php_library/fboprime/par.inc

<?php
//$Header: /hl/cvsroots/gpl01/gpl01/webprojs/fboprime/sw/phplib/par.inc,v 1.9 2006/08/01 21:51:46 dashley Exp $
//********************************************************************************
//par.inc--FboPrime Parameter and Cookie Processing
//Copyright (C) 2006  David T. Ashley
//
//This program is free software; you can redistribute it and/or
//modify it under the terms of the GNU General Public License
//as published by the Free Software Foundation; either version 2
//of the License, or (at your option) any later version.
//
//This program is distributed in the hope that it will be useful,
//but WITHOUT ANY WARRANTY; without even the implied warranty of
//MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
//GNU General Public License for more details.
//
//You should have received a copy of the GNU General Public License
//along with this program; if not, write to the Free Software
//Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
//********************************************************************************
//This file contains functions that carefully control GET/POST input parameters
//and cookies and bring them into the global variable space.
//
//The most conservative approach is to restrict such parameters to a language,
//i.e. to confine the form they may have.
//--------------------------------------------------------------------------------
require_once("strfunc.inc");
//
//--------------------------------------------------------------------------------
//FULL LIST OF COOKIE PARAMETERS
//------------------------------
//Only one cookie is issued by this software, named "fbopsid".  This is a session
//identifier as described in the documentation.  The cookie is issued on a
//successful login and revoked when a session times out or there is an
//authentication failure.
//
//--------------------------------------------------------------------------------
//FULL LIST OF GET/POST PARAMETERS
//--------------------------------
//This is the list of get/post parameters.  They are named uniquely to avoid
//confusion or mistakes.  In general, a script will try to import only those
//parameters that it is interested in--others are ignored.
//
//GET and POST parameters are usually treated identically--there is no 
//differentiation made.  This means in some cases it is possible to modify page 
//behavior (for example, page appearance) by adding a string to the URL (i.e. to 
//use a URL not directly generated by the software).  This allows power-users
//to sometimes work more effectively.
//
//GET parameters are preferentially used, as they allow URLs to be bookmarked
//and e-mailed.
//
//index.php -- Main scheduler day view.
//-------------------------------------
//   authuserid
//      The login name of the user.  For example, "jsmith".  Login names
//      must begin with a letter, must be 20 characters or less, and may
//      contain only letters and numbers.  Login names are converted to
//      all lower-case, and they are treated as case-insensitive.
//
//      Any supplied parameter has blanks and invalid characters removed
//      before being assigned to the global variable.  In some cases,
//      a login name consisting of exclusively blanks or invalid characters
//      may be assigned to the global variable as the empty string.
//
//      If the login name is not supplied, the corresponding global
//      variable is set to FALSE.
//
//   authuserpasswd
//      The password supplied by the user to authenticate.  Passwords
//      may contain only certain characters, no spaces at the ends, etc.
//
//      Any supplied parameter has blanks and invalid characters removed
//      before being assigned to the global variable.  In some cases,
//      password consisting of exclusively blanks or invalid characters
//      may be assigned to the global variable as the empty string.
//
//      If the password is not supplied, the corresponding global
//      variable is set to FALSE.
//
//   logout
//      If the main scheduling page is invoked with a get or post
//      parameter of "logout" defined to _any_ value, this is a cue
//      to log out the user.  The traditional value is logout=1.
//
//      A user is logged out by linking to the main scheduling page
//      with the "logout" parameter set.
//
//   sddt
//      The date whose scheduling information will be displayed.
//
//      If no date is supplied, the default is usually the current
//      calendar day.
//
//      The date is in the format YYYYMMDD, for example,
//
//         "20060408".
//
//      Any supplied parameter has blanks and invalid characters removed
//      before being assigned to the global variable.  In some cases,
//      a date consisting of exclusively blanks or invalid characters
//      may be assigned to the global variable as the empty string.
//
//      If the date is not supplied, the corresponding global
//      variable is set to FALSE.
//
//   sdtim
//      The time of day for which scheduling information should be
//      displayed.
//
//      If no time of day is supplied, the default is usually
//      the default panel for scheduling views.
//
//      The time is in the format "HHMMSS", for example,
//
//         "1519".
//
//      The time should range from "0000" through "2359".  "2400" is
//      illegal, as it would actually correspond to midnight of the
//      following day.
//
//      Any supplied parameter has blanks and invalid characters removed
//      before being assigned to the global variable.  In some cases,
//      a date consisting of exclusively blanks or invalid characters
//      may be assigned to the global variable as the empty string.
//
//      If the date is not supplied, the corresponding global
//      variable is set to FALSE.
//
//   todaynow
//      If set to any value (i.e. if it exists), the global variable is
//      set to TRUE, otherwise, it is set to FALSE.  Signals that current
//      server time should be used (all get/post parameters and session
//      state should be ignored).
//
//   menulvladjst
//      If present, indicates to adjust the current menu level (stored in
//      the session record of the database) up or down.  Parameter values
//      allowed:
//         "D" (or "d")  :  Decrement the current menu level (corresponding
//                          to fewer options displayed).
//         "U" (or "u")  :  Increment the current menu level (corresponding
//                          to more options displayed).
//
//   acklevel
//      Used for acknowledgement screens in various contexts, to trigger
//      an acknowledgement screen rather than the main action.  This should
//      be an integer in the range of [0,100] with semantics defined by
//      the using page.  If the parameter is missing or invalid, $PAR_acklevel
//      is assigned FALSE.
//
//--------------------------------------------------------------------------------
//Obtains the FBOPSID cookie parameter and assigns it to a global variable.
//FALSE is assigned if the parameter is not passed.  Invalid characters are 
//removed, possibly leading to the empty string if the passed entity is empty or
//contains only invalid characters.
//
function PAR_get_fbopsid()
   {
   global $PAR_fbopsid;

