Merge branch 'skinnable-master'

[nucleus-jp/nucleus-next.git] / nucleus / libs / globalfunctions.php

<<<<<<< HEAD
<?php\r
\r
/*\r
 * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/)\r
 * Copyright (C) 2002-2009 The Nucleus Group\r
 *\r
 * This program is free software; you can redistribute it and/or\r
 * modify it under the terms of the GNU General Public License\r
 * as published by the Free Software Foundation; either version 2\r
 * of the License, or (at your option) any later version.\r
 * (see nucleus/documentation/index.html#license for more info)\r
 */\r
/**\r
 * @license http://nucleuscms.org/license.txt GNU General Public License\r
 * @copyright Copyright (C) 2002-2009 The Nucleus Group\r
 * @version $Id: globalfunctions.php 1856 2012-05-18 09:30:16Z sakamocchi $
 */\r
\r
/* needed if we include globalfunctions from install.php */\r
global $nucleus, $CONF, $DIR_LIBS, $DIR_LOCALES, $manager, $member, $MYSQL_HANDLER, $StartTime;

/* just for benchmark tag */
$StartTime = microtime(TRUE);
\r
$nucleus['version'] = 'v4.00 SVN';\r
$nucleus['codename'] = '';\r
\r
/*\r
 * make sure there's no unnecessary escaping:\r
 * set_magic_quotes_runtime(0);\r
 */\r
if ( version_compare(PHP_VERSION, '5.3.0', '<') )\r
{\r
        ini_set('magic_quotes_runtime', '0');\r
}\r
\r
/* check and die if someone is trying to override internal globals (when register_globals turn on) */\r
checkVars(array('nucleus', 'CONF', 'DIR_LIBS',
'MYSQL_HOST', 'MYSQL_USER', 'MYSQL_PASSWORD', 'MYSQL_DATABASE',
'DIR_LOCALES', 'DIR_PLUGINS',
'HTTP_GET_VARS', 'HTTP_POST_VARS', 'HTTP_COOKIE_VARS', 'HTTP_ENV_VARS',
'HTTP_SESSION_VARS', 'HTTP_POST_FILES', 'HTTP_SERVER_VARS',
'GLOBALS', 'argv', 'argc', '_GET', '_POST', '_COOKIE', '_ENV', '_SESSION', '_SERVER', '_FILES'));
\r
if ( !isset($CONF) )\r
{\r
        $CONF = array();\r
}\r
\r
/* debug mode */\r
if ( array_key_exists('debug', $CONF) && $CONF['debug'] )\r
{\r
        /* report all errors! */\r
        error_reporting(E_ALL);\r
}\r
else\r
{\r
        ini_set('display_errors','0');\r
        error_reporting(E_ERROR | E_WARNING | E_PARSE);\r
}\r
\r
/*\r
 * alertOnHeadersSent\r
 *  Displays an error when visiting a public Nucleus page and headers have\r
 *  been sent out to early. This usually indicates an error in either a\r
 *  configuration file or a translation file, and could cause Nucleus to\r
 *  malfunction\r
 */\r
if ( !array_key_exists('alertOnHeadersSent', $CONF) )\r
{\r
        $CONF['alertOnHeadersSent'] = 1;\r
}\r
\r
/*\r
 * alertOnSecurityRisk\r
 * Displays an error only when visiting the admin area, and when one or\r
 *  more of the installation files (install.php, install.sql, upgrades/\r
 *  directory) are still on the server.\r
 */\r
if ( !array_key_exists('alertOnSecurityRisk', $CONF) )\r
{\r
        $CONF['alertOnSecurityRisk'] = 1;\r
}\r
\r
/*\r
 * Set these to 1 to allow viewing of future items or draft items\r
 * Should really never do this, but can be useful for some plugins that might need to\r
 * Could cause some other issues if you use future posts otr drafts\r
 * So use with care\r
 */\r
$CONF['allowDrafts'] = 0;\r
$CONF['allowFuture'] = 0;\r
\r
if ( getNucleusPatchLevel() > 0 )\r
{\r
        $nucleus['version'] .= '/' . getNucleusPatchLevel();\r
}\r
\r
/* Avoid notices */\r
if ( !array_key_exists('installscript', $CONF) || empty($CONF['installscript']) )\r
{\r
        $CONF['installscript'] = 0;\r
}\r
if ( !array_key_exists('UsingAdminArea', $CONF) )\r
{\r
        $CONF['UsingAdminArea'] = 0;\r
}\r
\r
if ( !headers_sent() )\r
{\r
        header('Generator: Nucleus CMS ' . $nucleus['version']);\r
}\r
\r
\r
/* TODO: This is for compatibility since 4.0, should be obsoleted at future release. */\r
if ( !isset($DIR_LOCALES) )\r
{\r
        $DIR_LOCALES = $DIR_NUCLEUS . 'locales/';\r
}\r
global $DIR_LANG;\r
if ( !isset($DIR_LANG) )\r
{\r
        $DIR_LANG = $DIR_LOCALES;\r
}\r
\r
/* load and initialize i18n class */\r
if (!class_exists('i18n', FALSE))\r
{\r
        include($DIR_LIBS . 'i18n.php');\r
}\r
if ( !i18n::init('UTF-8', $DIR_LOCALES) )\r
{\r
        exit('Fail to initialize i18n class.');\r
}\r
\r
/* TODO: This is just for compatibility since 4.0, should be obsoleted at future release. */\r
define('_CHARSET', i18n::get_current_charset());\r
\r
\r
/*\r
 * NOTE: Since 4.0 release, Entity class becomes to be important class\r
 *  with some wrapper functions for htmlspechalchars/htmlentity PHP's built-in function\r
 */\r
include($DIR_LIBS . 'ENTITY.php');\r
\r
/* we will use postVar, getVar, ... methods instead of $_GET, $_POST ... */\r
if ( $CONF['installscript'] != 1 )\r
{\r
        /* vars were already included in install.php */\r
        include_once($DIR_LIBS . 'vars4.1.0.php');\r
        \r
        /* added for 4.0 DB::* wrapper and compatibility sql_* */\r
        include_once($DIR_LIBS . 'sql/sql.php');\r
}\r
\r
/* include core classes that are needed for login & plugin handling */\r
include($DIR_LIBS . 'MEMBER.php');\r
include($DIR_LIBS . 'ACTIONLOG.php');\r
include($DIR_LIBS . 'MANAGER.php');\r
include($DIR_LIBS . 'PLUGIN.php');\r
\r
$manager =& MANAGER::instance();\r
\r
/* only needed when updating logs */\r
if ( $CONF['UsingAdminArea'] )\r
{\r
        /* XML-RPC client classes */\r
        include($DIR_LIBS . 'xmlrpc.inc.php');\r
        include($DIR_LIBS . 'ADMIN.php');\r
}\r
\r
\r
/* connect to database */\r
if ( !isset($MYSQL_HANDLER) )\r
{\r
        $MYSQL_HANDLER = array('mysql','');\r
}\r
if ( $MYSQL_HANDLER[0] == '' )\r
{\r
        $MYSQL_HANDLER[0] = 'mysql';\r
}\r
DB::setConnectionInfo($MYSQL_HANDLER[1], $MYSQL_HOST, $MYSQL_USER, $MYSQL_PASSWORD, $MYSQL_DATABASE);\r
\r
\r
/* force locale or charset */\r
$locale = '';\r
$charset = i18n::get_current_charset();\r
\r
$data = array(\r
        'locale'        => &$locale,\r
        'charset'       => &$charset\r
);\r
$manager->notify('ForceLocale', $data);\r
\r
if ( $data['locale'] !== '' )\r
{\r
        i18n::set_forced_locale($data['locale']);\r
}\r
if ( $data['charset'] !== '' )\r
{\r
        i18n::set_forced_charset($data['charset']);\r
}\r
unset($locale);\r
unset($charset);\r
\r
\r
/* convert forced charset to current charset */\r
if ( i18n::get_forced_charset() != i18n::get_current_charset() )\r
{\r
        $_POST          = i18n::convert_array($_POST, i18n::get_forced_charset());\r
        $_GET           = i18n::convert_array($_GET, i18n::get_forced_charset());\r
        $_REQUEST       = i18n::convert_array($_REQUEST, i18n::get_forced_charset());\r
        $_COOKIE        = i18n::convert_array($_COOKIE, i18n::get_forced_charset());\r
        $_FILES         = i18n::convert_array($_FILES, i18n::get_forced_charset());\r
        \r
        if ( session_id() !== '' )\r
        {\r
                $_SESSION = i18n::convert_array($_SESSION, i18n::get_forced_charset());\r
        }\r
}\r
\r
\r
/* sanitize option */\r
$bLoggingSanitizedResult = 0;\r
$bSanitizeAndContinue = 0;\r
$orgRequestURI = serverVar('REQUEST_URI');\r
sanitizeParams();\r
\r
/* logs sanitized result if need */\r
if ( $orgRequestURI !== serverVar('REQUEST_URI') )\r
{\r
        $msg = "Sanitized [" . serverVar('REMOTE_ADDR') . "] ";\r
        $msg .= $orgRequestURI . " -> " . serverVar('REQUEST_URI');\r
        if ( $bLoggingSanitizedResult )\r
        {\r
                addToLog(WARNING, $msg);\r
        }\r
        if ( !$bSanitizeAndContinue )\r
        {\r
                die("");\r
        }\r
}\r
\r
/* get all variables that can come from the request and put them in the global scope */\r
$blogid         = requestVar('blogid');\r
$itemid         = intRequestVar('itemid');\r
$catid          = intRequestVar('catid');\r
$skinid         = requestVar('skinid');\r
$memberid       = requestVar('memberid');\r
$archivelist = requestVar('archivelist');\r
$imagepopup     = requestVar('imagepopup');\r
$archive        = requestVar('archive');\r
$query          = requestVar('query');\r
$highlight      = requestVar('highlight');\r
$amount         = requestVar('amount');\r
$action         = requestVar('action');\r
$nextaction     = requestVar('nextaction');\r
$maxresults     = requestVar('maxresults');\r
$startpos       = intRequestVar('startpos');\r
$errormessage = '';\r
$error          = '';\r
$special        = requestVar('special');\r
\r
\r
/* read config */\r
getConfig();\r
\r
\r
/* Properly set $CONF['Self'] and others if it's not set...\r
 * usually when we are access from admin menu\r
 */\r
if ( !array_key_exists('Self', $CONF) )\r
{\r
        $CONF['Self'] = $CONF['IndexURL'];\r
        /* strip trailing */\r
        if ( $CONF['Self'][i18n::strlen($CONF['Self']) -1] == "/" )\r
        {\r
                $CONF['Self'] = i18n::substr($CONF['Self'], 0, i18n::strlen($CONF['Self']) -1);\r
        }\r
}\r
\r
$CONF['ItemURL']                = $CONF['Self'];\r
$CONF['ArchiveURL']             = $CONF['Self'];\r
$CONF['ArchiveListURL'] = $CONF['Self'];\r
$CONF['MemberURL']              = $CONF['Self'];\r
$CONF['SearchURL']              = $CONF['Self'];\r
$CONF['BlogURL']                = $CONF['Self'];\r
$CONF['CategoryURL']    = $CONF['Self'];\r
\r
/* automatically use simpler toolbar for mozilla */\r
if ( ($CONF['DisableJsTools'] == 0)\r
   && i18n::strpos(serverVar('HTTP_USER_AGENT'), 'Mozilla/5.0') !== FALSE\r
   && i18n::strpos(serverVar('HTTP_USER_AGENT'), 'Gecko') !== FALSE )\r
{\r
        $CONF['DisableJsTools'] = 2;\r
}\r
\r
/* login processing */
$member = new Member();\r
\r
if ( $action == 'login' )\r
{\r
        $login = postVar('login');\r
        $password = postVar('password');\r
        $shared = intPostVar('shared');\r
        $member->login($login, $password, $shared);\r
}\r
elseif ( ($action == 'logout') )\r
{\r
        $member->logout();\r
}\r
else\r
{\r
        $member->cookielogin();\r
}\r
\r
\r
/* TODO: This is for backward compatibility, should be obsoleted near future. */\r
if ( !preg_match('#^(.+)_(.+)_(.+)$#', $CONF['Locale'])\r
  && ($CONF['Locale'] = i18n::convert_old_language_file_name_to_locale($CONF['Locale'])) === FALSE )\r
{\r
        $CONF['Locale'] = 'en_Latn_US';\r
}\r
if ( !array_key_exists('Language', $CONF) )\r
{\r
        $CONF['Language'] = i18n::convert_locale_to_old_language_file_name($CONF['Locale']);\r
}\r
$locale = $CONF['Locale'];\r
\r
\r
/* NOTE: include translation file and set locale */\r
if ( $member->isLoggedIn() )\r
{\r
        if ( $member->getLocale() )\r
        {\r
                $locale = $member->getLocale();\r
        }\r
}\r
else\r
{\r
        if ( i18n::get_forced_locale() !== '' )\r
        {\r
                $locale = i18n::get_forced_locale();\r
        }\r
}\r
include_translation($locale);\r
i18n::set_current_locale($locale);\r
\r
\r
/* login completed */\r
$manager->notify('PostAuthentication', array('loggedIn' => $member->isLoggedIn() ) );\r
\r
/* next action */\r
if ( $member->isLoggedIn() && $nextaction )\r
{\r
        $action = $nextaction;\r
}\r
\r
/* first, let's see if the site is disabled or not. always allow admin area access. */\r
if ( $CONF['DisableSite'] && !$member->isAdmin() && !$CONF['UsingAdminArea'] )\r
{\r
        redirect($CONF['DisableSiteURL']);\r
        exit;\r
}\r
\r
/* load other classes */\r
include($DIR_LIBS . 'PARSER.php');\r
include($DIR_LIBS . 'SKIN.php');\r
include($DIR_LIBS . 'TEMPLATE.php');\r
include($DIR_LIBS . 'BLOG.php');\r
include($DIR_LIBS . 'BODYACTIONS.php');\r
include($DIR_LIBS . 'COMMENTS.php');\r
include($DIR_LIBS . 'COMMENT.php');\r
include($DIR_LIBS . 'NOTIFICATION.php');\r
include($DIR_LIBS . 'BAN.php');\r
include($DIR_LIBS . 'PAGEFACTORY.php');\r
include($DIR_LIBS . 'SEARCH.php');\r
include($DIR_LIBS . 'LINK.php');\r
\r
/* set lastVisit cookie (if allowed) */\r
if ( !headers_sent() )\r
{\r
        if ( $CONF['LastVisit'] )\r
        {\r
                setcookie($CONF['CookiePrefix'] . 'lastVisit', time(), time() + 2592000, $CONF['CookiePath'], $CONF['CookieDomain'], $CONF['CookieSecure']);\r
        }\r
        else\r
        {\r
                setcookie($CONF['CookiePrefix'] . 'lastVisit', '', (time() - 2592000), $CONF['CookiePath'], $CONF['CookieDomain'], $CONF['CookieSecure']);\r
        }\r
}\r
\r
if ( !defined('_ARCHIVETYPE_MONTH') )\r
{\r
        define('_ARCHIVETYPE_DAY', 'day');\r
        define('_ARCHIVETYPE_MONTH', 'month');\r
        define('_ARCHIVETYPE_YEAR', 'year');\r
}\r
\r
/* for path resolving */
$virtualpath = getVar('virtualpath');
if ( getVar('virtualpath') == '' )
                                        {\r
        $virtualpath = serverVar('PATH_INFO');
                                        }\r
                                \r
/*
 * switch URLMode back to normal when $CONF['Self'] ends in .php
 * this avoids urls like index.php/item/13/index.php/item/15
 */
if ( !array_key_exists('URLMode', $CONF) || ($CONF['URLMode'] != 'pathinfo') )
                                        {\r
        $CONF['URLMode'] = 'normal';
                                        }\r
else
                                        {\r
        if ( i18n::substr($CONF['Self'], i18n::strlen($CONF['Self']) - 4) != '.php' )
                                        {\r
                decodePathInfo($virtualpath);
        }\r
}\r
\r
/*\r
 * PostParseURL is a place to cleanup any of the path-related global variables before the selector function is run.\r
 * It has 2 values in the data in case the original virtualpath is needed, but most the use will be in tweaking\r
 * global variables to clean up (scrub out catid or add catid) or to set someother global variable based on\r
 * the values of something like catid or itemid\r
 * New in 3.60\r
 */\r
$data = array(\r
        'type' => basename(serverVar('SCRIPT_NAME')),\r
        'info' => $virtualpath\r
);\r
$manager->notify('PostParseURL', $data);\r
\r
/*\r
 * NOTE: Here is the end of initialization\r
 */\r
\r
/**\r
 * include_libs()\r
 * This function includes or requires the specified library file\r
 * \r
 * @param       string  $file\r
 * @param       boolean $once use the _once() version\r
 * @param       boolean $require use require() instead of include()\r
 * @return      void\r
 */\r
function include_libs($file, $once = TRUE, $require = TRUE)\r
{\r
        global $DIR_LIBS;\r
        \r
        // $DIR_LIBS isn't a directory\r
        if ( !is_dir($DIR_LIBS) )\r
        {\r
                exit;\r
        }\r
        \r
        $lib_path = $DIR_LIBS . $file;\r
        \r
        if ( $once && $require )\r
        {\r
                require_once($lib_path);\r
        }\r
        else if ( $once && !$require )\r
        {\r
                include_once($lib_path);\r
        }\r
        else if ( $require )\r
        {\r
                require($lib_path);\r
        }\r
        else\r
        {\r
                include($lib_path);\r
        }\r
        return;\r
}\r
\r
/**\r
 * include_plugins()\r
 * This function includes or requires the specified plugin file\r
 * \r
 * @param       string  $file\r
 * @param       boolean $once use the _once() version\r
 * @param       boolean $require use require() instead of include()\r
 * @return      \r
 */\r
function include_plugins($file, $once = TRUE, $require = TRUE)\r
{\r
        global $DIR_PLUGINS;\r
        \r
        // begin if: $DIR_LIBS isn't a directory\r
        if ( !is_dir($DIR_PLUGINS) )\r
        {\r
                exit;\r
        }\r
        \r
        $plugin_path = $DIR_PLUGINS . $file;\r
        \r
        // begin if: \r
        if ( $once && $require )\r
        {\r
                require_once($plugin_path);\r
        }\r
        else if ( $once && !$require )\r
        {\r
                include_once($plugin_path);\r
        }\r
        elseif ( $require )\r
        {\r
                require($plugin_path);\r
        }\r
        else\r
        {\r
                include($plugin_path);\r
        }\r
        return;\r
}\r
\r
/**\r
 * include_translation()\r
 * This function decide which locale is used and include translation\r
 * \r
 * @param       string  &$locale        locale name referring to 'language tags' defined in RFC 5646\r
 * @return      void\r
 */\r
function include_translation(&$locale)\r
{\r
        global $DIR_LOCALES;\r
        \r
        $translation_file = $DIR_LOCALES . $locale . '.' . i18n::get_current_charset() . '.php';\r
        if ( !file_exists($translation_file) )\r
        {\r
                $locale = 'en_Latn_US';\r
                $translation_file = $DIR_LOCALES . 'en_Latn_US.ISO-8859-1.php';\r
        }\r
        include($translation_file);\r
        return;\r
}\r
\r
/**\r
 * intPostVar()\r
 * This function returns the integer value of $_POST for the variable $name\r
 * \r
 * @param       string  $name   field to get the integer value of\r
 * @return      integer\r
 */\r
function intPostVar($name)\r
{\r
        return (integer) postVar($name);\r
}\r
\r
\r
/**\r
 * intGetVar()\r
 * This function returns the integer value of $_GET for the variable $name\r
 * \r
 * @param       string  $name   field to get the integer value of\r
 * @return      integer\r
 */\r
function intGetVar($name)\r
{\r
        return (integer) getVar($name);\r
}\r
\r
\r
/**\r
 * intRequestVar()\r
 * This function returns the integer value of $_REQUEST for the variable $name. Also checks $_GET and $_POST if not found in $_REQUEST\r
 * \r
 * @param string $name field to get the integer value of\r
 * @return int\r
 */\r
function intRequestVar($name)\r
{\r
        return (integer) requestVar($name);\r
}\r
\r
\r
/**\r
 * intCookieVar()\r
 * This function returns the integer value of $_COOKIE for the variable $name\r
 * \r
 * @param       string  $name   field to get the integer value of\r
 * @return      integer\r
 */\r
function intCookieVar($name)\r
{\r
        return (integer) cookieVar($name);\r
}\r
\r
/**\r
 * getNucleusVersion()\r
 * This function returns the current Nucleus version (100 = 1.00, 101 = 1.01, etc...)\r
 * \r
 * @param       void\r
 * @return      integer\r
 */\r
function getNucleusVersion()\r
{\r
        return 400;\r
}\r
\r
/**\r
 * getNucleusPatchLevel()\r
 * TODO: Better description of this function.\r
 *\r
 * Power users can install patches in between nucleus releases. These patches\r
 * usually add new functionality in the plugin API and allow those to\r
 * be tested without having to install CVS.\r
 *\r
 *@param        void\r
 * @return      integer\r
 */\r
function getNucleusPatchLevel()\r
{\r
        return 0;\r
}\r
\r
/**\r
 * getLatestVersion()\r
 * This function returns the latest Nucleus version available for download from nucleuscms.org or FALSE if unable to attain data\r
 * Format will be major.minor/patachlevel e.g. 3.41 or 3.41/02\r
 * \r
 * @param       void\r
 * @return      mixed\r
 */\r
function getLatestVersion()\r
{\r
        // begin if: cURL is not available in this PHP installation\r
        if ( !function_exists('curl_init') )\r
        {\r
                return FALSE;\r
        }\r
        \r
        $curl = curl_init();\r
        $timeout = 5;\r
        \r
        curl_setopt ($curl, CURLOPT_URL, 'http://nucleuscms.org/version_check.php');\r
        curl_setopt ($curl, CURLOPT_RETURNTRANSFER, 1);\r
        curl_setopt ($curl, CURLOPT_CONNECTTIMEOUT, $timeout);\r
        \r
        $return = curl_exec($curl);\r
        \r
        curl_close($curl);\r
        \r
        return $return;\r
}\r
\r
/**\r
 * sql_table()\r
 * This function returns a Nucleus table name with the appropriate prefix\r
 * @param string $name\r
 * @return string\r
 */\r
function sql_table($name)\r
{\r
        global $MYSQL_PREFIX;\r
