<?php/*UserSpice 4An Open Source PHP User Management Systemby the UserSp

1. <?php
2. /*
3. UserSpice 4
4. An Open Source PHP User Management System
5. by the UserSpice Team at http://UserSpice.com
6.  
7. This program is free software: you can redistribute it and/or modify
8. it under the terms of the GNU General Public License as published by
9. the Free Software Foundation, either version 3 of the License, or
10. (at your option) any later version.
11.  
12. This program is distributed in the hope that it will be useful,
13. but WITHOUT ANY WARRANTY; without even the implied warranty of
14. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15. GNU General Public License for more details.
16.  
17. You should have received a copy of the GNU General Public License
18. along with this program. If not, see <http://www.gnu.org/licenses/>.
19. */
20. //echo "helpers included";
21.  
22. //NOTE: Plugin data is called at the bottom of this file
23. require_once("us_helpers.php");
24. require_once("users_online.php");
25. require_once("language.php");
26. require_once("backup_util.php");
27. require_once("class.treeManager.php");
28. require_once("menus.php");
29. require_once("forms.php");
30. require_once("tables.php");
31.  
32. define("ABS_US_ROOT",$abs_us_root);
33. define("US_URL_ROOT",$us_url_root);
34. require_once($abs_us_root.$us_url_root."users/vendor/autoload.php");
35. use PHPMailer\PHPMailer\PHPMailer;
36. use PHPMailer\PHPMailer\Exception;
37. require_once("permissions.php");
38. require_once("users.php");
39.  
40. $usfeatures = parse_ini_file($abs_us_root.$us_url_root."users/features.ini.php",true);
41. // var_dump($usfeatures);
42.  
43. if($usfeatures['messaging'] == 1) {require_once("messaging.php");}
44. if($usfeatures['dbmenu'] == 1) {require_once("dbmenu.php");}
45. if($usfeatures['forms_legacy'] == 1) {require_once("forms_legacy.php");}
46. if($usfeatures['reauth'] == 1) {require_once("reauth.php");}
47. if($usfeatures['notifications'] == 1) {require_once("notifications.php");}
48. if($usfeatures['fingerprinting'] == 1) {require_once("fingerprinting.php");}
49. if($usfeatures['sessions'] == 1) {require_once("sessions.php");}
50. if($usfeatures['saas'] == 1) {require_once("saas.php");}
51.  
52.  
53. require_once $abs_us_root.$us_url_root.'usersc/includes/custom_functions.php';
54. require_once $abs_us_root.$us_url_root.'usersc/includes/analytics.php';
55.  
56. // Readeable file size
57. function size($path) {
58. $bytes = sprintf('%u', filesize($path));
59.  
60. if ($bytes > 0) {
61. $unit = intval(log($bytes, 1024));
62. $units = array('B', 'KB', 'MB', 'GB');
63.  
64. if (array_key_exists($unit, $units) === true) {
65. return sprintf('%d %s', $bytes / pow(1024, $unit), $units[$unit]);
66. }
67. }
68.  
69. return $bytes;
70. }
71.  
72. //escapes strings and sets character set
73. function sanitize($string) {
74. return htmlentities($string, ENT_QUOTES, 'UTF-8');
75. }
76.  
77. //returns the name of the current page
78. function currentPage() {
79. $uri = $_SERVER['PHP_SELF'];
80. $path = explode('/', $uri);
81. $currentPage = end($path);
82. return $currentPage;
83. }
84.  
85. //returns the id of the current page
86. function currentPageId($uri) {
87. $abs_us_root=$_SERVER['DOCUMENT_ROOT'];
88. $self_path=explode("/", $_SERVER['PHP_SELF']);
89. $self_path_length=count($self_path);
90. $file_found=FALSE;
91.  
92. for($i = 1; $i < $self_path_length; $i++){
93. array_splice($self_path, $self_path_length-$i, $i);
94. $us_url_root=implode("/",$self_path)."/";
95.  
96. if (file_exists($abs_us_root.$us_url_root.'z_us_root.php')){
97. $file_found=TRUE;
98. break;
99. }else{
100. $file_found=FALSE;
101. }
102. }
103.  
104. $urlRootLength=strlen($us_url_root);
105. $path=substr($uri,$urlRootLength,strlen($uri)-$urlRootLength);
106. $db = DB::getInstance();
107. $query = $db->query("SELECT id FROM pages WHERE page = ?",array($path));
108. $count = $query->count();
109. if($count>0){
110. $result = $query->first();
111. return $result->id; //Return the id of the page we're on
112. } else {
113. return 0; //Fail nicely
114. }
115. }
116.  
117. function currentFolder() {
118. $uri = $_SERVER['PHP_SELF'];
119. $path = explode('/', $uri);
120. $currentFolder=$path[count($path)-2];
121. return $currentFolder;
122. }
123.  