   if (! isset($_COOKIE["fbopsid"]))
      {
      $PAR_fbopsid = FALSE;
      return;
      }
   else
      {
      $PAR_fbopsid = $_COOKIE["fbopsid"];
      }

   //Trim the string down to the characters allowed for a session identifier.
   $PAR_fbopsid = STRFUNC_force_into_subset($PAR_fbopsid, "SGIABCDEF0123456789");

   //The total string may be no longer than 66 characters long.
   if (strlen($PAR_fbopsid) > 66)
      {
      $PAR_fbopsid = SubStr($PAR_fbopsid, 0, 66);
      }
   }
//
//
//--------------------------------------------------------------------------------
//Obtains the AUTHUSERID and assigns it into a global variable.  FALSE is 
//assigned if the parameter is not passed.  Invalid characters are removed, 
//possibly leading to the empty string if the passed entity is empty or
//contains only invalid characters.
//
//Unit-tested on 20060408.
//
function PAR_get_authuserid()
   {
   global $PAR_authuserid;

   if ((! isset($_GET["authuserid"])) && (! isset($_POST["authuserid"])))
      {
      $PAR_authuserid = FALSE;
      return;
      }
   else if (isset($_POST["authuserid"]))
      {
      $starting_point = $_POST["authuserid"];
      }
   else if (isset($_GET["authuserid"]))
      {
      $starting_point = $_GET["authuserid"];
      }

   //Trim all disallowed characters.
   $starting_point 
      = STRFUNC_force_into_subset($starting_point, 
                                  "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789");

   //Force the string to be all lower case.
   $starting_point = StrToLower($starting_point);

   //If the string is now of zero length, treat this parameter
   //as not existing.
   if (strlen($starting_point) == 0)
      { 
      $PAR_authuserid = FALSE;
      return;
      }

   //And assign to the global, which we may be just newly creating.
   $PAR_authuserid = $starting_point;
   }
//
//
//--------------------------------------------------------------------------------
//Obtains the AUTHUSERPASSWD and assigns it into a global variable.  FALSE is 
//assigned if the parameter is not passed.  Invalid characters are removed, 
//possibly leading to the empty string if the passed entity is empty or
//contains only invalid characters.
//
//Passwords are not trimmed here.  The password is never displayed (so HTML
//encoded scripting attacks, etc. shouldn't be possible), and it is better
//if downstream software can parse it and potentially display error
//messages.
//
//Passwords will only be accepted as a POST parameter (they should not be
//on the command line.
//
function PAR_get_authuserpasswd()
   {
   global $PAR_authuserpasswd;

   if (! isset($_POST["authuserpasswd"]))
      {
      $PAR_authuserpasswd = FALSE;
      return;
      }