        \r
        // begin if: no MySQL prefix\r
        if ( empty($MYSQL_PREFIX) )\r
        {\r
                return 'nucleus_' . $name;\r
        }\r
        // else: use MySQL prefix\r
        else\r
        {\r
                return $MYSQL_PREFIX . 'nucleus_' . $name;\r
        }\r
        return;\r
}\r
\r
/**\r
 * sendContentType()\r
 * This function sends the Content-Type header if headers have not already been sent\r
 * It also determines if the browser can accept application/xhtml+xml and sends it only to those that can.\r
 * \r
 * if content type is application/xhtml+xml, only send it to browsers\r
 * that can handle it (IE6 cannot). Otherwise, send text/html\r
 *\r
 * v2.5:\r
 * For admin area pages, keep sending text/html (unless it's a debug version)\r
 * application/xhtml+xml still causes too much problems with the javascript implementations\r
 *\r
 * v3.3:\r
 * ($CONF['UsingAdminArea'] && !$CONF['debug']) gets removed,\r
 * application/xhtml+xml seems to be working, so we're going to use it if we can.\r
 * \r
 * @param       string  $content_type   MIME media type registered to IANA, http://www.iana.org/assignments/media-types/index.html\r
 * @param       string  $page_type              \r
 * @param       string  $charset                Deprecated. This has no meaning.\r
 * @return      void\r
 * \r
 */\r
function sendContentType($content_type, $page_type = '', $charset = '')\r
{\r
        global $manager, $CONF;\r
        \r
        if ( headers_sent() )\r
        {\r
                return;\r
        }\r
        \r
        /* NOTE: MIME Media Type */\r
        if ( ($content_type == 'application/xhtml+xml')\r
                && (!stristr(serverVar('HTTP_ACCEPT'), 'application/xhtml+xml') ) )\r
        {\r
                $content_type = 'text/html';\r
        }\r
        \r
        /* NOTE: generate event */\r
        $data = array(\r
                'pageType'              =>  $page_type,\r
                'contentType'   => &$content_type\r
        );\r
        $manager->notify('PreSendContentType', $data);\r
        \r
        /* NOTE: confirm MIME Media Type */\r
        $content_type = preg_replace('#[^a-zA-Z0-9-+./]#', '', $content_type);\r
        \r
        /* NOTE: confirm character set */\r
        $charset = i18n::get_current_charset();\r
        if ( i18n::get_forced_charset() !== '' )\r
        {\r
                $charset = i18n::get_forced_charset();\r
        }\r
        \r
        /* NOTE: send HTTP 1.1 header */\r
        header("Content-Type: {$content_type}; charset={$charset}");\r
        \r
        /* NOTE: set handler for translating character set */\r
        if ( $charset != i18n::get_current_charset() )\r
        {\r
                ob_start(array('i18n', 'convert_handler'));\r
        }\r
        \r
        return;\r
}\r
\r
/**\r
 * parseHighlight()\r
 * This function parses a query into an array of expressions that can be passed on to the highlight method\r
 * @param       string  $query\r
 * @return      void\r
 */\r
function parseHighlight($query)\r
{\r
        // TODO: add more intelligent splitting logic\r
        \r
        // get rid of quotes\r
        $query = preg_replace('/\'|"/', '', $query);\r
        \r
        if ( !$query )\r
        {\r
                return array();\r
        }\r
        \r
        $aHighlight = preg_split('# #', $query);\r
        \r
        for ( $i = 0; $i < count($aHighlight); $i++ )\r
        {\r
                $aHighlight[$i] = trim($aHighlight[$i]);\r
                \r
                if ( i18n::strlen($aHighlight[$i]) < 3 )\r
                {\r
                        unset($aHighlight[$i]);\r
                }\r
        }\r
        \r
        if ( count($aHighlight) == 1 )\r
        {\r
                return $aHighlight[0];\r
        }\r
        else\r
        {\r
                return $aHighlight;\r
        }\r
        return;\r
}\r
\r
/**\r
 * getConfig()\r
 * \r
 * @param       void\r
 * @return      void\r
 */\r
function getConfig()\r
{\r
        global $CONF;\r
        \r
        $query = sprintf('SELECT * FROM %s', sql_table('config'));\r
        $res = DB::getResult($query);\r
        \r
        foreach ( $res as $row )\r
        {\r
                $CONF[$row['name']] = $row['value'];\r
        }\r
        return;\r
}\r
\r
/**\r
 * This function gets the blog ID from the blog name\r
 * @param string $name\r
 * @return\r
 */\r
function getBlogIDFromName($name)\r
{\r
        $query = sprintf('SELECT bnumber AS result FROM %s WHERE bshortname=%s', sql_table('blog'), DB::quoteValue($name));\r
        return DB::getValue($query);\r
}\r
\r
/**\r
 * This function gets the blog name from the blog ID\r
 * @param int $id\r
 * @return object\r
 */\r
function getBlogNameFromID($id)\r
{\r
        $query = sprintf('SELECT bname AS result FROM %s WHERE bnumber=%d', sql_table('blog'), intval($id));\r
        return DB::getValue($query);\r
}\r
\r
/**\r
 * This function gets the blog ID from the item ID\r
 * @param int $item_id\r
 * @return object\r
 */\r
function getBlogIDFromItemID($item_id)\r
{\r
        $query = sprintf('SELECT iblog AS result FROM %s WHERE inumber=%d', sql_table('item'), intval($item_id));\r
        return DB::getValue($query);\r
}\r
\r
/**\r
 * This function gets the blog ID from the comment ID\r
 * @param int $comment_id\r
 * @return object\r
 */\r
function getBlogIDFromCommentID($comment_id)\r
{\r
        $query = sprintf('SELECT cblog AS result FROM %s WHERE cnumber=%d', sql_table('comment'), intval($comment_id));\r
        return DB::getValue($query);\r
}\r
\r
/**\r
 * This function gets the blog ID from the category ID\r
 * @param int $category_id\r
 * @return object\r
 */\r
function getBlogIDFromCatID($category_id)\r
{\r
        $query = sprintf('SELECT cblog AS result FROM %s WHERE catid=%d', sql_table('category'), intval($category_id));\r
        return DB::getValue($query);\r
}\r
\r
/**\r
 * This function gets the category ID from the category name\r
 * @param int $name\r
 * @return object\r
 */\r
function getCatIDFromName($name)\r
{\r
        $query = sprintf('SELECT catid AS result FROM %s WHERE cname=%s', sql_table('category'), DB::quoteValue($name));\r
        return DB::getValue($query);\r
}\r
\r
\r
/**\r
 * functions to be used in index.php to select something\r
 */\r
function selectBlog($shortname)\r
{\r
        global $blogid, $archivelist;\r
        $blogid = getBlogIDFromName($shortname);\r
        \r
        // also force archivelist variable, if it is set\r
        if ( $archivelist )\r
        {\r
                $archivelist = $blogid;\r
        }\r
        return;\r
}\r
function selectSkin($skinname)\r
{\r
        global $skinid;\r
        $skinid = SKIN::getIdFromName($skinname);\r
        return;\r
}\r
function selectCategory($cat)\r
{\r
        global $catid;\r
        if ( is_numeric($cat) )\r
        {\r
                $catid = (integer) $cat;\r
        }\r
        else\r
        {\r
                $catid = getCatIDFromName($cat);\r
        }\r
        return;\r
}\r
function selectItem($id)\r
{\r
        global $itemid;\r
        $itemid = (integer) $id;\r
        return;\r
}\r
function selectSpecialSkinType($id)\r
{\r
        global $special;\r
        $special = strtolower($id);\r
        return;\r
}\r
function selector()\r
{\r
        global $archive, $archivelist, $archivenext, $archivenextexists, $archiveprev, $archiveprevexists, $archivetype;\r
        global $blog, $blogid;\r
        global $catid;\r
        global $itemid, $itemidnext, $itemidprev, $itemtitlenext, $itemtitleprev;\r
        global $CONF, $DIR_LIBS, $amount, $errormessage, $imagepopup;\r
        global $manager, $maxresults, $query;\r
        global $member, $memberid, $memberinfo;\r
        global $skinid, $skinpart, $special;\r
        \r
        $actionNames = array('addcomment', 'sendmessage', 'createaccount', 'forgotpassword', 'votepositive', 'votenegative', 'plugin');\r
        $action = requestVar('action');\r
        \r
        if ( in_array($action, $actionNames) )\r
        {\r
                include_once($DIR_LIBS . 'ACTION.php');\r
                $a = new Action();\r
                $errorInfo = $a->doAction($action);\r
                \r
                if ( $errorInfo )\r
                {\r
                        $errormessage = $errorInfo['message'];\r
                }\r
        }\r
        \r
        // show error when headers already sent out\r
        if ( headers_sent() && $CONF['alertOnHeadersSent'] )\r
        {\r
                // try to get line number/filename (extra headers_sent params only exists in PHP 4.3+)\r
                if ( function_exists('version_compare') && version_compare('4.3.0', phpversion(), '<=') )\r
                {\r
                        headers_sent($hsFile, $hsLine);\r
                        $extraInfo = ' in <code>' . $hsFile . '</code> line <code>' . $hsLine . '</code>';\r
                }\r
                else\r
                {\r
                        $extraInfo = '';\r
                }\r
                \r
                startUpError(\r
                   "<p>The page headers have already been sent out{$extraInfo}. This could cause Nucleus not to work in the expected way.</p>"\r
                 . "<p>Usually, this is caused by spaces or newlines at the end of the <code>config.php</code> file, "\r
                 . "at the end of the translation file or at the end of a plugin file.</p>"\r
                 . "<p>Please check this and try again.</p>"\r
                 . "<p>If you don't want to see this error message again, without solving the problem, "\r
                 . "set <code>{$CONF['alertOnHeadersSent']}</code> in <code>globalfunctions.php</code> to <code>0</code></p>"\r
                 . "Page headers already sent"\r
                );\r
                exit;\r
        }\r
        \r
        // make is so ?archivelist without blogname or blogid shows the archivelist\r
        // for the default weblog\r
        if ( serverVar('QUERY_STRING') == 'archivelist' )\r
        {\r
                $archivelist = $CONF['DefaultBlog'];\r
        }\r
        \r
        // now decide which type of skin we need\r
        if ( $itemid )\r
        {\r
                // itemid given -> only show that item\r
                $type = 'item';\r
                \r
                if ( !$manager->existsItem($itemid,intval($CONF['allowFuture']),intval($CONF['allowDrafts'])) )\r
                {\r
                        doError(_ERROR_NOSUCHITEM);\r
                }\r
                \r
                // 1. get timestamp, blogid and catid for item\r
                $query = 'SELECT itime, iblog, icat FROM %s WHERE inumber=%d';\r
                $query = sprintf($query, sql_table('item'), intval($itemid));\r
                $row = DB::getRow($query);\r
                \r
                // if a different blog id has been set through the request or selectBlog(),\r
                // deny access\r
                \r
                if ( $blogid && (intval($blogid) != $row['iblog']) )\r
                {\r
                        doError(_ERROR_NOSUCHITEM);\r
                }\r
                \r
                // if a category has been selected which doesn't match the item, ignore the\r
                // category. #85\r
                if ( ($catid != 0) && ($catid != $row['icat']) )\r
                {\r
                        $catid = 0;\r
                }\r
                \r
                $blogid = $row['iblog'];\r
                $timestamp = strtotime($row['itime']);\r
                \r
                $b =& $manager->getBlog($blogid);\r
                \r
                if ( !$b->isValidCategory($catid) )\r
                {\r
                        $query = "SELECT inumber, ititle FROM %s WHERE itime<%s AND idraft=0 AND iblog=%d ORDER BY itime DESC LIMIT 1";\r
                        $query = sprintf($query, sql_table('item'), DB::formatDateTime($timestamp), intval($blogid));\r
                }\r
                else\r
                {\r
                        $query = "SELECT inumber, ititle FROM %s WHERE itime<%s AND idraft=0 AND iblog=%d AND icat=%d ORDER BY itime DESC LIMIT 1";\r
                        $query = sprintf($query, sql_table('item'), DB::formatDateTime($timestamp), intval($blogid), intval($catid));\r
                }\r
                $row = DB::getRow($query);\r
                \r
                if ( $row )\r
                {\r
                        $itemidprev = $row['inumber'];\r
                        $itemtitleprev = $row['ititle'];\r
                }\r
                \r
                // get next itemid and title\r
                if ( !$b->isValidCategory($catid) )\r
                {\r
                        $query = "SELECT inumber, ititle FROM %s WHERE itime>%s AND itime<=%s AND idraft=0 AND iblog=%d ORDER BY itime ASC LIMIT 1";\r
                        $query = sprintf($query, sql_table('item'), DB::formatDateTime($timestamp), DB::formatDateTime($b->getCorrectTime()), intval($blogid));\r
                }\r
                else\r
                {\r
                        $query = "SELECT inumber, ititle FROM %s WHERE itime>%s AND itime<=%s AND idraft=0 AND iblog=%d AND icat=%d ORDER BY itime ASC LIMIT 1";\r
                        $query = sprintf($query, sql_table('item'), DB::formatDateTime($timestamp), DB::formatDateTime($b->getCorrectTime()), intval($blogid), intval($catid));\r
                }\r
                $row = DB::getRow($query);\r
                \r
                if ( $row )\r
                {\r
                        $itemidnext = $row['inumber'];\r
                        $itemtitlenext = $row['ititle'];\r
                }\r
        }\r
        elseif ( $archive )\r
        {\r
                // show archive\r
                $type = 'archive';\r
                \r
                // sql queries for the timestamp of the first and the last published item\r
                $query = sprintf('SELECT UNIX_TIMESTAMP(itime) as result FROM %s WHERE idraft=0 ORDER BY itime ASC', sql_table('item'));\r
                $first_timestamp = DB::getValue($query);\r
                $query = sprintf('SELECT UNIX_TIMESTAMP(itime) as result FROM %s WHERE idraft=0 ORDER BY itime DESC', sql_table('item'));\r
                $last_timestamp = DB::getValue($query);\r
                \r
                sscanf($archive, '%d-%d-%d', $y, $m, $d);\r
                \r
                if ( $d != 0 )\r
                {\r
                        $archivetype = _ARCHIVETYPE_DAY;\r
                        $t = mktime(0, 0, 0, $m, $d, $y);\r
                        // one day has 24 * 60 * 60 = 86400 seconds\r
                        $archiveprev = i18n::formatted_datetime('%Y-%m-%d', $t - 86400 );\r
                        // check for published items\r
                        if ( $t > $first_timestamp )\r
                        {\r
                                $archiveprevexists = true;\r
                        }\r
                        else\r
                        {\r
                                $archiveprevexists = false;\r
                        }\r
                        \r
                        // one day later\r
                        $t += 86400;\r
                        $archivenext = i18n::formatted_datetime('%Y-%m-%d', $t);\r
                        if ( $t < $last_timestamp )\r
                        {\r
                                $archivenextexists = true;\r
                        }\r
                        else\r
                        {\r
                                $archivenextexists = false;\r
                        }\r
                }\r
                elseif ( $m == 0 )\r
                {\r
                        $archivetype = _ARCHIVETYPE_YEAR;\r
                        $t = mktime(0, 0, 0, 12, 31, $y - 1);\r
                        // one day before is in the previous year\r
                        $archiveprev = i18n::formatted_datetime('%Y', $t);\r
                        if ( $t > $first_timestamp )\r
                        {\r
                                $archiveprevexists = true;\r
                        }\r
                        else\r
                        {\r
                                $archiveprevexists = false;\r
                        }\r
\r
                        // timestamp for the next year\r
                        $t = mktime(0, 0, 0, 1, 1, $y + 1);\r
                        $archivenext = i18n::formatted_datetime('%Y', $t);\r
                        if ( $t < $last_timestamp )\r
                        {\r
                                $archivenextexists = true;\r
                        }\r
                        else\r
                        {\r
                                $archivenextexists = false;\r
                        }\r
                }\r
                else\r
                {\r
                        $archivetype = _ARCHIVETYPE_MONTH;\r
                        $t = mktime(0, 0, 0, $m, 1, $y);\r
                        // one day before is in the previous month\r
                        $archiveprev = i18n::formatted_datetime('%Y-%m', $t - 86400);\r
                        if ( $t > $first_timestamp )\r
                        {\r
                                $archiveprevexists = true;\r
                        }\r
                        else\r
                        {\r
                                $archiveprevexists = false;\r
                        }\r
                        \r
                        // timestamp for the next month\r
                        $t = mktime(0, 0, 0, $m+1, 1, $y);\r
                        $archivenext = i18n::formatted_datetime('%Y-%m', $t);\r
                        if ( $t < $last_timestamp )\r
                        {\r
                                $archivenextexists = true;\r
                        }\r
                        else\r
                        {\r
                                $archivenextexists = false;\r
                        }\r
                }\r
        }\r
        elseif ( $archivelist )\r
        {\r
                $type = 'archivelist';\r
                \r
                if ( is_numeric($archivelist) )\r
                {\r
                        $blogid = intVal($archivelist);\r
                }\r
                else\r
                {\r
                        $blogid = getBlogIDFromName($archivelist);\r
                }\r
        \r
                if ( !$blogid )\r
                {\r
                        doError(_ERROR_NOSUCHBLOG);\r
                }\r
        }\r
        elseif ( $query )\r
        {\r
                global $startpos;\r
                $type = 'search';\r
                $query = stripslashes($query);\r
                \r
                if ( is_numeric($blogid) )\r
                {\r
                        $blogid = intVal($blogid);\r
                }\r
                else\r
                {\r
                        $blogid = getBlogIDFromName($blogid);\r
                }\r
                \r
                if ( !$blogid )\r
                {\r
                        doError(_ERROR_NOSUCHBLOG);\r
                }\r
        }\r
        elseif ( $memberid )\r
        {\r
                $type = 'member';\r
                \r
                if ( !Member::existsID($memberid) )\r
                {\r
                        doError(_ERROR_NOSUCHMEMBER);\r
