$v) {
if (!in_array($k, $noUnset) && isset($GLOBALS[$k])) { unset($GLOBALS[$k]); }
}
}
//functions for properly escaping input strings
function my_add_null_slashes( $string ) {
return mysql_real_escape_string(stripslashes($string));
}
function my_null_slashes($string) {
return $string;
}
if ( get_magic_quotes_gpc() == 1 ) {
$addslashes = 'my_add_null_slashes';
$stripslashes = 'stripslashes';
} else {
$addslashes = 'mysql_real_escape_string';
$stripslashes = 'my_null_slashes';
}
function regenerate_session($reload = false)
{
if(!isset($_SESSION['IPaddress']) || $reload)
$_SESSION['IPaddress'] = $_SERVER['REMOTE_ADDR'];
if(!isset($_SESSION['userAgent']) || $reload)
$_SESSION['userAgent'] = $_SERVER['HTTP_USER_AGENT'];
$session_values = $_SESSION;
// Set current session to expire in 10 seconds
$_SESSION['OBSOLETE'] = true;
$_SESSION['EXPIRES'] = time() + 10;
// Create new session without destroying the old one
session_regenerate_id(false);
// Grab current session ID and close both sessions to allow other scripts to use them
$newSession = session_id();
session_write_close();
// Set session ID to the new one, and start it back up again
session_id($newSession);
session_start();
$_SESSION = $session_values;
}
function check_session()
{
if($_SESSION['OBSOLETE'] && ($_SESSION['EXPIRES'] < time())) {
return false;
}
if($_SESSION['IPaddress'] != $_SERVER['REMOTE_ADDR']) {
return false;
}
if($_SESSION['userAgent'] != $_SERVER['HTTP_USER_AGENT']) {
return false;
}
if(!$_SESSION['OBSOLETE']) {
regenerate_session();
}
return true;
}
/*
* structure of this document (in order):
*
* 0. load config.inc.php
* 1. load constants
* 2. initialize db connection and populate $_config
* 3. initialize session
* 4. enable output compression
* 5. validate login user
* 6. load language
* 7. load cache/ContentManagement/output/Savant/Message libraries
***/
/**** 0. start system configuration options block ****/
//set the timezone, php 5.3+ problem. http://atutor.ca/atutor/mantis/view.php?id=4409
date_default_timezone_set('UTC');
error_reporting(0);
if (!defined('AT_REDIRECT_LOADED')){
include_once(AT_INCLUDE_PATH.'config.inc.php');
}
error_reporting(AT_ERROR_REPORTING);
if (!defined('AT_INSTALL') || !AT_INSTALL) {
header('Cache-Control: no-store, no-cache, must-revalidate');
header('Pragma: no-cache');
$relative_path = substr(AT_INCLUDE_PATH, 0, -strlen('include/'));
header('Location: ' . $relative_path . 'install/not_installed.php');
exit;
}
/*** end system config block ***/
/*** 1. constants ***/
if (!defined('AT_REDIRECT_LOADED')){
require_once(AT_INCLUDE_PATH.'lib/constants.inc.php');
}
/*** 2. initialize db connection and populate $_config ***/
if (!defined('AT_REDIRECT_LOADED')){
require_once(AT_INCLUDE_PATH.'lib/mysql_connect.inc.php');
}
/* get config variables. if they're not in the db then it uses the installation default value in constants.inc.php */
$sql = "SELECT * FROM ".TABLE_PREFIX."config";
$result = mysql_query($sql, $db);
while ($row = mysql_fetch_assoc($result)) {
$_config[$row['name']] = $row['value'];
}
/***** 3. start session initilization block *****/
if (headers_sent()) {
require_once(AT_INCLUDE_PATH . 'classes/ErrorHandler/ErrorHandler.class.php');
$err = new ErrorHandler();
trigger_error('VITAL#An error occurred. Output sent before it should have. Please correct the above error(s).' . '
Headers already sent. ' .
'Cannot initialise session.
Error initializing session. ' .
'Please varify that session.save_path is correctly set in your php.ini file ' .
'and the directory exists.