   $PAR_authuserpasswd = $_POST["authuserpasswd"];
   }
//
//
//--------------------------------------------------------------------------------
//Obtains the SDDT and assigns it into a global variable.  FALSE is 
//assigned if the parameter is not passed.  Invalid characters are removed, 
//possibly leading to the empty string if the passed entity is empty or
//contains only invalid characters.
//
//Unit-tested on 20060408.
//
function PAR_get_sddt()
   {
   global $PAR_sddt;

   if ((! isset($_GET["sddt"])) && (! isset($_POST["sddt"])))
      {
      $PAR_sddt = FALSE;
      return;
      }
   else if (isset($_POST["sddt"]))
      {
      $starting_point = $_POST["sddt"];
      }
   else if (isset($_GET["sddt"]))
      {
      $starting_point = $_GET["sddt"];
      }

   //Trim all disallowed characters.
   $starting_point 
      = STRFUNC_force_into_subset($starting_point, 
                                  "0123456789");

   //And assign to the global, which we may be just newly creating.
   $PAR_sddt = $starting_point;
   }
//
//
//--------------------------------------------------------------------------------
//Obtains the SDTIM and assigns it into a global variable.  FALSE is 
//assigned if the parameter is not passed.  Invalid characters are removed, 
//possibly leading to the empty string if the passed entity is empty or
//contains only invalid characters.
//
//Unit-tested on 20060408.
//
function PAR_get_sdtim()
   {
   global $PAR_sdtim;

   if ((! isset($_GET["sdtim"])) && (! isset($_POST["sdtim"])))
      {
      $PAR_sdtim = FALSE;
      return;
      }
   else if (isset($_POST["sdtim"]))
      {
      $starting_point = $_POST["sdtim"];
      }
   else if (isset($_GET["sdtim"]))
      {
      $starting_point = $_GET["sdtim"];
      }

   //Trim all disallowed characters.
   $starting_point 
      = STRFUNC_force_into_subset($starting_point, 
                                  "0123456789");

   //And assign to the global, which we may be just newly creating.
   $PAR_sdtim = $starting_point;
   }
//
//
//--------------------------------------------------------------------------------
//Obtains the TODAYNOW and assigns it into a global variable.  TRUE is assigned
//if ANY value is present for the variable, or FALSE otherwise.
//
function PAR_get_todaynow()
   {
   global $PAR_todaynow;

   if ((isset($_GET["todaynow"])) || (isset($_POST["todaynow"])))
      {
      $PAR_todaynow = TRUE;
      }
   else
      {
      $PAR_todaynow = FALSE;
      }
   }
//
//
//--------------------------------------------------------------------------------
//Obtains the MENULVLADJST and assigns it into a global variable as either:
//   FALSE if the parameter is not passed.
//   -1    if the menu level is to be decremented.
//    1    if the menu level is to be incremented.
//
function PAR_get_menulvladjst()
   {
   global $PAR_menulvladjst;

   if ((! isset($_GET["menulvladjst"])) && (! isset($_POST["menulvladjst"])))
      {
      $PAR_menulvladjst = FALSE;
      return;
      }
   else if (isset($_POST["menulvladjst"]))
      {
      $starting_point = $_POST["menulvladjst"];
      }
   else if (isset($_GET["menulvladjst"]))
      {
      $starting_point = $_GET["menulvladjst"];
      }

   //Trim all disallowed characters.
   $starting_point = STRFUNC_force_into_subset($starting_point, "uUdD");

   //And assign to the global, which we may be just newly creating.
   if (($starting_point == "d") || ($starting_point == "D"))
      $PAR_menulvladjst = -1;
   else if (($starting_point == "u") || ($starting_point == "U"))
      $PAR_menulvladjst =  1;
   else
      $PAR_menulvladjst =  FALSE;
   }
//
//
//--------------------------------------------------------------------------------
//Obtains the LOGOUT parameter.  If this parameter is set to ANY value,
//it is a cue to log out the user.
//
function PAR_get_logout()
   {
   global $PAR_logout;

   if ((! isset($_GET["logout"])) && (! isset($_POST["logout"])))
      {
      $PAR_logout = FALSE;
      }
   else
      {
      $PAR_logout = TRUE;
      }
   }
//
//
//--------------------------------------------------------------------------------
//Obtains the ACKLEVEL and assigns it into a global variable as an integer.  
//FALSE is assigned if the parameter is not passed or if it is passed but is
//invalid.
//
function PAR_get_acklevel()
   {
   global $PAR_acklevel;

   if ((! isset($_GET["acklevel"])) && (! isset($_POST["acklevel"])))
      {
      $PAR_acklevel = FALSE;
      return;
      }
   else if (isset($_POST["acklevel"]))
      {
      $starting_point = $_POST["acklevel"];
      }
   else if (isset($_GET["acklevel"]))
      {
      $starting_point = $_GET["acklevel"];
      }