                }\r
                $memberinfo = $manager->getMember($memberid);\r
        }\r
        elseif ( $imagepopup )\r
        {\r
                // media object (images etc.)\r
                $type = 'imagepopup';\r
                \r
                // TODO: check if media-object exists\r
                // TODO: set some vars?\r
        }\r
        else\r
        {\r
                // show regular index page\r
                global $startpos;\r
                $type = 'index';\r
        }\r
        \r
        // any type of skin with catid\r
        if ( $catid && !$blogid )\r
        {\r
                $blogid = getBlogIDFromCatID($catid);\r
        }\r
        \r
        // decide which blog should be displayed\r
        if ( !$blogid )\r
        {\r
                $blogid = $CONF['DefaultBlog'];\r
        }\r
        \r
        $b =& $manager->getBlog($blogid);\r
        $blog = $b; // references can't be placed in global variables?\r
        \r
        if ( !$blog->isValid )\r
        {\r
                doError(_ERROR_NOSUCHBLOG);\r
        }\r
        \r
        // set catid if necessary\r
        if ( $catid )\r
        {\r
                // check if the category is valid\r
                if ( !$blog->isValidCategory($catid) )\r
                {\r
                        doError(_ERROR_NOSUCHCATEGORY);\r
                }\r
                else\r
                {\r
                        $blog->setSelectedCategory($catid);\r
                }\r
        }\r
        \r
        if ( !$skinid )\r
        {\r
                $skinid = $blog->getDefaultSkin();\r
        }\r
        \r
        if ( !empty($special) && isValidShortName($special) )\r
        {\r
                $type = strtolower($special);\r
        }\r
        \r
        $skin = new SKIN($skinid);\r
        \r
        if ( !$skin->isValid() )\r
        {\r
                doError(_ERROR_NOSUCHSKIN);\r
        }\r
        \r
        // set global skinpart variable so can determine quickly what is being parsed from any plugin or phpinclude\r
        $skinpart = $type;\r
        \r
        // parse the skin\r
        $skin->parse($type);\r
        \r
        // check to see we should throw JustPosted event\r
        $blog->checkJustPosted();\r
        return;\r
}\r
\r
/**\r
 * doError()\r
 * Show error skin with given message. An optional skin-object to use can be given\r
 * \r
 * @param       string  $msg\r
 * @param       string  $skin\r
 * @return      void\r
 */\r
function doError($msg, $skin = '')\r
{\r
        global $errormessage, $CONF, $skinid, $blogid, $manager;\r
        \r
        if ( $skin == '' )\r
        {\r
                if ( Skin::existsID($skinid) )\r
                {\r
                        $id = $skinid;\r
                }\r
                elseif ( $manager->existsBlogID($blogid) )\r
                {\r
                        $blog =& $manager->getBlog($blogid);\r
                        $id = $blog->getDefaultSkin();\r
                }\r
                elseif ($CONF['DefaultBlog'] )\r
                {\r
                        $blog =& $manager->getBlog($CONF['DefaultBlog']);\r
                        $id = $blog->getDefaultSkin();\r
                }\r
                else\r
                {\r
                        // this statement should actually never be executed\r
                        $id = $CONF['BaseSkin'];\r
                }\r
                $skin = new Skin($id);\r
        }\r
        \r
        $errormessage = $msg;\r
        $skin->parse('error');\r
        return;
}\r
\r
/**\r
 * Errors before the database connection has been made\r
 * \r
 * @param       string  $msg    message to notify\r
 * @param       string  $title  page title\r
 * @return      void\r
 */\r
function startUpError($msg, $title)\r
{\r
        header('Content-Type: text/xml; charset=' . i18n::get_current_charset());\r
        echo "<html xmlns=\"http://www.w3.org/1999/xhtml\">\n";\r
        echo "<head>\n";\r
        echo "<title>{$title}</title></head>\n";\r
        echo "<body>\n";\r
        echo "<h1>{$title}</h1>\n";\r
        echo $msg;\r
        echo "</body>\n";\r
        echo "</html>\n";\r
        exit;\r
}\r
\r
function isValidShortName($name)\r
{\r
        return preg_match('#^[a-z0-9]+$#i', $name);\r
}\r
function isValidDisplayName($name)\r
{\r
        return preg_match('#^[a-z0-9]+[a-z0-9 ]*[a-z0-9]+$#i', $name);\r
}\r
function isValidCategoryName($name)\r
{\r
        return 1;\r
}\r
function isValidTemplateName($name)\r
{\r
        return preg_match('#^[a-z0-9/_\-]+$#i', $name);\r
}\r
function isValidSkinName($name)\r
{\r
        return preg_match('#^[a-z0-9/_\-]+$#i', $name);\r
}\r
\r
// add and remove linebreaks\r
function addBreaks($var)\r
{\r
        return nl2br($var);\r
}\r
function removeBreaks($var)\r
{\r
        return preg_replace("/<br \/>([\r\n])/", "$1", $var);\r
}\r
\r
/**\r
 * parseFile()\r
 * \r
 * @param       string  $filename\r
 * @param       string  $includeMode\r
 * @param       string  $includePrefix\r
 * @return      void\r
 */\r
function parseFile($filename, $includeMode = 'normal', $includePrefix = '')\r
{\r
        global $skinid;\r
        \r
        if ( !$skinid || !existsID($skinid) )\r
        {\r
                $skin = new Skin($CONF['BaseSkin']);\r
        }\r
        else\r
        {\r
                $skin = new Skin($skinid);\r
        }\r
        \r
        $oldIncludeMode = Parser::getProperty('IncludeMode');\r
        $oldIncludePrefix = Parser::getProperty('IncludePrefix');\r
        \r
        $skin->parse('fileparse', $filename);\r
        \r
        Parser::setProperty('IncludeMode', $oldIncludeMode);\r
        Parser::setProperty('IncludePrefix', $oldIncludePrefix);\r
        \r
        return;\r
}\r
\r
/**\r
 * debug()\r
 * Outputs a debug message\r
 * \r
 * @param       string  $msg\r
 * @return      void\r
 */\r
function debug($msg)\r
{\r
        echo '<p><b>' . $msg . "</b></p>\n";\r
        return;\r
}\r
\r
// shows a link to help file\r
function help($id)\r
{\r
        echo helpHtml($id);\r
        return;\r
}\r
function helpHtml($id)\r
{\r
        global $CONF;\r
        return helplink($id) . '<img src="' . $CONF['AdminURL'] . 'documentation/icon-help.gif" width="15" height="15" alt="' . _HELP_TT . '" title="' . _HELP_TT . '" /></a>';\r
}\r
function helplink($id)\r
{\r
        global $CONF;\r
        return '<a href="' . $CONF['AdminURL'] . 'documentation/help.html#'. $id . '" onclick="if (event &amp;&amp; event.preventDefault) event.preventDefault(); return help(this.href);">';\r
}\r
\r
/**\r
 * includephp()\r
 * Includes a PHP file. This method can be called while parsing templates and skins\r
 * \r
 * @param       string  $filename       name of file to parse\r
 * @return      void\r
 */\r
function includephp($filename)\r
{\r
        // make predefined variables global, so most simple scripts can be used here\r
        \r
        // apache (names taken from PHP doc)\r
        global $GATEWAY_INTERFACE, $SERVER_NAME, $SERVER_SOFTWARE, $SERVER_PROTOCOL;\r
        global $REQUEST_METHOD, $QUERY_STRING, $DOCUMENT_ROOT, $HTTP_ACCEPT;\r
        global $HTTP_ACCEPT_CHARSET, $HTTP_ACCEPT_ENCODING, $HTTP_ACCEPT_LANGUAGE;\r
        global $HTTP_CONNECTION, $HTTP_HOST, $HTTP_REFERER, $HTTP_USER_AGENT;\r
        global $REMOTE_ADDR, $REMOTE_PORT, $SCRIPT_FILENAME, $SERVER_ADMIN;\r
        global $SERVER_PORT, $SERVER_SIGNATURE, $PATH_TRANSLATED, $SCRIPT_NAME;\r
        global $REQUEST_URI;\r
        \r
        // php (taken from PHP doc)\r
        global $argv, $argc, $PHP_SELF, $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $HTTP_POST_VARS;\r
        global $HTTP_POST_FILES, $HTTP_ENV_VARS, $HTTP_SERVER_VARS, $HTTP_SESSION_VARS;\r
        \r
        // other\r
        global $PATH_INFO, $HTTPS, $HTTP_RAW_POST_DATA, $HTTP_X_FORWARDED_FOR;\r
        \r
        if ( @file_exists($filename) )\r
        {\r
                include($filename);\r
        }\r
        return;\r
}\r
\r
/**\r
 * Checks if a certain plugin exists\r
 * @param       string  $plug   name of plugin\r
 * @return      boolean exists or not\r
 */\r
function checkPlugin($name)\r
{\r
        global $DIR_PLUGINS;\r
        return file_exists($DIR_PLUGINS . preg_replace('#[\\\\|/]#', '', $name) . '.php');\r
}\r
\r
/**\r
 * alterQueryStr()\r
 * \r
 * @param       string  $querystr       querystring to alter (e.g. foo=1&bar=2&x=y)\r
 * @param       string  $param  name of parameter to change (e.g. 'foo')\r
 * @param       string  $value  New value for that parameter (e.g. 3)\r
 * @return      string  altered query string (for the examples above: foo=3&bar=2&x=y)\r
 */\r
function alterQueryStr($querystr, $param, $value)\r
{\r
        $vars = preg_split('#&#', $querystr);\r
        $set = FALSE;\r
        \r
        for ( $i = 0; $i < count($vars); $i++ )\r
        {\r
                $v = preg_split('#=#', $vars[$i]);\r
                \r
                if ( $v[0] == $param )\r
                {\r
                        $v[1] = $value;\r
                        $vars[$i] = implode('=', $v);\r
                        $set = true;\r
                        break;\r
                }\r
        }\r
        if ( !$set )\r
        {\r
                $vars[] = "{$param}={$value}";\r
        }\r
        return ltrim(implode('&', $vars), '&');\r
}\r
\r
/**\r
 * passVar()\r
 * passes one variable as hidden input field (multiple fields for arrays)\r
 * @see passRequestVars in varsx.x.x.php\r
 * \r
 * @param       string  $key\r
 * @param       string  $value\r
 * @return      void\r
 */\r
function passVar($key, $value)\r
{\r
        // array ?\r
        if ( is_array($value) )\r
        {\r
                for ( $i = 0; $i < sizeof($value); $i++ )\r
                {\r
                        passVar($key . '[' . $i . ']', $value[$i]);\r
                }\r
                return;\r
        }\r
        \r
        // other values: do stripslashes if needed\r
        echo '<input type="hidden" name="' . Entity::hsc($key) . '" value="' . Entity::hsc(undoMagic($value)) . '" />' . "\n";\r
        return;\r
}\r
\r
/**\r
 * checkVars()\r
 * \r
 * @param       string  $variables\r
 * @return      void\r
 */\r
function checkVars($variables)\r
{\r
        foreach ( $variables as $variable )\r
        {\r
                if ( array_key_exists($variable, $_GET)\r
                  || array_key_exists($variable, $_POST)\r
                  || array_key_exists($variable, $_COOKIE)\r
                  || array_key_exists($variable, $_ENV)\r
                  || (session_id() !== '' && array_key_exists($variable, $_SESSION))\r
                  || array_key_exists($variable, $_FILES) )\r
                {\r
                        die('Sorry. An error occurred.');\r
                }\r
        }\r
        return;\r
}\r
\r
/**\r
 * sanitizeParams()\r
 * Sanitize parameters such as $_GET and $_SERVER['REQUEST_URI'] etc.\r
 * to avoid XSS.\r
 * \r
 * @param       void\r
 * @return      void\r
 */\r
function sanitizeParams()\r
{\r
        $array = array();\r
        $str = '';\r
        $frontParam = '';\r
        \r
        // REQUEST_URI of $_SERVER\r
        $str =& $_SERVER["REQUEST_URI"];\r
        serverStringToArray($str, $array, $frontParam);\r
        sanitizeArray($array);\r
        arrayToServerString($array, $frontParam, $str);\r
        \r
        // QUERY_STRING of $_SERVER\r
        $str =& $_SERVER["QUERY_STRING"];\r
        serverStringToArray($str, $array, $frontParam);\r
        sanitizeArray($array);\r
        arrayToServerString($array, $frontParam, $str);\r
        \r
        // $_GET\r
        convArrayForSanitizing($_GET, $array);\r
        sanitizeArray($array);\r
        revertArrayForSanitizing($array, $_GET);\r
        \r
        // $_REQUEST (only GET param)\r
        convArrayForSanitizing($_REQUEST, $array);\r
        sanitizeArray($array);\r
        revertArrayForSanitizing($array, $_REQUEST);\r
        \r
        return;\r
}\r
\r
function _addInputTags(&$keys,$prefix='')\r
{\r
        foreach ( $keys as $key=>$value )\r
        {\r
                if ( $prefix )\r
                {\r
                        $key=$prefix.'['.$key.']';\r
                }\r
                if ( is_array($value) )\r
                {\r
                        _addInputTags($value,$key);\r
                }\r
                else\r
                {\r
                        if ( get_magic_quotes_gpc() )\r
                                {$value=stripslashes($value);\r
                        }\r
                        if ( $key == 'ticket' )\r
                        {\r
                                continue;\r
                        }\r
                        echo '<input type="hidden" name="'.Entity::hsc($key).\r
                             '" value="'.Entity::hsc($value).'" />'."\n";\r
                }\r
        }\r
        return;\r
}\r
\r
/**\r
 * serverStringToArray()\r
 * Convert the server string such as $_SERVER['REQUEST_URI']\r
 * to arry like arry['blogid']=1 and array['page']=2 etc.\r
 * \r
 * @param       string   $uri                           string\r
 * @param       string  &$query_elements        elements of query according to application/x-www-form-urlencoded\r
 * @param       string  &$hier_part                     hierarchical part includes path\r
 * \r
 * NOTE:\r
 * RFC 3986: Uniform Resource Identifiers (URI): Generic Syntax\r
 * 3.  Syntax Components\r
 * http://www.ietf.org/rfc/rfc3986.txt\r
 * \r
 * Hypertext Markup Language - 2.0\r
 * 8.2.1. The form-urlencoded Media Type\r
 * http://tools.ietf.org/html/rfc1866#section-8.2.1\r
 * \r
 * $_SERVER > Language Reference > Predefined Variables > PHP Manual\r
 * http://www.php.net/manual/en/reserved.variables.server.php\r
 */\r
function serverStringToArray($uri, &$query_elements, &$hier_part)\r
{\r
        // init param\r
        $query_elements = array();\r
        $hier_part = "";\r
        \r
        // split hierarchical part, e.g. /index.php, query and fragment, e.g. blogid=1&page=2#section1\r
        if ( i18n::strpos($uri, "?") > 0 )\r
        {\r
                list($hier_part, $query_and_fragment) = preg_split("#\?#", $uri, 2);\r
        }\r
        else\r
        {\r
                $query_and_fragment = $uri;\r
                $hier_part = '';\r
        }\r
        \r
        // If there is no query like blogid=1&page=2, return\r
        if ( i18n::strpos($uri, "=") == FALSE && !i18n::strlen($hier_part) )\r
        {\r
                $hier_part = $uri;\r
                return;\r
        }\r
        \r
        $query_elements = preg_split("#&#", $query_and_fragment);\r
        return;\r
}\r
\r
/**\r
 * arrayToServerString()\r
 * Convert array like array['blogid'] to server string\r
 * such as $_SERVER['REQUEST_URI']\r
 * \r
 * @param       array    $query_elements        elements of query according to application/x-www-form-urlencoded\r
 * @param       string   $hier_part                     hier-part defined in RFC3986\r
 * @param       string  &$uri                           return value\r
 * @return      void\r
 * \r
 * NOTE:\r
 * RFC 3986: Uniform Resource Identifiers (URI): Generic Syntax\r
 * 3.  Syntax Components\r
 * http://www.ietf.org/rfc/rfc3986.txt\r
 * \r
 * Hypertext Markup Language - 2.0\r
 * 8.2.1. The form-urlencoded Media Type\r
 * http://tools.ietf.org/html/rfc1866#section-8.2.1\r
 * \r
 * $_SERVER > Language Reference > Predefined Variables > PHP Manual\r
 * http://www.php.net/manual/en/reserved.variables.server.php\r
 */\r
function arrayToServerString($query_elements, $hier_part, &$uri)\r
{\r
        if ( i18n::strpos($uri, "?") !== FALSE )\r
        {\r
                $uri = $hier_part . "?";\r
        }\r
        else\r
        {\r
                $uri = $hier_part;\r
        }\r
        if ( count($query_elements) > 0 )\r
        {\r
                $uri .= implode("&", $query_elements);\r
        }\r
        return;\r
}\r
\r
/**\r
 * sanitizeArray()\r
 * Sanitize array parameters.\r
 * This function checks both key and value.\r
 * - check key if it inclues " (double quote),  remove from array\r
 * - check value if it includes \ (escape sequece), remove remaining string\r
 * \r
 * @param       array   &$array elements of query according to application/x-www-form-urlencoded\r
 * @return      void\r
 */\r
function sanitizeArray(&$array)\r
{\r
        $excludeListForSanitization = array('query');\r
        \r
        foreach ( $array as $k => $v )\r
        {\r
                // split to key and value\r
                list($key, $val) = preg_split("#=#", $v, 2);\r
                if ( !isset($val) )\r
                {\r
                        continue;\r
                }\r
                \r
                // when magic quotes is on, need to use stripslashes,\r
                // and then addslashes\r
                if ( get_magic_quotes_gpc() )\r
                {\r
                        $val = stripslashes($val);\r
                }\r
                \r
                // note that we must use addslashes here because this function is called before the db connection is made\r
                // and sql_real_escape_string needs a db connection\r
                $val = addslashes($val);\r
                \r
                // if $key is included in exclude list, skip this param\r
                if ( !in_array($key, $excludeListForSanitization) )\r
                {\r
                        // check value\r
                        if ( i18n::strpos($val, '\\') > 0 )\r
                        {\r
                                list($val, $tmp) = preg_split('#\\\\#', $val);\r
                        }\r
                        \r
                        // remove control code etc.\r
                        $val = strtr($val, "\0\r\n<>'\"", "       ");\r
                        \r
                        // check key\r
                        if ( preg_match('#\"#', $key) > 0 )\r
                        {\r
                                unset($array[$k]);\r
                                continue;\r
                        }\r
                        \r
                        // set sanitized info\r
                        $array[$k] = sprintf("%s=%s", $key, $val);\r
                }\r
        }\r
        return;\r
}\r
\r
/**\r
 * convArrayForSanitizing()\r
 * Convert array for sanitizeArray function\r
 * \r
 * @param       string  $src    array to be sanitized\r
 * @param       array   &$array array to be temporarily stored\r
 * @return      void\r
 */\r
function convArrayForSanitizing($src, &$array)\r
{\r
        $array = array();\r
        foreach ( $src as $key => $val )\r
        {\r
                if ( !key_exists($key, $_GET) )\r
                {\r
                        continue;\r
                }\r
                $array[] = sprintf("%s=%s", $key, $val);\r
                continue;\r
        }\r
        return;\r
}\r
\r
/**\r
 * revertArrayForSanitizing()\r
 * Revert array after sanitizeArray function\r
 * \r
 * @param       array   $array  element of query according to application/x-www-form-urlencoded\r
 * @param       array   &$dst   combination of key and value\r
 * @return      void\r
 */\r
function revertArrayForSanitizing($array, &$dst)\r
{\r
        foreach ( $array as $v )\r
        {\r
                list($key, $val) = preg_split("#=#", $v, 2);\r
                $dst[$key] = $val;\r
                continue;\r
        }\r
        return;\r
}\r
\r
/**\r
=======
<?php

