\x93" => "\xE2\x80\x9C", # LEFT DOUBLE QUOTATION MARK
468 "\x94" => "\xE2\x80\x9D", # RIGHT DOUBLE QUOTATION MARK
469 "\x95" => "\xE2\x80\xA2", # BULLET
470 "\x96" => "\xE2\x80\x93", # EN DASH
471 "\x97" => "\xE2\x80\x94", # EM DASH
472 "\x98" => "\xCB\x9C", # SMALL TILDE
473 "\x99" => "\xE2\x84\xA2", # TRADE MARK SIGN
474 "\x9A" => "\xC5\xA1", # LATIN SMALL LETTER S WITH CARON
475 "\x9B" => "\xE2\x80\xBA", # SINGLE RIGHT-POINTING ANGLE QUOTATION MARK
476 "\x9C" => "\xC5\x93", # LATIN SMALL LIGATURE OE
477 "\x9E" => "\xC5\xBE", # LATIN SMALL LETTER Z WITH CARON
478 "\x9F" => "\xC5\xB8", # LATIN CAPITAL LETTER Y WITH DIAERESIS
479 );
480
481 for( $i=160; $i < 256; $i++ ) {
482 $ch = chr($i);
483 $byte_map[$ch] = iconv('ISO-8859-1', 'UTF-8', $ch);
484 }
485 }
486 define_byte_mappings();
487
488 function force_utf8( $input ) {
489 $output = '';
490 $char = '';
491 $rest = '';
492 while( $input != '' ) {
493 if ( preg_match( $nibble_good_chars, $input, $matches ) ) {
494 $output .= $matches[1];
495 $rest = $matches[2];
496 }
497 else {
498 preg_match( '/^(.)(.*)$/s', $input, $matches );
499 $char = $matches[1];
500 $rest = $matches[2];
501 if ( isset($byte_map[$char]) ) {
502 $output .= $byte_map[$char];
503 }
504 else {
505 # Must be valid UTF8 already
506 $output .= $char;
507 }
508 }
509 $input = $rest;
510 }
511 return $output;
512 }
513
514 }
Andrew's Web Libraries