tags or hide it in html comments (non-CLI only).
* @param bool $dump_method Dump method. See SC_DUMP_* constants.
* @param string $file Value of __FILE__.
* @param string $line Value of __LINE__
*/
define('SC_DUMP_PRINT_R', 0);
define('SC_DUMP_VAR_DUMP', 1);
define('SC_DUMP_VAR_EXPORT', 2);
define('SC_DUMP_JSON', 3);
function dump($var, $display=false, $dump_method=SC_DUMP_PRINT_R, $file='', $line='')
{
if ('cli' === php_sapi_name() || defined('_CLI')) {
echo ('' != $file . $line) ? "DUMP FROM: $file $line\n" : "DUMP:\n";
} else {
echo $display ? "\n
DUMP $file $line
\n" : "\n\n";
}
}
/**
* Return dump as variable.
*
* @param mixed $var Variable to dump.
*
* @return string Dump of var.
*/
function getDump($var, $serialize=false, $dump_method=SC_DUMP_JSON)
{
switch ($dump_method) {
case SC_DUMP_PRINT_R:
// Print human-readable descriptions of invisible types.
if (null === $var) {
$d = '(null)';
} else if (true === $var) {
$d = '(bool: true)';
} else if (false === $var) {
$d = '(bool: false)';
} else if (is_scalar($var) && '' === $var) {
$d = '(empty string)';
} else if (is_scalar($var) && preg_match('/^\s+$/', $var)) {
$d = '(only white space)';
} else {
ob_start();
print_r($var);
$d = ob_get_contents();
ob_end_clean();
}
break;
case SC_DUMP_VAR_DUMP:
ob_start();
print_r($var);
var_dump($var);
ob_end_clean();
break;
case SC_DUMP_VAR_EXPORT:
ob_start();
print_r($var);
var_export($var);
ob_end_clean();
break;
case SC_DUMP_JSON:
default:
$json_flags = $serialize ? 0 : JSON_PRETTY_PRINT;
return json_encode($var, JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES | JSON_NUMERIC_CHECK | $json_flags);
}
return $serialize ? preg_replace('/\s+/m', ' ', $d) : $d;
}
/*
* Return dump as cleaned text. Useful for dumping data into emails or output from CLI scripts.
* To output tab-style lists set $indent to "\t" and $depth to 0;
* To output markdown-style lists set $indent to '- ' and $depth to 1;
* Also see yaml_emit() https://secure.php.net/manual/en/function.yaml-emit.php
*
* @param array $var Variable to dump.
* @param string $indent A string to prepend indented lines.
* @param string $depth Starting depth of this iteration of recursion (set to 0 to have no initial indentation).
* @return string Pretty dump of $var.
* @author Quinn Comendant
* @version 2.0
*/
function fancyDump($var, $indent='- ', $depth=1)
{
$indent_str = str_repeat($indent, $depth);
$output = '';
if (is_array($var)) {
foreach ($var as $k=>$v) {
$k = ucfirst(mb_strtolower(str_replace(array('_', ' '), ' ', $k)));
if (is_array($v)) {
$output .= sprintf("\n%s%s:\n%s\n", $indent_str, $k, fancyDump($v, $indent, $depth+1));
} else {
$output .= sprintf("%s%s: %s\n", $indent_str, $k, $v);
}
}
} else {
$output .= sprintf("%s%s\n", $indent_str, $var);
}
return preg_replace(['/^[ \t]+$/', '/\n\n+/', '/^(?:\S( ))?(?:\S( ))?(?:\S( ))?(?:\S( ))?(?:\S( ))?(?:\S( ))?(?:\S( ))?(?:\S( ))?(\S )/m'], ['', "\n", '$1$1$2$2$3$3$4$4$5$5$6$6$7$7$8$8$9'], $output);
}
/**
* Returns text with appropriate html translations.
*
* @param string $txt Text to clean.
* @param bool $preserve_html If set to true, oTxt will not translage <, >, ", or '
* characters into HTML entities. This allows HTML to pass
* through unmunged.
*
* @return string Cleaned text.