/*
 * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/)
 * Copyright (C) 2002-2009 The Nucleus Group
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version 2
 * of the License, or (at your option) any later version.
 * (see nucleus/documentation/index.html#license for more info)
 */
/**
 * @license http://nucleuscms.org/license.txt GNU General Public License
 * @copyright Copyright (C) 2002-2009 The Nucleus Group
 * @version $Id: globalfunctions.php 1886 2012-06-17 08:27:27Z sakamocchi $
 */

/* needed if we include globalfunctions from install.php */
global $nucleus, $CONF, $DIR_LIBS, $DIR_LOCALES, $manager, $member, $MYSQL_HANDLER, $StartTime;

/* just for benchmark tag */
$StartTime = microtime(TRUE);

$nucleus['version'] = 'v4.00 SVN';
$nucleus['codename'] = '';

/*
 * make sure there's no unnecessary escaping:
 * set_magic_quotes_runtime(0);
 */
if ( version_compare(PHP_VERSION, '5.3.0', '<') )
{
        ini_set('magic_quotes_runtime', '0');
}

/* check and die if someone is trying to override internal globals (when register_globals turn on) */
checkVars(array('nucleus', 'CONF', 'DIR_LIBS',
'MYSQL_HOST', 'MYSQL_USER', 'MYSQL_PASSWORD', 'MYSQL_DATABASE',
'DIR_LOCALES', 'DIR_PLUGINS',
'HTTP_GET_VARS', 'HTTP_POST_VARS', 'HTTP_COOKIE_VARS', 'HTTP_ENV_VARS',
'HTTP_SESSION_VARS', 'HTTP_POST_FILES', 'HTTP_SERVER_VARS',
'GLOBALS', 'argv', 'argc', '_GET', '_POST', '_COOKIE', '_ENV', '_SESSION', '_SERVER', '_FILES'));

if ( !isset($CONF) )
{
        $CONF = array();
}

/* debug mode */
if ( array_key_exists('debug', $CONF) && $CONF['debug'] )
{
        /* report all errors! */
        error_reporting(E_ALL | E_STRICT);
}
else
{
        ini_set('display_errors','0');
        error_reporting(E_ERROR | E_WARNING | E_PARSE);
}

/*
 * alertOnHeadersSent
 *  Displays an error when visiting a public Nucleus page and headers have
 *  been sent out to early. This usually indicates an error in either a
 *  configuration file or a translation file, and could cause Nucleus to
 *  malfunction
 */
if ( !array_key_exists('alertOnHeadersSent', $CONF) )
{
        $CONF['alertOnHeadersSent'] = 1;
}
/*
 * alertOnSecurityRisk
 * Displays an error only when visiting the admin area, and when one or
 *  more of the installation files (install.php, install.sql, upgrades/
 *  directory) are still on the server.
 */
if ( !array_key_exists('alertOnSecurityRisk', $CONF) )
{
        $CONF['alertOnSecurityRisk'] = 1;
}
/*
 * Set these to 1 to allow viewing of future items or draft items
 * Should really never do this, but can be useful for some plugins that might need to
 * Could cause some other issues if you use future posts otr drafts
 * So use with care
 */
$CONF['allowDrafts'] = 0;
$CONF['allowFuture'] = 0;

if ( getNucleusPatchLevel() > 0 )
{
        $nucleus['version'] .= '/' . getNucleusPatchLevel();
}

/* Avoid notices */
if ( !array_key_exists('installscript', $CONF) || empty($CONF['installscript']) )
{
        $CONF['installscript'] = 0;
}
if ( !array_key_exists('UsingAdminArea', $CONF) )
{
        $CONF['UsingAdminArea'] = 0;
}

if ( !headers_sent() )
{
        header('Generator: Nucleus CMS ' . $nucleus['version']);
}


/* TODO: This is for compatibility since 4.0, should be obsoleted at future release. */
if ( !isset($DIR_LOCALES) )
{
        $DIR_LOCALES = $DIR_NUCLEUS . 'locales/';
}
global $DIR_LANG;
if ( !isset($DIR_LANG) )
{
        $DIR_LANG = $DIR_LOCALES;
}

/* load and initialize i18n class */
if (!class_exists('i18n', FALSE))
{
        include($DIR_LIBS . 'i18n.php');
}
if ( !i18n::init('UTF-8', $DIR_LOCALES) )
{
        exit('Fail to initialize i18n class.');
}

/* TODO: This is just for compatibility since 4.0, should be obsoleted at future release. */
define('_CHARSET', i18n::get_current_charset());


/*
 * NOTE: Since 4.0 release, Entity class becomes to be important class
 *  with some wrapper functions for htmlspechalchars/htmlentity PHP's built-in function
 */
include($DIR_LIBS . 'ENTITY.php');

/* we will use postVar, getVar, ... methods instead of $_GET, $_POST ... */
if ( $CONF['installscript'] != 1 )
{
        /* vars were already included in install.php */
        include_once($DIR_LIBS . 'vars4.1.0.php');
        
        /* added for 4.0 DB::* wrapper and compatibility sql_* */
        include_once($DIR_LIBS . 'sql/sql.php');
}

/* include core classes that are needed for login & plugin handling */
include($DIR_LIBS . 'MEMBER.php');
include($DIR_LIBS . 'ACTIONLOG.php');
include($DIR_LIBS . 'MANAGER.php');
include($DIR_LIBS . 'PLUGIN.php');

$manager =& MANAGER::instance();

/* only needed when updating logs */
if ( $CONF['UsingAdminArea'] )
{
        /* XML-RPC client classes */
        include($DIR_LIBS . 'xmlrpc.inc.php');
        include($DIR_LIBS . 'ADMIN.php');
}


/* connect to database */
if ( !isset($MYSQL_HANDLER) )
{
        $MYSQL_HANDLER = array('mysql','');
}
if ( $MYSQL_HANDLER[0] == '' )
{
        $MYSQL_HANDLER[0] = 'mysql';
}
DB::setConnectionInfo($MYSQL_HANDLER[1], $MYSQL_HOST, $MYSQL_USER, $MYSQL_PASSWORD, $MYSQL_DATABASE);


/* force locale or charset */
$locale = '';
$charset = i18n::get_current_charset();

$data = array(
        'locale'        => &$locale,
        'charset'       => &$charset
);
$manager->notify('ForceLocale', $data);

if ( $data['locale'] !== '' )
{
        i18n::set_forced_locale($data['locale']);
}
if ( $data['charset'] !== '' )
{
        i18n::set_forced_charset($data['charset']);
}
unset($locale);
unset($charset);


/* convert forced charset to current charset */
if ( i18n::get_forced_charset() != i18n::get_current_charset() )
{
        $_POST          = i18n::convert_array($_POST, i18n::get_forced_charset());
        $_GET           = i18n::convert_array($_GET, i18n::get_forced_charset());
        $_REQUEST       = i18n::convert_array($_REQUEST, i18n::get_forced_charset());
        $_COOKIE        = i18n::convert_array($_COOKIE, i18n::get_forced_charset());
        $_FILES         = i18n::convert_array($_FILES, i18n::get_forced_charset());
        
        if ( session_id() !== '' )
        {
                $_SESSION = i18n::convert_array($_SESSION, i18n::get_forced_charset());
        }
}


/* sanitize option */
$bLoggingSanitizedResult = 0;
$bSanitizeAndContinue = 0;
$orgRequestURI = serverVar('REQUEST_URI');
sanitizeParams();

/* logs sanitized result if need */
if ( $orgRequestURI !== serverVar('REQUEST_URI') )
{
        $msg = "Sanitized [" . serverVar('REMOTE_ADDR') . "] ";
        $msg .= $orgRequestURI . " -> " . serverVar('REQUEST_URI');
        if ( $bLoggingSanitizedResult )
        {
                addToLog(WARNING, $msg);
        }
        if ( !$bSanitizeAndContinue )
        {
                die("");
        }
}

/* get all variables that can come from the request and put them in the global scope */
$blogid         = requestVar('blogid');
$itemid         = intRequestVar('itemid');
$catid          = intRequestVar('catid');
$skinid         = requestVar('skinid');
$memberid       = requestVar('memberid');
$archivelist = requestVar('archivelist');
$imagepopup     = requestVar('imagepopup');
$archive        = requestVar('archive');
$query          = requestVar('query');
$highlight      = requestVar('highlight');
$amount         = requestVar('amount');
$action         = requestVar('action');
$nextaction     = requestVar('nextaction');
$maxresults     = requestVar('maxresults');
$startpos       = intRequestVar('startpos');
$errormessage = '';
$error          = '';
$special        = requestVar('special');


/* read config */
getConfig();


/* Properly set $CONF['Self'] and others if it's not set...
 * usually when we are access from admin menu
 */
if ( !array_key_exists('Self', $CONF) )
{
        $CONF['Self'] = $CONF['IndexURL'];
        /* strip trailing */
        if ( $CONF['Self'][i18n::strlen($CONF['Self']) -1] == "/" )
        {
                $CONF['Self'] = i18n::substr($CONF['Self'], 0, i18n::strlen($CONF['Self']) -1);
        }
}

$CONF['ItemURL']                = $CONF['Self'];
$CONF['ArchiveURL']             = $CONF['Self'];
$CONF['ArchiveListURL'] = $CONF['Self'];
$CONF['MemberURL']              = $CONF['Self'];
$CONF['SearchURL']              = $CONF['Self'];
$CONF['BlogURL']                = $CONF['Self'];
$CONF['CategoryURL']    = $CONF['Self'];

/* automatically use simpler toolbar for mozilla */
if ( ($CONF['DisableJsTools'] == 0)
   && i18n::strpos(serverVar('HTTP_USER_AGENT'), 'Mozilla/5.0') !== FALSE
   && i18n::strpos(serverVar('HTTP_USER_AGENT'), 'Gecko') !== FALSE )
{
        $CONF['DisableJsTools'] = 2;
}