   //Trim all disallowed characters.
   $starting_point = STRFUNC_force_into_subset($starting_point, "0123456789");

   //Remove any leading zeros.
   while ((strlen($starting_point) > 1) && (SubStr($starting_point, 0, 1) == "0"))
      $starting_point = SubStr($starting_point, 1);
 
   //At this point, the value can't help but syntactically be an integer or the
   //empty string.
   if (strlen($starting_point) == 0)
      {
      $PAR_acklevel = FALSE;          //Empty string.
      }
   else if (strlen($starting_point) > 2)
      {
      $PAR_acklevel = FALSE;          //Too big as an integer.
      }
   else
      {
      $starting_point = (int)$starting_point;
      if (($starting_point >= 0) && ($starting_point <= 100))
         {
         $PAR_acklevel = $starting_point;
         }
      else
         {
         $PAR_acklevel = FALSE;          //Out of range as an integer.
         }
      }
   }
//
//
//--------------------------------------------------------------------------------
//End of $RCSfile: par.inc,v $.
//--------------------------------------------------------------------------------
?>
1	dashley	35	<?php
2			//$Header: /hl/cvsroots/gpl01/gpl01/webprojs/fboprime/sw/phplib/par.inc,v 1.9 2006/08/01 21:51:46 dashley Exp $
3			//********************************************************************************
4			//par.inc--FboPrime Parameter and Cookie Processing
5			//Copyright (C) 2006 David T. Ashley
6			//
7			//This program is free software; you can redistribute it and/or
8			//modify it under the terms of the GNU General Public License
9			//as published by the Free Software Foundation; either version 2
10			//of the License, or (at your option) any later version.
11			//
12			//This program is distributed in the hope that it will be useful,
13			//but WITHOUT ANY WARRANTY; without even the implied warranty of
14			//MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15			//GNU General Public License for more details.
16			//
17			//You should have received a copy of the GNU General Public License
18			//along with this program; if not, write to the Free Software
19			//Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
20			//********************************************************************************
21			//This file contains functions that carefully control GET/POST input parameters
22			//and cookies and bring them into the global variable space.
23			//
24			//The most conservative approach is to restrict such parameters to a language,
25			//i.e. to confine the form they may have.
26			//--------------------------------------------------------------------------------
27			require_once("strfunc.inc");
28			//
29			//--------------------------------------------------------------------------------
30			//FULL LIST OF COOKIE PARAMETERS
31			//------------------------------
32			//Only one cookie is issued by this software, named "fbopsid". This is a session
33			//identifier as described in the documentation. The cookie is issued on a
34			//successful login and revoked when a session times out or there is an
35			//authentication failure.
36			//
37			//--------------------------------------------------------------------------------
38			//FULL LIST OF GET/POST PARAMETERS
39			//--------------------------------
40			//This is the list of get/post parameters. They are named uniquely to avoid
41			//confusion or mistakes. In general, a script will try to import only those
42			//parameters that it is interested in--others are ignored.
43			//
44			//GET and POST parameters are usually treated identically--there is no
45			//differentiation made. This means in some cases it is possible to modify page
46			//behavior (for example, page appearance) by adding a string to the URL (i.e. to
47			//use a URL not directly generated by the software). This allows power-users
48			//to sometimes work more effectively.
49			//
50			//GET parameters are preferentially used, as they allow URLs to be bookmarked
51			//and e-mailed.
52			//
53			//index.php -- Main scheduler day view.
54			//-------------------------------------
55			// authuserid
56			// The login name of the user. For example, "jsmith". Login names
57			// must begin with a letter, must be 20 characters or less, and may
58			// contain only letters and numbers. Login names are converted to
59			// all lower-case, and they are treated as case-insensitive.
60			//
61			// Any supplied parameter has blanks and invalid characters removed
