'){$ok=1;$n.='>';continue;}
elseif($a{$i}=='<'){$ok=0;}
if(!$ok){$n.=$a{$i};}}
return $n;
}
function removeEvilTags($source)
{
global $allowedTags;
$source = strip_tags($source, $allowedTags);
return preg_replace('/<(.*?)>/ie', "'<'.removeEvilAttributes('\\1').'>'", $source);
}
/**
* @return string
* @param string
* @desc Strip forbidden attributes from a tag
*/
function removeEvilAttributes($tagSource)
{
global $stripAttrib;
return stripslashes(preg_replace("/$stripAttrib/i", 'forbidden', $tagSource));
}
function strip_attributes($msg, $tag, $attr, $suffix = "")
{
$lengthfirst = 0;
while (strstr(substr($msg, $lengthfirst), "<$tag ") != "")
{
$tag_start = $lengthfirst + strpos(substr($msg, $lengthfirst), "<$tag ");
$partafterwith = substr($msg, $tag_start);
$img = substr($partafterwith, 0, strpos($partafterwith, ">") + 1);
$img = str_replace(" =", "=", $img);
$out = "<$tag";
for($i=0; $i < count($attr); $i++)
{
if (empty($attr[$i])) {
continue;
}
$long_val =
(strpos($img, " ", strpos($img, $attr[$i] . "=")) === FALSE) ?
strpos($img, ">", strpos($img, $attr[$i] . "=")) - (strpos($img, $attr[$i] . "=") + strlen($attr[$i]) + 1) :
strpos($img, " ", strpos($img, $attr[$i] . "=")) - (strpos($img, $attr[$i] . "=") + strlen($attr[$i]) + 1);
$val = substr($img, strpos($img, $attr[$i] . "=" ) + strlen($attr[$i]) + 1, $long_val);
if (!empty($val)) {
$out .= " " . $attr[$i] . "=" . $val;
}
}
if (!empty($suffix)) {
$out .= " " . $suffix;
}
$out .= ">";
$partafter = substr($partafterwith, strpos($partafterwith,">") + 1);
$msg = substr($msg, 0, $tag_start). $out. $partafter;
$lengthfirst = $tag_start + 3;
}
return $msg;
}
function admin_br2nl($text)
{
$text = str_replace('
', "\n", $text);
return str_replace('
', "\n", $text);
}
//########### FUNZIONI AMMINISTRAZIONE ########################
function admin_checkbox($nome,$def_sel="1",$def_nosel="0",$def_ini=NULL,$class=NULL,$agg=NULL) {
$sel = "";
//STATO INIZIALE
if(!isset($_SESSION[$nome])) {
if($def_ini == "on") {
$_REQUEST["$nome"] = $def_sel;
$_SESSION["$nome"] = $def_sel;
$sel = "checked";;
}
//else $_REQUEST[$nome] == $def_nosel;
}
//admin_ssv($nome);
if(isset($_REQUEST[$nome])) $_SESSION[$nome] = $_REQUEST[$nome];
//else if($_SESSION[$nome] != $def_nosel and isset($_SESSION[$nome])) $_SESSION[$nome] = $def_nosel;
else if($_REQUEST[modulo_inviato]) $_SESSION[$nome] = $def_nosel;
if($_SESSION[$nome] == $def_sel) $sel = "checked";
//else $sel = "";
$OUT = "";
return $OUT;
}
// server per mettere salvare in sessione variabili passate via get o post
function admin_ssv($var) {
if(isset($_REQUEST["$var"])) {
if($_SESSION["$var"] != $_REQUEST["$var"]) {
//setta la variabile
$_SESSION["$var"] = $_REQUEST["$var"];
}
}
return $_SESSION["$var"];
}
/// FUNZIONI
//due metodi di login, uno via get e l' altro via hash
function admin_login() {
global $ADMIN_CONF,$ADMIN_UTENTE,$ADMIN_MENU2;
//salvo automagicamente in sessione
$utente = trim(strtolower(admin_ssv("admin_user")));
$password = trim(strtolower(admin_ssv("admin_pass")));
//faccio il controllo
if ($password == $ADMIN_UTENTE[$utente][utente_pass] and $password != "" and $utente != "") {;
//sono autenticato, imposto l' utente, ecc, ecc
$OUT["ADMIN"] = "SI";
$OUT["AUTH"] = "SI";
//imposto l' utente
$OUT["utente"] = $utente;
//imposto la sessione per rimanere nell' amministrazione da fuori
$_SESSION["amministrazioneIndi"] = 1;
$_SESSION["debugIndi"] = 1;
//cambio template
//tolgo la password dall' array dell' utente per sicurezza
unset($ADMIN_UTENTE["$utente"]["utente_pass"]);
} else {
$OUT["AUTH"] = "NO";
if($_REQUEST[at] == "null") $ADMIN_CONF[template_login] = "tpl_null";
$OUT["template"] = $ADMIN_CONF[template_login];
//???