'; if ($title) { echo ''; } /********************************************************************/ /* the system course information */ /* system_courses[course_id] = array(title, description, subject) */ $system_courses = array(); // temporary set to a low number $sql = 'SELECT * FROM '.TABLE_PREFIX.'courses ORDER BY title'; $result = mysql_query($sql, $db); while ($row = mysql_fetch_assoc($result)) { $course = $row['course_id']; unset($row['course_id']); $system_courses[$course] = $row; } /* */ /********************************************************************/ // p_course is set when pretty url is on and guests access a public course. @see bounce.php // First, santinize p_course if (isset($_REQUEST['p_course'])) { $_REQUEST['p_course'] = intval($_REQUEST['p_course']); } if (isset($_SESSION['course_id']) && $_SESSION['course_id'] > 0 || $_REQUEST['p_course'] > 0) { $sql = 'SELECT * FROM '.TABLE_PREFIX.'glossary WHERE course_id='.($_SESSION['course_id']>0 ? $_SESSION['course_id'] : $_REQUEST['p_course']).' ORDER BY word'; $result = mysql_query($sql, $db); $glossary = array(); $glossary_ids = array(); while ($row_g = mysql_fetch_assoc($result)) { $row_g['word'] = htmlspecialchars($row_g['word'], ENT_QUOTES, 'UTF-8'); $glossary[$row_g['word']] = str_replace("'", "\'",$row_g['definition']); $glossary_ids[$row_g['word_id']] = $row_g['word']; /* a kludge to get the related id's for when editing content */ /* it's ugly, but beats putting this query AGAIN on the edit_content.php page */ if (isset($get_related_glossary)) { $glossary_ids_related[$row_g['word']] = $row_g['related_word_id']; } } } function get_html_body($text) { /* strip everything before */ $start_pos = strpos(strtolower($text), '', $start_pos); $end_pos += strlen('>'); $text = substr($text, $end_pos); } /* strip everything after */ $end_pos = strpos(strtolower($text), ''); if ($end_pos !== false) { $text = trim(substr($text, 0, $end_pos)); } return $text; } function get_html_head ($text) { /* make all text lower case */ // $text = strtolower($text); /* strip everything before */ $start_pos = stripos($text, '', $start_pos); $end_pos += strlen('>'); $text = substr($text, $end_pos); } /* strip everything after */ $end_pos = stripos($text, ' 0) { $tags = array(trim($tags)); } foreach ($tags as $tag) { $tag = strtolower($tag); /* strip everything before <{tag}> */ $start_pos = stripos($head, '<'.$tag); $temp_head = $head; while ($start_pos !== false) { $temp_text = substr($temp_head, $start_pos); /* strip everything after {tag}> or />*/ $end_pos = stripos($temp_text, '' . $tag . '>'); if ($end_pos !== false) { $end_pos += strlen('' . $tag . '>'); // add an empty line after each tag information $rtn_text .= trim(substr($temp_text, 0, $end_pos)) . ' '; } else // match /> as ending tag if is not found { $end_pos = stripos($temp_text, '/>'); if($end_pos === false && stripos($temp_text, $tag.'>')===false){ //if /> is not found, then this is not a valid XHTML //text iff it's not tag> $end_pos = stripos($temp_text, '>'); $end_pos += strlen('>'); } else { $end_pos += strlen('/>'); } // add an empty line after each tag information $rtn_text .= trim(substr($temp_text, 0, $end_pos)) . ' '; } // initialize vars for next round of matching $temp_head = substr($temp_text, $end_pos); $start_pos = stripos($temp_head, '<'.$tag); } } return $rtn_text; } if (version_compare(phpversion(), '4.3.0') < 0) { function file_get_contents($filename) { $fd = @fopen($filename, 'rb'); if ($fd === false) { $content = false; } else { $content = @fread($fd, filesize($filename)); @fclose($fd); } return $content; } function mysql_real_escape_string($input) { return mysql_escape_string($input); } } function add_user_online() { if (!isset($_SESSION['member_id']) || !($_SESSION['member_id'] > 0)) { return; } global $db, $addslashes; $expiry = time() + 900; // 15min $sql = 'REPLACE INTO '.TABLE_PREFIX.'users_online VALUES ('.