62			// before being assigned to the global variable. In some cases,
63			// a login name consisting of exclusively blanks or invalid characters
64			// may be assigned to the global variable as the empty string.
65			//
66			// If the login name is not supplied, the corresponding global
67			// variable is set to FALSE.
68			//
69			// authuserpasswd
70			// The password supplied by the user to authenticate. Passwords
71			// may contain only certain characters, no spaces at the ends, etc.
72			//
73			// Any supplied parameter has blanks and invalid characters removed
74			// before being assigned to the global variable. In some cases,
75			// password consisting of exclusively blanks or invalid characters
76			// may be assigned to the global variable as the empty string.
77			//
78			// If the password is not supplied, the corresponding global
79			// variable is set to FALSE.
80			//
81			// logout
82			// If the main scheduling page is invoked with a get or post
83			// parameter of "logout" defined to _any_ value, this is a cue
84			// to log out the user. The traditional value is logout=1.
85			//
86			// A user is logged out by linking to the main scheduling page
87			// with the "logout" parameter set.
88			//
89			// sddt
90			// The date whose scheduling information will be displayed.
91			//
92			// If no date is supplied, the default is usually the current
93			// calendar day.
94			//
95			// The date is in the format YYYYMMDD, for example,
96			//
97			// "20060408".
98			//
99			// Any supplied parameter has blanks and invalid characters removed
100			// before being assigned to the global variable. In some cases,
101			// a date consisting of exclusively blanks or invalid characters
102			// may be assigned to the global variable as the empty string.
103			//
104			// If the date is not supplied, the corresponding global
105			// variable is set to FALSE.
106			//
107			// sdtim
108			// The time of day for which scheduling information should be
109			// displayed.
110			//
111			// If no time of day is supplied, the default is usually
112			// the default panel for scheduling views.
113			//
114			// The time is in the format "HHMMSS", for example,
115			//
116			// "1519".
117			//
118			// The time should range from "0000" through "2359". "2400" is
119			// illegal, as it would actually correspond to midnight of the
120			// following day.
121			//
122			// Any supplied parameter has blanks and invalid characters removed
123			// before being assigned to the global variable. In some cases,
124			// a date consisting of exclusively blanks or invalid characters
125			// may be assigned to the global variable as the empty string.
126			//
127			// If the date is not supplied, the corresponding global
128			// variable is set to FALSE.
129			//
130			// todaynow
131			// If set to any value (i.e. if it exists), the global variable is
132			// set to TRUE, otherwise, it is set to FALSE. Signals that current
133			// server time should be used (all get/post parameters and session
134			// state should be ignored).
135			//
136			// menulvladjst
137			// If present, indicates to adjust the current menu level (stored in
138			// the session record of the database) up or down. Parameter values
139			// allowed:
140			// "D" (or "d") : Decrement the current menu level (corresponding
141			// to fewer options displayed).
142			// "U" (or "u") : Increment the current menu level (corresponding
143			// to more options displayed).
144			//
145			// acklevel
146			// Used for acknowledgement screens in various contexts, to trigger
147			// an acknowledgement screen rather than the main action. This should
148			// be an integer in the range of [0,100] with semantics defined by
149			// the using page. If the parameter is missing or invalid, $PAR_acklevel
150			// is assigned FALSE.
151			//
152			//--------------------------------------------------------------------------------
153			//Obtains the FBOPSID cookie parameter and assigns it to a global variable.
154			//FALSE is assigned if the parameter is not passed. Invalid characters are
155			//removed, possibly leading to the empty string if the passed entity is empty or
156			//contains only invalid characters.
157			//
158			function PAR_get_fbopsid()
159			{
160			global $PAR_fbopsid;
161
162			if (! isset($_COOKIE["fbopsid"]))
163			{
164			$PAR_fbopsid = FALSE;
165			return;
166			}
167			else
168			{
169			$PAR_fbopsid = $_COOKIE["fbopsid"];
170			}
171
172			//Trim the string down to the characters allowed for a session identifier.
