// | https://www.anuko.com/time_tracker/credits.htm
// +----------------------------------------------------------------------+
- /**
- * @return unknown
- * @param file unknown
- * @param version = "" unknown
- * @desc Loads a class
- */
- function import( $class_name ) {
- $libs = array(
- dirname($_SERVER["SCRIPT_FILENAME"]),
- LIBRARY_DIR
- );
+// import() function loads a class.
+function import($class_name) {
+ $libs = array(
+ dirname($_SERVER["SCRIPT_FILENAME"]),
+ LIBRARY_DIR
+ );
$pos = strpos($class_name, ".");
if (!($pos === false)) {
print '<br><b>load_class: error loading file "'.$filename.'"</b>';
die();
- }
+}
// The mu_sort function is used to sort a multi-dimensional array.
// It looks like the code example is taken from the PHP manual http://ca2.php.net/manual/en/function.sort.php
die($mdb2->getMessage());
}
- $mdb2->setOption('debug', true);
$mdb2->setFetchMode(MDB2_FETCHMODE_ASSOC);
$GLOBALS["_MDB2_CONNECTION"] = $mdb2;
}
- function closeConnection() {
- if (isset($GLOBALS["_DB_CONNECTION"])) {
- $GLOBALS["_DB_CONNECTION"]->close();
- unset($GLOBALS["_DB_CONNECTION"]);
- }
- }
+// time_to_decimal converts a time string such as 1:15 to its decimal representation such as 1.25 or 1,25.
+function time_to_decimal($val) {
+ global $user;
+ $parts = explode(':', $val); // parts[0] is hours, parts[1] is minutes.
-function time_to_decimal($a) {
- $tmp = explode(":", $a);
- if($tmp[1]{0}=="0") $tmp[1] = $tmp[1]{1};
+ $minutePercent = round($parts[1]*100/60); // Integer value (0-98) of percent of minutes portion in the hour.
+ if($minutePercent < 10) $minutePercent = '0'.$minutePercent; // Pad small values with a 0 to always have 2 digits.
- $m = round($tmp[1]*100/60);
+ $decimalTime = $parts[0].$user->decimal_mark.$minutePercent; // Construct decimal representation of time value.
- if($m<10) $m = "0".$m;
- $time = $tmp[0].".".$m;
- return $time;
+ return $decimalTime;
}
function sec_to_time_fmt_hm($sec)
function magic_quotes_off()
{
- // if (get_magic_quotes_gpc()) { // This check is now done before calling this function.
- $_POST = array_map('stripslashes_deep', $_POST);
- $_GET = array_map('stripslashes_deep', $_GET);
- $_COOKIE = array_map('stripslashes_deep', $_COOKIE);
- // }
+ $_POST = array_map('stripslashes_deep', $_POST);
+ $_GET = array_map('stripslashes_deep', $_GET);
+ $_COOKIE = array_map('stripslashes_deep', $_COOKIE);
}
// check_extension checks whether a required PHP extension is loaded and dies if not so.
return true;
}
-// ttAccessCheck is used to check whether user is allowed to proceed. This function is used
-// as an initial check on all publicly available pages.
-function ttAccessCheck($required_rights)
+// ttValidCondition is used to check user input to validate a notification condition.
+function ttValidCondition($val, $emptyValid = true)
+{
+ $val = trim($val);
+ if (strlen($val) == 0)
+ return ($emptyValid ? true : false);
+
+ // String must not be XSS evil (to insert JavaScript).
+ if (stristr($val, '<script>') || stristr($val, '<script '))
+ return false;
+
+ if (!preg_match("/^count\s?(=|[<>]=?|<>)\s?\d+$/", $val))
+ return false;
+
+ return true;
+}
+
+// ttValidIP is used to check user input to validate a comma-separated
+// list of IP subnet "prefixes", for example 192.168.0 (note: no .* in the end).
+// We keep regexp checks here simple - they are not precise.
+// For example, IPv4-mapped IPv6 addresses will fail. This may need to be fixed.
+function ttValidIP($val, $emptyValid = false)
+{
+ $val = trim($val);
+ if (strlen($val) == 0 && $emptyValid)
+ return true;
+
+ $subnets = explode(',', $val);
+ foreach ($subnets as $subnet) {
+ $ipv4 = preg_match('/^\d\d?\d?(\.\d\d?\d?){0,3}\.?$/', $subnet); // Not precise check.
+ $ipv6 = preg_match('/^([0-9a-fA-F]{4})(:[0-9a-fA-F]{4}){0,7}$/', $subnet); // Not precise check.
+ if (!$ipv4 && !$ipv6)
+ return false;
+ }
+ return true;
+}
+
+// ttAccessAllowed checks whether user is allowed access to a particular page.
+// It is used as an initial check on all publicly available pages
+// (except login.php, register.php, and others where we don't have to check).
+function ttAccessAllowed($required_right)
{
global $auth;
global $user;
-
+
// Redirect to login page if user is not authenticated.
if (!$auth->isAuthenticated()) {
header('Location: login.php');
exit();
}
-
- // Check rights.
- if (!($required_rights & $user->rights))
- return false;
-
- return true;
-}
-
-
+ // Check IP restriction, if set.
+ if ($user->allow_ip && !$user->can('override_allow_ip')) {
+ $access_allowed = false;
+ $user_ip = $_SERVER['REMOTE_ADDR'];
+ $allowed_ip_array = explode(',', $user->allow_ip);
+ foreach ($allowed_ip_array as $allowed_ip) {
+ $len = strlen($allowed_ip);
+ if (substr($user_ip, 0, $len) === $allowed_ip) { // startsWith check.
+ $access_allowed = true;
+ break;
+ }
+ }
+ if (!$access_allowed) return false;
+ }
+ // Check if user has the right.
+ if (in_array($required_right, $user->rights)) {
+ import('ttUserHelper');
+ ttUserHelper::updateLastAccess();
+ return true;
+ }
+ return false;
+}
+// ttStartsWith functions checks if a string starts with a given substring.
+function ttStartsWith($string, $startString)
+{
+ $len = strlen($startString);
+ return (substr($string, 0, $len) === $startString);
+}
-
-?>
\ No newline at end of file
+// ttDateToUserFormat converts a date from database format to user format.
+function ttDateToUserFormat($date)
+{
+ global $user;
+ $o_date = new DateAndTime(DB_DATEFORMAT, $date);
+ return $o_date->toString($user->date_format);
+}