$_SESSION['member_id'].', '.$_SESSION['course_id'].', "'.$addslashes(get_display_name($_SESSION['member_id'])).'", '.$expiry.')'; $result = mysql_query($sql, $db); /* garbage collect and optimize the table every so often */ mt_srand((double) microtime() * 1000000); $rand = mt_rand(1, 20); if ($rand == 1) { $sql = 'DELETE FROM '.TABLE_PREFIX.'users_online WHERE expiry<'.time(); $result = @mysql_query($sql, $db); } } /** * Returns the login name of a member. * @access public * @param int $id The ID of the member. * @return Returns the login name of the member whose ID is $id. * @author Joel Kronenberg */ function get_login($id){ global $db, $_config_defaults; if (is_array($id)) { $id = implode(',',$id); $sql = 'SELECT login, member_id FROM '.TABLE_PREFIX.'members WHERE member_id IN ('.$id.') ORDER BY login'; $rows = array(); $result = mysql_query($sql, $db); while( $row = mysql_fetch_assoc($result)) { $rows[$row['member_id']] = $row['login']; } return $rows; } else { $id = intval($id); $sql = 'SELECT login FROM '.TABLE_PREFIX.'members WHERE member_id='.$id; $result = mysql_query($sql, $db); $row = mysql_fetch_assoc($result); return $row['login']; } } function get_display_name($id) { static $db, $_config, $display_name_formats; if (!$id) { return $_SESSION['login']; } if (!isset($db, $_config)) { global $db, $_config, $display_name_formats; } if (substr($id, 0, 2) == 'g_' || substr($id, 0, 2) == 'G_') { $sql = "SELECT name FROM ".TABLE_PREFIX."guests WHERE guest_id='".$id."'"; $result = mysql_query($sql, $db); $row = mysql_fetch_assoc($result); return _AT($display_name_formats[$_config['display_name_format']], '', $row['name'], '', ''); } else { $sql = 'SELECT login, first_name, second_name, last_name FROM '.TABLE_PREFIX.'members WHERE member_id='.$id; $result = mysql_query($sql, $db); $row = mysql_fetch_assoc($result); return _AT($display_name_formats[$_config['display_name_format']], $row['login'], $row['first_name'], $row['second_name'], $row['last_name']); } } function get_forum_name($fid){ global $db; $fid = intval($fid); $sql = 'SELECT title FROM '.TABLE_PREFIX.'forums WHERE forum_id='.$fid; $result = mysql_query($sql, $db); if (($row = mysql_fetch_assoc($result)) && $row['title']) { return $row['title']; } $sql = "SELECT group_id FROM ".TABLE_PREFIX."forums_groups WHERE forum_id=$fid"; $result = mysql_query($sql, $db); if ($row = mysql_fetch_assoc($result)) { return get_group_title($row['group_id']); } return FALSE; } // takes the array of valid prefs and assigns them to the current session // @params: prefs - an array of preferences // @params: optional. Values are 0 or 1. Default value is 0 // when 1, assign PREF_MOBILE_THEME to PREF_THEME if the request is from a mobile device // this value is to set when the prefs values are set for display // if this function is used as a front shot for save_prefs(), the value should be 0 function assign_session_prefs($prefs, $switch_mobile_theme = 0) { if (is_array($prefs)) { foreach($prefs as $pref_name => $value) { $_SESSION['prefs'][$pref_name] = $value; } } if (is_mobile_device() && $switch_mobile_theme) { $_SESSION['prefs']['PREF_THEME'] = $_SESSION['prefs']['PREF_MOBILE_THEME']; } } function save_prefs( ) { global $db, $addslashes; if ($_SESSION['valid_user']) { $data = $addslashes(serialize($_SESSION['prefs'])); $sql = 'UPDATE '.TABLE_PREFIX.'members SET preferences="'.$data.'", creation_date=creation_date, last_login=last_login WHERE member_id='.$_SESSION['member_id']; $result = mysql_query($sql, $db); } } function save_email_notification($mnot) { global $db; if ($_SESSION['valid_user']) { $sql = "UPDATE ".TABLE_PREFIX."members SET inbox_notify =". $mnot .", creation_date=creation_date, last_login=last_login WHERE member_id =".