X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=WEB-INF%2Flib%2Fcommon.lib.php;h=b19feacdc4e5109214b6801d4f9dc50d6dafe601;hb=cdd27c2b163122cb6e2169851019721b3382abd7;hp=b419860c7228c6e0392dbd0f3fc40335044a2387;hpb=00330cbc4af5bddfe88b437c2ac2b477dc9c80c9;p=timetracker.git

diff --git a/WEB-INF/lib/common.lib.php b/WEB-INF/lib/common.lib.php
index b419860c..b19feacd 100644
--- a/WEB-INF/lib/common.lib.php
+++ b/WEB-INF/lib/common.lib.php
@@ -122,7 +122,6 @@ function import($class_name) {
     			die($mdb2->getMessage());
 			}
 
-			$mdb2->setOption('debug', true);
 			$mdb2->setFetchMode(MDB2_FETCHMODE_ASSOC);
 			
    			$GLOBALS["_MDB2_CONNECTION"] = $mdb2;
@@ -131,13 +130,6 @@ function import($class_name) {
 	}
 
 
-	function closeConnection() {
-		if (isset($GLOBALS["_DB_CONNECTION"])) {
-			$GLOBALS["_DB_CONNECTION"]->close();
-			unset($GLOBALS["_DB_CONNECTION"]);
-		}
-	}
-
 // time_to_decimal converts a time string such as 1:15 to its decimal representation such as 1.25 or 1,25.
 function time_to_decimal($val) {
   global $user;
@@ -151,11 +143,6 @@ function time_to_decimal($val) {
   return $decimalTime;
 }
 
-function sec_to_time_fmt_hm($sec)
-{
-  return sprintf("%d:%02d", $sec / 3600, $sec % 3600 / 60);
-}
-
 function magic_quotes_off()
 {
   $_POST = array_map('stripslashes_deep', $_POST);
@@ -173,7 +160,7 @@ function check_extension($ext)
 // isTrue is a helper function to return correct false for older config.php values defined as a string 'false'.
 function isTrue($val)
 {
-  return ($val == false || $val === 'false') ? false : true;
+  return (defined($val) && constant($val) === true);
 }
 
 // ttValidString is used to check user input to validate a string.
@@ -190,6 +177,15 @@ function ttValidString($val, $emptyValid = false)
   return true;    
 }
 
+// ttValidTemplateText is used to check template-based user input.
+// When templates are used, required input parts must be filled by user.
+// We identify these parts by 3 "stop sign" emojis (aka "octagonal sign" U+1F6D1).
+function ttValidTemplateText($val)
+{
+  $valid = strpos($val, 'ððð') === false; // no 3 "stop sign" emojis in a row.
+  return $valid;
+}
+
 // ttValidEmail is used to check user input to validate an email string.
 function ttValidEmail($val, $emptyValid = false)
 {
@@ -234,7 +230,7 @@ function ttValidFloat($val, $emptyValid = false)
     return ($emptyValid ? true : false);
     
   global $user;
-  $decimal = $user->decimal_mark;
+  $decimal = $user->getDecimalMark();
 	
   if (!preg_match('/^-?[0-9'.$decimal.']+$/', $val))
     return false;
@@ -316,22 +312,129 @@ function ttValidCronSpec($val)
   return true;
 }
 
