time = time(); $this->startSession(); } /** * startSession - Performs all the actions necessary to * initialize this session object. Tries to determine if the * the user has logged in already, and sets the variables * accordingly. Also takes advantage of this page load to * update the active visitors tables. */ function startSession() { global $database; //The database connection session_start(); //Tell PHP to start the session /* Determine if user is logged in */ $this->logged_in = $this->checkLogin(); /** * Set guest value to users not logged in, and update * active guests table accordingly. */ if(!$this->logged_in) { $this->username = $_SESSION['username'] = GUEST_NAME; $this->userlevel = GUEST_LEVEL; //$database->addActiveGuest($_SERVER['REMOTE_ADDR'], $this->time); } /* Update users last active timestamp */ else { $database->addActiveUser($this->username, $this->time); } /* Remove inactive visitors from database */ $database->removeInactiveUsers(); $database->removeInactiveGuests(); /* Set referrer page */ if(isset($_SESSION['url'])) { $this->referrer = $_SESSION['url']; } else { $this->referrer = "/"; } /* Set current url */ $this->url = $_SESSION['url'] = $_SERVER['PHP_SELF']; } /** * checkLogin - Checks if the user has already previously * logged in, and a session with the user has already been * established. Also checks to see if user has been remembered. * If so, the database is queried to make sure of the user's * authenticity. Returns true if the user has logged in. */ function checkLogin() { global $database; //The database connection /* Check if language preference has been set */ if (!isset($_COOKIE['cooklang'])) { /* // If the user is from MY if (user_from_my()) { setcookie("cooklang", "all", time()+COOKIE_EXPIRE, COOKIE_PATH); $_SESSION['userlang'] = "all"; } else { setcookie("cooklang", "en", time()+COOKIE_EXPIRE, COOKIE_PATH); $_SESSION['userlang'] = "en"; } */ setcookie("cooklang", "all", time()+COOKIE_EXPIRE, COOKIE_PATH); $_SESSION['userlang'] = "all"; } else { switch ($_COOKIE['cooklang']) { case "ms": $_SESSION['userlang'] = "ms"; break; case "en": $_SESSION['userlang'] = "en"; break; default: $_SESSION['userlang'] = "all"; } } /* Check if user has been remembered */ if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookid'])) { $this->username = $_SESSION['username'] = $_COOKIE['cookname']; $this->userid = $_SESSION['userid'] = $_COOKIE['cookid']; } /* Username and userid have been set and not guest */ if(isset($_SESSION['username']) && isset($_SESSION['userid']) && $_SESSION['username'] != GUEST_NAME) { /* Confirm that username and userid are valid */ if($database->confirmUserID($_SESSION['username'], $_SESSION['userid']) != 0) { /* Variables are incorrect, user not logged in */ unset($_SESSION['username']); unset($_SESSION['userid']); return false; } /* User is logged in, set class variables */ $this->userinfo = $database->getUserInfo($_SESSION['username']); $this->username = $this->userinfo['username']; $this->userid = $this->userinfo['userid']; $this->userlevel = $this->userinfo['userlevel']; $this->useravatar = $this->userinfo['useravatar']; $this->userrealname = $this->userinfo['realname']; return true; } /* User not logged in */ else { return false; } } /** * login - The user has submitted his username and password * through the login form, this function checks the authenticity * of that information in the database and creates the session. * Effectively logging in the user if all goes well. */ function login($subuser, $subpass, $subremember) { global $database, $form; //The database and form object /* Username error checking */ $field = "user"; //Use field name for username if(!$subuser || strlen($subuser = trim($subuser)) == 0) { $form->setError($field, "* Username not entered"); } else { /* Check if username is not alphanumeric */ if(!eregi("^([0-9a-z])*$", $subuser)) { $form->setError($field, "* Username not alphanumeric"); } } /* Password error checking */ $field = "pass"; //Use field name for password if(!