$_SESSION['member_id']; $result = mysql_query($sql, $db); } } /** * Saves the last viewed content page in a user's course so that on next visit, user can start reading where they left off * @access public * @param int $cid the content page id * @return none * @see $db in include/vitals.inc.php * @author Joel Kronenberg */ function save_last_cid($cid) { if ($_SESSION['enroll'] == AT_ENROLL_NO) { return; } global $db; $_SESSION['s_cid'] = intval($_GET['cid']); if (!$_SESSION['is_admin'] && !$_SESSION['privileges'] && !isset($in_get) && !$_SESSION['cid_time'] && ($_SESSION['course_id'] > 0) ) { $_SESSION['cid_time'] = time(); } $sql = "UPDATE ".TABLE_PREFIX."course_enrollment SET last_cid=$cid WHERE course_id=$_SESSION[course_id] AND member_id=$_SESSION[member_id]"; mysql_query($sql, $db); } // there has to be a better way of expressing this if-statement! // and, does it really have to be here? if ((!isset($_SESSION['is_admin']) || !$_SESSION['is_admin']) && (!isset($_SESSION['privileges']) || !$_SESSION['privileges']) && !isset($in_get) && isset($_SESSION['s_cid']) && $_SESSION['s_cid'] && isset($_SESSION['cid_time']) && $_SESSION['cid_time'] && ($_SESSION['course_id'] > 0) && ($_SESSION['s_cid'] != $_GET['cid']) && ($_SESSION['enroll'] != AT_ENROLL_NO) ) { $diff = time() - $_SESSION['cid_time']; if ($diff > 0) { $sql = "UPDATE ".TABLE_PREFIX."member_track SET counter=counter+1, duration=duration+$diff, last_accessed=NOW() WHERE member_id=$_SESSION[member_id] AND content_id=$_SESSION[s_cid]"; $result = mysql_query($sql, $db); if (mysql_affected_rows($db) == 0) { $sql = "INSERT INTO ".TABLE_PREFIX."member_track VALUES ($_SESSION[member_id], $_SESSION[course_id], $_SESSION[s_cid], 1, $diff, NOW())"; $result = mysql_query($sql, $db); } } $_SESSION['cid_time'] = 0; } /** * Checks if the $_SESSION[member_id] is an instructor (true) or not (false) * The result is only fetched once - it is then available via a static variable, $is_instructor * @access public * @param none * @return bool true if is instructor, false otherwise. * @see $db in include/vitals.inc.php * @author Joel Kronenberg */ function get_instructor_status() { static $is_instructor; if (isset($is_instructor)) { return $is_instructor; } global $db; $is_instructor = false; $sql = 'SELECT status FROM '.TABLE_PREFIX.'members WHERE member_id='.$_SESSION['member_id']; $result = mysql_query($sql, $db); if (!($row = @mysql_fetch_assoc($result))) { $is_instructor = FALSE; return FALSE; } if ($row['status'] == AT_STATUS_INSTRUCTOR) { $is_instructor = TRUE; return TRUE; } $is_instructor = FALSE; return FALSE; } /****************************************************/ /* update the user online list */ if (isset($_SESSION['valid_user']) && $_SESSION['valid_user']) { $new_minute = time()/60; if (!isset($_SESSION['last_updated'])) { $_SESSION['last_updated'] = $new_minute; } $diff = abs($_SESSION['last_updated'] - $new_minute); if ($diff > ONLINE_UPDATE) { $_SESSION['last_updated'] = $new_minute; add_user_online(); } } /****************************************************/ /* compute the $_my_uri variable */ $bits = explode(SEP, getenv('QUERY_STRING')); $num_bits = count($bits); $_my_uri = ''; for ($i=0; $i<$num_bits; $i++) { if ( (strpos($bits[$i], 'enable=') === 0) || (strpos($bits[$i], 'disable=') === 0) || (strpos($bits[$i], 'expand=') === 0) || (strpos($bits[$i], 'collapse=') === 0) || (strpos($bits[$i], 'lang=') === 0) ) { /* we don't want this variable added to $_my_uri */ continue; } if (($_my_uri == '') && ($bits[$i] != '')) { $_my_uri .= htmlentities('?'); } else if ($bits[$i] != ''){ $_my_uri .= htmlentities(SEP); } $_my_uri .= $bits[$i]; } if ($_my_uri == '') { $_my_uri .= htmlentities('?'); } else { $_my_uri .= htmlentities(SEP); } $_my_uri = $_SERVER['PHP_SELF'].