124. function format_date($date,$tz){
125. //return date("m/d/Y ~ h:iA", strtotime($date));
126. $format = 'Y-m-d H:i:s';
127. $dt = DateTime::createFromFormat($format,$date);
128. // $dt->setTimezone(new DateTimeZone($tz));
129. return $dt->format("m/d/y ~ h:iA");
130. }
131.  
132. function abrev_date($date,$tz){
133. $format = 'Y-m-d H:i:s';
134. $dt = DateTime::createFromFormat($format,$date);
135. // $dt->setTimezone(new DateTimeZone($tz));
136. return $dt->format("M d,Y");
137. }
138.  
139. function money($ugly){
140. return '$'.number_format($ugly,2,'.',',');
141. }
142.  
143. function name_from_id($id){
144. $db = DB::getInstance();
145. $query = $db->query("SELECT username FROM users WHERE id = ? LIMIT 1",array($id));
146. $count=$query->count();
147. if ($count > 0) {
148. $results=$query->first();
149. return ucfirst($results->username);
150. } else {
151. return "-";
152. }
153. }
154.  
155. function display_errors($errors = array()){
156. $html = '<ul class="bg-danger">';
157. foreach($errors as $error){
158. if(is_array($error)){
159. //echo "<br>"; Patch from user SavaageStyle - leaving here in case of rollback
160. $html .= '<li class="">'.$error[0].'</li>';
161. $html .= '<script>jQuery("#'.$error[0].'").parent().closest("div").addClass("has-error");</script>';
162. }else{
163. $html .= '<li class="">'.$error.'</li>';
164. }
165. }
166. $html .= '</ul>';
167. return $html;
168. }
169.  
170. function display_successes($successes = array()){
171. $html = '<ul>';
172. foreach($successes as $success){
173. if(is_array($success)){
174. $html .= '<li>'.$success[0].'</li>';
175. $html .= '<script>jQuery("#'.$success[1].'").parent().closest("div").addClass("has-error");</script>';
176. }else{
177. $html .= '<li>'.$success.'</li>';
178. }
179. }
180. $html .= '</ul>';
181. return $html;
182. }
183.  
184. function email($to,$subject,$body,$opts=[],$attachment=false){
185. /*you can now pass in
186. $opts = array(
187. 'email' => 'from_email@aol.com',
188. 'name' => 'Bob Smith'
189. );
190. */
191. $db = DB::getInstance();
192. $query = $db->query("SELECT * FROM email");
193. $results = $query->first();
194.  
195. $mail = new PHPMailer;
196.  
197. $mail->SMTPDebug = $results->debug_level; // Enable verbose debug output
198. if($results->isSMTP == 1){$mail->isSMTP();} // Set mailer to use SMTP
199. $mail->Host = $results->smtp_server; // Specify SMTP server
200. $mail->SMTPAuth = $results->useSMTPauth; // Enable SMTP authentication
201. $mail->Username = $results->email_login; // SMTP username
202. $mail->Password = htmlspecialchars_decode($results->email_pass); // SMTP password
203. $mail->SMTPSecure = $results->transport; // Enable TLS encryption, `ssl` also accepted
204. $mail->Port = $results->smtp_port; // TCP port to connect to
205.  
206. if(isset($opts['email']) && isset($opts['name'])){
207. $mail->setFrom($opts['email'], $opts['name']);
208. }else{
209. $mail->setFrom($results->from_email, $results->from_name);
210. }
211.  
212. $mail->addAddress(rawurldecode($to)); // Add a recipient, name is optional
213. if($results->isHTML == 'true'){$mail->isHTML(true); } // Set email format to HTML
214.  
215. $mail->Subject = $subject;
216. $mail->Body = $body;
217.  
218. $result = $mail->send();
219.  
220. return $result;
221. }
222.  
223. function email_body($template,$options = array()){
224. $abs_us_root=$_SERVER['DOCUMENT_ROOT'];
225.  
226. $self_path=explode("/", $_SERVER['PHP_SELF']);
227. $self_path_length=count($self_path);
228. $file_found=FALSE;
229.  
230. for($i = 1; $i < $self_path_length; $i++){
231. array_splice($self_path, $self_path_length-$i, $i);
232. $us_url_root=implode("/",$self_path)."/";
233.  
234. if (file_exists($abs_us_root.$us_url_root.'z_us_root.php')){
235. $file_found=TRUE;
236. break;
237. }else{
238. $file_found=FALSE;
239. }
240. }
241. extract($options);
242. ob_start();
243. require $abs_us_root.$us_url_root.'users/views/'.$template;
244. return ob_get_clean();
245. }
246.  