$subpass) { $form->setError($field, "* Password not entered"); } /* Return if form errors exist */ if($form->num_errors > 0) { return false; } /* Checks that username is in database and password is correct */ $subuser = quote_smart($subuser); $result = $database->confirmUserPass($subuser, md5($subpass)); /* Check error codes */ if($result == 1) { $field = "user"; $form->setError($field, "* Username not found"); } else if($result == 2) { $field = "pass"; $form->setError($field, "* Invalid password"); } /* Return if form errors exist */ if($form->num_errors > 0) { return false; } /* Username and password correct, register session variables */ $this->userinfo = $database->getUserInfo($subuser); $this->username = $_SESSION['username'] = $this->userinfo['username']; $this->userid = $_SESSION['userid'] = $this->generateRandID(); $this->userlevel = $this->userinfo['userlevel']; $this->useravatar = $this->userinfo['useravatar']; $this->userrealname = $this->userinfo['realname']; /* Insert userid into database and update active users table */ $database->updateUserField($this->username, "userid", $this->userid); $database->addActiveUser($this->username, $this->time); $database->removeActiveGuest($_SERVER['REMOTE_ADDR']); /** * This is the cool part: the user has requested that we remember that * he's logged in, so we set two cookies. One to hold his username, * and one to hold his random value userid. It expires by the time * specified in constants.php. Now, next time he comes to our site, we will * log him in automatically, but only if he didn't log out before he left. */ if($subremember) { setcookie("cookname", $this->username, time()+COOKIE_EXPIRE, COOKIE_PATH); setcookie("cookid", $this->userid, time()+COOKIE_EXPIRE, COOKIE_PATH); } else { setcookie ("cookname", "", time() - 3600, COOKIE_PATH); setcookie ("cookid", "", time() - 3600, COOKIE_PATH); } /* Login completed successfully */ return true; } /** * logout - Gets called when the user wants to be logged out of the * website. It deletes any cookies that were stored on the users * computer as a result of him wanting to be remembered, and also * unsets session variables and demotes his user level to guest. */ function logout() { global $database; //The database connection /** * Delete cookies - the time must be in the past, * so just negate what you added when creating the * cookie. */ if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookid'])) { setcookie("cookname", "", time()-COOKIE_EXPIRE, COOKIE_PATH); setcookie("cookid", "", time()-COOKIE_EXPIRE, COOKIE_PATH); } /* Unset PHP session variables */ unset($_SESSION['username']); unset($_SESSION['userid']); /* Reflect fact that user has logged out */ $this->logged_in = false; /** * Remove from active users table and add to * active guests tables. */ $database->removeActiveUser($this->username); $database->addActiveGuest($_SERVER['REMOTE_ADDR'], $this->time); /* Set user level to guest */ $this->username = GUEST_NAME; $this->userlevel = GUEST_LEVEL; } /** * register - Gets called when the user has just submitted the * registration form. Determines if there were any errors with * the entry fields, if so, it records the errors and returns * 1. If no errors were found, it registers the new user and * returns 0. Returns 2 if registration failed. */ function register($subname, $subemail, $subagreetoterms, $subuser, $subpass, $subpassrepeat, $confirmcode) { global $database, $form, $mailer; //The database, form and mailer object $field = "agreetoterms"; if ($subagreetoterms == false) { $form->setError($field, "* You must agree to the terms of use"); } /* Username error checking */ $field = "user"; //Use field name for username if(!