SWAT/SWATFunctions.php5

<?php
abstract class SWATFunctions {

    /* -------------------------------------------- */
    /* DB Input Sanitation                          */
    /* -------------------------------------------- */

    function safeSqlOld($a, $ignoreBackslash = false) {
        // Perform some limited SQL injection detection
        $a = addslashes($a);
        $a = preg_replace("/'/", "''", $a);
        if(!$ignoreBackslash) {
            $a = preg_replace("/\\/", "", $a);
            $a = preg_replace("/[\\\]*;/", "\\\;", $a);
        }
        $a = preg_replace("/%/", "", $a);
        $a = preg_replace("/\*/", "\\*", $a);
        return ($a);
    }

/* Commented out 6/14/2010 by sbehun@shodor.org
/* This function was allowing people to log in using underscores as the password
/* as long as the number of underscores was the length of their password

    public function safeSql($a) {
        $a = addslashes($a);
        $a = preg_replace("/;/", "\\;", $a);
        $a = preg_replace("/%/", "\\%", $a);
        return $a;
    }
*/

/* Here is the revised function */
    public function safeSql($a) {
        $a = mysql_escape_string($a);
        $a = str_replace(array(';',     '%',   '_'),
                         array('\\;', '\\%', '\\_'), $a);
        return $a;
    }

    /* -------------------------------------------- */
    /* Redirects                                    */
    /* -------------------------------------------- */

    function redirect($url) {
        global $USER, $SWAT;
        if (isset($SWAT)){
            $SWAT->syncSession();
        }
        if (isset($USER) && isset($_SESSION) && isset($_SESSION['USER'])) {
            $_SESSION['USER'] = &$USER;
            session_write_close();
        }
        STimer::enable(false);
        header("Location: $url");
        exit;
    }

    function redirectHTTPS($req = "") {
        if($req == "")
            $req = $_SERVER['REQUEST_URI'];
        $req = preg_replace("/%7E/", "~", $req);
        $dest = "https://" . $_SERVER['SERVER_NAME'] . $req;
        STimer::enable(false);
        header("Location: $dest");
        exit;
    }

    /* -------------------------------------------- */
    /* URL Processing                               */
    /* -------------------------------------------- */

    function stripArgs($uri) {
        $parts = explode("?", $uri);
        return $parts[0];
    }

    function getURI() {
        return $_SERVER['REQUEST_URI'];
    }

    function getURINoArgs() {
        return self::stripArgs(self::getURI());
    }

    /* -------------------------------------------- */
    /* Text Processing/Misc                         */
    /* -------------------------------------------- */

    function removeSpace($a) {
        $a = preg_replace("/\s/", "", $a);
        return ($a);
    }

    function formatTimestamp($timestamp) {
        $submissionTime = (int)((time() - strtotime($timestamp))/(60*60*24));
        $timeAgo = "";

        if ($submissionTime == 1)
            $timeAgo = "1 day ago";
        else if ($submissionTime == 0)
            $timeAgo = "Today";
        else if ($submissionTime > 31) {
            $months = (int)($submissionTime/31);
            $days = $submissionTime%31;
            if ($months == 1) $monthFormat = "month";
            else $monthFormat = "months";
            if ($days == 1) $dayFormat = "day";
            else if ($days == 0) $dayFormat = "";
            else $dayFormat = "days";

            $timeAgo = $months . " " . $monthFormat . " " . $days . " " . $dayFormat . " ago";
        } else
            $timeAgo = $submissionTime . " days ago";

        return ($timeAgo);
    }

    public static function hashPassword($password, $salt) {
        return substr(hash('sha256', $password . $salt), 0, 32);
    }
}
?>

---