/[dtapublic]/to_be_filed/webprojs/php_libraries/php_library/fboprime/par.inc
ViewVC logotype

Contents of /to_be_filed/webprojs/php_libraries/php_library/fboprime/par.inc

Parent Directory Parent Directory | Revision Log Revision Log


Revision 35 - (show annotations) (download)
Sat Oct 8 23:35:33 2016 UTC (7 years, 11 months ago) by dashley
File size: 16357 byte(s)
Initial commit.
1 <?php
2 //$Header: /hl/cvsroots/gpl01/gpl01/webprojs/fboprime/sw/phplib/par.inc,v 1.9 2006/08/01 21:51:46 dashley Exp $
3 //********************************************************************************
4 //par.inc--FboPrime Parameter and Cookie Processing
5 //Copyright (C) 2006 David T. Ashley
6 //
7 //This program is free software; you can redistribute it and/or
8 //modify it under the terms of the GNU General Public License
9 //as published by the Free Software Foundation; either version 2
10 //of the License, or (at your option) any later version.
11 //
12 //This program is distributed in the hope that it will be useful,
13 //but WITHOUT ANY WARRANTY; without even the implied warranty of
14 //MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 //GNU General Public License for more details.
16 //
17 //You should have received a copy of the GNU General Public License
18 //along with this program; if not, write to the Free Software
19 //Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
20 //********************************************************************************
21 //This file contains functions that carefully control GET/POST input parameters
22 //and cookies and bring them into the global variable space.
23 //
24 //The most conservative approach is to restrict such parameters to a language,
25 //i.e. to confine the form they may have.
26 //--------------------------------------------------------------------------------
27 require_once("strfunc.inc");
28 //
29 //--------------------------------------------------------------------------------
30 //FULL LIST OF COOKIE PARAMETERS
31 //------------------------------
32 //Only one cookie is issued by this software, named "fbopsid". This is a session
33 //identifier as described in the documentation. The cookie is issued on a
34 //successful login and revoked when a session times out or there is an
35 //authentication failure.
36 //
37 //--------------------------------------------------------------------------------
38 //FULL LIST OF GET/POST PARAMETERS
39 //--------------------------------
40 //This is the list of get/post parameters. They are named uniquely to avoid
41 //confusion or mistakes. In general, a script will try to import only those
42 //parameters that it is interested in--others are ignored.
43 //
44 //GET and POST parameters are usually treated identically--there is no
45 //differentiation made. This means in some cases it is possible to modify page
46 //behavior (for example, page appearance) by adding a string to the URL (i.e. to
47 //use a URL not directly generated by the software). This allows power-users
48 //to sometimes work more effectively.
49 //
50 //GET parameters are preferentially used, as they allow URLs to be bookmarked
51 //and e-mailed.
52 //
53 //index.php -- Main scheduler day view.
54 //-------------------------------------
55 // authuserid
56 // The login name of the user. For example, "jsmith". Login names
57 // must begin with a letter, must be 20 characters or less, and may
58 // contain only letters and numbers. Login names are converted to
59 // all lower-case, and they are treated as case-insensitive.
60 //
61 // Any supplied parameter has blanks and invalid characters removed
62 // before being assigned to the global variable. In some cases,
63 // a login name consisting of exclusively blanks or invalid characters
64 // may be assigned to the global variable as the empty string.
65 //
66 // If the login name is not supplied, the corresponding global
67 // variable is set to FALSE.
68 //
69 // authuserpasswd
70 // The password supplied by the user to authenticate. Passwords
71 // may contain only certain characters, no spaces at the ends, etc.
72 //
73 // Any supplied parameter has blanks and invalid characters removed
74 // before being assigned to the global variable. In some cases,
75 // password consisting of exclusively blanks or invalid characters
76 // may be assigned to the global variable as the empty string.
77 //
78 // If the password is not supplied, the corresponding global
79 // variable is set to FALSE.
80 //
81 // logout
82 // If the main scheduling page is invoked with a get or post
83 // parameter of "logout" defined to _any_ value, this is a cue
84 // to log out the user. The traditional value is logout=1.
85 //
86 // A user is logged out by linking to the main scheduling page
87 // with the "logout" parameter set.
88 //
89 // sddt
90 // The date whose scheduling information will be displayed.
91 //
92 // If no date is supplied, the default is usually the current
93 // calendar day.
94 //
95 // The date is in the format YYYYMMDD, for example,
96 //
97 // "20060408".
98 //
99 // Any supplied parameter has blanks and invalid characters removed
100 // before being assigned to the global variable. In some cases,
101 // a date consisting of exclusively blanks or invalid characters
102 // may be assigned to the global variable as the empty string.
103 //
104 // If the date is not supplied, the corresponding global
105 // variable is set to FALSE.
106 //
107 // sdtim