$subuser || strlen($subuser = trim($subuser)) == 0) { $form->setError($field, "* Username not entered"); } else { /* Spruce up username, check length */ $subuser = quote_smart($subuser); if(strlen($subuser) < 5) { $form->setError($field, "* Username below 5 characters"); } else if(strlen($subuser) > 30) { $form->setError($field, "* Username above 30 characters"); } /* Check if username is not alphanumeric */ else if(!eregi("^([0-9a-z])+$", $subuser)) { $form->setError($field, "* Username not alphanumeric"); } /* Check if username is reserved */ else if(strcasecmp($subuser, GUEST_NAME) == 0) { $form->setError($field, "* Username reserved word"); } /* Check if username is already in use */ else if($database->usernameTaken($subuser)) { $form->setError($field, "* Username already in use"); } /* Check if username is banned */ else if($database->usernameBanned($subuser)) { $form->setError($field, "* Username banned"); } } /* Password error checking */ $field = "pass"; //Use field name for password if(!$subpass) { $form->setError($field, "* Password not entered"); } else { /* Spruce up password and check length*/ $subpass = quote_smart($subpass); if(strlen($subpass) < 4) { $form->setError($field, "* Password too short"); } /* Check if password is not alphanumeric */ else if(!eregi("^([0-9a-z])+$", ($subpass = trim($subpass)))) { $form->setError($field, "* Password not alphanumeric"); } /** * Note: I trimmed the password only after I checked the length * because if you fill the password field up with spaces * it looks like a lot more characters than 4, so it looks * kind of stupid to report "password too short". */ } /* Password comfirm checking */ $field = "passrepeat"; //Use field name for password if(!$subpassrepeat) { $form->setError($field, "* Password not entered"); } else { if ($subpass != $subpassrepeat) { $form->setError($field, "* Password does not match"); } } /* Name error checking */ $field = "name"; //Use field name for username if(!$subname || strlen($subname = trim($subname)) == 0) { $form->setError($field, "* Name not entered"); } else { $subname = strip_tags(quote_smart($subname)); } /* Email error checking */ $field = "email"; //Use field name for email if(!$subemail || strlen($subemail = trim($subemail)) == 0) { $form->setError($field, "* Email not entered"); } else { $subemail = quote_smart($subemail); /* Check if valid email address */ $regex = "^[_+a-z0-9-]+(\.[_+a-z0-9-]+)*" ."@[a-z0-9-]+(\.[a-z0-9-]{1,})*" ."\.([a-z]{2,}){1}$"; if(!eregi($regex,$subemail)) { $form->setError($field, "* Email invalid"); } /* Check if email is already in use */ else if($database->emailTaken($subemail)) { $form->setError($field, "* This email is already associated with an existing account. Please recover password if you've lost it."); } } /* Captcha error checking */ $field = "captcha"; //Use field name for confirmcode if(!$confirmcode || strlen($confirmcode = trim($confirmcode)) == 0) { $form->setError($field, "* Code not entered"); } else if (strtoupper($confirmcode) != $_SESSION['captchacode']) { $form->setError($field, "* Incorrect code entered"); } /* Errors exist, have user correct them */ if($form->num_errors > 0) { return 1; //Errors with form } /* No errors, add the new account to the */ else { if($database->addNewUser($subuser, md5($subpass), $subemail, $subname)) { if(EMAIL_WELCOME) { $mailer->sendWelcome($subuser,$subemail,$subpass, $subname); } return 0; //New user added succesfully } else { return 2; //Registration attempt failed } } } /** * editAccount - Attempts to edit the user's account information * including the password, which it first makes sure is correct * if entered, if so and the new password is in the right * format, the change is made. All other fields are changed * automatically. */ function editAccount($subcurpass, $subnewpass, $subemail, $subenapingviewbar, $subnewavatar, $subname, $subabout) { global $database, $form; //The database and form object /* New password entered */ if($subnewpass) { /* Current Password error checking */ $field = "curpass"; //Use field name for current password if(!