Rev 121 | Rev 182 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log | RSS feed
Rev | Author | Line No. | Line |
---|---|---|---|
2 | daniel-mar | 1 | <?php |
2 | |||
3 | /* |
||
4 | * OIDplus 2.0 |
||
5 | * Copyright 2019 Daniel Marschall, ViaThinkSoft |
||
6 | * |
||
7 | * Licensed under the Apache License, Version 2.0 (the "License"); |
||
8 | * you may not use this file except in compliance with the License. |
||
9 | * You may obtain a copy of the License at |
||
10 | * |
||
11 | * http://www.apache.org/licenses/LICENSE-2.0 |
||
12 | * |
||
13 | * Unless required by applicable law or agreed to in writing, software |
||
14 | * distributed under the License is distributed on an "AS IS" BASIS, |
||
15 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||
16 | * See the License for the specific language governing permissions and |
||
17 | * limitations under the License. |
||
18 | */ |
||
19 | |||
104 | daniel-mar | 20 | function oidplus_valid_email($email) { |
2 | daniel-mar | 21 | return !empty(filter_var($email, FILTER_VALIDATE_EMAIL)); |
22 | } |
||
23 | |||
107 | daniel-mar | 24 | function oidplus_link($goto) { |
25 | return 'href="?goto='.urlencode($goto).'" onclick="openOidInPanel('.js_escape($goto).', true); return false;"'; |
||
26 | } |
||
27 | |||
2 | daniel-mar | 28 | function secure_email($email, $linktext, $level=1) { |
29 | |||
30 | // see http://www.spamspan.de/ |
||
31 | |||
32 | /* Level 1 */ |
||
33 | /* |
||
34 | <span class="spamspan"> |
||
35 | <span class="u">user</span> |
||
36 | @ |
||
37 | <span class="d">beispiel.de</span> |
||
38 | (<span class="t">Spam Hasser</span>) |
||
39 | </span> |
||
40 | */ |
||
41 | |||
42 | if ($level == 1) { |
||
104 | daniel-mar | 43 | @list($user, $domain) = explode('@', $email); |
2 | daniel-mar | 44 | if (($linktext == $email) || empty($linktext)) { |
45 | return '<span class="spamspan"><span class="u">'.htmlentities($user).'</span>@<span class="d">'.htmlentities($domain).'</span></span>'; |
||
46 | } else { |
||
47 | return '<span class="spamspan"><span class="u">'.htmlentities($user).'</span>@<span class="d">'.htmlentities($domain).'</span>(<span class="t">'.htmlentities($linktext).'</span>)</span>'; |
||
48 | } |
||
49 | } |
||
50 | |||
51 | /* Level 2 */ |
||
52 | /* |
||
53 | <span class="spamspan"> |
||
54 | <span class="u">user</span> |
||
55 | <img alt="at" width="10" src="@.png"> |
||
56 | <span class="d">beispiel.de</span> |
||
57 | </span> |
||
58 | */ |
||
59 | |||
60 | if ($level == 2) { |
||
61 | list($user, $domain) = explode('@', $email); |
||
62 | return '<span class="spamspan"><span class="u">'.htmlentities($user).'</span><img alt="at" width="10" src="@.png"><span class="d">'.htmlentities($domain).'</span></span>'; |
||
63 | } |
||
64 | |||
65 | /* Level 3 */ |
||
66 | /* |
||
67 | <span class="spamspan"> |
||
68 | <span class="u">user</span> |
||
69 | [at] |
||
70 | <span class="d">beispiel [dot] de</span> |
||
71 | </span> |
||
72 | */ |
||
73 | |||
74 | if ($level == 3) { |
||
75 | list($user, $domain) = explode('@', $email); |
||
76 | $domain = str_replace('.', ' [dot] ', $domain); |
||
77 | return '<span class="spamspan"><span class="u">'.htmlentities($user).'</span> [at] <span class="d">'.htmlentities($domain).'</span></span>'; |
||
78 | } |
||
79 | |||
80 | return null; |
||
81 | |||
82 | |||
83 | // --- Old code --- |
||
84 | |||
85 | // Attention: document.write() JavaScript will damage the browser cache, which leads to bugs if you navigate back&forth with the browser navigation |
||
86 | |||
87 | // No new lines to avoid a JavaScript error! |
||
88 | $linktext = str_replace("\r", ' ', $linktext); |
||
89 | $linktext = str_replace("\n", ' ', $linktext); |
||
90 | |||
91 | if (!function_exists('alas_js_crypt')) |
||
92 | { |
||
93 | function alas_js_crypt($text) |
||
94 | { |
||
95 | $tmp = ''; |
||
96 | for ($i=0; $i<strlen($text); $i++) |
||
97 | { |
||
98 | $tmp .= 'document.write("&#'.ord(substr($text, $i, 1)).';");'; |
||
99 | } |
||
100 | return $tmp; |
||
101 | } |
||
102 | } |
||
103 | |||
104 | if (!function_exists('alas_js_write')) |
||
105 | { |
||
106 | function alas_js_write($text) |
||
107 | { |
||
108 | $text = str_replace('\\', '\\\\', $text); |
||
109 | $text = str_replace('"', '\"', $text); |
||
110 | $text = str_replace('/', '\/', $text); // W3C Validation </a> -> <\/a> |
||
111 | return 'document.write("'.$text.'");'; |
||