*/
function oTxt($txt, $preserve_html=false)
{
global $CFG;
$search = array();
$replace = array();
// Make converted ampersand entities into normal ampersands (they will be done manually later) to retain HTML entities.
$search['retain_ampersand'] = '/&/';
$replace['retain_ampersand'] = '&';
if ($preserve_html) {
// Convert characters that must remain non-entities for displaying HTML.
$search['retain_left_angle'] = '/</';
$replace['retain_left_angle'] = '<';
$search['retain_right_angle'] = '/>/';
$replace['retain_right_angle'] = '>';
$search['retain_single_quote'] = '/'/';
$replace['retain_single_quote'] = "'";
$search['retain_double_quote'] = '/"/';
$replace['retain_double_quote'] = '"';
}
// & becomes &
$search['ampersand'] = '/&((?![\w\d#]{1,10};))/';
$replace['ampersand'] = '&\\1';
return preg_replace($search, $replace, htmlentities($txt, ENT_QUOTES, $CFG->character_set));
}
/**
* Returns text with stylistic modifications.
*
* @param string $txt Text to clean.
*
* @return string Cleaned text.
*/
function fancyTxt($txt)
{
$search = array();
$replace = array();
// "double quoted text" becomes “double quoted text”
$search['double_quotes'] = '/(^|[^\w=])(?:"|"|"|"|“)([^"]+?)(?:"|"|"|"|”)([^\w]|$)/'; // " is the same as " and " and "
$replace['double_quotes'] = '\\1“\\2”\\3';
// text's apostrophes become text’s apostrophes
$search['apostrophe'] = '/(\w)(?:\'|')(\w)/';
$replace['apostrophe'] = '\\1’\\2';
// "single quoted text" becomes ‘single quoted text’
$search['single_quotes'] = '/(^|[^\w=])(?:\'|'|‘)([^\']+?)(?:\'|'|’)([^\w]|$)/';
$replace['single_quotes'] = '\\1‘\\2’\\3';
// em--dashes become em—dashes
$search['em_dash'] = '/(\s*[^!<-])--([^>-]\s*)/';
$replace['em_dash'] = '\\1—\\2';
// & becomes &
$search['ampersand'] = '/&((?![\w\d#]{1,10};))/';
$replace['ampersand'] = '&\\1';
return preg_replace($search, $replace, $txt);
}
/*
* Finds all URLs in text and hyperlinks them.
*
* @access public
* @param string $text Text to search for URLs.
* @param bool $strict True to only include URLs starting with a scheme (http:// ftp:// im://), or false to include URLs starting with 'www.'.
* @param mixed $length Number of characters to truncate URL, or NULL to disable truncating.
* @param string $delim Delimiter to append, indicate truncation.
* @return string Same input text, but URLs hyperlinked.
* @author Quinn Comendant
* @version 2.1
* @since 22 Mar 2015 23:29:04
*/
function hyperlinkTxt($text, $strict=false, $length=null, $delim='…')
{
// A list of schemes we allow at the beginning of a URL.
$schemes = 'mailto:|tel:|skype:|callto:|facetime:|bitcoin:|geo:|magnet:\?|sip:|sms:|xmpp:|view-source:(?:https?://)?|[\w-]{2,}://';
// Capture the full URL into the first match and only the first X characters into the second match.
// This will match URLs not preceded by " ' or = (URLs inside an attribute) or ` (Markdown quoted) or double-scheme (http://http://www.asdf.com)
// Valid URL characters: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-._~:/?#[]@!$&'()*+,;=
$regex = '@
\b # Start with a word-boundary.
(?|`|\]\(|[:/]/) # Negative look-behind to exclude URLs already in tag, beween, `Markdown quoted`, [Markdown](link), and avoid broken:/ and doubled://schemes://
( # Begin match 1
( # Begin match 2
(?:%s) # URL starts with known scheme or www. if strict = false
[^\s/$.?#]+ # Any domain-valid characters
[^\s"`<>]{1,%s} # Match 2 is limited to a maximum of LENGTH valid URL characters
)
[^\s"`<>]* # Match 1 continues with any further valid URL characters
([^\P{Any}\s…<>«»"—–%s]) # Final character not a space or common end-of-sentence punctuation (.,:;?!, etc). Using double negation set, see http://stackoverflow.com/a/4786560/277303
)
@Suxi
';
$regex = sprintf($regex,
($strict ? $schemes : $schemes . '|www\.'), // Strict=false adds "www." to the list of allowed start-of-URL.