$_my_uri; /** * If MBString extension is loaded, 4.3.0+, then use it. * Otherwise we will have to use include/utf8 library * @author Harris * @date Oct 10, 2007 * @version 1.5.6 */ if (extension_loaded('mbstring')){ $strtolower = 'mb_strtolower'; $strtoupper = 'mb_strtoupper'; $substr = 'mb_substr'; $strpos = 'mb_strpos'; $strrpos = 'mb_strrpos'; $strlen = 'mb_strlen'; } else { $strtolower = 'utf8_strtolower'; $strtoupper = 'utf8_strtoupper'; $substr = 'utf8_substr'; $strpos = 'utf8_strpos'; $strrpos = 'utf8_strrpos'; $strlen = 'utf8_strlen'; } /*~~~~~~~~~~~~~~~~~flash detection~~~~~~~~~~~~~~~~*/ if(isset($_COOKIE["flash"])){ $_SESSION['flash'] = $_COOKIE["flash"]; //delete the cookie ATutor.setcookie("flash",'',time()-3600); } if (!isset($_SESSION["flash"])) { $_custom_head .= ' '; } /*~~~~~~~~~~~~~~end flash detection~~~~~~~~~~~~~~~*/ /** * Checks if the data exceeded the database predefined length, if so, * truncate it. * This is used on data that are being inserted into the database. * If this function is used for display purposes, you may want to add the '...' * at the end of the string by setting the $forDisplay=1 * @param the mbstring that needed to be checked * @param the byte length of what the input should be in the database. * @param (OPTIONAL) * append '...' at the end of the string. Should not use this when * dealing with database. This should only be set for display purposes. * @return the mbstring safe sql entry * @author Harris Wong */ function validate_length($input, $len, $forDisplay=0){ global $strlen, $substr; $input_bytes_len = strlen($input); $input_len = $strlen($input); //If the input has exceeded the db column limit if ($input_bytes_len > $len){ //calculate where to chop off the string $percentage = $input_bytes_len / $input_len; //Get the suitable length that should be stored in the db $suitable_len = floor($len / $percentage); if ($forDisplay===1){ return $substr($input, 0, $suitable_len).'...'; } return $substr($input, 0, $suitable_len); } //if valid length return $input; /* * Instead of blindly cutting off the input from the given param * global $strlen, $substr; if ($strlen($input) > $len) { if ($forDisplay===1){ return $substr($input, 0, $len).'...'; } return $substr($input, 0, $len); } return $input; */ } /** * If pretty URL within admin config is switched on. We will apply pretty URL * to all the links in ATutor. This function will authenticate itself towards the current pages. * In our definition, admins, login, registration pages shouldn't have pretty url applied. However, * if one want to use url_rewrite on these pages, please force it by using the third parameter. * Note: If system config has turned off this feature, $force will have no effect. * @param string the Url should be a relative link, have to improve this later on, to check if * it's a relative link, if not, truncate it. * @param boolean Available values are AT_PRETTY_URL_IS_HEADER, AT_PRETTY_URL_NOT_HEADER(default) * use AT_PRETTY_URL_IS_HEADER if url_rewrite is used in php header('Location:..'), absolute path is needed for this. * @param boolean true to force the url_rewrite, false otheriwse. False is the default. * @author Harris Wong */ function url_rewrite($url, $is_rewriting_header=AT_PRETTY_URL_NOT_HEADER, $force=false){ global $_config, $db; $url_parser = new UrlParser(); $pathinfo = $url_parser->getPathArray(); /* If this is any kind of admins, don't prettify the url * $_SESSION['is_guest'] is used to check against login/register/browse page, the links on this page will * only be prettified when a user has logged in. * Had used $_SESSION[valid_user] before but it created this problem: * http://www.atutor.ca/atutor/mantis/view.php?id=3426 */ if ($force || (isset($_SESSION['course_id']) && $_SESSION['course_id'] > 0)) { //if course id is defined, apply pretty url. } //if this is something that is displayed on the login page, don't modify the urls. else if ( (admin_authenticate(AT_ADMIN_PRIV_ADMIN, AT_PRIV_RETURN) || (isset($_SESSION['privileges']) && admin_authenticate($_SESSION['privileges'], AT_PRIV_RETURN))) || (isset($_SESSION['is_guest']) && $_SESSION['is_guest']==1)){ return $url; } //if we allow pretty url in the system if ($_config['pretty_url'] > 0){ $course_id = 0; //If we allow course dir name from sys perf if ($_config['course_dir_name'] > 0){ if (preg_match('/bounce.php\?course=([\d]+)$/', $url, $matches) == 1){ // bounce has the highest priority, even if session is set, work on // bounce first. $course_id = $url_parser->getCourseDirName($matches[1]); } elseif (isset($_REQUEST['course'])){ //jump menu $course_id = $url_parser->getCourseDirName($_REQUEST['course']); } elseif (isset($_REQUEST['p_course'])){ // is set when guests access public course. @see bounce.php $course_id = $url_parser->getCourseDirName($_REQUEST['p_course']); } elseif (isset($_SESSION['course_id']) && $_SESSION['course_id'] > 0){ $course_id = $url_parser->getCourseDirName($_SESSION['course_id']); } } else { $course_id = $_SESSION['course_id']; } $url = $pathinfo[1]->convertToPrettyUrl($course_id, $url); } elseif ($_config['course_dir_name'] > 0) { //enabled course directory name, disabled pretty url if (preg_match('/bounce.php\?course=([\d]+)$/', $url, $matches) == 1){ // bounce has the highest priority, even if session is set, work on // bounce first. $course_id = $url_parser->getCourseDirName($matches[1]); } elseif (isset($_REQUEST['course'])){ $course_id = $url_parser->getCourseDirName($_REQUEST['course']); } elseif (isset($_REQUEST['p_course'])){ // is set when guests access public course. @see bounce.php $course_id = $url_parser->getCourseDirName($_REQUEST['p_course']); } elseif (isset($_SESSION['course_id']) && $_SESSION['course_id'] > 0){ $course_id = $url_parser->getCourseDirName($_SESSION['course_id']); } $url = $pathinfo[1]->convertToPrettyUrl($course_id, $url); } //instead of putting AT_BASE_HREF in all the headers location, we will put it here. //Abs paths are required for pretty url because otherwise the url location will be appeneded. //ie. ATutor_161/blogs/CoURSe_rOAd/blogs/view.php/ot/1/oid/1/ instead of // ATutor_161/CoURSe_rOAd/blogs/view.php/ot/1/oid/1/ if ($is_rewriting_header==true){ return AT_BASE_HREF.$url; } return $url; } /** * Applies $addslashes or intval() recursively. * @access public * @param mixed $input The input to clean. * @return A safe version of $input * @author Joel Kronenberg */ function sql_quote($input) { global $addslashes; if (is_array($input)) { foreach ($input as $key => $value) { if (is_array($input[$key])) { $input[$key] = sql_quote($input[$key]); } else if (!empty($input[$key]) && is_numeric($input[$key])) { $input[$key] = intval($input[$key]); } else { $input[$key] = $addslashes(trim($input[$key])); } } } else { if (!empty($input) && is_numeric($input)) { $input = intval($input); } else { $input = $addslashes(trim($input)); } } return $input; } function query_bit( $bitfield, $bit ) { if (!is_int($bitfield)) { $bitfield = intval($bitfield); } if (!is_int($bit)) { $bit = intval($bit); } return ( $bitfield & $bit ) ? true : false; } /** * Authenticates the current user against the specified privilege. * @access public * @param int $privilege privilege to check against. * @param bool $check whether or not to return the result or to abort/exit. * @return bool true if this user is authenticated, false otherwise. * @see query_bit() in include/vitals.inc.php * @author Joel Kronenberg */ function authenticate($privilege, $check = false) { if ($_SESSION['is_admin']) { return true; } $auth = query_bit($_SESSION['privileges'], $privilege); if (!$_SESSION['valid_user'] || !$auth) { if (!$check){ global $msg; $msg->addInfo('NO_PERMISSION'); require(AT_INCLUDE_PATH.'header.inc.php'); require(AT_INCLUDE_PATH.'footer.inc.php'); exit; } else { return false; } } return true; } function admin_authenticate($privilege = 0, $check = false) { if (!isset($_SESSION['valid_user']) || !