247. function inputBlock($type,$label,$id,$divAttr=array(),$inputAttr=array(),$helper=''){
248. $divAttrStr = '';
249. foreach($divAttr as $k => $v){
250. $divAttrStr .= ' '.$k.'="'.$v.'"';
251. }
252. $inputAttrStr = '';
253. foreach($inputAttr as $k => $v){
254. $inputAttrStr .= ' '.$k.'="'.$v.'"';
255. }
256. $html = '<div'.$divAttrStr.'>';
257. $html .= '<label for="'.$id.'">'.$label.'</label>';
258. if($helper != ''){
259. $html .= '<button class="help-trigger"><span class="fa fa-question"></span></button>';
260. }
261. $html .= '<input type="'.$type.'" id="'.$id.'" name="'.$id.'"'.$inputAttrStr.'>';
262. if($helper != ''){
263. $html .= '<div class="helper-text">'.$helper.'</div>';
264. }
265. $html .= '</div>';
266. return $html;
267. }
268.  
269. //preformatted var_dump function
270. function dump($var,$adminOnly=false,$localhostOnly=false){
271. if($adminOnly && isAdmin() && !$localhostOnly){
272. echo "<pre>";
273. var_dump($var);
274. echo "</pre>";
275. }
276. if($localhostOnly && isLocalhost() && !$adminOnly){
277. echo "<pre>";
278. var_dump($var);
279. echo "</pre>";
280. }
281. if($localhostOnly && isLocalhost() && $adminOnly && isAdmin()){
282. echo "<pre>";
283. var_dump($var);
284. echo "</pre>";
285. }
286. if(!$localhostOnly && !$adminOnly){
287. echo "<pre>";
288. var_dump($var);
289. echo "</pre>";
290. }
291. }
292.  
293. //preformatted dump and die function
294. function dnd($var,$adminOnly=false,$localhostOnly=false){
295. if($adminOnly && isAdmin() && !$localhostOnly){
296. echo "<pre>";
297. var_dump($var);
298. echo "</pre>";
299. die();
300. }
301. if($localhostOnly && isLocalhost() && !$adminOnly){
302. echo "<pre>";
303. var_dump($var);
304. echo "</pre>";
305. die();
306. }
307. if($localhostOnly && isLocalhost() && $adminOnly && isAdmin()){
308. echo "<pre>";
309. var_dump($var);
310. echo "</pre>";
311. die();
312. }
313. if(!$localhostOnly && !$adminOnly){
314. echo "<pre>";
315. var_dump($var);
316. echo "</pre>";
317. die();
318. }
319. }
320.  
321. function bold($text){
322. echo "<span><ext padding='1em' align='center'><h4><span style='background:white'>";
323. echo $text;
324. echo "</h4></span></text>";
325. }
326.  
327. function err($text){
328. echo "<span><text padding='1em' align='center'><font color='red'><h4></span>";
329. echo $text;
330. echo "</h4></span></font></text>";
331. }
332.  
333. function redirect($location){
334. header("Location: {$location}");
335. }
336.  
337. function output_message($message) {
338. return $message;
339. }
340.  
341.  
342. //PLUGIN Hooks
343. $usplugins = parse_ini_file($abs_us_root.$us_url_root."usersc/plugins/plugins.ini.php",true);
344. foreach($usplugins as $k=>$v){
345. if($v == 1){
346. if(file_exists($abs_us_root.$us_url_root."usersc/plugins/".$k."/functions.php")){
347. include($abs_us_root.$us_url_root."usersc/plugins/".$k."/functions.php");
348. }
349. }
350. }
351.  
352. function write_php_ini($array, $file)
353. {
354. $res = array();
355. foreach($array as $key => $val)
356. {
357. if(is_array($val))
358. {
359. $res[] = "[$key]";
360. foreach($val as $skey => $sval) $res[] = "$skey = ".(is_numeric($sval) ? $sval : '"'.$sval.'"');
361. }
362. else $res[] = "$key = ".(is_numeric($val) ? $val : '"'.$val.'"');
363. }
364. safefilerewrite($file, implode("\r\n", $res));
365. }
366.  
367. function safefilerewrite($fileName, $dataToSave)
368. {
369. $security1 = ';<?php';
370. $security2 = ';die();';
371.  
372. if ($fp = fopen($fileName, 'w'))
373. {
374. $startTime = microtime(TRUE);
375. do
376. { $canWrite = flock($fp, LOCK_EX);
377. // If lock not obtained sleep for 0 - 100 milliseconds, to avoid collision and CPU load
378. if(!$canWrite) usleep(round(rand(0, 100)*1000));
379. } while ((!$canWrite)and((microtime(TRUE)-$startTime) < 5));
380.  
381. //file was locked so now we can store information
382. if ($canWrite)
383. { fwrite($fp, $security1.PHP_EOL.$security2.PHP_EOL.$dataToSave);
384. flock($fp, LOCK_UN);
385. }
386. fclose($fp);
387. }
388. }