173			$PAR_fbopsid = STRFUNC_force_into_subset($PAR_fbopsid, "SGIABCDEF0123456789");
174
175			//The total string may be no longer than 66 characters long.
176			if (strlen($PAR_fbopsid) > 66)
177			{
178			$PAR_fbopsid = SubStr($PAR_fbopsid, 0, 66);
179			}
180			}
181			//
182			//
183			//--------------------------------------------------------------------------------
184			//Obtains the AUTHUSERID and assigns it into a global variable. FALSE is
185			//assigned if the parameter is not passed. Invalid characters are removed,
186			//possibly leading to the empty string if the passed entity is empty or
187			//contains only invalid characters.
188			//
189			//Unit-tested on 20060408.
190			//
191			function PAR_get_authuserid()
192			{
193			global $PAR_authuserid;
194
195			if ((! isset($_GET["authuserid"])) && (! isset($_POST["authuserid"])))
196			{
197			$PAR_authuserid = FALSE;
198			return;
199			}
200			else if (isset($_POST["authuserid"]))
201			{
202			$starting_point = $_POST["authuserid"];
203			}
204			else if (isset($_GET["authuserid"]))
205			{
206			$starting_point = $_GET["authuserid"];
207			}
208
209			//Trim all disallowed characters.
210			$starting_point
211			= STRFUNC_force_into_subset($starting_point,
212			"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789");
213
214			//Force the string to be all lower case.
215			$starting_point = StrToLower($starting_point);
216
217			//If the string is now of zero length, treat this parameter
218			//as not existing.
219			if (strlen($starting_point) == 0)
220			{
221			$PAR_authuserid = FALSE;
222			return;
223			}
224
225			//And assign to the global, which we may be just newly creating.
226			$PAR_authuserid = $starting_point;
227			}
228			//
229			//
230			//--------------------------------------------------------------------------------
231			//Obtains the AUTHUSERPASSWD and assigns it into a global variable. FALSE is
232			//assigned if the parameter is not passed. Invalid characters are removed,
233			//possibly leading to the empty string if the passed entity is empty or
234			//contains only invalid characters.
235			//
236			//Passwords are not trimmed here. The password is never displayed (so HTML
237			//encoded scripting attacks, etc. shouldn't be possible), and it is better
238			//if downstream software can parse it and potentially display error
239			//messages.
240			//
241			//Passwords will only be accepted as a POST parameter (they should not be
242			//on the command line.
243			//
244			function PAR_get_authuserpasswd()
245			{
246			global $PAR_authuserpasswd;
247
248			if (! isset($_POST["authuserpasswd"]))
249			{
250			$PAR_authuserpasswd = FALSE;
251			return;
252			}
253
254			$PAR_authuserpasswd = $_POST["authuserpasswd"];
255			}
256			//
257			//
258			//--------------------------------------------------------------------------------
259			//Obtains the SDDT and assigns it into a global variable. FALSE is
260			//assigned if the parameter is not passed. Invalid characters are removed,
261			//possibly leading to the empty string if the passed entity is empty or
262			//contains only invalid characters.
263			//
264			//Unit-tested on 20060408.
265			//
266			function PAR_get_sddt()
267			{
268			global $PAR_sddt;
269
270			if ((! isset($_GET["sddt"])) && (! isset($_POST["sddt"])))
271			{
272			$PAR_sddt = FALSE;
273			return;
274			}
275			else if (isset($_POST["sddt"]))
276			{
277			$starting_point = $_POST["sddt"];
278			}
279			else if (isset($_GET["sddt"]))
280			{
281			$starting_point = $_GET["sddt"];
282			}
283
284			//Trim all disallowed characters.
285			$starting_point
286			= STRFUNC_force_into_subset($starting_point,
287			"0123456789");
288
289			//And assign to the global, which we may be just newly creating.
290			$PAR_sddt = $starting_point;
291			}
292			//
293			//
294			//--------------------------------------------------------------------------------
295			//Obtains the SDTIM and assigns it into a global variable. FALSE is
296			//assigned if the parameter is not passed. Invalid characters are removed,
297			//possibly leading to the empty string if the passed entity is empty or
298			//contains only invalid characters.
299			//
300			//Unit-tested on 20060408.
301			//
302			function PAR_get_sdtim()
303			{
304			global $PAR_sdtim;
305
306			if ((! isset($_GET["sdtim"])) && (! isset($_POST["sdtim"])))
307			{
308			$PAR_sdtim = FALSE;
309			return;
310			}