/* login processing */
$member = new Member();
if ( $action == 'login' )
{
        $login = postVar('login');
        $password = postVar('password');
        $shared = intPostVar('shared');
        $member->login($login, $password, $shared);
}
elseif ( ($action == 'logout') )
{
        $member->logout();
}
else
{
        $member->cookielogin();
}

/* TODO: This is for backward compatibility, should be obsoleted near future. */
if ( !preg_match('#^(.+)_(.+)_(.+)$#', $CONF['Locale'])
  && ($CONF['Locale'] = i18n::convert_old_language_file_name_to_locale($CONF['Locale'])) === FALSE )
{
        $CONF['Locale'] = 'en_Latn_US';
}
if ( !array_key_exists('Language', $CONF) )
{
        $CONF['Language'] = i18n::convert_locale_to_old_language_file_name($CONF['Locale']);
}
$locale = $CONF['Locale'];


/* NOTE: include translation file and set locale */
if ( $member->isLoggedIn() )
{
        if ( $member->getLocale() )
        {
                $locale = $member->getLocale();
        }
}
else
{
        if ( i18n::get_forced_locale() !== '' )
        {
                $locale = i18n::get_forced_locale();
        }
}
include_translation($locale);
i18n::set_current_locale($locale);


/* login completed */
$data = array('loggedIn' => $member->isLoggedIn());
$manager->notify('PostAuthentication', $data);

/* next action */
if ( $member->isLoggedIn() && $nextaction )
{
        $action = $nextaction;
}

/* first, let's see if the site is disabled or not. always allow admin area access. */
if ( $CONF['DisableSite'] && !$member->isAdmin() && !$CONF['UsingAdminArea'] )
{
        redirect($CONF['DisableSiteURL']);
        exit;
}

/* load other classes */
include($DIR_LIBS . 'PARSER.php');
include($DIR_LIBS . 'SKIN.php');
include($DIR_LIBS . 'TEMPLATE.php');
include($DIR_LIBS . 'BLOG.php');
include($DIR_LIBS . 'BODYACTIONS.php');
include($DIR_LIBS . 'COMMENTS.php');
include($DIR_LIBS . 'COMMENT.php');
include($DIR_LIBS . 'NOTIFICATION.php');
include($DIR_LIBS . 'BAN.php');
include($DIR_LIBS . 'SEARCH.php');
include($DIR_LIBS . 'LINK.php');

/* set lastVisit cookie (if allowed) */
if ( !headers_sent() )
{
        if ( $CONF['LastVisit'] )
        {
                setcookie($CONF['CookiePrefix'] . 'lastVisit', time(), time() + 2592000, $CONF['CookiePath'], $CONF['CookieDomain'], $CONF['CookieSecure']);
        }
        else
        {
                setcookie($CONF['CookiePrefix'] . 'lastVisit', '', (time() - 2592000), $CONF['CookiePath'], $CONF['CookieDomain'], $CONF['CookieSecure']);
        }
}

/* for path resolving */
$virtualpath = getVar('virtualpath');
if ( getVar('virtualpath') == '' )
{
        $virtualpath = serverVar('PATH_INFO');
}

/*
 * switch URLMode back to normal when $CONF['Self'] ends in .php
 * this avoids urls like index.php/item/13/index.php/item/15
 */
if ( !array_key_exists('URLMode', $CONF) || ($CONF['URLMode'] != 'pathinfo') )
{
        $CONF['URLMode'] = 'normal';
}
else
{
        if ( i18n::substr($CONF['Self'], i18n::strlen($CONF['Self']) - 4) != '.php' )
        {
                decodePathInfo($virtualpath);
        }
}

/*
 * PostParseURL is a place to cleanup any of the path-related global variables before the selector function is run.
 * It has 2 values in the data in case the original virtualpath is needed, but most the use will be in tweaking
 * global variables to clean up (scrub out catid or add catid) or to set someother global variable based on
 * the values of something like catid or itemid
 * New in 3.60
 */
$data = array(
        'type' => basename(serverVar('SCRIPT_NAME')),
        'info' => $virtualpath
);
$manager->notify('PostParseURL', $data);

/*
 * NOTE: Here is the end of initialization
 */

/**
 * include_libs()
 * This function includes or requires the specified library file
 * 
 * @param       string  $file
 * @param       boolean $once use the _once() version
 * @param       boolean $require use require() instead of include()
 * @return      void
 */
function include_libs($file, $once = TRUE, $require = TRUE)
{
        global $DIR_LIBS;
        
        // $DIR_LIBS isn't a directory
        if ( !is_dir($DIR_LIBS) )
        {
                exit;
        }
        
        $lib_path = $DIR_LIBS . $file;
        
        if ( $once && $require )
        {
                require_once($lib_path);
        }
        else if ( $once && !$require )
        {
                include_once($lib_path);
        }
        else if ( $require )
        {
                require($lib_path);
        }
        else
        {
                include($lib_path);
        }
        return;
}

/**
 * include_plugins()
 * This function includes or requires the specified plugin file
 * 
 * @param       string  $file
 * @param       boolean $once use the _once() version
 * @param       boolean $require use require() instead of include()
 * @return      
 */
function include_plugins($file, $once = TRUE, $require = TRUE)
{
        global $DIR_PLUGINS;
        
        // begin if: $DIR_LIBS isn't a directory
        if ( !is_dir($DIR_PLUGINS) )
        {
                exit;
        }
        
        $plugin_path = $DIR_PLUGINS . $file;
        
        // begin if: 
        if ( $once && $require )
        {
                require_once($plugin_path);
        }
        else if ( $once && !$require )
        {
                include_once($plugin_path);
        }
        elseif ( $require )
        {
                require($plugin_path);
        }
        else
        {
                include($plugin_path);
        }
        return;
}

/**
 * include_translation()
 * This function decide which locale is used and include translation
 * 
 * @param       string  &$locale        locale name referring to 'language tags' defined in RFC 5646
 * @return      void
 */
function include_translation(&$locale)
{
        global $DIR_LOCALES;
        
        $translation_file = $DIR_LOCALES . $locale . '.' . i18n::get_current_charset() . '.php';
        if ( !file_exists($translation_file) )
        {
                $locale = 'en_Latn_US';
                $translation_file = $DIR_LOCALES . 'en_Latn_US.ISO-8859-1.php';
        }
        include($translation_file);
        
        /*
         * NOTE:
         * PHP is written by C and utilize C library, whose APIs are defined in POSIX.
         * 
         * setlocale() is one of APIs of C library.
         * but the argument value for setlocale() depends on each implements
         * 
         * The latest POSIX standard:
         * The Open Group Base Specifications Issue 7
         * IEEE Std 1003.1™-2008
         * http://pubs.opengroup.org/onlinepubs/9699919799/mindex.html
         * 
         * Microsoft's operating system uses their own implementation
         *  Language Strings
         *   http://msdn.microsoft.com/en-us/library/39cwe7zf%28v=vs.110%29.aspx
         *  Country/Region Strings
         *   http://msdn.microsoft.com/en-us/library/cdax410z%28v=vs.110%29.aspx
         * 
         * Linux and Unix (in this meaning, Apple's OS X derives from UNIX) uses ISO standard.
         *  two characters language tag (ISO 639-1)
         *  two characters region and country lag (ISO 3166-1 alpha-1)
         * 
         */
        if ( PHP_OS == "WIN32" || PHP_OS == "WINNT" )
        {
                /* LOCALE_IN_WINDOWS is defined in each translation files */
                setlocale(LC_ALL, _LOCALE_IN_WINDOWS);
        }
        else
        {
                setlocale(LC_ALL, preg_replace('#(.+)_(.+)_(.+)#', '$1-$3', $locale));
        }
        return;
}

/**
 * intPostVar()
 * This function returns the integer value of $_POST for the variable $name
 * 
 * @param       string  $name   field to get the integer value of
 * @return      integer
 */
function intPostVar($name)
{
        return (integer) postVar($name);
}


/**
 * intGetVar()
 * This function returns the integer value of $_GET for the variable $name
 * 
 * @param       string  $name   field to get the integer value of
 * @return      integer
 */
function intGetVar($name)
{
        return (integer) getVar($name);
}


/**
 * intRequestVar()
 * This function returns the integer value of $_REQUEST for the variable $name. Also checks $_GET and $_POST if not found in $_REQUEST
 * 
 * @param string $name field to get the integer value of
 * @return int
 */
function intRequestVar($name)
{
        return (integer) requestVar($name);
}


/**
 * intCookieVar()
 * This function returns the integer value of $_COOKIE for the variable $name
 * 
 * @param       string  $name   field to get the integer value of
 * @return      integer
 */
function intCookieVar($name)
{
        return (integer) cookieVar($name);
}

/**
 * getNucleusVersion()
 * This function returns the current Nucleus version (100 = 1.00, 101 = 1.01, etc...)
 * 
 * @param       void
 * @return      integer
 */
function getNucleusVersion()
{
        return 400;
}

/**
 * getNucleusPatchLevel()
 * TODO: Better description of this function.
 *
 * Power users can install patches in between nucleus releases. These patches
 * usually add new functionality in the plugin API and allow those to
 * be tested without having to install CVS.
 *
 *@param        void
 * @return      integer
 */
function getNucleusPatchLevel()
{
        return 0;
}

/**
 * getLatestVersion()
 * This function returns the latest Nucleus version available for download from nucleuscms.org or FALSE if unable to attain data
 * Format will be major.minor/patachlevel e.g. 3.41 or 3.41/02
 * 
 * @param       void
 * @return      mixed
 */
function getLatestVersion()
{
        // begin if: cURL is not available in this PHP installation
        if ( !function_exists('curl_init') )
        {
                return FALSE;
        }
        
        $curl = curl_init();
        $timeout = 5;
        
        curl_setopt ($curl, CURLOPT_URL, 'http://nucleuscms.org/version_check.php');
        curl_setopt ($curl, CURLOPT_RETURNTRANSFER, 1);
        curl_setopt ($curl, CURLOPT_CONNECTTIMEOUT, $timeout);
        
        $return = curl_exec($curl);
        
        curl_close($curl);
        
        return $return;
}

/**
 * sql_table()
 * This function returns a Nucleus table name with the appropriate prefix
 * @param string $name
 * @return string
 */
function sql_table($name)
{
        global $MYSQL_PREFIX;
        
        // begin if: no MySQL prefix
        if ( empty($MYSQL_PREFIX) )
        {
                return 'nucleus_' . $name;
        }
        // else: use MySQL prefix
        else
        {
                return $MYSQL_PREFIX . 'nucleus_' . $name;
        }
        return;
}

/**
 * sendContentType()
 * This function sends the Content-Type header if headers have not already been sent
 * It also determines if the browser can accept application/xhtml+xml and sends it only to those that can.
 * 
 * if content type is application/xhtml+xml, only send it to browsers
 * that can handle it (IE6 cannot). Otherwise, send text/html
 *
 * v2.5:
 * For admin area pages, keep sending text/html (unless it's a debug version)
 * application/xhtml+xml still causes too much problems with the javascript implementations
 *
 * v3.3:
 * ($CONF['UsingAdminArea'] && !$CONF['debug']) gets removed,
 * application/xhtml+xml seems to be working, so we're going to use it if we can.
 * 
 * @param       string  $content_type   MIME media type registered to IANA, http://www.iana.org/assignments/media-types/index.html
 * @param       string  $page_type              
 * @param       string  $charset                Deprecated. This has no meaning.
 * @return      void
 * 
 */
function sendContentType($content_type, $page_type = '', $charset = '')
{
        global $manager, $CONF;
        
        if ( headers_sent() )
        {
                return;
        }
        
        /* NOTE: MIME Media Type */
        if ( ($content_type == 'application/xhtml+xml')
                && (!stristr(serverVar('HTTP_ACCEPT'), 'application/xhtml+xml') ) )
        {
                $content_type = 'text/html';
        }
        
        /* NOTE: generate event */
        $data = array(
                'pageType'              =>  $page_type,
                'contentType'   => &$content_type
        );
        $manager->notify('PreSendContentType', $data);
        
        /* NOTE: confirm MIME Media Type */
        $content_type = preg_replace('#[^a-zA-Z0-9-+./]#', '', $content_type);
        
        /* NOTE: confirm character set */
        $charset = i18n::get_current_charset();
        if ( i18n::get_forced_charset() !== '' )
        {
                $charset = i18n::get_forced_charset();
        }
        
        /* NOTE: send HTTP 1.1 header */
        header("Content-Type: {$content_type}; charset={$charset}");
        
        /* NOTE: set handler for translating character set */
        if ( $charset != i18n::get_current_charset() )
        {
                ob_start(array('i18n', 'convert_handler'));
        }
        
        return;
}

/**
 * parseHighlight()
 * This function parses a query into an array of expressions that can be passed on to the highlight method
 * @param       string  $query
 * @return      void
 */
function parseHighlight($query)
{
        // TODO: add more intelligent splitting logic
        
        // get rid of quotes
        $query = preg_replace('/\'|"/', '', $query);
        
        if ( !$query )
        {
                return array();
        }
        
        $aHighlight = preg_split('# #', $query);
        
        for ( $i = 0; $i < count($aHighlight); $i++ )
        {
                $aHighlight[$i] = trim($aHighlight[$i]);
                
                if ( i18n::strlen($aHighlight[$i]) < 3 )
                {
                        unset($aHighlight[$i]);
                }
        }
        
        if ( count($aHighlight) == 1 )
        {
                return $aHighlight[0];
        }
        else
        {
                return $aHighlight;
        }
        return;
}

/**
 * getConfig()
 * 
 * @param       void
 * @return      void
 */
function getConfig()
{
        global $CONF;
        
        $query = sprintf('SELECT * FROM %s', sql_table('config'));
        $res = DB::getResult($query);
        
        foreach ( $res as $row )
        {
                $CONF[$row['name']] = $row['value'];
        }
        return;
}

/**
 * This function gets the blog ID from the blog name
 * @param string $name
 * @return
 */
function getBlogIDFromName($name)
{
        $query = sprintf('SELECT bnumber AS result FROM %s WHERE bshortname=%s', sql_table('blog'), DB::quoteValue($name));
        return DB::getValue($query);
}

/**
 * This function gets the blog name from the blog ID
 * @param int $id
 * @return object
 */
function getBlogNameFromID($id)
{
        $query = sprintf('SELECT bname AS result FROM %s WHERE bnumber=%d', sql_table('blog'), intval($id));
        return DB::getValue($query);
}

/**
 * This function gets the blog ID from the item ID
 * @param int $item_id
 * @return object
 */
function getBlogIDFromItemID($item_id)
{
        $query = sprintf('SELECT iblog AS result FROM %s WHERE inumber=%d', sql_table('item'), intval($item_id));
        return DB::getValue($query);
}

/**
 * This function gets the blog ID from the comment ID
 * @param int $comment_id
 * @return object
 */
function getBlogIDFromCommentID($comment_id)
{
        $query = sprintf('SELECT cblog AS result FROM %s WHERE cnumber=%d', sql_table('comment'), intval($comment_id));
        return DB::getValue($query);
}

/**
 * This function gets the blog ID from the category ID
 * @param int $category_id
 * @return object
 */
function getBlogIDFromCatID($category_id)
{
        $query = sprintf('SELECT cblog AS result FROM %s WHERE catid=%d', sql_table('category'), intval($category_id));
        return DB::getValue($query);
}

/**
 * This function gets the category ID from the category name
 * @param int $name
 * @return object
 */
function getCatIDFromName($name)
{
        $query = sprintf('SELECT catid AS result FROM %s WHERE cname=%s', sql_table('category'), DB::quoteValue($name));
        return DB::getValue($query);
}


/**
 * functions to be used in index.php to select something
 */
function selectBlog($shortname)
{
        global $blogid, $archivelist;
        $blogid = getBlogIDFromName($shortname);
        
        // also force archivelist variable, if it is set
        if ( $archivelist )
        {
                $archivelist = $blogid;
        }
        return;
}
function selectSkin($skinname)
{
        global $skinid;
        $skinid = SKIN::getIdFromName($skinname);
        return;
}
function selectCategory($cat)
{
        global $catid;
        if ( is_numeric($cat) )
        {
                $catid = (integer) $cat;
        }
        else
        {
                $catid = getCatIDFromName($cat);
        }
        return;
}
function selectItem($id)
{
        global $itemid;
        $itemid = (integer) $id;
        return;
}
function selectSpecialSkinType($id)
{
        global $special;
        $special = strtolower($id);
        return;
}
function selector()
{
        global $archive, $archivelist, $archivenext, $archivenextexists, $archiveprev, $archiveprevexists, $archivetype;
        global $blog, $blogid;
        global $catid;
        global $itemid, $itemidnext, $itemidprev, $itemtitlenext, $itemtitleprev;
        global $CONF, $DIR_LIBS, $amount, $errormessage, $imagepopup;
        global $manager, $maxresults, $query;
        global $member, $memberid, $memberinfo;
        global $skinid, $skinpart, $special;
        
        $actionNames = array('addcomment', 'sendmessage', 'createaccount', 'forgotpassword', 'votepositive', 'votenegative', 'plugin');
        $action = requestVar('action');
        
        if ( in_array($action, $actionNames) )
        {
                include_once($DIR_LIBS . 'ACTION.php');
                $a = new Action();
                $errorInfo = $a->doAction($action);
                
                if ( $errorInfo )
                {
                        $errormessage = $errorInfo['message'];
                }
        }
        