($length ? $length : ''),
($strict ? '' : '?!.,:;)\'-') // Strict=false excludes some "URL-valid" characters from the last character of URL. (Hyphen must remain last character in this class.)
);
// Use a callback function to decide when to append the delim.
// Also encode special chars with oTxt().
return preg_replace_callback($regex, function ($m) use ($length, $delim) {
$url = $m[1];
$truncated_url = $m[2] . $m[3];
$absolute_url = preg_replace('!^www\.!', 'http://www.', $url);
if (is_null($length) || $url == $truncated_url) {
// If not truncating, or URL was not truncated.
// Remove http schemas, and any single trailing / to make the display URL.
$display_url = preg_replace(['!^https?://!', '!^([^/]+)/$!'], ['', '$1'], $url);
return sprintf('%s', oTxt($absolute_url), $display_url);
} else {
// Truncated URL.
// Remove http schemas, and any single trailing / to make the display URL.
$display_url = preg_replace(['!^https?://!', '!^([^/]+)/$!'], ['', '$1'], trim($truncated_url));
return sprintf('%s%s', oTxt($absolute_url), $display_url, $delim);
}
}, $text);
}
/**
* Turns "a really long string" into "a rea...string"
*
* @access public
* @param string $str Input string
* @param int $len Maximum string length.
* @param string $where Where to cut the string. One of: 'start', 'middle', or 'end'.
* @return string Truncated output string
* @author Quinn Comendant
* @since 29 Mar 2006 13:48:49
*/
function truncate($str, $len=50, $where='end', $delim='…')
{
$dlen = mb_strlen($delim);
if ($len <= $dlen || mb_strlen($str) <= $dlen) {
return substr($str, 0, $len);
}
$part1 = floor(($len - $dlen) / 2);
$part2 = ceil(($len - $dlen) / 2);
if ($len > ini_get('pcre.backtrack_limit')) {
logMsg(sprintf('Asked to truncate string len of %s > pcre.backtrack_limit of %s', $len, ini_get('pcre.backtrack_limit')), LOG_DEBUG, __FILE__, __LINE__);
ini_set('pcre.backtrack_limit', $len);
}
switch ($where) {
case 'start' :
return preg_replace(array(sprintf('/^.{%s,}(.{%s})$/su', $dlen + 1, $part1 + $part2), sprintf('/\s*%s{%s,}\s*/su', preg_quote($delim), $dlen)), array($delim . '$1', $delim), $str);
case 'middle' :
return preg_replace(array(sprintf('/^(.{%s}).{%s,}(.{%s})$/su', $part1, $dlen + 1, $part2), sprintf('/\s*%s{%s,}\s*/su', preg_quote($delim), $dlen)), array('$1' . $delim . '$2', $delim), $str);
case 'end' :
default :
return preg_replace(array(sprintf('/^(.{%s}).{%s,}$/su', $part1 + $part2, $dlen + 1), sprintf('/\s*%s{%s,}\s*/su', preg_quote($delim), $dlen)), array('$1' . $delim, $delim), $str);
}
}
/**
* Generates a hexadecimal html color based on provided word.
*
* @access public
*
* @param string $text A string for which to convert to color.
* @param float $n Brightness value between 0-1.
* @return string A hexadecimal html color.
*/
function getTextColor($text, $method=1, $n=0.87)
{
$hash = md5($text);
$rgb = array(
substr($hash, 0, 1),
substr($hash, 1, 1),
substr($hash, 2, 1),
substr($hash, 3, 1),
substr($hash, 4, 1),
substr($hash, 5, 1),
);
switch ($method) {
case 1 :
default :
// Reduce all hex values slightly to avoid all white.
array_walk($rgb, function (&$v) use ($n) {
$v = dechex(round(hexdec($v) * $n));
});
break;
case 2 :
foreach ($rgb as $i => $v) {
if (hexdec($v) > hexdec('c')) {
$rgb[$i] = dechex(hexdec('f') - hexdec($v));
}
}
break;
}
return join('', $rgb);
}
/**
* Encodes a string into unicode values 128-255.