-// ttAccessCheck is used to check whether user is allowed to proceed. This function is used
-// as an initial check on all publicly available pages.
-function ttAccessCheck($required_rights)
+// ttValidCondition is used to check user input to validate a notification condition.
+function ttValidCondition($val, $emptyValid = true)
+{
+  $val = trim($val);
+  if (strlen($val) == 0)
+    return ($emptyValid ? true : false);
+
+  // String must not be XSS evil (to insert JavaScript).
+  if (stristr($val, '<script>') || stristr($val, '<script '))
+    return false;
+
+  if (!preg_match("/^count\s?(=|[<>]=?|<>)\s?\d+$/", $val))
+    return false;
+
+  return true;
+}
+
+// ttValidIP is used to check user input to validate a comma-separated
+// list of IP subnet "prefixes", for example 192.168.0 (note: no .* in the end).
+// We keep regexp checks here simple - they are not precise.
+// For example, IPv4-mapped IPv6 addresses will fail. This may need to be fixed.
+function ttValidIP($val, $emptyValid = false)
+{
+  $val = trim($val);
+  if (strlen($val) == 0 && $emptyValid)
+    return true;
+
+  $subnets = explode(',', $val);
+  foreach ($subnets as $subnet) {
+    $ipv4 = preg_match('/^\d\d?\d?(\.\d\d?\d?){0,3}\.?$/', $subnet); // Not precise check.
+    $ipv6 = preg_match('/^([0-9a-fA-F]{4})(:[0-9a-fA-F]{4}){0,7}$/', $subnet); // Not precise check.
+    if (!$ipv4 && !$ipv6)
+      return false;
+  }
+  return true;
+}
+
+// ttValidHolidays is used to check user input to validate holidays spec.
+// To keep things simple, the format is a comma-separated list of dates:
+// ****-01-01,****-12-31,2019-04-20
+// The above means Jan 1 and Dec 31 are holidays in all years, while Apr 20 is only in 2019.
+function ttValidHolidays($val)
+{
+  $val = trim($val);
+  if (strlen($val) == 0) return true;
+
+  $dates = explode(',', $val);
+  foreach ($dates as $date) {
+    if (!preg_match('/^[\d*]{4}-(0[1-9]|1[0-2])-(0[1-9]|[12]\d|3[01])$/', $date))
+      return false;
+  }
+  return true;
+}
+
+// ttAccessAllowed checks whether user is allowed access to a particular page.
+// It is used as an initial check on all publicly available pages
+// (except login.php, register.php, and others where we don't have to check).
+function ttAccessAllowed($required_right)
 {
   global $auth;
   global $user;
-  
+
   // Redirect to login page if user is not authenticated.
   if (!$auth->isAuthenticated()) {
     header('Location: login.php');
     exit();
   }
-  
-  // Check rights.
-  if (!($required_rights & $user->rights))
-    return false;
-    
-  return true;
+
+  // Check IP restriction, if set.
+  if ($user->allow_ip && !$user->can('override_allow_ip')) {
+    $access_allowed = false;
+    $user_ip = $_SERVER['REMOTE_ADDR'];
+    $allowed_ip_array = explode(',', $user->allow_ip);
+    foreach ($allowed_ip_array as $allowed_ip) {
+      $len = strlen($allowed_ip);
+      if (substr($user_ip, 0, $len) === $allowed_ip) { // startsWith check.
+         $access_allowed = true;
+         break;
+      }
+    }
+    if (!$access_allowed) return false;
+  }
+
+  // Check if user has the right.
+  if (in_array($required_right, $user->rights)) {
+    import('ttUserHelper');
+    ttUserHelper::updateLastAccess();
+    return true;
+  }
+
+  return false;
+}
+
+// ttStartsWith functions checks if a string starts with a given substring.
+function ttStartsWith($string, $startString)
+{
+    $len = strlen($startString);
+    return (substr($string, 0, $len) === $startString);
+}
+
+// ttEndsWith functions checks if a string ends with a given substring.
+function ttEndsWith($string, $endString)
+{
+    $len = strlen($endString);
+    if ($len == 0) return true;
+    return (substr($string, -$len) === $endString);
+}
+
+// ttDateToUserFormat converts a date from database format to user format.
+function ttDateToUserFormat($date)
+{
+  global $user;
+  $o_date = new DateAndTime(DB_DATEFORMAT, $date);
+  return $o_date->toString($user->date_format);
+}
+
+// ttRandomString generates a random alphanumeric string.
+function ttRandomString($length = 32) {
+  $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
+  $charactersLength = strlen($characters);
+  $randomString = '';
+  for ($i = 0; $i < $length; $i++) {
+    $randomString .= $characters[rand(0, $charactersLength - 1)];
+  }
+  return $randomString;
 }
