Single-sign-on and self-serve account management. https://netsyms.biz/apps/accounthub
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

required.php 6.1KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223
  1. <?php
  2. /**
  3. * This file contains global settings and utility functions.
  4. */
  5. ob_start(); // allow sending headers after content
  6. // Unicode, solves almost all stupid encoding problems
  7. header('Content-Type: text/html; charset=utf-8');
  8. // l33t $ecurity h4x
  9. header('X-Content-Type-Options: nosniff');
  10. header('X-XSS-Protection: 1; mode=block');
  11. header('X-Powered-By: Late-night coding frenzies (plz send caffeine, thx)');
  12. header('X-Hacker: Why are you looking at HTTP headers? Get a life! </sarcasm>');
  13. $session_length = 60 * 60; // 1 hour
  14. session_set_cookie_params($session_length, "/", null, false, true);
  15. session_start(); // stick some cookies in it
  16. //
  17. // Composer
  18. require __DIR__ . '/vendor/autoload.php';
  19. // Settings file
  20. require __DIR__ . '/settings.php';
  21. // List of alert messages
  22. require __DIR__ . '/lang/messages.php';
  23. // text strings (i18n)
  24. require __DIR__ . '/lang/' . LANGUAGE . ".php";
  25. function sendError($error) {
  26. die("<!DOCTYPE html><html><head><title>Error</title></head><body><h1 style='color: red; font-family: sans-serif; font-size:100%;'>" . htmlspecialchars($error) . "</h1></body></html>");
  27. }
  28. date_default_timezone_set(TIMEZONE);
  29. // Database settings
  30. // Also inits database and stuff
  31. use Medoo\Medoo;
  32. $database;
  33. try {
  34. $database = new Medoo([
  35. 'database_type' => DB_TYPE,
  36. 'database_name' => DB_NAME,
  37. 'server' => DB_SERVER,
  38. 'username' => DB_USER,
  39. 'password' => DB_PASS,
  40. 'charset' => DB_CHARSET
  41. ]);
  42. } catch (Exception $ex) {
  43. //header('HTTP/1.1 500 Internal Server Error');
  44. sendError("Database error. Try again later. $ex");
  45. }
  46. if (!DEBUG) {
  47. error_reporting(0);
  48. } else {
  49. error_reporting(E_ALL);
  50. ini_set('display_errors', 'On');
  51. }
  52. $VARS;
  53. if ($_SERVER['REQUEST_METHOD'] === 'POST') {
  54. $VARS = $_POST;
  55. define("GET", false);
  56. } else {
  57. $VARS = $_GET;
  58. define("GET", true);
  59. }
  60. /**
  61. * Checks if a string or whatever is empty.
  62. * @param $str The thingy to check
  63. * @return boolean True if it's empty or whatever.
  64. */
  65. function is_empty($str) {
  66. return (is_null($str) || !isset($str) || $str == '');
  67. }
  68. /**
  69. * I18N string getter. If the key doesn't exist, outputs the key itself.
  70. * @param string $key I18N string key
  71. * @param boolean $echo whether to echo the result or return it (default echo)
  72. */
  73. function lang($key, $echo = true) {
  74. if (array_key_exists($key, STRINGS)) {
  75. $str = STRINGS[$key];
  76. } else {
  77. $str = $key;
  78. }
  79. if ($echo) {
  80. echo $str;
  81. } else {
  82. return $str;
  83. }
  84. }
  85. /**
  86. * I18N string getter (with builder). If the key doesn't exist, outputs the key itself.
  87. * @param string $key I18N string key
  88. * @param array $replace key-value array of replacements.
  89. * If the string value is "hello {abc}" and you give ["abc" => "123"], the
  90. * result will be "hello 123".