* Useful for hiding an email address from spambots.
*
* @access public
*
* @param string $text A line of text to encode.
*
* @return string Encoded text.
*/
function encodeAscii($text)
{
$ouput = '';
$num = strlen($text);
for ($i=0; $i<$num; $i++) {
$output .= sprintf('&#%03s', ord($text[$i]));
}
return $output;
}
/**
* Encodes an email into a user (at) domain (dot) com format.
*
* @access public
* @param string $email An email to encode.
* @param string $at Replaces the @.
* @param string $dot Replaces the ..
* @return string Encoded email.
*/
function encodeEmail($email, $at=' at ', $dot=' dot ')
{
$search = array('/@/', '/\./');
$replace = array($at, $dot);
return preg_replace($search, $replace, $email);
}
/*
* Converts a string into a URL-safe slug, removing spaces and non word characters.
*
* @access public
* @param string $str String to convert.
* @return string URL-safe slug.
* @author Quinn Comendant
* @version 1.0
* @since 18 Aug 2014 12:54:29
*/
function URLSlug($str)
{
$slug = preg_replace(array('/\W+/u', '/^-+|-+$/'), array('-', ''), $str);
$slug = strtolower($slug);
return $slug;
}
/**
* Return a human readable filesize.
*
* @param int $size Size
* @param int $unit The maximum unit
* @param int $format The return string format
* @author Aidan Lister
* @version 1.1.0
*/
function humanFileSize($size, $unit=null, $format='%01.2f %s')
{
// Units
$units = array('B', 'KB', 'MB', 'GB', 'TB');
$ii = count($units) - 1;
// Max unit
$unit = array_search((string) $unit, $units);
if ($unit === null || $unit === false) {
$unit = $ii;
}
// Loop
$i = 0;
while ($unit != $i && $size >= 1024 && $i < $ii) {
$size /= 1024;
$i++;
}
return sprintf($format, $size, $units[$i]);
}
/*
* Returns a human readable amount of time for the given amount of seconds.
*
* 45 seconds
* 12 minutes
* 3.5 hours
* 2 days
* 1 week
* 4 months
*
* Months are calculated using the real number of days in a year: 365.2422 / 12.
*
* @access public
* @param int $seconds Seconds of time.
* @param string $max_unit Key value from the $units array.
* @param string $format Sprintf formatting string.
* @return string Value of units elapsed.
* @author Quinn Comendant
* @version 1.0
* @since 23 Jun 2006 12:15:19
*/
function humanTime($seconds, $max_unit=null, $format='%01.1f')
{
// Units: array of seconds in the unit, singular and plural unit names.
$units = array(
'second' => array(1, _("second"), _("seconds")),
'minute' => array(60, _("minute"), _("minutes")),
'hour' => array(3600, _("hour"), _("hours")),
'day' => array(86400, _("day"), _("days")),
'week' => array(604800, _("week"), _("weeks")),
'month' => array(2629743.84, _("month"), _("months")),
'year' => array(31556926.08, _("year"), _("years")),
'decade' => array(315569260.8, _("decade"), _("decades")),
'century' => array(3155692608, _("century"), _("centuries")),
);
// Max unit to calculate.
$max_unit = isset($units[$max_unit]) ? $max_unit : 'year';
$final_time = $seconds;
$final_unit = 'second';
foreach ($units as $k => $v) {
if ($seconds >= $v[0]) {
$final_time = $seconds / $v[0];
$final_unit = $k;
}
if ($max_unit == $final_unit) {
break;
}
}
$final_time = sprintf($format, $final_time);
return sprintf('%s %s', $final_time, (1 == $final_time ? $units[$final_unit][1] : $units[$final_unit][2]));
}
/**
* If $var is net set or null, set it to $default. Otherwise leave it alone.