$_SESSION['valid_user'] || ($_SESSION['course_id'] != -1)) { if ($check) { return false; } header('Location: '.AT_BASE_HREF.'login.php'); exit; } if ($_SESSION['privileges'] == AT_ADMIN_PRIV_ADMIN) { return true; } if ($privilege) { $auth = query_bit($_SESSION['privileges'], $privilege); if (!$auth) { if ($check) { return false; } global $msg; $msg->addError('ACCESS_DENIED'); require(AT_INCLUDE_PATH.'header.inc.php'); require(AT_INCLUDE_PATH.'footer.inc.php'); exit; } } return true; } function get_default_theme() { global $db; if (is_mobile_device()) { $default_status = 3; } else { $default_status = 2; } $sql = "SELECT dir_name FROM ".TABLE_PREFIX."themes WHERE status=".$default_status; $result = mysql_query($sql, $db); $row = mysql_fetch_assoc($result); return $row; } function get_system_default_theme() { if (is_mobile_device()) { return 'mobile'; } else { return 'default'; } } function is_mobile_theme($theme) { global $db; $sql = "SELECT dir_name FROM ".TABLE_PREFIX."themes WHERE type='".MOBILE_DEVICE."'"; $result = mysql_query($sql, $db); while ($row = mysql_fetch_assoc($result)) { if ($row['dir_name'] == $theme && is_dir(AT_INCLUDE_PATH . '../themes/' . $theme)) return true; } return false; } if (isset($_GET['expand'])) { $_SESSION['menu'][intval($_GET['expand'])] = 1; } else if (isset($_GET['collapse'])) { unset($_SESSION['menu'][intval($_GET['collapse'])]); } /** * Writes present action to admin log db * @access private * @param string $operation_type The type of operation * @param string $table_name The table affected * @param string $num_affected The number of rows in the table affected * @author Shozub Qureshi */ function write_to_log($operation_type, $table_name, $num_affected, $details) { global $db, $addslashes; if ($num_affected > 0) { $details = $addslashes(stripslashes($details)); $sql = "INSERT INTO ".TABLE_PREFIX."admin_log VALUES ('$_SESSION[login]', NULL, $operation_type, '$table_name', $num_affected, '$details')"; $result = mysql_query($sql, $db); } } function get_group_title($group_id) { global $db; $sql = "SELECT title FROM ".TABLE_PREFIX."groups WHERE group_id=$group_id"; $result = mysql_query($sql, $db); if ($row = mysql_fetch_assoc($result)) { return $row['title']; } return FALSE; } function get_status_name($status_id) { switch ($status_id) { case AT_STATUS_DISABLED: return _AT('disabled'); break; case AT_STATUS_UNCONFIRMED: return _AT('unconfirmed'); break; case AT_STATUS_STUDENT: return _AT('student'); break; case AT_STATUS_INSTRUCTOR: return _AT('instructor'); break; } } function profile_image_exists($id) { $extensions = array('gif', 'jpg', 'png'); foreach ($extensions as $extension) { if (file_exists(AT_CONTENT_DIR.'profile_pictures/originals/'. $id.'.'.$extension)) { return true; } } } /** * print thumbnails or profile pic * @param int image id * @param int 1 for thumbnail, 2 for profile */ function print_profile_img($id, $type=1) { global $moduleFactory; $mod = $moduleFactory->getModule('_standard/profile_pictures'); if ($mod->isEnabled() === FALSE) { return; } if (profile_image_exists($id)) { if ($type==1){ echo ''; } elseif($type==2){ echo ''; } } else { echo ''; } } function profile_image_delete($id) { $extensions = array('gif', 'jpg', 'png'); foreach ($extensions as $extension) { if (file_exists(AT_CONTENT_DIR.'profile_pictures/originals/'. $id.'.'.$extension)) { unlink(AT_CONTENT_DIR.'profile_pictures/originals/'. $id.'.'.$extension); } if (file_exists(AT_CONTENT_DIR.'profile_pictures/profile/'. $id.'.'.$extension)) { unlink(AT_CONTENT_DIR.'profile_pictures/profile/'. $id.'.'.$extension); } if (file_exists(AT_CONTENT_DIR.'profile_pictures/thumbs/'. $id.'.'.$extension)) { unlink(AT_CONTENT_DIR.'profile_pictures/thumbs/'. $id.'.'.