  91. * @param boolean $echo whether to echo the result or return it (default echo)
  92. */
  93. function lang2($key, $replace, $echo = true) {
  94. if (array_key_exists($key, STRINGS)) {
  95. $str = STRINGS[$key];
  96. } else {
  97. $str = $key;
  98. }
  99. foreach ($replace as $find => $repl) {
  100. $str = str_replace("{" . $find . "}", $repl, $str);
  101. }
  102. if ($echo) {
  103. echo $str;
  104. } else {
  105. return $str;
  106. }
  107. }
  108. /**
  109. * Checks if an email address is valid.
  110. * @param string $email Email to check
  111. * @return boolean True if email passes validation, else false.
  112. */
  113. function isValidEmail($email) {
  114. return filter_var($email, FILTER_VALIDATE_EMAIL);
  115. }
  116. /**
  117. * Hashes the given plaintext password
  118. * @param String $password
  119. * @return String the hash, using bcrypt
  120. */
  121. function encryptPassword($password) {
  122. return password_hash($password, PASSWORD_BCRYPT);
  123. }
  124. /**
  125. * Securely verify a password and its hash
  126. * @param String $password
  127. * @param String $hash the hash to compare to
  128. * @return boolean True if password OK, else false
  129. */
  130. function comparePassword($password, $hash) {
  131. return password_verify($password, $hash);
  132. }
  133. function dieifnotloggedin() {
  134. if ($_SESSION['loggedin'] != true) {
  135. sendError("Session expired. Please log out and log in again.");
  136. }
  137. }
  138. /**
  139. * Check if the previous database action had a problem.
  140. * @param array $specials int=>string array with special response messages for SQL errors
  141. */
  142. function checkDBError($specials = []) {
  143. global $database;
  144. $errors = $database->error();
  145. if (!is_null($errors[1])) {
  146. foreach ($specials as $code => $text) {
  147. if ($errors[1] == $code) {
  148. sendError($text);
  149. }
  150. }
  151. sendError("A database error occurred:<br /><code>" . $errors[2] . "</code>");
  152. }
  153. }
  154. /*
  155. * http://stackoverflow.com/a/20075147/2534036
  156. */
  157. if (!function_exists('base_url')) {
  158. function base_url($atRoot = FALSE, $atCore = FALSE, $parse = FALSE) {
  159. if (isset($_SERVER['HTTP_HOST'])) {
  160. $http = isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) !== 'off' ? 'https' : 'http';
  161. $hostname = $_SERVER['HTTP_HOST'];
  162. $dir = str_replace(basename($_SERVER['SCRIPT_NAME']), '', $_SERVER['SCRIPT_NAME']);
  163. $core = preg_split('@/@', str_replace($_SERVER['DOCUMENT_ROOT'], '', realpath(dirname(__FILE__))), NULL, PREG_SPLIT_NO_EMPTY);
  164. $core = $core[0];
  165. $tmplt = $atRoot ? ($atCore ? "%s://%s/%s/" : "%s://%s/") : ($atCore ? "%s://%s/%s/" : "%s://%s%s");
  166. $end = $atRoot ? ($atCore ? $core : $hostname) : ($atCore ? $core : $dir);
  167. $base_url = sprintf($tmplt, $http, $hostname, $end);
  168. } else
  169. $base_url = 'http://localhost/';
  170. if ($parse) {
  171. $base_url = parse_url($base_url);
  172. if (isset($base_url['path']))
  173. if ($base_url['path'] == '/')
  174. $base_url['path'] = '';
  175. }
  176. return $base_url;
  177. }
  178. }
  179. function redirectToPageId($id, $args, $dontdie) {
  180. header('Location: ' . URL . '?id=' . $id . $args);
  181. if (is_null($dontdie)) {
  182. die("Please go to " . URL . '?id=' . $id . $args);
  183. }
  184. }
  185. function redirectIfNotLoggedIn() {
  186. if ($_SESSION['loggedin'] !== TRUE) {
  187. header('Location: ' . URL . '/login.php');
  188. die();
  189. }
  190. }