112 | } |
||
113 | } |
||
114 | |||
115 | $aus = ''; |
||
116 | if ($email != '') |
||
117 | { |
||
118 | $aus .= '<script><!--'."\n"; // type="text/javascript" is not necessary in HTML5 |
||
119 | $aus .= alas_js_write('<a href="'); |
||
120 | $aus .= alas_js_crypt('mailto:'.$email); |
||
121 | $aus .= alas_js_write('">'); |
||
122 | $aus .= $crypt_linktext ? alas_js_crypt($linktext) : alas_js_write($linktext); |
||
123 | $aus .= alas_js_write('</a>').'// --></script>'; |
||
124 | } |
||
125 | |||
126 | if ($crypt_linktext) $linktext = str_replace('@', '&', $linktext); |
||
127 | $email = str_replace('@', '&', $email); |
||
128 | return $aus.'<noscript>'.htmlentities($linktext).' ('.htmlentities($email).')</noscript>'; |
||
129 | } |
||
130 | |||
131 | function insertWhitespace($str, $index) { |
||
132 | return substr($str, 0, $index) . ' ' . substr($str, $index); |
||
133 | } |
||
134 | |||
135 | function js_escape($data) { |
||
136 | // TODO.... json_encode?? |
||
137 | return "'" . str_replace('\\', '\\\\', $data) . "'"; |
||
138 | } |
||
139 | |||
104 | daniel-mar | 140 | function oidplus_formatdate($date) { |
2 | daniel-mar | 141 | $date = explode(' ', $date)[0]; |
142 | if ($date == '0000-00-00') $date = ''; |
||
143 | return $date; |
||
144 | } |
||
145 | |||
146 | |||
147 | class MailException extends Exception {} |
||
148 | |||
149 | function my_mail($to, $title, $msg, $cc='', $bcc='') { |
||
6 | daniel-mar | 150 | $h = new SecureMailer(); |
2 | daniel-mar | 151 | |
6 | daniel-mar | 152 | $title = $title; |
2 | daniel-mar | 153 | |
76 | daniel-mar | 154 | $h->addHeader('From', OIDplus::config()->getValue('admin_email')); |
2 | daniel-mar | 155 | |
156 | if (!empty($cc)) $h->addHeader('Cc', $cc); |
||
157 | if (!empty($bcc)) $h->addHeader('Bcc', $bcc); |
||
158 | |||
6 | daniel-mar | 159 | $h->addHeader('X-Mailer', 'PHP/'.phpversion()); |
160 | if (isset($_SERVER['REMOTE_ADDR'])) $h->addHeader('X-RemoteAddr', $_SERVER['REMOTE_ADDR']); |
||
121 | daniel-mar | 161 | $h->addHeader('MIME-Version', '1.0'); |
162 | $h->addHeader('Content-Type', 'text/plain; charset=ISO-8859-1'); |
||
2 | daniel-mar | 163 | |
6 | daniel-mar | 164 | $sent = $h->sendMail($to, $title, $msg); |
165 | if (!$sent) { |
||
166 | throw new MailException('Sending mail failed'); |
||
167 | } |
||
11 | daniel-mar | 168 | } |
169 | |||
170 | function trim_br($html) { |
||
171 | do { $html = preg_replace('@^\s*<\s*br\s*/{0,1}\s*>@isU', '', $html, -1, $count); } while ($count > 0); // left trim |
||
172 | do { $html = preg_replace('@<\s*br\s*/{0,1}\s*>\s*$@isU', '', $html, -1, $count); } while ($count > 0); // right trim |
||
173 | return $html; |
||
174 | } |
||
74 | daniel-mar | 175 | |
176 | function verify_private_public_key($privKey, $pubKey) { |
||
177 | try { |
||
178 | if (empty($privKey)) return false; |
||
179 | if (empty($pubKey)) return false; |
||
180 | $data = 'TEST'; |
||
181 | if (!@openssl_public_encrypt($data, $encrypted, $pubKey)) return false; |
||
182 | if (!@openssl_private_decrypt($encrypted, $decrypted, $privKey)) return false; |
||
183 | return $decrypted == $data; |
||
184 | } catch (Exception $e) { |
||
185 | return false; |
||
186 | } |
||
187 | } |
||
188 | |||
189 | function smallhash($data) { // get 31 bits from SHA1. Values 0..2147483647 |
||
190 | return (hexdec(substr(sha1($data),-4*2)) & 2147483647); |
||
191 | } |
||
180 | daniel-mar | 192 | |
193 | function originHeaders() { |
||
194 | // CORS |
||
195 | // Author: Till Wehowski |
||
196 | |||
197 | header("Access-Control-Allow-Credentials: true"); |
||
198 | header("Access-Control-Allow-Origin: ".strip_tags(((isset($_SERVER['HTTP_ORIGIN'])) ? $_SERVER['HTTP_ORIGIN'] : "*"))); |
||
199 | |||
200 | header("Access-Control-Allow-Headers: If-None-Match, X-Requested-With, Origin, X-Frdlweb-Bugs, Etag, X-Forgery-Protection-Token, X-CSRF-Token"); |
||
201 | |||
202 | if (isset($_SERVER['HTTP_ORIGIN'])) { |
||
203 | header('X-Frame-Options: ALLOW-FROM '.$_SERVER['HTTP_ORIGIN']); |
||
204 | } else { |
||
205 | header_remove("X-Frame-Options"); |
||
206 | } |
||
207 | |||
208 | $expose = array('Etag', 'X-CSRF-Token'); |
||
209 | foreach (headers_list() as $num => $header) { |
||
210 | $h = explode(':', $header); |
||
211 | $expose[] = trim($h[0]); |
||
212 | } |
||
213 | header("Access-Control-Expose-Headers: ".implode(',',$expose)); |
||
214 | |||
215 | header("Vary: Origin"); |
||
216 | } |