$subcurpass) { $form->setError($field, "* Current Password not entered"); } else { /* Check if password too short or is not alphanumeric */ $subcurpass = quote_smart($subcurpass); if(strlen($subcurpass) < 4 || !eregi("^([0-9a-z])+$", ($subcurpass = trim($subcurpass)))) { $form->setError($field, "* Current Password incorrect"); } /* Password entered is incorrect */ if($database->confirmUserPass($this->username,md5($subcurpass)) != 0) { $form->setError($field, "* Current Password incorrect"); } } /* New Password error checking */ $field = "newpass"; //Use field name for new password /* Spruce up password and check length*/ $subpass = quote_smart($subnewpass); if(strlen($subnewpass) < 4) { $form->setError($field, "* New Password too short"); } /* Check if password is not alphanumeric */ else if(!eregi("^([0-9a-z])+$", ($subnewpass = trim($subnewpass)))) { $form->setError($field, "* New Password not alphanumeric"); } } /* Change password attempted */ else if($subcurpass) { /* New Password error reporting */ $field = "newpass"; //Use field name for new password $form->setError($field, "* New Password not entered"); } /* Email error checking */ $field = "email"; //Use field name for email if($subemail && strlen($subemail = trim($subemail)) > 0) { $subemail = quote_smart($subemail); /* Check if valid email address */ $regex = "^[_+a-z0-9-]+(\.[_+a-z0-9-]+)*" ."@[a-z0-9-]+(\.[a-z0-9-]{1,})*" ."\.([a-z]{2,}){1}$"; if(!eregi($regex,$subemail)) { $form->setError($field, "* Email invalid"); } /* Check if email is already in use */ else if($database->emailEditTaken($subemail, $this->username)) { $form->setError($field, "* This email is already associated with another existing account."); } } /* Avatar Uploading */ $field = "avatar"; //Use field name for avatar if ($subnewavatar['size'] > 0) // If there's no avatar, don't do anything { $proceed = true; if ($subnewavatar['size'] > 80000) { $form->setError($field, "* Your file is too large."); $proceed = false; } if ($_FILES['userimgupload']['type'] != "image/jpeg" && $_FILES['userimgupload']['type'] != "image/jpg") { $form->setError($field, "* Only JPEG files allowed."); $proceed = false; } if ($proceed == true) // If everything is ok we try to upload it { $this->ResizeAvatar($subnewavatar['tmp_name'], "$this->username.jpg", AVATAR_DIRECTORY, AVATAR_SIZE); $database->updateUserField($this->username,"useravatar",addslashes($this->username)); } } /* Name error checking */ $field = "name"; //Use field name for username if(!$subname || strlen($subname = trim($subname)) == 0) { $form->setError($field, "* Name not entered"); } else { $subname = strip_tags(quote_smart($subname)); } /* Errors exist, have user correct them */ if($form->num_errors > 0) { return false; //Errors with form } /* Update password since there were no errors */ if($subcurpass && $subnewpass) { $database->updateUserField($this->username,"password",md5($subnewpass)); } /* Change Email */ if($subemail) { $database->updateUserField($this->username,"email",$subemail); } /* Enable Ping Bar */ if($subenapingviewbar) { $database->updateUserField($this->username,"pingviewbar","1"); } else { $database->updateUserField($this->username,"pingviewbar","0"); } /* Change Name */ $database->updateUserField($this->username,"realname",$subname); /* Change About Me */ $database->updateUserField($this->username,"about", strip_tags(quote_smart($subabout))); /* Success! */ return true; } /** * ResizeAvatar - Resizes and crops uploaded avatars */ function ResizeAvatar($imgSrc, $imageName, $imgStoreDirectory, $imgSize) { //getting the image dimensions list($width, $height) = getimagesize($imgSrc); //saving the image into memory (for manipulation with GD