// if(isset($ADMIN_MENU2[$_REQUEST[ap]][template_login])) $OUT["template"] = $ADMIN_MENU2[$_REQUEST[ap]][template_login];
// if(isset($ADMIN_MENU2[$_REQUEST[ap2]][template_login])) $OUT["template"] = $ADMIN_MENU2[$_REQUEST[ap2]][template_login];
}
return $OUT;
}
function admin_menu_item($nome) {
global $ADMIN, $ADMIN_DATI;
if($ADMIN[$nome]["nome"] == "") $out = "Errore pagina";
else {
if($ADMIN_DATI[pagina] == $nome) $out = "".$ADMIN[$nome][a_nome]."";
else $out = "".$ADMIN[$nome][a_nome]."";
}
return $out;
}
function admin_menu() {
global $ADMIN,$A_DATI;
reset($ADMIN);
while(list($k, $v)=each($ADMIN)) {
if(stristr($v["nome"],$A_DATI[menu_pagine]) or $A_DATI[menu_pagine] == "ALL") {
if($k == $A_DATI[pagina]) $sel = 'id="selected"';
else $sel = "";
if($v["menu_link"] != "NO") $link = ''.$v["nome"].'';
else $link = $v["nome"];
if($v["menu_nascosto"] != "SI") $OUT .= ''.$link.'';
}
}
return encode('');
}
//menu di secondo livello
function admin_menu2() {
global $ADMIN,$A_DATI,$ADMIN_MENU2;
$a_pagina = $A_DATI["pagina"];
$a_pagina2 = $A_DATI["pagina2"];
$MENU = $ADMIN_MENU2[$a_pagina];
@reset($MENU);
while(list($k, $v)=@each($MENU)) {
if(stristr($v["nome"],$A_DATI[menu_pagine2]) or $A_DATI[menu_pagine2] == "ALL") {
if($k == $A_DATI[pagina2]) $sel = 'id="selected"';
else $sel = "";
if($v["menu_link"] != "NO") $link = ''.$v["nome"].'';
else $link = $v["nome"];
$OUT .= encode(''.$link.'');
}
}
//MERGE per tornare anche i dati della pagina 2
return '';
}
function admin_debug_admin($D) {
global $A_DATI;
reset($D);
while(list($k,$v) = each($D)) {
//filtro
if ($v[contesto] == "admin") {
//colore
if($v[tipo] == "err") $color = "red";
elseif($v[tipo] == "dbg") $color = "blue";
elseif($v[tipo] == "inf") $color = "green";
else $color = "green";
//funzione di debug
if(is_array($v[vari])) {
print "";
print ("$v[tipo] : $v[nome] -> ");
print_r($v[vari]);
print "
";
} else {
print ("$v[tipo] : $v[nome] -> $v[vari]
");
}
}
}
}
//ELENCO SITI
function admin_elenco_siti() {
global $CONF;
if($CONF['dove_sono'] != 'loc') return;//open_basedir restriction in effect. File(../) is not within the allowed path(s)
if ($handle = opendir('../')) {
while (false !== ($file = readdir($handle))) {
if ($file != "." && $file != "..") {
if($CONF["sito"] == $file) $sel = "selected";
else $sel = "";
$OUT .= "