311			else if (isset($_POST["sdtim"]))
312			{
313			$starting_point = $_POST["sdtim"];
314			}
315			else if (isset($_GET["sdtim"]))
316			{
317			$starting_point = $_GET["sdtim"];
318			}
319
320			//Trim all disallowed characters.
321			$starting_point
322			= STRFUNC_force_into_subset($starting_point,
323			"0123456789");
324
325			//And assign to the global, which we may be just newly creating.
326			$PAR_sdtim = $starting_point;
327			}
328			//
329			//
330			//--------------------------------------------------------------------------------
331			//Obtains the TODAYNOW and assigns it into a global variable. TRUE is assigned
332			//if ANY value is present for the variable, or FALSE otherwise.
333			//
334			function PAR_get_todaynow()
335			{
336			global $PAR_todaynow;
337
338			if ((isset($_GET["todaynow"])) \|\| (isset($_POST["todaynow"])))
339			{
340			$PAR_todaynow = TRUE;
341			}
342			else
343			{
344			$PAR_todaynow = FALSE;
345			}
346			}
347			//
348			//
349			//--------------------------------------------------------------------------------
350			//Obtains the MENULVLADJST and assigns it into a global variable as either:
351			// FALSE if the parameter is not passed.
352			// -1 if the menu level is to be decremented.
353			// 1 if the menu level is to be incremented.
354			//
355			function PAR_get_menulvladjst()
356			{
357			global $PAR_menulvladjst;
358
359			if ((! isset($_GET["menulvladjst"])) && (! isset($_POST["menulvladjst"])))
360			{
361			$PAR_menulvladjst = FALSE;
362			return;
363			}
364			else if (isset($_POST["menulvladjst"]))
365			{
366			$starting_point = $_POST["menulvladjst"];
367			}
368			else if (isset($_GET["menulvladjst"]))
369			{
370			$starting_point = $_GET["menulvladjst"];
371			}
372
373			//Trim all disallowed characters.
374			$starting_point = STRFUNC_force_into_subset($starting_point, "uUdD");
375
376			//And assign to the global, which we may be just newly creating.
377			if (($starting_point == "d") \|\| ($starting_point == "D"))
378			$PAR_menulvladjst = -1;
379			else if (($starting_point == "u") \|\| ($starting_point == "U"))
380			$PAR_menulvladjst = 1;
381			else
382			$PAR_menulvladjst = FALSE;
383			}
384			//
385			//
386			//--------------------------------------------------------------------------------
387			//Obtains the LOGOUT parameter. If this parameter is set to ANY value,
388			//it is a cue to log out the user.
389			//
390			function PAR_get_logout()
391			{
392			global $PAR_logout;
393
394			if ((! isset($_GET["logout"])) && (! isset($_POST["logout"])))
395			{
396			$PAR_logout = FALSE;
397			}
398			else
399			{
400			$PAR_logout = TRUE;
401			}
402			}
403			//
404			//
405			//--------------------------------------------------------------------------------
406			//Obtains the ACKLEVEL and assigns it into a global variable as an integer.
407			//FALSE is assigned if the parameter is not passed or if it is passed but is
408			//invalid.
409			//
410			function PAR_get_acklevel()
411			{
412			global $PAR_acklevel;
413
414			if ((! isset($_GET["acklevel"])) && (! isset($_POST["acklevel"])))
415			{
416			$PAR_acklevel = FALSE;
417			return;
418			}
419			else if (isset($_POST["acklevel"]))
420			{
421			$starting_point = $_POST["acklevel"];
422			}
423			else if (isset($_GET["acklevel"]))
424			{
425			$starting_point = $_GET["acklevel"];
426			}
427
428			//Trim all disallowed characters.
429			$starting_point = STRFUNC_force_into_subset($starting_point, "0123456789");
430
431			//Remove any leading zeros.
432			while ((strlen($starting_point) > 1) && (SubStr($starting_point, 0, 1) == "0"))
433			$starting_point = SubStr($starting_point, 1);
434
435			//At this point, the value can't help but syntactically be an integer or the
436			//empty string.
437			if (strlen($starting_point) == 0)
438			{
439			$PAR_acklevel = FALSE; //Empty string.
440			}
441			else if (strlen($starting_point) > 2)
442			{
443			$PAR_acklevel = FALSE; //Too big as an integer.
444			}
445			else
446			{
447			$starting_point = (int)$starting_point;
448			if (($starting_point >= 0) && ($starting_point <= 100))
449			{
450			$PAR_acklevel = $starting_point;
451			}
452			else
453			{
454			$PAR_acklevel = FALSE; //Out of range as an integer.
455			}
456			}
457			}
458			//
459			//
460			//--------------------------------------------------------------------------------
461			//End of $RCSfile: par.inc,v $.
462			//--------------------------------------------------------------------------------
463			?>