Library) $myImage = imagecreatefromjpeg($imgSrc); //if the image is smaller, don't bother cropping if ($width > $imgSize && $height > $imgSize) { //if is the same dimentions, don't crop, just resize. if ($width != $height) { ///-------------------------------------------------------- //setting the crop size //-------------------------------------------------------- if($width > $height) $biggestSide = $width; else $biggestSide = $height; //The crop size will be half that of the largest side $cropPercent = .5; $cropWidth = $biggestSide*$cropPercent; $cropHeight = $biggestSide*$cropPercent; //getting the top left coordinate $c1 = array("x"=>($width-$cropWidth)/2, "y"=>($height-$cropHeight)/2); //-------------------------------------------------------- // Creating the thumbnail //-------------------------------------------------------- $thumb = imagecreatetruecolor($imgSize, $imgSize); imagecopyresampled($thumb, $myImage, 0, 0, $c1['x'], $c1['y'], $imgSize, $imgSize, $cropWidth, $cropHeight); imagejpeg($thumb, "$imgStoreDirectory/$imageName"); } else { $thumb = imagecreatetruecolor($imgSize, $imgSize); imagecopyresampled($thumb, $myImage, 0, 0, 0, 0, $imgSize, $imgSize, $width, $height); imagejpeg($thumb, "$imgStoreDirectory/$imageName"); } } else { imagejpeg($myImage, "$imgStoreDirectory/$imageName"); } } /** * isAdmin - Returns true if currently logged in user is * an administrator, false otherwise. */ function isAdmin() { return ($this->userlevel == ADMIN_LEVEL || $this->username == ADMIN_NAME); } /** * generateRandID - Generates a string made up of randomized * letters (lower and upper case) and digits and returns * the md5 hash of it to be used as a userid. */ function generateRandID() { return md5($this->generateRandStr(16)); } /** * generateRandStr - Generates a string made up of randomized * letters (lower and upper case) and digits, the length * is a specified parameter. */ function generateRandStr($length) { $randstr = ""; for($i=0; $i<$length; $i++) { $randnum = mt_rand(0,61); if($randnum < 10) { $randstr .= chr($randnum+48); } else if($randnum < 36) { $randstr .= chr($randnum+55); } else { $randstr .= chr($randnum+61); } } return $randstr; } }; /** * Initialize session object - This must be initialized before * the form object because the form uses session variables, * which cannot be accessed unless the session has started. */ $session = new Session; /* Initialize form object */ $form = new Form; /* Quote variable to make safe */ function quote_smart($value) { // Stripslashes if (get_magic_quotes_gpc()) { $value = stripslashes($value); } // Quote if not integer if (!is_numeric($value) || $value[0] == '0') { $value = mysql_real_escape_string($value); } return htmlspecialchars(preg_replace("/&#?[a-z0-9]{2,8};/i","",$value), ENT_QUOTES, 'UTF-8'); } /* Shorten a feed item description */ function shorten($string, $length) { // Convert 'smart' punctuation to 'dumb' punctuation, strip the HTML tags, // and convert all tabs and line-break characters to single spaces. $short_desc = trim(str_replace(array("\r","\n", "\t"), ' ', strip_tags($string))); if (strlen($short_desc) > $length) { // By default, an ellipsis will be appended to the end of the text. $suffix = '...'; // Cut the string to the requested length, and strip any extraneous spaces // from the beginning and end. $desc = trim(substr($short_desc, 0, $length)); $desc = substr($desc,0,strrpos($desc,' ')); // Find out what the last displayed character is in the shortened string $lastchar = substr($desc, -1, 1); // If the last character is a period, an exclamation point, or a question // mark, clear out the appended text. if ($lastchar == '.' || $lastchar == '!' || $lastchar == '?') $suffix=''; // Append the text. $desc .