* Returns the final value of $var. Use to find a default value of one is not avilable.
*
* @param mixed $var The variable that is being set.
* @param mixed $default What to set it to if $val is not currently set.
* @return mixed The resulting value of $var.
*/
function setDefault(&$var, $default='')
{
if (!isset($var)) {
$var = $default;
}
return $var;
}
/**
* Like preg_quote() except for arrays, it takes an array of strings and puts
* a backslash in front of every character that is part of the regular
* expression syntax.
*
* @param array $array input array
* @param array $delim optional character that will also be excaped.
*
* @return array an array with the same values as $array1 but shuffled
*/
function pregQuoteArray($array, $delim='/')
{
if (!empty($array)) {
if (is_array($array)) {
foreach ($array as $key=>$val) {
$quoted_array[$key] = preg_quote($val, $delim);
}
return $quoted_array;
} else {
return preg_quote($array, $delim);
}
}
}
/**
* Converts a PHP Array into encoded URL arguments and return them as an array.
*
* @param mixed $data An array to transverse recursively, or a string
* to use directly to create url arguments.
* @param string $prefix The name of the first dimension of the array.
* If not specified, the first keys of the array will be used.
*
* @return array URL with array elements as URL key=value arguments.
*/
function urlEncodeArray($data, $prefix='', $_return=true) {
// Data is stored in static variable.
static $args;
if (is_array($data)) {
foreach ($data as $key => $val) {
// If the prefix is empty, use the $key as the name of the first dimension of the "array".
// ...otherwise, append the key as a new dimension of the "array".
$new_prefix = ('' == $prefix) ? urlencode($key) : $prefix . '[' . urlencode($key) . ']';
// Enter recursion.
urlEncodeArray($val, $new_prefix, false);
}
} else {
// We've come to the last dimension of the array, save the "array" and it's value.
$args[$prefix] = urlencode($data);
}
if ($_return) {
// This is not a recursive execution. All recursion is complete.
// Reset static var and return the result.
$ret = $args;
$args = array();
return is_array($ret) ? $ret : array();
}
}
/**
* Converts a PHP Array into encoded URL arguments and return them in a string.
*
* @param mixed $data An array to transverse recursively, or a string
* to use directly to create url arguments.
* @param string $prefix The name of the first dimension of the array.
* If not specified, the first keys of the array will be used.
*
* @return string url A string ready to append to a url.
*/
function urlEncodeArrayToString($data, $prefix='') {
$array_args = urlEncodeArray($data, $prefix);
$url_args = '';
$delim = '';
foreach ($array_args as $key=>$val) {
$url_args .= $delim . $key . '=' . $val;
$delim = ini_get('arg_separator.output');
}
return $url_args;
}
/**
* An alternative to "shuffle()" that actually works.
*
* @param array $array1 input array
* @param array $array2 argument used internally through recursion
*
* @return array an array with the same values as $array1 but shuffled
*/
function arrayRand(&$array1, $array2 = array())
{
if (!sizeof($array1)) {
return array();
}
srand((double) microtime() * 10000000);
$rand = array_rand($array1);
$array2[] = $array1[$rand];
unset ($array1[$rand]);
return $array2 + arrayRand($array1, $array2);
}
/**
* Fills an arrray with the result from a multiple ereg search.
* Curtesy of Bruno - rbronosky@mac.com - 10-May-2001
* Blame him for the funky do...while loop.
*
* @param mixed $pattern regular expression needle
* @param mixed $string haystack
*
* @return array populated with each found result
*/
function eregAll($pattern, $string)
{
do {
if (!ereg($pattern, $string, $temp)) {
continue;
}
$string = str_replace($temp[0], '', $string);
$results[] = $temp;
} while (ereg($pattern, $string, $temp));
return $results;
}
/**
* Prints the word "checked" if a variable is set, and optionally matches
* the desired value, otherwise prints nothing,
* used for printing the word "checked" in a checkbox form input.
*
* @param mixed $var the variable to compare
* @param mixed $value optional, what to compare with if a specific value is required.