        // show error when headers already sent out
        if ( headers_sent() && $CONF['alertOnHeadersSent'] )
        {
                // try to get line number/filename (extra headers_sent params only exists in PHP 4.3+)
                if ( function_exists('version_compare') && version_compare('4.3.0', phpversion(), '<=') )
                {
                        headers_sent($hsFile, $hsLine);
                        $extraInfo = ' in <code>' . $hsFile . '</code> line <code>' . $hsLine . '</code>';
                }
                else
                {
                        $extraInfo = '';
                }
                
                startUpError(
                   "<p>The page headers have already been sent out{$extraInfo}. This could cause Nucleus not to work in the expected way.</p>"
                 . "<p>Usually, this is caused by spaces or newlines at the end of the <code>config.php</code> file, "
                 . "at the end of the translation file or at the end of a plugin file.</p>"
                 . "<p>Please check this and try again.</p>"
                 . "<p>If you don't want to see this error message again, without solving the problem, "
                 . "set <code>{$CONF['alertOnHeadersSent']}</code> in <code>globalfunctions.php</code> to <code>0</code></p>"
                 . "Page headers already sent"
                );
                exit;
        }
        
        // make is so ?archivelist without blogname or blogid shows the archivelist
        // for the default weblog
        if ( serverVar('QUERY_STRING') == 'archivelist' )
        {
                $archivelist = $CONF['DefaultBlog'];
        }
        
        // now decide which type of skin we need
        if ( $itemid )
        {
                // itemid given -> only show that item
                $type = 'item';
                
                if ( !$manager->existsItem($itemid,intval($CONF['allowFuture']),intval($CONF['allowDrafts'])) )
                {
                        doError(_ERROR_NOSUCHITEM);
                        return;
                }
                
                // 1. get timestamp, blogid and catid for item
                $query = 'SELECT itime, iblog, icat FROM %s WHERE inumber=%d';
                $query = sprintf($query, sql_table('item'), intval($itemid));
                $row = DB::getRow($query);
                
                // if a different blog id has been set through the request or selectBlog(),
                // deny access
                
                if ( $blogid && (intval($blogid) != $row['iblog']) )
                {
                        doError(_ERROR_NOSUCHITEM);
                        return;
                }
                
                // if a category has been selected which doesn't match the item, ignore the
                // category. #85
                if ( ($catid != 0) && ($catid != $row['icat']) )
                {
                        $catid = 0;
                }
                
                $blogid = $row['iblog'];
                $timestamp = strtotime($row['itime']);
                
                $b =& $manager->getBlog($blogid);
                
                if ( !$b->isValidCategory($catid) )
                {
                        $query = "SELECT inumber, ititle FROM %s WHERE itime<%s AND idraft=0 AND iblog=%d ORDER BY itime DESC LIMIT 1";
                        $query = sprintf($query, sql_table('item'), DB::formatDateTime($timestamp), intval($blogid));
                }
                else
                {
                        $query = "SELECT inumber, ititle FROM %s WHERE itime<%s AND idraft=0 AND iblog=%d AND icat=%d ORDER BY itime DESC LIMIT 1";
                        $query = sprintf($query, sql_table('item'), DB::formatDateTime($timestamp), intval($blogid), intval($catid));
                }
                $row = DB::getRow($query);
                
                if ( $row )
                {
                        $itemidprev = $row['inumber'];
                        $itemtitleprev = $row['ititle'];
                }
                
                // get next itemid and title
                if ( !$b->isValidCategory($catid) )
                {
                        $query = "SELECT inumber, ititle FROM %s WHERE itime>%s AND itime<=%s AND idraft=0 AND iblog=%d ORDER BY itime ASC LIMIT 1";
                        $query = sprintf($query, sql_table('item'), DB::formatDateTime($timestamp), DB::formatDateTime($b->getCorrectTime()), intval($blogid));
                }
                else
                {
                        $query = "SELECT inumber, ititle FROM %s WHERE itime>%s AND itime<=%s AND idraft=0 AND iblog=%d AND icat=%d ORDER BY itime ASC LIMIT 1";
                        $query = sprintf($query, sql_table('item'), DB::formatDateTime($timestamp), DB::formatDateTime($b->getCorrectTime()), intval($blogid), intval($catid));
                }
                $row = DB::getRow($query);
                
                if ( $row )
                {
                        $itemidnext = $row['inumber'];
                        $itemtitlenext = $row['ititle'];
                }
        }
        elseif ( $archive )
        {
                // show archive
                $type = 'archive';
                
                // sql queries for the timestamp of the first and the last published item
                $query = sprintf('SELECT UNIX_TIMESTAMP(itime) as result FROM %s WHERE idraft=0 ORDER BY itime ASC', sql_table('item'));
                $first_timestamp = DB::getValue($query);
                $query = sprintf('SELECT UNIX_TIMESTAMP(itime) as result FROM %s WHERE idraft=0 ORDER BY itime DESC', sql_table('item'));
                $last_timestamp = DB::getValue($query);
                
                sscanf($archive, '%d-%d-%d', $y, $m, $d);
                
                if ( $d != 0 )
                {
                        $archivetype = _LABEL_DAY_UNIT;
                        $t = mktime(0, 0, 0, $m, $d, $y);
                        // one day has 24 * 60 * 60 = 86400 seconds
                        $archiveprev = i18n::formatted_datetime('%Y-%m-%d', $t - 86400 );
                        // check for published items
                        if ( $t > $first_timestamp )
                        {
                                $archiveprevexists = true;
                        }
                        else
                        {
                                $archiveprevexists = false;
                        }
                        
                        // one day later
                        $t += 86400;
                        $archivenext = i18n::formatted_datetime('%Y-%m-%d', $t);
                        if ( $t < $last_timestamp )
                        {
                                $archivenextexists = true;
                        }
                        else
                        {
                                $archivenextexists = false;
                        }
                }
                elseif ( $m == 0 )
                {
                        $archivetype = _LABEL_YEAR_UNIT;
                        $t = mktime(0, 0, 0, 12, 31, $y - 1);
                        // one day before is in the previous year
                        $archiveprev = i18n::formatted_datetime('%Y', $t);
                        if ( $t > $first_timestamp )
                        {
                                $archiveprevexists = true;
                        }
                        else
                        {
                                $archiveprevexists = false;
                        }

                        // timestamp for the next year
                        $t = mktime(0, 0, 0, 1, 1, $y + 1);
                        $archivenext = i18n::formatted_datetime('%Y', $t);
                        if ( $t < $last_timestamp )
                        {
                                $archivenextexists = true;
                        }
                        else
                        {
                                $archivenextexists = false;
                        }
                }
                else
                {
                        $archivetype = _LABEL_MONTH_UNIT;
                        $t = mktime(0, 0, 0, $m, 1, $y);
                        // one day before is in the previous month
                        $archiveprev = i18n::formatted_datetime('%Y-%m', $t - 86400);
                        if ( $t > $first_timestamp )
                        {
                                $archiveprevexists = true;
                        }
                        else
                        {
                                $archiveprevexists = false;
                        }
                        
                        // timestamp for the next month
                        $t = mktime(0, 0, 0, $m+1, 1, $y);
                        $archivenext = i18n::formatted_datetime('%Y-%m', $t);
                        if ( $t < $last_timestamp )
                        {
                                $archivenextexists = true;
                        }
                        else
                        {
                                $archivenextexists = false;
                        }
                }
        }
        elseif ( $archivelist )
        {
                $type = 'archivelist';
                
                if ( is_numeric($archivelist) )
                {
                        $blogid = intVal($archivelist);
                }
                else
                {
                        $blogid = getBlogIDFromName($archivelist);
                }
        
                if ( !$blogid )
                {
                        doError(_ERROR_NOSUCHBLOG);
                        return;
                }
        }
        elseif ( $query )
        {
                global $startpos;
                $type = 'search';
                $query = stripslashes($query);
                
                if ( is_numeric($blogid) )
                {
                        $blogid = intVal($blogid);
                }
                else
                {
                        $blogid = getBlogIDFromName($blogid);
                }
                
                if ( !$blogid )
                {
                        doError(_ERROR_NOSUCHBLOG);
                        return;
                }
        }
        elseif ( $memberid )
        {
                $type = 'member';
                
                if ( !Member::existsID($memberid) )
                {
                        doError(_ERROR_NOSUCHMEMBER);
                        return;
                }
                $memberinfo = $manager->getMember($memberid);
        }
        elseif ( $imagepopup )
        {
                // media object (images etc.)
                $type = 'imagepopup';
                
                // TODO: check if media-object exists
                // TODO: set some vars?
        }
        else
        {
                // show regular index page
                global $startpos;
                $type = 'index';
        }
        
        // any type of skin with catid
        if ( $catid && !$blogid )
        {
                $blogid = getBlogIDFromCatID($catid);
        }
        
        // decide which blog should be displayed
        if ( !$blogid )
        {
                $blogid = $CONF['DefaultBlog'];
        }
        
        $b =& $manager->getBlog($blogid);
        $blog = $b; // references can't be placed in global variables?
        
        if ( !$blog->isValid )
        {
                doError(_ERROR_NOSUCHBLOG);
                return;
        }
        
        // set catid if necessary
        if ( $catid )
        {
                // check if the category is valid
                if ( !$blog->isValidCategory($catid) )
                {
                        doError(_ERROR_NOSUCHCATEGORY);
                        return;
                }
                else
                {
                        $blog->setSelectedCategory($catid);
                }
        }
        
        if ( !$skinid )
        {
                $skinid = $blog->getDefaultSkin();
        }
        
        if ( !empty($special) && isValidShortName($special) )
        {
                $type = strtolower($special);
        }
        
        $skin =& $manager->getSkin($skinid);
        
        if ( !$skin->isValid() )
        {
                doError(_ERROR_NOSUCHSKIN);
                return;
        }
        
        // set global skinpart variable so can determine quickly what is being parsed from any plugin or phpinclude
        $skinpart = $type;
        
        // parse the skin
        $skin->parse($type);
        
        // check to see we should throw JustPosted event
        $blog->checkJustPosted();
        return;
}

/**
 * doError()
 * Show error skin with given message. An optional skin-object to use can be given
 * 
 * @param       string  $msg
 * @param       string  $skin
 * @return      void
 */
function doError($msg, $skin = '')
{
        global $errormessage, $CONF, $skinid, $blogid, $manager;
        
        if ( $skin == '' )
        {
                if ( Skin::existsID($skinid) )
                {
                        $id = $skinid;
                }
                elseif ( $manager->existsBlogID($blogid) )
                {
                        $blog =& $manager->getBlog($blogid);
                        $id = $blog->getDefaultSkin();
                }
                elseif ($CONF['DefaultBlog'] )
                {
                        $blog =& $manager->getBlog($CONF['DefaultBlog']);
                        $id = $blog->getDefaultSkin();
                }
                else
                {
                        // this statement should actually never be executed
                        $id = $CONF['BaseSkin'];
                }
                $skin =& $manager->getSkin($id);
        }
        
        $errormessage = $msg;
        $skin->parse('error');
        return;
}

/**
 * Errors before the database connection has been made
 * 
 * @param       string  $msg    message to notify
 * @param       string  $title  page title
 * @return      void
 */
function startUpError($msg, $title)
{
        header('Content-Type: text/xml; charset=' . i18n::get_current_charset());
        echo "<html xmlns=\"http://www.w3.org/1999/xhtml\">\n";
        echo "<head>\n";
        echo "<title>{$title}</title></head>\n";
        echo "<body>\n";
        echo "<h1>{$title}</h1>\n";
        echo $msg;
        echo "</body>\n";
        echo "</html>\n";
        exit;
}

function isValidShortName($name)
{
        return preg_match('#^[a-z0-9]+$#i', $name);
}
function isValidDisplayName($name)
{
        return preg_match('#^[a-z0-9]+[a-z0-9 ]*[a-z0-9]+$#i', $name);
}
function isValidCategoryName($name)
{
        return 1;
}
function isValidTemplateName($name)
{
        return preg_match('#^[a-z0-9/_\-]+$#i', $name);
}
function isValidSkinName($name)
{
        return preg_match('#^[a-z0-9/_\-]+$#i', $name);
}

// add and remove linebreaks
function addBreaks($var)
{
        return nl2br($var);
}
function removeBreaks($var)
{
        return preg_replace("/<br \/>([\r\n])/", "$1", $var);
}

/**
 * parseFile()
 * 
 * @param       string  $filename
 * @param       string  $includeMode
 * @param       string  $includePrefix
 * @return      void
 */
function parseFile($filename, $includeMode = 'normal', $includePrefix = '')
{
        global $manager, $skinid;
        
        if ( !$skinid || !existsID($skinid) )
        {
                $skin =& $manager->getSkin($CONF['BaseSkin']);
        }
        else
        {
                $skin =& $manager->getSkin($skinid);
        }
        
        $oldIncludeMode = Parser::getProperty('IncludeMode');
        $oldIncludePrefix = Parser::getProperty('IncludePrefix');
        
        $skin->parse('fileparse', $filename);
        
        Parser::setProperty('IncludeMode', $oldIncludeMode);
        Parser::setProperty('IncludePrefix', $oldIncludePrefix);
        
        return;
}

/**
 * debug()
 * Outputs a debug message
 * 
 * @param       string  $msg
 * @return      void
 */
function debug($msg)
{
        echo '<p><b>' . $msg . "</b></p>\n";
        return;
}

// shows a link to help file
function help($id)
{
        echo helpHtml($id);
        return;
}
function helpHtml($id)
{
        global $CONF;
        return helplink($id) . '<img src="' . $CONF['AdminURL'] . 'documentation/icon-help.gif" width="15" height="15" alt="' . _HELP_TT . '" title="' . _HELP_TT . '" /></a>';
}
function helplink($id)
{
        global $CONF;
        return '<a href="' . $CONF['AdminURL'] . 'documentation/help.html#'. $id . '" onclick="if (event &amp;&amp; event.preventDefault) event.preventDefault(); return help(this.href);">';
}

/**
 * includephp()
 * Includes a PHP file. This method can be called while parsing templates and skins
 * 
 * @param       string  $filename       name of file to parse
 * @return      void
 */
function includephp($filename)
{
        // make predefined variables global, so most simple scripts can be used here
        
        // apache (names taken from PHP doc)
        global $GATEWAY_INTERFACE, $SERVER_NAME, $SERVER_SOFTWARE, $SERVER_PROTOCOL;
        global $REQUEST_METHOD, $QUERY_STRING, $DOCUMENT_ROOT, $HTTP_ACCEPT;
        global $HTTP_ACCEPT_CHARSET, $HTTP_ACCEPT_ENCODING, $HTTP_ACCEPT_LANGUAGE;
        global $HTTP_CONNECTION, $HTTP_HOST, $HTTP_REFERER, $HTTP_USER_AGENT;
        global $REMOTE_ADDR, $REMOTE_PORT, $SCRIPT_FILENAME, $SERVER_ADMIN;
        global $SERVER_PORT, $SERVER_SIGNATURE, $PATH_TRANSLATED, $SCRIPT_NAME;
        global $REQUEST_URI;
        
        // php (taken from PHP doc)
        global $argv, $argc, $PHP_SELF, $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $HTTP_POST_VARS;
        global $HTTP_POST_FILES, $HTTP_ENV_VARS, $HTTP_SERVER_VARS, $HTTP_SESSION_VARS;
        
        // other
        global $PATH_INFO, $HTTPS, $HTTP_RAW_POST_DATA, $HTTP_X_FORWARDED_FOR;
        
        if ( @file_exists($filename) )
        {
                include($filename);
        }
        return;
}

/**
 * Checks if a certain plugin exists
 * @param       string  $plug   name of plugin
 * @return      boolean exists or not
 */
function checkPlugin($name)
{
        global $DIR_PLUGINS;
        return file_exists($DIR_PLUGINS . preg_replace('#[\\\\|/]#', '', $name) . '.php');
}

/**
 * alterQueryStr()
 * 
 * @param       string  $querystr       querystring to alter (e.g. foo=1&bar=2&x=y)
 * @param       string  $param  name of parameter to change (e.g. 'foo')
 * @param       string  $value  New value for that parameter (e.g. 3)
 * @return      string  altered query string (for the examples above: foo=3&bar=2&x=y)
 */
function alterQueryStr($querystr, $param, $value)
{
        $vars = preg_split('#&#', $querystr);
        $set = FALSE;
        
        for ( $i = 0; $i < count($vars); $i++ )
        {
                $v = preg_split('#=#', $vars[$i]);
                
                if ( $v[0] == $param )
                {
                        $v[1] = $value;
                        $vars[$i] = implode('=', $v);
                        $set = true;
                        break;
                }
        }
        if ( !$set )
        {
                $vars[] = "{$param}={$value}";
        }
        return ltrim(implode('&', $vars), '&');
}

/**
 * passVar()
 * passes one variable as hidden input field (multiple fields for arrays)
 * @see passRequestVars in varsx.x.x.php
 * 
 * @param       string  $key
 * @param       string  $value
 * @return      void
 */
function passVar($key, $value)
{
        // array ?
        if ( is_array($value) )
        {
                for ( $i = 0; $i < sizeof($value); $i++ )
                {
                        passVar($key . '[' . $i . ']', $value[$i]);
                }
                return;
        }
        
        // other values: do stripslashes if needed
        echo '<input type="hidden" name="' . Entity::hsc($key) . '" value="' . Entity::hsc(undoMagic($value)) . '" />' . "\n";
        return;
}

/**
 * checkVars()
 * 
 * @param       string  $variables
 * @return      void
 */
function checkVars($variables)
{
        foreach ( $variables as $variable )
        {
                if ( array_key_exists($variable, $_GET)
                  || array_key_exists($variable, $_POST)
                  || array_key_exists($variable, $_COOKIE)
                  || array_key_exists($variable, $_ENV)
                  || (session_id() !== '' && array_key_exists($variable, $_SESSION))
                  || array_key_exists($variable, $_FILES) )
                {
                        die('Sorry. An error occurred.');
                }
        }
        return;
}