$extension); } } } /** * get_group_concat * returns a list of $field values from $table using $where_clause, separated by $separator. * uses mysql's GROUP_CONCAT() if available and if within the limit (default is 1024), otherwise * it does it the old school way. * returns the list (as a string) or (int) 0, if none found. */ function get_group_concat($table, $field, $where_clause = 1, $separator = ',') { global $_config, $db; if (!isset($_config['mysql_group_concat_max_len'])) { $sql = "SELECT @@global.group_concat_max_len AS max"; $result = mysql_query($sql, $db); if ($result && ($row = mysql_fetch_assoc($result))) { $_config['mysql_group_concat_max_len'] = $row['max']; } else { $_config['mysql_group_concat_max_len'] = 0; } $sql = "REPLACE INTO ".TABLE_PREFIX."config VALUES ('mysql_group_concat_max_len', '{$_config['mysql_group_concat_max_len']}')"; mysql_query($sql, $db); } if ($_config['mysql_group_concat_max_len'] > 0) { $sql = "SELECT GROUP_CONCAT($field SEPARATOR '$separator') AS list FROM ".TABLE_PREFIX."$table WHERE $where_clause"; $result = mysql_query($sql, $db); if ($row = mysql_fetch_assoc($result)) { if (!$row['list']) { return 0; // empty } else if ($row['list'] && strlen($row['list']) < $_config['mysql_group_concat_max_len']) { return $row['list']; } // else: list is truncated, do it the old way } else { // doesn't actually get here. return 0; // empty } } // else: $list = ''; $sql = "SELECT $field AS id FROM ".TABLE_PREFIX."$table WHERE $where_clause"; $result = mysql_query($sql, $db); while ($row = mysql_fetch_assoc($result)) { $list .= $row['id'] . ','; } if ($list) { return substr($list, 0, -1); } return 0; } function get_human_time($seconds) { if ($seconds < 0) { $out = '0'._AT('second_short'); } else if ($seconds > 60 * 60) { // more than 60 minutes. $hours = floor($seconds / 60 / 60); $minutes = floor(($seconds - $hours * 60 * 60) / 60); $out = $hours ._AT('hour_short').' '.$minutes._AT('minute_short'); //$out = ($seconds } else if ($seconds > 60) { // more than a minute $minutes = floor($seconds / 60); $out = $minutes ._AT('minute_short').' '.($seconds - $minutes * 60)._AT('second_short'); } else { // less than a minute $out = $seconds . _AT('second_short'); } return $out; } function is_mobile_device() { $http_user_agent = strtolower($_SERVER['HTTP_USER_AGENT']); return ((stripos($http_user_agent, IPOD_DEVICE) !== false && stripos($http_user_agent, IPOD_DEVICE) >= 0) || (stripos($http_user_agent, IPHONE_DEVICE) !== false && stripos($http_user_agent, IPHONE_DEVICE) >= 0) || (stripos($http_user_agent, BLACKBERRY_DEVICE) !== false && stripos($http_user_agent, BLACKBERRY_DEVICE) >= 0) || (stripos($http_user_agent, IPAD_DEVICE) !== false && stripos($http_user_agent, IPAD_DEVICE) >= 0) || (stripos($http_user_agent, ANDROID_DEVICE) !== false && stripos($http_user_agent, ANDROID_DEVICE) >= 0)) ? true : false; } function get_mobile_device_type() { $http_user_agent = strtolower($_SERVER['HTTP_USER_AGENT']); if (stripos($http_user_agent, IPOD_DEVICE) !== false && stripos($http_user_agent, IPOD_DEVICE) >= 0) { return IPOD_DEVICE; } else if (stripos($http_user_agent, IPHONE_DEVICE) !== false && stripos($http_user_agent, IPHONE_DEVICE) >= 0) { return IPHONE_DEVICE; } else if (stripos($http_user_agent, BLACKBERRY_DEVICE) !== false && stripos($http_user_agent, BLACKBERRY_DEVICE) >= 0) { return BLACKBERRY_DEVICE; } else if (stripos($http_user_agent, IPAD_DEVICE) !== false && stripos($http_user_agent, IPAD_DEVICE) >= 0) { return IPAD_DEVICE; } else if (stripos($http_user_agent, ANDROID_DEVICE) !== false && stripos($http_user_agent, ANDROID_DEVICE) >= 0) { return ANDROID_DEVICE; } else { return UNKNOWN_DEVICE; } } /** * Convert all input to htmlentities output, in UTF-8. * @param string input to be convert * @param boolean true if we wish to change all newlines(\r\n) to a'.$title.'
'; } ob_start(); print_r($var); $str = ob_get_contents(); ob_end_clean(); $str = str_replace('<', '<', $str); $str = str_replace('[', '[', $str); $str = str_replace(']', ']', $str); $str = str_replace('=>', '=>', $str); $str = str_replace('Array', 'Array', $str); echo $str; echo '