*/
function frmChecked($var, $value=null)
{
if (func_num_args() == 1 && $var) {
// 'Checked' if var is true.
echo ' checked="checked" ';
} else if (func_num_args() == 2 && $var == $value) {
// 'Checked' if var and value match.
echo ' checked="checked" ';
} else if (func_num_args() == 2 && is_array($var)) {
// 'Checked' if the value is in the key or the value of an array.
if (isset($var[$value])) {
echo ' checked="checked" ';
} else if (in_array($value, $var)) {
echo ' checked="checked" ';
}
}
}
/**
* prints the word "selected" if a variable is set, and optionally matches
* the desired value, otherwise prints nothing,
* otherwise prints nothing, used for printing the word "checked" in a
* select form input
*
* @param mixed $var the variable to compare
* @param mixed $value optional, what to compare with if a specific value is required.
*/
function frmSelected($var, $value=null)
{
if (func_num_args() == 1 && $var) {
// 'selected' if var is true.
echo ' selected="selected" ';
} else if (func_num_args() == 2 && $var == $value) {
// 'selected' if var and value match.
echo ' selected="selected" ';
} else if (func_num_args() == 2 && is_array($var)) {
// 'selected' if the value is in the key or the value of an array.
if (isset($var[$value])) {
echo ' selected="selected" ';
} else if (in_array($value, $var)) {
echo ' selected="selected" ';
}
}
}
/**
* Adds slashes to values of an array and converts the array to a
* comma delimited list. If value provided is not an array or is empty
* return nothing. This is useful for putting values coming in from
* posted checkboxes into a SET column of a database.
*
* @param array $array Array to convert.
* @return string Comma list of array values.
*/
function dbArrayToList($array)
{
if (is_array($array) && !empty($array)) {
return join(',', array_map('mysql_real_escape_string', array_keys($array)));
}
}
/**
* Converts a human string date into a SQL-safe date.
* Dates nearing infinity use the date 2038-01-01 so conversion to unix time
* format remain within valid range.
*
* @param array $date String date to convert.
* @param array $format Date format to pass to date().
* Default produces MySQL datetime: 0000-00-00 00:00:00.
*
* @return string SQL-safe date.
*/
function strToSQLDate($date, $format='Y-m-d H:i:s')
{
// Translate the human string date into SQL-safe date format.
if (empty($date) || '0000-00-00' == $date || strtotime($date) === -1) {
$sql_date = '0000-00-00';
} else {
$sql_date = date($format, strtotime($date));
}
return $sql_date;
}
/**
* If magic_quotes_gpc is in use, run stripslashes() on $var. If $var is an
* array, stripslashes is run on each value, recursively, and the stripped
* array is returned
*
* @param mixed $var The string or array to un-quote, if necessary.
* @return mixed $var, minus any magic quotes.
*/
function dispelMagicQuotes($var)
{
static $magic_quotes_gpc;
if (!isset($magic_quotes_gpc)) {
$magic_quotes_gpc = get_magic_quotes_gpc();
}
if ($magic_quotes_gpc) {
if (!is_array($var)) {
$var = stripslashes($var);
} else {
foreach ($var as $key=>$val) {
if (is_array($val)) {
$var[$key] = dispelMagicQuotes($val);
} else {
$var[$key] = stripslashes($val);
}
}
}
}
return $var;
}
/**
* Get a form variable from GET or POST data, stripped of magic
* quotes if necessary.
*
* @param string $var (optional) The name of the form variable to look for.
* @param string $default (optional) The value to return if the
* variable is not there.
*
* @return mixed A cleaned GET or POST if no $var specified.
* @return string A cleaned form $var if found, or $default.