/**
 * sanitizeParams()
 * Sanitize parameters such as $_GET and $_SERVER['REQUEST_URI'] etc.
 * to avoid XSS.
 * 
 * @param       void
 * @return      void
 */
function sanitizeParams()
{
        $array = array();
        $str = '';
        $frontParam = '';
        
        // REQUEST_URI of $_SERVER
        $str =& $_SERVER["REQUEST_URI"];
        serverStringToArray($str, $array, $frontParam);
        sanitizeArray($array);
        arrayToServerString($array, $frontParam, $str);
        
        // QUERY_STRING of $_SERVER
        $str =& $_SERVER["QUERY_STRING"];
        serverStringToArray($str, $array, $frontParam);
        sanitizeArray($array);
        arrayToServerString($array, $frontParam, $str);
        
        // $_GET
        convArrayForSanitizing($_GET, $array);
        sanitizeArray($array);
        revertArrayForSanitizing($array, $_GET);
        
        // $_REQUEST (only GET param)
        convArrayForSanitizing($_REQUEST, $array);
        sanitizeArray($array);
        revertArrayForSanitizing($array, $_REQUEST);
        
        return;
}

function _addInputTags(&$keys,$prefix='')
{
        foreach ( $keys as $key=>$value )
        {
                if ( $prefix )
                {
                        $key=$prefix.'['.$key.']';
                }
                if ( is_array($value) )
                {
                        _addInputTags($value,$key);
                }
                else
                {
                        if ( get_magic_quotes_gpc() )
                                {$value=stripslashes($value);
                        }
                        if ( $key == 'ticket' )
                        {
                                continue;
                        }
                        echo '<input type="hidden" name="'.Entity::hsc($key).
                             '" value="'.Entity::hsc($value).'" />'."\n";
                }
        }
        return;
}

/**
 * serverStringToArray()
 * Convert the server string such as $_SERVER['REQUEST_URI']
 * to arry like arry['blogid']=1 and array['page']=2 etc.
 * 
 * @param       string   $uri                           string
 * @param       string  &$query_elements        elements of query according to application/x-www-form-urlencoded
 * @param       string  &$hier_part                     hierarchical part includes path
 * 
 * NOTE:
 * RFC 3986: Uniform Resource Identifiers (URI): Generic Syntax
 * 3.  Syntax Components
 * http://www.ietf.org/rfc/rfc3986.txt
 * 
 * Hypertext Markup Language - 2.0
 * 8.2.1. The form-urlencoded Media Type
 * http://tools.ietf.org/html/rfc1866#section-8.2.1
 * 
 * $_SERVER > Language Reference > Predefined Variables > PHP Manual
 * http://www.php.net/manual/en/reserved.variables.server.php
 */
function serverStringToArray($uri, &$query_elements, &$hier_part)
{
        // init param
        $query_elements = array();
        $hier_part = "";
        
        // split hierarchical part, e.g. /index.php, query and fragment, e.g. blogid=1&page=2#section1
        if ( i18n::strpos($uri, "?") > 0 )
        {
                list($hier_part, $query_and_fragment) = preg_split("#\?#", $uri, 2);
        }
        else
        {
                $query_and_fragment = $uri;
                $hier_part = '';
        }
        
        // If there is no query like blogid=1&page=2, return
        if ( i18n::strpos($uri, "=") == FALSE && !i18n::strlen($hier_part) )
        {
                $hier_part = $uri;
                return;
        }
        
        $query_elements = preg_split("#&#", $query_and_fragment);
        return;
}

/**
 * arrayToServerString()
 * Convert array like array['blogid'] to server string
 * such as $_SERVER['REQUEST_URI']
 * 
 * @param       array    $query_elements        elements of query according to application/x-www-form-urlencoded
 * @param       string   $hier_part                     hier-part defined in RFC3986
 * @param       string  &$uri                           return value
 * @return      void
 * 
 * NOTE:
 * RFC 3986: Uniform Resource Identifiers (URI): Generic Syntax
 * 3.  Syntax Components
 * http://www.ietf.org/rfc/rfc3986.txt
 * 
 * Hypertext Markup Language - 2.0
 * 8.2.1. The form-urlencoded Media Type
 * http://tools.ietf.org/html/rfc1866#section-8.2.1
 * 
 * $_SERVER > Language Reference > Predefined Variables > PHP Manual
 * http://www.php.net/manual/en/reserved.variables.server.php
 */
function arrayToServerString($query_elements, $hier_part, &$uri)
{
        if ( i18n::strpos($uri, "?") !== FALSE )
        {
                $uri = $hier_part . "?";
        }
        else
        {
                $uri = $hier_part;
        }
        if ( count($query_elements) > 0 )
        {
                $uri .= implode("&", $query_elements);
        }
        return;
}

/**
 * sanitizeArray()
 * Sanitize array parameters.
 * This function checks both key and value.
 * - check key if it inclues " (double quote),  remove from array
 * - check value if it includes \ (escape sequece), remove remaining string
 * 
 * @param       array   &$array elements of query according to application/x-www-form-urlencoded
 * @return      void
 */
function sanitizeArray(&$array)
{
        $excludeListForSanitization = array('query');
        
        foreach ( $array as $k => $v )
        {
                // split to key and value
                list($key, $val) = preg_split("#=#", $v, 2);
                if ( !isset($val) )
                {
                        continue;
                }
                
                // when magic quotes is on, need to use stripslashes,
                // and then addslashes
                if ( get_magic_quotes_gpc() )
                {
                        $val = stripslashes($val);
                }
                
                // note that we must use addslashes here because this function is called before the db connection is made
                // and sql_real_escape_string needs a db connection
                $val = addslashes($val);
                
                // if $key is included in exclude list, skip this param
                if ( !in_array($key, $excludeListForSanitization) )
                {
                        // check value
                        if ( i18n::strpos($val, '\\') > 0 )
                        {
                                list($val, $tmp) = preg_split('#\\\\#', $val);
                        }
                        
                        // remove control code etc.
                        $val = strtr($val, "\0\r\n<>'\"", "       ");
                        
                        // check key
                        if ( preg_match('#\"#', $key) > 0 )
                        {
                                unset($array[$k]);
                                continue;
                        }
                        
                        // set sanitized info
                        $array[$k] = sprintf("%s=%s", $key, $val);
                }
        }
        return;
}

/**
 * convArrayForSanitizing()
 * Convert array for sanitizeArray function
 * 
 * @param       string  $src    array to be sanitized
 * @param       array   &$array array to be temporarily stored
 * @return      void
 */
function convArrayForSanitizing($src, &$array)
{
        $array = array();
        foreach ( $src as $key => $val )
        {
                if ( !key_exists($key, $_GET) )
                {
                        continue;
                }
                $array[] = sprintf("%s=%s", $key, $val);
                continue;
        }
        return;
}

/**
 * revertArrayForSanitizing()
 * Revert array after sanitizeArray function
 * 
 * @param       array   $array  element of query according to application/x-www-form-urlencoded
 * @param       array   &$dst   combination of key and value
 * @return      void
 */
function revertArrayForSanitizing($array, &$dst)
{
        foreach ( $array as $v )
        {
                list($key, $val) = preg_split("#=#", $v, 2);
                $dst[$key] = $val;
                continue;
        }
        return;
}

/**
>>>>>>> skinnable-master
 * decodePathInfo()
 * 
 * @param       string  $virtualpath
 * @return      void
 */
function decodePathInfo($virtualpath)
{
        global $CONF, $manager, $archive, $blog, $catid, $memberid, $special;
        
        /* initialize keywords if this hasn't been done before */
        if ( !isset($CONF['ItemKey']) || empty($CONF['ItemKey']) )
        {
                $CONF['ItemKey'] = 'item';
        }
        
        if ( !isset($CONF['ArchiveKey']) || empty($CONF['ArchiveKey']) )
        {
                $CONF['ArchiveKey'] = 'archive';
        }
        
        if ( !isset($CONF['ArchivesKey']) || empty($CONF['ArchivesKey']) )
        {
                $CONF['ArchivesKey'] = 'archives';
        }
        
        if ( !isset($CONF['MemberKey']) || empty($CONF['MemberKey']) )
        {
                $CONF['MemberKey'] = 'member';
        }
        
        if ( !isset($CONF['BlogKey']) || empty($CONF['BlogKey']) )
        {
                $CONF['BlogKey'] = 'blog';
        }
        
        if ( !isset($CONF['CategoryKey']) || empty($CONF['CategoryKey']) )
        {
                $CONF['CategoryKey'] = 'category';
        }
        
        if ( !isset($CONF['SpecialskinKey']) || empty($CONF['SpecialskinKey']) )
        {
                $CONF['SpecialskinKey'] = 'special';
        }
        
        $parsed = FALSE;
        $data = array(
                'type'          =>  basename(serverVar('SCRIPT_NAME') ),
                'info'          =>  $virtualpath,
                'complete'      => &$parsed
        );
        $manager->notify('ParseURL', $data);
        
        /* already parsed by the other subsystem */
        if ( $parsed )
        {
                return;
        }
        /* default implementation */
        $data = preg_split("#/#", $virtualpath);
        for ( $i = 0; $i < sizeof($data); $i++ )
        {
                switch ( $data[$i] )
                {
                        /* item/1 (blogid) */
                        case $CONF['ItemKey']:
                                $i++;
                                
                                if ( $i < sizeof($data) )
                                {
                                        $itemid = (integer) $data[$i];
                                }
                                break;
                        
                        /* archives/1 (blogid) */
                        case $CONF['ArchivesKey']:
                                        $i++;
                                        if ( $i < sizeof($data) )
                                        {
                                                $archivelist = (integer) $data[$i];
                                        }
                                        break;
                                
                        /* two possibilities: archive/yyyy-mm or archive/1/yyyy-mm (with blogid) */
                        case $CONF['ArchiveKey']:
                                if ( (($i + 1) < sizeof($data) ) && (i18n::strpos($data[$i + 1], '-') === FALSE ) )
                                {
                                        $blogid = (integer) $data[++$i];
                                }
                                $i++;
                                if ( $i < sizeof($data) )
                                {
                                        $archive = $data[$i];
                                }
                                break;
                                
                        /* blogid/1 */
                        case 'blogid':
                        /* blog/1 */
                        case $CONF['BlogKey']:
                                $i++;
                                if ( $i < sizeof($data) )
                                {
                                        $blogid = intval($data[$i]);
                                }
                                break;
                        
                        /* category/1 (catid) */
                        case $CONF['CategoryKey']:
                        case 'catid':
                                $i++;
                                if ( $i < sizeof($data) )
                                {
                                        $catid = intval($data[$i]);
                                }
                                break;
                        
                        case $CONF['MemberKey']:
                                $i++;
                                if ( $i < sizeof($data) )
                                {
                                        $memberid = intval($data[$i]);
                                }
                                break;
                        
                        case $CONF['SpecialskinKey']:
                                $i++;
                                if ( $i < sizeof($data) )
                                {
                                        $special = $data[$i];
                                }
                                break;
                        
                        default:
                                /* do nothing */
                                break;
                }
        }
        