= $suffix; } else { $desc = $short_desc; } // Send the new description back to the page. return $desc; } /* Finds sensational keywords in string and returns the number * of these keywords found. */ function sensational_keywords($haystack) { $keywords = explode(",", SENSATIONAL_KEYWORDS); foreach ($keywords as $lookupword) { if (stristr($haystack,trim($lookupword))) { return true; } } return false; } /* Edits tags to a proper format */ function format_tags($s = "") { $str = htmlentities($s); $str = preg_replace("/(&)([a-z])([a-z]+;)/i", '$2', $str); $str = preg_replace("/[^A-Z0-9]/i", ' ', $str); $str = preg_replace("/\s+/i", ' ', $str); $str = str_replace( ' ', '', $str); $str = strtolower($str); return $str; } /* Formats title to URL format */ function title_URL_Format($s = "") { $str = htmlentities($s); $str = preg_replace("/(&)([a-z])([a-z]+;)/i", '$2', $str); $str = preg_replace("/[^A-Z0-9]/i", ' ', $str); $str = preg_replace("/\s+/i", ' ', $str); $str = str_replace( ' ', '-', $str); $str = strtolower($str); return $str; } /* Gets the time difference of time stamp with system time */ function timeDifference($startTime) { $endTime = time(); if ($endTime >= $startTime) { $diff = $endTime - $startTime; $years = floor($diff/31556926); $diff = $diff % 31556926; $months = floor($diff/2629744); $diff = $diff % 2629744; $weeks = floor($diff/604800); $diff = $diff % 604800; $days = floor($diff/86400); $diff = $diff % 86400; $hours = floor($diff/3600); $diff = $diff % 3600; $minutes = floor($diff/60); $diff = $diff % 60; if ($years > 1) { return date('jS F Y g:ia', $startTime); } else if ($months > 1) { if ($weeks > 1) return "$months months and $weeks weeks ago."; else if ($weeks == 1) return "$months months and a week ago."; else return "$months months ago."; } else if ($months == 1) { if ($weeks > 1) return "$months month and $weeks weeks ago."; else if ($weeks == 1) return "$months month and a week ago."; else return "$months month ago."; } else if ($weeks > 1) { if ($days > 1) return "$weeks weeks and $days days ago."; else if ($days == 1) return "$weeks weeks and a day ago."; else return "$weeks weeks ago."; } else if ($weeks == 1) { if ($days > 1) return "$weeks week and $days days ago."; else if ($days == 1) return "$weeks week and a day ago."; else return "$weeks week ago."; } else if ($days > 1) { if ($hours > 1) return "$days days and $hours hours ago."; else if ($hours == 1) return "$days days and an hour ago."; else return "$days days ago."; } else if ($days == 1) { if ($hours > 1) return "$days day and $hours hours ago."; else if ($hours == 1) return "$days day and an hour ago."; else return "$days day ago."; } else if ($hours > 1) { if ($minutes > 1) return "$hours hours and $minutes minutes ago."; else if ($minutes == 1) return "$hours hours and a minute ago."; else return "$hours hours ago."; } else if ($hours == 1) { if ($minutes > 1) return "$hours hour and $minutes minutes ago."; else if ($minutes == 1) return "$hours hour and a minute ago."; else return "$hours hour ago."; } else if ($minutes > 1) { return "$minutes minutes ago."; } else { return "1 minute ago."; } } else { return 'Timestamp error.'; } } /* Gets user's country from IP */ function user_from_my() { global $database; $country_id = ""; if (getenv(HTTP_X_FORWARDED_FOR)) { $ip_address = quote_smart(getenv(HTTP_X_FORWARDED_FOR)); } else { $ip_address = quote_smart(getenv(REMOTE_ADDR)); } if ($ip_address != "") { $ips = split ("\.", "$ip_address"); $ip_number = $ips[3] + $ips[2] * 256 + $ips[1] * 256 * 256 + $ips[0] * 256 * 256 * 256; $q = "SELECT country_id FROM ".TBL_COUNTRY_IP." WHERE $ip_number BETWEEN ip_start AND ip_end"; $result = $database->query($q); if (mysql_num_rows($result) > 0) { $row = mysql_fetch_assoc($result); extract($row); if ($country_id == "MY") { return true; } else { return false; } } else { return false; } } else { return false; } } ?> Fatal error: Call to undefined function quote_smart() in /var/www/blogged.my/gotopingbar.php on line 22