*/
function getFormData($var=null, $default=null)
{
if ('POST' == $_SERVER['REQUEST_METHOD'] && is_null($var)) {
return dispelMagicQuotes($_POST);
} else if ('GET' == $_SERVER['REQUEST_METHOD'] && is_null($var)) {
return dispelMagicQuotes($_GET);
}
if (isset($_POST[$var])) {
return dispelMagicQuotes($_POST[$var]);
} else if (isset($_GET[$var])) {
return dispelMagicQuotes($_GET[$var]);
} else {
return $default;
}
}
function getPost($var=null, $default=null)
{
if (is_null($var)) {
return dispelMagicQuotes($_POST);
}
if (isset($_POST[$var])) {
return dispelMagicQuotes($_POST[$var]);
} else {
return $default;
}
}
function getGet($var=null, $default=null)
{
if (is_null($var)) {
return dispelMagicQuotes($_GET);
}
if (isset($_GET[$var])) {
return dispelMagicQuotes($_GET[$var]);
} else {
return $default;
}
}
/*
* Generates a base-65-encoded sha512 hash of $string truncated to $length.
*
* @access public
* @param string $string Input string to hash.
* @param int $length Length of output hash string.
* @return string String of hash.
* @author Quinn Comendant
* @version 1.0
* @since 03 Apr 2016 19:48:49
*/
function hash64($string, $length=18)
{
return mb_substr(preg_replace('/[^\w]/', '', base64_encode(hash('sha512', $string, true))), 0, $length);
}
/**
* Signs a value using md5 and a simple text key. In order for this
* function to be useful (i.e. secure) the salt must be kept secret, which
* means keeping it as safe as database credentials. Putting it into an
* environment variable set in httpd.conf is a good place.
*
* @access public
* @param string $val The string to sign.
* @param string $salt (Optional) A text key to use for computing the signature.
* @param string $length (Optional) The length of the added signature. Longer signatures are safer. Must match the length passed to verifySignature() for the signatures to match.
* @return string The original value with a signature appended.
*/
function addSignature($val, $salt=null, $length=18)
{
if ('' == trim($val)) {
logMsg(sprintf('Cannot add signature to an empty string.', null), LOG_INFO, __FILE__, __LINE__);
return '';
}
if (!isset($salt)) {
global $CFG;
$salt = $CFG->signing_key;
}
return $val . '-' . mb_substr(preg_replace('/[^\w]/', '', base64_encode(hash('sha512', $val . $salt, true))), 0, $length);
}
/**
* Strips off the signature appended by addSignature().
*
* @access public
* @param string $signed_val The string to sign.
* @return string The original value with a signature removed.
*/
function removeSignature($signed_val)
{
if (empty($signed_val) || mb_strpos($signed_val, '-') === false) {
return '';
}
return mb_substr($signed_val, 0, mb_strrpos($signed_val, '-'));
}
/**
* Verifies a signature appended to a value by addSignature().
*
* @access public
* @param string $signed_val A value with appended signature.
* @param string $salt (Optional) A text key to use for computing the signature.
* @param string $length (Optional) The length of the added signature.
* @return bool True if the signature matches the var.
*/
function verifySignature($signed_val, $salt=null, $length=18)
{
// Strip the value from the signed value.
$val = removeSignature($signed_val);
// If the signed value matches the original signed value we consider the value safe.
if ('' != $signed_val && $signed_val == addSignature($val, $salt, $length)) {
// Signature verified.
return true;
} else {
logMsg(sprintf('Failed signature (%s should be %s)', $signed_val, addSignature($val, $salt, $length)), LOG_DEBUG, __FILE__, __LINE__);
return false;
}
}
/**
* Sends empty output to the browser and flushes the php buffer so the client
* will see data before the page is finished processing.
*/
function flushBuffer() {
echo str_repeat(' ', 205);
flush();
}
/**
* A stub for apps that still use this function.
*
* @access public
* @return void
*/
function mailmanAddMember($email, $list, $send_welcome_message=false)
{
logMsg(sprintf('mailmanAddMember called and ignored: %s, %s, %s', $email, $list, $send_welcome_message), LOG_WARNING, __FILE__, __LINE__);
}
/**
* A stub for apps that still use this function.
*
* @access public
* @return void
*/
function mailmanRemoveMember($email, $list, $send_user_ack=false)
{
logMsg(sprintf('mailmanRemoveMember called and ignored: %s, %s, %s', $email, $list, $send_user_ack), LOG_WARNING, __FILE__, __LINE__);
}