"; die(); } /* FUNZIONI PER LE DATE */ function dataora($datestamp){ list($anno,$mese,$giorno,$ora,$minuti,$secondi) = split("[- :]",$datestamp); $dat[0] = $giorno.'/'.$mese.'/'.$anno; $dat[1] = $ora.':'.$minuti; return $dat; } function dataIta($data, $char){ if($data){ list($anno,$mese,$giorno)=split('[/.-]',$data); $str = $giorno.$char.$mese.$char.$anno; return $str; } else { return FALSE; } } function dataEng($data, $char){ if($data){ list($giorno,$mese,$anno)=split('[/.-]',$data); $str = $anno.$char.$mese.$char.$giorno; return $str; } else { return FALSE; } } /* FUNZIONI PER IL REDIRECT DELLE PAGINE */ function redir($url){ echo ' '; exit; } /* FUNZIONI DI CONTROLLO */ function ok_email($email){ //$pattern = '^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]{2,4})+$'; $pattern = "/^([a-zA-Z0-9])+([\.a-zA-Z0-9_-])*@([a-zA-Z0-9_-])+(\.[a-zA-Z0-9_-]+)*\.([a-zA-Z]{2,6})$/"; if(preg_match($pattern, $email) && (substr_count($email,'@')==1)) return TRUE; else return FALSE; } function ok_mime($mimetype){ // restituisce true se il file ha un mimetype valido list($type, $mime) = explode("/",$mimetype); if(preg_match("/pdf|jpeg|jpg|gif|png|msword|doc|text|ms-word|word|x-msw6|x-msword|zz-winassoc-doc/", $mime)) return TRUE; else return FALSE; } function ok_name($filename){ // restituisce true nel caso di nome file valido if(eregi("[A-Za-z0-9]\.[A-Za-z0-9]", $filename)) return TRUE; else return FALSE; } function ok_url($url) { return preg_match('|^http(s)?://[a-z0-9-]+(\.[a-z0-9-]+)*(:[0-9]+)?(/.*)?$|i', $url); } /* FUNZIONI DI LOGGING */ function writeLog($classe, $messaggio, $script, $uri){ switch($classe){ case 1:$classe='ok';break; case 2:$classe='err';break; default:$classe='none';break; } $rsins = db_query("INSERT INTO ".TAB_LOG." (id, data, classe, testo, script, uri) VALUES ('', '".date('Y-m-d H:i:s')."', '".$classe."', '".addslashes($messaggio)."', '".$script."', '".$uri."');") or db_die(); return TRUE; } // da definire /* function getkeyfromval($value, $al){ foreach($al as $k => $val){ if($val == $value) return($k); } } */ function getusername($iduser){ $rsusr = db_query("SELECT nome, cognome FROM ".TAB_USERS." WHERE id='".$iduser."';") or db_die(); $rowuser = db_fetch($rsusr); $name = $rowuser['nome'].' '.$rowuser['cognome']; return $name; } function getlinguadefault(){ //restituisce la lingua di default $row = db_qfetch("SELECT id FROM ".TAB_LANG." WHERE `default`='1';"); return $row['id']; } function gethome($linguacorrente){ //restituisce l'id $row = db_qfetch("SELECT id, lingua FROM ".TAB_PAGES." WHERE parent='0';") or db_die(); if($row['lingua'] == $linguacorrente){ return $row['id']; } else { //altrimenti cerco traduzioni in lingua $resnl = db_query("SELECT id FROM ".TAB_PAGES." WHERE cTrad='".$row['id']."' AND lingua = '".$linguacorrente."';") or db_die(); if(db_numrows($resnl)>0){ $rownl = db_fetch($resnl); return $rownl['id']; } else { //trad non trovata perciņ richiamo quella originale return gethome($row['lingua']); } } } function genpasswd($nlett){ $lung_pass = $nlett; // Creo un ciclo for che si ripete per il valore di $lung_pass for ($x=1; $x<=$lung_pass; $x++){ $rnd = mt_rand(0,600); if($rnd < 200) $mypass = $mypass . chr(mt_rand(97,122)); elseif(($rnd >= 200) && ($rnd < 400)) $mypass = $mypass . chr(mt_rand(65,90)); else $mypass = $mypass . mt_rand(1,9); } return($mypass); } /* function spezza2($str, $max, $maxrigo){ $strok = substr($str,0,$max); $pos = strrpos($strok, ' '); if($pos != FALSE) $strok = substr($strok,0,$pos); //$strok = wordwrap($strok, $maxrigo, " "); return $strok; } */ function spezza2($string, $length = 80, $etc = '...') { if ($length == 0) return ''; if (strlen($string) > $length) { $length -= strlen($etc); if (!$break_words && !$middle) { $string = preg_replace('/\s+?(\S+)?$/', '', substr($string, 0, $length+1)); } if(!$middle) { return substr($string, 0, $length).$etc; } else { return substr($string, 0, $length/2) . $etc . substr($string, -$length/2); } } else { return $string; } } function input_check_mailinj($value) { # mail adress(ess) for reports... $report_to = "pcio@libero.it"; # array holding strings to check... $suspicious_str = array ( "content-type:" ,"charset=" ,"mime-version:" ,"multipart/mixed" ,"bcc:" ); // remove added slashes from $value... $value = stripslashes($value); foreach($suspicious_str as $suspect) { # checks if $value contains $suspect... if(eregi($suspect, strtolower($value))) { // replace this with your own get_ip function... $ip = (empty($_SERVER['REMOTE_ADDR'])) ? 'empty' : $_SERVER['REMOTE_ADDR']; $rf = (empty($_SERVER['HTTP_REFERER'])) ? 'empty' : $_SERVER['HTTP_REFERER']; $ua = (empty($_SERVER['HTTP_USER_AGENT'])) ? 'empty' : $_SERVER['HTTP_USER_AGENT']; $ru = (empty($_SERVER['REQUEST_URI'])) ? 'empty' : $_SERVER['REQUEST_URI']; $rm = (empty($_SERVER['REQUEST_METHOD'])) ? 'empty' : $_SERVER['REQUEST_METHOD']; # if so, file a report... if(isset($report_to) && !empty($report_to)) { @mail ( $report_to ,"[ABUSE] mailinjection @ " . $_SERVER['HTTP_HOST'] . " by " . $ip ,"Stopped possible mail-injection @ " . $_SERVER['HTTP_HOST'] . " by " . $ip . " (" . date('d/m/Y H:i:s') . ")\r\n\r\n" . "*** IP/HOST\r\n" . $ip . "\r\n\r\n" . "*** USER AGENT\r\n" . $ua . "\r\n\r\n" . "*** REFERER\r\n" . $rf . "\r\n\r\n" . "*** REQUEST URI\r\n" . $ru . "\r\n\r\n" . "*** REQUEST METHOD\r\n" . $rm . "\r\n\r\n" . "*** SUSPECT\r\n--\r\n" . $value . "\r\n--" ); } # ... and kill the script. die ( 'Script processing cancelled: string (`'.$value.'`) contains text portions that are potentially harmful to this server. Your input has not been sent! Please use your browser\'s `back`-button to return to the previous page and try rephrasing your input.

' ); } } } ?>