        return;
}


/**
<<<<<<< HEAD
 * redirect()\r
 * Stops processing the request and redirects to the given URL.\r
 * - no actual contents should have been sent to the output yet\r
 * - the URL will be stripped of illegal or dangerous characters\r
 * \r
 * @param       string  $uri\r
 * @return      void\r
 */\r
function redirect($url)\r
{\r
        $url = preg_replace('#[^a-z0-9-~+_.?\#=&;,/:@%*]#i', '', $url);\r
        header('Location: ' . $url);\r
        exit;\r
}\r
\r
/**\r
 * getBookmarklet()\r
 * Returns the Javascript code for a bookmarklet that works on most modern browsers\r
 * \r
 * @param       integer $blogid ID for weblog\r
 * @return      script to call Bookmarklet\r
 */\r
function getBookmarklet($blogid, $width=600,  $height=500)\r
{\r
        global $CONF;\r
        \r
        $script = "Q='';"\r
                . "x=document;"\r
                . "y=window;"\r
                . "if ( x.selection )"\r
                . "{"\r
                . " Q=x.selection.createRange().text;"\r
                . "}"\r
                . "else if ( y.getSelection )"\r
                . "{"\r
                . " Q=y.getSelection();"\r
                . "}"\r
                . "else if ( x.getSelection )"\r
                . "{"\r
                . " Q=x.getSelection();"\r
                . "}"\r
                . "wingm = window.open('{$CONF['AdminURL']}bookmarklet.php?blogid={$blogid}"\r
                . " &logtext=' + encodeURIComponent(Q) +"\r
                . " '&loglink=' + encodeURIComponent(x.location.href) +"\r
                . " '&loglinktitle=' + encodeURIComponent(x.title),"\r
                . " 'nucleusbm',"\r
                . " 'scrollbars=yes,width={$width},height={$height},left=10,top=10,status=yes,resizable=yes');"\r
                . "wingm.focus();";\r
        \r
        return $script;\r
}\r
\r
/**\r
 * cleanFileName()\r
 * cleans filename of uploaded file for writing to file system\r
 *\r
 * @param       string  $str\r
 * @return      string  $cleaned filename ready for use\r
 */\r
function cleanFileName($str)\r
{\r
        $str = strtolower($str);\r
        $ext_point = i18n::strrpos($str,".");\r
        if ( $ext_point === FALSE )\r
        {\r
                return FALSE;\r
        }\r
        $ext = i18n::substr($str,$ext_point,i18n::strlen($str));\r
        $str = i18n::substr($str,0,$ext_point);\r
        \r
        return preg_replace("#[^a-z0-9-]#", "_", $str) . $ext;\r
}\r
\r
/**\r
 * use Notification class instead of this\r
 * Deprecated since 4.0:\r
 */\r
function getMailFooter()\r
{\r
        NOTIFICATION::get_mail_footer();\r
}\r
function isValidMailAddress($address)\r
{\r
        return NOTIFICATION::address_validation($address);\r
}\r
/**\r
 * use Entity class instead of this\r
 * Deprecated since 4.0:\r
 */\r
function highlight($text, $expression, $highlight)\r
{\r
        return Entity::highlight($text, $expression, $highlight);\r
}\r
function shorten($string, $maxlength, $suffix)\r
{\r
        return Entity::shorten($string, $maxlength, $suffix);\r
}\r
function stringStripTags ($string)\r
{\r
        return Entity::strip_tags($string);\r
}\r
function toAscii($string)\r
{\r
        return Entity::anchor_footnoting($string);\r
}\r
function stringToAttribute ($string)\r
{\r
        return Entity::hsc($string);\r
}\r
function stringToXML ($string)\r
{\r
        return Entity::hen($string);\r
}\r
function encode_desc($data)\r
{\r
        return Entity::hen($data);\r
}\r
/**\r
 * Centralisation of the functions that deals with locales\r
 * This functions is based on the old way to deal with languages\r
 * Deprecated since 4.0:\r
 */\r
function getLanguageName()\r
{\r
        if( ($language = i18n::convert_locale_to_old_language_file_name(i18n::get_current_locale())) === FALSE )\r
        {\r
                $language ='english';\r
        }\r
        return $language;\r
}\r
function selectLanguage($language)\r
{\r
        global $DIR_LANG;\r
        include($DIR_LANG . preg_replace('#[\\\\|/]#', '', $language) . '.php');\r
        return;\r
}\r
/**\r
 * use i18n class instead of these\r
 * Deprecated since 4.0\r
 */\r
function checkLanguage($lang)\r
{\r
        return ( preg_match('#^(.+)_(.+)_(.+)$#', $lang)\r
          || i18n::convert_old_language_file_name_to_locale($lang) );\r
}\r
function formatDate($format, $timestamp, $default_format, &$blog)\r
{\r
        $offset = date('Z', $timestamp);\r
        if ( $blog )\r
        {\r
                $offset += $blog->getTimeOffset() * 3600;\r
        }\r
        return i18n::formatted_datetime($format, $timestamp, $offset, $default_format);\r
}\r
\r
/**\r
 * use DB class instead of these\r
 * Deprecated since 4.0\r
 */\r
function quickQuery($query)\r
{\r
        $row = DB::getRow($query);\r
        return $row['result'];\r
}\r
function mysqldate($timestamp)\r
{\r
        return DB::formatDateTime($timestamp);\r
 }\r
/**\r
 * Centralisation of the functions that generate links\r
 * Deprecated since 4.0:\r
 * Please use Link::FunctionName(...) instead\r
 */\r
function createItemLink($itemid, $extra = '')\r
{\r
        return Link::create_item_link($itemid, $extra);\r
}\r
function createMemberLink($memberid, $extra = '')\r
{\r
        return Link::create_member_link($memberid, $extra);\r
}\r
function createCategoryLink($catid, $extra = '')\r
{\r
        return Link::create_category_link($catid, $extra);\r
}\r
function createArchiveListLink($blogid = '', $extra = '')\r
{\r
        return Link::create_archivelist_link($blogid, $extra);\r
}\r
function createArchiveLink($blogid, $archive, $extra = '')\r
{\r
        return Link::create_archive_link($blogid, $archive, $extra);\r
}\r
function createBlogidLink($blogid, $params = '')\r
{\r
        return Link::create_blogid_link($blogid, $params = '');\r
}\r
function createLink($type, $params)\r
{\r
        return Link::create_link($type, $params);\r
}\r
function createBlogLink($url, $params)\r
{\r
        return Link::create_blog_link($url, $params);\r
}\r
/**\r
 * use ActionLog class instead of this\r
 * Deprecated since 4.0\r
 */\r
function addToLog($level, $msg)\r
{\r
        ActionLog::add($level, $msg);\r
}\r
/**\r
 * use PHP's implement\r
 * Deprecated since 4.0\r
 */\r
function ifset(&$var)\r
{\r
        if ( isset($var) )\r
        {\r
                return $var;\r
        }\r
        \r
        return NULL;\r
}\r
/**\r
 * use Manager::getPluginNameFromPid() instead of this\r
 * Deprecated since 4.0\r
 */\r
function getPluginNameFromPid($pid)\r
{\r
        global $manager;\r
        return $manager->getPluginNameFromPid($pid);\r
}\r
/**\r
 * use Manager::numberOfEventSubscribers() instead of this\r
 * Deprecated since 4.0\r
 */\r
function numberOfEventSubscribers($event)\r
{\r
        global $manager;\r
        return $manager->getNumberOfSubscribers($event);\r
}\r
\r
/**\r
 * PluginAdmin has already the alternative implement\r
 * Deprecated since 4.0\r
 */\r
function ticketForPlugin()\r
{\r
        global $CONF, $DIR_LIBS, $DIR_LOCALES, $DIR_PLUGINS, $manager, $member, $ticketforplugin;\r
        \r
        /* initialize */\r
        $ticketforplugin = array();\r
        $ticketforplugin['ticket'] = FALSE;\r
        \r
        /* Check if using plugin's php file. */\r
        $p_translated = serverVar('SCRIPT_FILENAME');\r
        \r
        if (!file_exists($p_translated) )\r
        {\r
                header("HTTP/1.0 404 Not Found");\r
                exit('');\r
        }\r
        \r
        // check whether this is plugin or not\r
        $p_translated = str_replace('\\', '/', $p_translated);\r
        $d_plugins = str_replace('\\', '/', $DIR_PLUGINS);\r
        if ( i18n::strpos($p_translated, $d_plugins) !== 0 )\r
        {\r
                return;\r
        }\r
        \r
        // Solve the plugin php file or admin directory\r
        $phppath = i18n::substr($p_translated, i18n::strlen($d_plugins) );\r
        // Remove the first "/" if exists.\r
        $phppath = preg_replace('#^/#', '', $phppath);\r
        // Remove the first "NP_" and the last ".php" if exists.\r
        $path = preg_replace('#^NP_(.*)\.php$#', '$1', $phppath);\r
        // Remove the "/" and beyond.\r
        $path = preg_replace('#^([^/]*)/(.*)$#', '$1', $path);\r
        \r
        // Solve the plugin name.\r
        $plugins = array();\r
        $query = sprintf('SELECT pfile FROM %s;', sql_table('plugin'));\r
        $res = DB::getResult($query);\r
        \r
        foreach ( $res as $row )\r
        {\r
                $name = i18n::substr($row['pfile'], 3);\r
                $plugins[strtolower($name)] = $name;\r
        }\r
        \r
        $res->closeCursor();\r
        \r
        if ( !array_key_exists($path, $plugins) )\r
        {\r
                header("HTTP/1.0 404 Not Found");\r
                exit('');\r
        }\r
        else\r
        {\r
                $plugin_name = $plugins[$path];\r
        }\r
        \r
        /* Return if not index.php */\r
        if ( ($phppath != strtolower($plugin_name) . '/')\r
          && ($phppath != strtolower($plugin_name) . '/index.php') )\r
        {\r
                return;\r
        }\r
        \r
        /* Exit if not logged in. */\r
        if ( !$member->isLoggedIn() )\r
        {\r
                exit('You aren\'t logged in.');\r
        }\r
        \r
        /* Check if this feature is needed (ie, if "$manager->checkTicket()" is not included in the script). */\r
        if ( $file = @file($p_translated) )\r
        {\r
                $prevline = '';\r
                \r
                foreach($file as $line)\r
                {\r
                        if (preg_match('#[\$]manager([\s]*)[\-]>([\s]*)checkTicket([\s]*)[\(]#i', $prevline . $line) )\r
                        {\r
                                return;\r
                        }\r
                        \r
                        $prevline = $line;\r
                }\r
        }\r
        \r
        /* Show a form if not valid ticket */\r
        if ( (i18n::strpos(serverVar('REQUEST_URI'), '?') !== FALSE\r
          || serverVar('QUERY_STRING')\r
          || strtoupper(serverVar('REQUEST_METHOD') ) == 'POST')\r
          && !$manager->checkTicket() )\r
        {\r
                $oPluginAdmin = new PluginAdmin($plugin_name);\r
                $oPluginAdmin->start();\r
                \r
                echo '<p>' . _ERROR_BADTICKET . "</p>\n";\r
                \r
                // Resolve URI and QUERY_STRING\r
                if ($uri = serverVar('REQUEST_URI') )\r
                {\r
                        list($uri, $qstring) = preg_split('#\?#', $uri);\r
                }\r
                else\r
                {\r
                        if ( !($uri = serverVar('PHP_SELF') ) )\r
                        {\r
                                $uri = serverVar('SCRIPT_NAME');\r
                        }\r
                        $qstring = serverVar('QUERY_STRING');\r
                }\r
                if ($qstring)\r
                {\r
                        $qstring = '?' . $qstring;\r
                }\r
                \r
                echo '<p>' . _SETTINGS_UPDATE . ' : ' . _QMENU_PLUGINS . ' <span style="color:red;">' . Entity::hsc($plugin_name) . "</span> ?</p>\n";\r
                \r
                switch(strtoupper(serverVar('REQUEST_METHOD') ) )\r
                {\r
                        case 'POST':\r
                                echo '<form method="POST" action="'.Entity::hsc($uri.$qstring).'">';\r
                                $manager->addTicketHidden();\r
                                _addInputTags($_POST);\r
                                break;\r
                        \r
                        case 'GET':\r
                                echo '<form method="GET" action="'.Entity::hsc($uri).'">';\r
                                $manager->addTicketHidden();\r
                                _addInputTags($_GET);\r
                        \r
                        default:\r
                                break;\r
                }\r
                \r
                echo '<input type="submit" value="' . _YES . '" />&nbsp;&nbsp;&nbsp;&nbsp;';\r
                echo '<input type="button" value="' . _NO . '" onclick="history.back(); return false;" />';\r
                echo "</form>\n";\r
                \r
                $oPluginAdmin->end();\r
                exit;\r
        }\r
        \r
        /* Create new ticket */\r
        $ticket=$manager->addTicketToUrl('');\r
        $ticketforplugin['ticket'] = preg_split($ticket, i18n::strpos($ticket, 'ticket=') + 7);\r
        return;\r
}\r
=======
 * redirect()
 * Stops processing the request and redirects to the given URL.
 * - no actual contents should have been sent to the output yet
 * - the URL will be stripped of illegal or dangerous characters
 * 
 * @param       string  $uri
 * @return      void
 */
function redirect($url)
{
        $url = preg_replace('#[^a-z0-9-~+_.?\#=&;,/:@%*]#i', '', $url);
        header('Location: ' . $url);
        exit;
}

/**
 * getBookmarklet()
 * Returns the Javascript code for a bookmarklet that works on most modern browsers
 * 
 * @param       integer $blogid ID for weblog
 * @return      script to call Bookmarklet
 */
function getBookmarklet($blogid, $width=600,  $height=500)
{
        global $CONF;
        
        $script = "Q='';"
                . "x=document;"
                . "y=window;"
                . "if ( x.selection )"
                . "{"
                . " Q=x.selection.createRange().text;"
                . "}"
                . "else if ( y.getSelection )"
                . "{"
                . " Q=y.getSelection();"
                . "}"
                . "else if ( x.getSelection )"
                . "{"
                . " Q=x.getSelection();"
                . "}"
                . "wingm = window.open('{$CONF['AdminURL']}bookmarklet.php?blogid={$blogid}"
                . " &logtext=' + encodeURIComponent(Q) +"
                . " '&loglink=' + encodeURIComponent(x.location.href) +"
                . " '&loglinktitle=' + encodeURIComponent(x.title),"
                . " 'nucleusbm',"
                . " 'scrollbars=yes,width={$width},height={$height},left=10,top=10,status=yes,resizable=yes');"
                . "wingm.focus();";
        
        return $script;
}

/**
 * cleanFileName()
 * cleans filename of uploaded file for writing to file system
 *
 * @param       string  $str
 * @return      string  $cleaned filename ready for use
 */
function cleanFileName($str)
{
        $str = strtolower($str);
        $ext_point = i18n::strrpos($str,".");
        if ( $ext_point === FALSE )
        {
                return FALSE;
        }
        $ext = i18n::substr($str,$ext_point,i18n::strlen($str));
        $str = i18n::substr($str,0,$ext_point);
        
        return preg_replace("#[^a-z0-9-]#", "_", $str) . $ext;
}

/**
 * use Notification class instead of this
 * Deprecated since 4.0:
 */
function getMailFooter()
{
        NOTIFICATION::get_mail_footer();
}
function isValidMailAddress($address)
{
        return NOTIFICATION::address_validation($address);
}
/**
 * use Entity class instead of this
 * Deprecated since 4.0:
 */
function highlight($text, $expression, $highlight)
{
        return Entity::highlight($text, $expression, $highlight);
}
function shorten($string, $maxlength, $suffix)
{
        return Entity::shorten($string, $maxlength, $suffix);
}
function stringStripTags ($string)
{
        return Entity::strip_tags($string);
}
function toAscii($string)
{
        return Entity::anchor_footnoting($string);
}
function stringToAttribute ($string)
{
        return Entity::hsc($string);
}
function stringToXML ($string)
{
        return Entity::hen($string);
}
function encode_desc($data)
{
        return Entity::hen($data);
}
/**
 * Centralisation of the functions that deals with locales
 * This functions is based on the old way to deal with languages
 * Deprecated since 4.0:
 */
function getLanguageName()
{
        if( ($language = i18n::convert_locale_to_old_language_file_name(i18n::get_current_locale())) === FALSE )
        {
                $language ='english';
        }
        return $language;
}
function selectLanguage($language)
{
        global $DIR_LANG;
        include($DIR_LANG . preg_replace('#[\\\\|/]#', '', $language) . '.php');
        return;
}
/**
 * use i18n class instead of these
 * Deprecated since 4.0
 */
function checkLanguage($lang)
{
        return ( preg_match('#^(.+)_(.+)_(.+)$#', $lang)
          || i18n::convert_old_language_file_name_to_locale($lang) );
}
function formatDate($format, $timestamp, $default_format, &$blog)
{
        $offset = date('Z', $timestamp);
        if ( $blog )
        {
                $offset += $blog->getTimeOffset() * 3600;
        }
        return i18n::formatted_datetime($format, $timestamp, $offset, $default_format);
}

/**
 * use DB class instead of these
 * Deprecated since 4.0
 */
function quickQuery($query)
{
        $row = DB::getRow($query);
        return $row['result'];
}
function mysqldate($timestamp)
{
        return DB::formatDateTime($timestamp);
 }
/**
 * Centralisation of the functions that generate links
 * Deprecated since 4.0:
 * Please use Link::FunctionName(...) instead
 */
function createItemLink($itemid, $extra = '')
{
        return Link::create_item_link($itemid, $extra);
}
function createMemberLink($memberid, $extra = '')
{
        return Link::create_member_link($memberid, $extra);
}
function createCategoryLink($catid, $extra = '')
{
        return Link::create_category_link($catid, $extra);
}
function createArchiveListLink($blogid = '', $extra = '')
{
        return Link::create_archivelist_link($blogid, $extra);
}
function createArchiveLink($blogid, $archive, $extra = '')
{
        return Link::create_archive_link($blogid, $archive, $extra);
}
function createBlogidLink($blogid, $params = '')
{
        return Link::create_blogid_link($blogid, $params = '');
}
function createLink($type, $params)
{
        return Link::create_link($type, $params);
}
function createBlogLink($url, $params)
{
        return Link::create_blog_link($url, $params);
}
/**
 * use ActionLog class instead of this
 * Deprecated since 4.0
 */
function addToLog($level, $msg)
{
        ActionLog::add($level, $msg);
}
/**
 * use PHP's implement
 * Deprecated since 4.0
 */
function ifset(&$var)
{
        if ( isset($var) )
        {
                return $var;
        }
        
        return NULL;
}
/**
 * use Manager::getPluginNameFromPid() instead of this
 * Deprecated since 4.0
 */
function getPluginNameFromPid($pid)
{
        global $manager;
        return $manager->getPluginNameFromPid($pid);
}
/**
 * use Manager::numberOfEventSubscribers() instead of this
 * Deprecated since 4.0
 */
function numberOfEventSubscribers($event)
{
        global $manager;
        return $manager->getNumberOfSubscribers($event);
}

/**
 * PluginAdmin has already the alternative implement
 * Deprecated since 4.0
 */
function ticketForPlugin()
{
        global $CONF, $DIR_LIBS, $DIR_LOCALES, $DIR_PLUGINS, $manager, $member, $ticketforplugin;
        
        /* initialize */
        $ticketforplugin = array();
        $ticketforplugin['ticket'] = FALSE;
        
        /* Check if using plugin's php file. */
        $p_translated = serverVar('SCRIPT_FILENAME');
        
        if (!file_exists($p_translated) )
        {
                header("HTTP/1.0 404 Not Found");
                exit('');
        }
        
        // check whether this is plugin or not
        $p_translated = str_replace('\\', '/', $p_translated);
        $d_plugins = str_replace('\\', '/', $DIR_PLUGINS);
        if ( i18n::strpos($p_translated, $d_plugins) !== 0 )
        {
                return;
        }
        
        // Solve the plugin php file or admin directory
        $phppath = i18n::substr($p_translated, i18n::strlen($d_plugins) );
        // Remove the first "/" if exists.
        $phppath = preg_replace('#^/#', '', $phppath);
        // Remove the first "NP_" and the last ".php" if exists.
        $path = preg_replace('#^NP_(.*)\.php$#', '$1', $phppath);
        // Remove the "/" and beyond.
        $path = preg_replace('#^([^/]*)/(.*)$#', '$1', $path);
        
        // Solve the plugin name.
        $plugins = array();
        $query = sprintf('SELECT pfile FROM %s;', sql_table('plugin'));
        $res = DB::getResult($query);
        
        foreach ( $res as $row )
        {
                $name = i18n::substr($row['pfile'], 3);
                $plugins[strtolower($name)] = $name;
        }
        
        $res->closeCursor();
        
        if ( !array_key_exists($path, $plugins) )
        {
                header("HTTP/1.0 404 Not Found");
                exit('');
        }
        else
        {
                $plugin_name = $plugins[$path];
        }
        
        /* Return if not index.php */
        if ( ($phppath != strtolower($plugin_name) . '/')
          && ($phppath != strtolower($plugin_name) . '/index.php') )
        {
                return;
        }
        
        /* Exit if not logged in. */
        if ( !$member->isLoggedIn() )
        {
                exit('You aren\'t logged in.');
        }
        
        /* Check if this feature is needed (ie, if "$manager->checkTicket()" is not included in the script). */
        if ( $file = @file($p_translated) )
        {
                $prevline = '';
                
                foreach($file as $line)
                {
                        if (preg_match('#[\$]manager([\s]*)[\-]>([\s]*)checkTicket([\s]*)[\(]#i', $prevline . $line) )
                        {
                                return;
                        }
                        
                        $prevline = $line;
                }
        }
        
        /* Show a form if not valid ticket */
        if ( (i18n::strpos(serverVar('REQUEST_URI'), '?') !== FALSE
          || serverVar('QUERY_STRING')
          || strtoupper(serverVar('REQUEST_METHOD') ) == 'POST')
          && !$manager->checkTicket() )
        {
                $oPluginAdmin = new PluginAdmin($plugin_name);
                $oPluginAdmin->start();
                
                echo '<p>' . _ERROR_BADTICKET . "</p>\n";
                
                // Resolve URI and QUERY_STRING
                if ($uri = serverVar('REQUEST_URI') )
                {
                        list($uri, $qstring) = preg_split('#\?#', $uri);
                }
                else
                {
                        if ( !($uri = serverVar('PHP_SELF') ) )
                        {
                                $uri = serverVar('SCRIPT_NAME');
                        }
                        $qstring = serverVar('QUERY_STRING');
                }
                if ($qstring)
                {
                        $qstring = '?' . $qstring;
                }
                
                echo '<p>' . _SETTINGS_UPDATE . ' : ' . _QMENU_PLUGINS . ' <span style="color:red;">' . Entity::hsc($plugin_name) . "</span> ?</p>\n";
                
                switch(strtoupper(serverVar('REQUEST_METHOD') ) )
                {
                        case 'POST':
                                echo '<form method="POST" action="'.Entity::hsc($uri.$qstring).'">';
                                $manager->addTicketHidden();
                                _addInputTags($_POST);
                                break;
                        
                        case 'GET':
                                echo '<form method="GET" action="'.Entity::hsc($uri).'">';
                                $manager->addTicketHidden();
                                _addInputTags($_GET);
                        
                        default:
                                break;
                }
                
                echo '<input type="submit" value="' . _YES . '" />&nbsp;&nbsp;&nbsp;&nbsp;';
                echo '<input type="button" value="' . _NO . '" onclick="history.back(); return false;" />';
                echo "</form>\n";
                
                $oPluginAdmin->end();
                exit;
        }
        
        /* Create new ticket */
        $ticket=$manager->addTicketToUrl('');
        $ticketforplugin['ticket'] = preg_split($ticket, i18n::strpos($ticket, 'ticket=') + 7);
        return;
}
>>>>>>> skinnable-master