108 // The time of day for which scheduling information should be
109 // displayed.
110 //
111 // If no time of day is supplied, the default is usually
112 // the default panel for scheduling views.
113 //
114 // The time is in the format "HHMMSS", for example,
115 //
116 // "1519".
117 //
118 // The time should range from "0000" through "2359". "2400" is
119 // illegal, as it would actually correspond to midnight of the
120 // following day.
121 //
122 // Any supplied parameter has blanks and invalid characters removed
123 // before being assigned to the global variable. In some cases,
124 // a date consisting of exclusively blanks or invalid characters
125 // may be assigned to the global variable as the empty string.
126 //
127 // If the date is not supplied, the corresponding global
128 // variable is set to FALSE.
129 //
130 // todaynow
131 // If set to any value (i.e. if it exists), the global variable is
132 // set to TRUE, otherwise, it is set to FALSE. Signals that current
133 // server time should be used (all get/post parameters and session
134 // state should be ignored).
135 //
136 // menulvladjst
137 // If present, indicates to adjust the current menu level (stored in
138 // the session record of the database) up or down. Parameter values
139 // allowed:
140 // "D" (or "d") : Decrement the current menu level (corresponding
141 // to fewer options displayed).
142 // "U" (or "u") : Increment the current menu level (corresponding
143 // to more options displayed).
144 //
145 // acklevel
146 // Used for acknowledgement screens in various contexts, to trigger
147 // an acknowledgement screen rather than the main action. This should
148 // be an integer in the range of [0,100] with semantics defined by
149 // the using page. If the parameter is missing or invalid, $PAR_acklevel
150 // is assigned FALSE.
151 //
152 //--------------------------------------------------------------------------------
153 //Obtains the FBOPSID cookie parameter and assigns it to a global variable.
154 //FALSE is assigned if the parameter is not passed. Invalid characters are
155 //removed, possibly leading to the empty string if the passed entity is empty or
156 //contains only invalid characters.
157 //
158 function PAR_get_fbopsid()
159 {
160 global $PAR_fbopsid;
161
162 if (! isset($_COOKIE["fbopsid"]))
163 {
164 $PAR_fbopsid = FALSE;
165 return;
166 }
167 else
168 {
169 $PAR_fbopsid = $_COOKIE["fbopsid"];
170 }
171
172 //Trim the string down to the characters allowed for a session identifier.
173 $PAR_fbopsid = STRFUNC_force_into_subset($PAR_fbopsid, "SGIABCDEF0123456789");
174
175 //The total string may be no longer than 66 characters long.
176 if (strlen($PAR_fbopsid) > 66)
177 {
178 $PAR_fbopsid = SubStr($PAR_fbopsid, 0, 66);
179 }
180 }
181 //
182 //
183 //--------------------------------------------------------------------------------
184 //Obtains the AUTHUSERID and assigns it into a global variable. FALSE is
185 //assigned if the parameter is not passed. Invalid characters are removed,
186 //possibly leading to the empty string if the passed entity is empty or
187 //contains only invalid characters.
188 //
189 //Unit-tested on 20060408.
190 //
191 function PAR_get_authuserid()
192 {
193 global $PAR_authuserid;
194
195 if ((! isset($_GET["authuserid"])) && (! isset($_POST["authuserid"])))
196 {
197 $PAR_authuserid = FALSE;
198 return;
199 }
200 else if (isset($_POST["authuserid"]))
201 {
202 $starting_point = $_POST["authuserid"];
203 }
204 else if (isset($_GET["authuserid"]))
205 {
206 $starting_point = $_GET["authuserid"];
207 }
208
209 //Trim all disallowed characters.
210 $starting_point
211 = STRFUNC_force_into_subset($starting_point,
212 "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789");
213
214 //Force the string to be all lower case.
215 $starting_point = StrToLower($starting_point);
216
217 //If the string is now of zero length, treat this parameter
218 //as not existing.
219 if (strlen($starting_point) == 0)
220 {
221 $PAR_authuserid = FALSE;
222 return;
223 }
224
225 //And assign to the global, which we may be just newly creating.
226 $PAR_authuserid = $starting_point;
227 }
228 //
229 //
230 //--------------------------------------------------------------------------------
231 //Obtains the AUTHUSERPASSWD and assigns it into a global variable. FALSE is
232 //assigned if the parameter is not passed. Invalid characters are removed,
233 //possibly leading to the empty string if the passed entity is empty or
234 //contains only invalid characters.
235 //
236 //Passwords are not trimmed here. The password is never displayed (so HTML
237 //encoded scripting attacks, etc. shouldn't be possible), and it is better
238 //if downstream software can parse it and potentially display error
239 //messages.
240 //
241 //Passwords will only be accepted as a POST parameter (they should not be
242 //on the command line.
243 //
244 function PAR_get_authuserpasswd()
245 {
246 global $PAR_authuserpasswd;
247
248 if (! isset($_POST["authuserpasswd"]))
249 {
250 $PAR_authuserpasswd = FALSE;
251 return;
252 }
253
254 $PAR_authuserpasswd = $_POST["authuserpasswd"];
255 }
256 //
257 //
258 //--------------------------------------------------------------------------------
259 //Obtains the SDDT and assigns it into a global variable. FALSE is
260 //assigned if the parameter is not passed. Invalid characters are removed,
261 //possibly leading to the empty string if the passed entity is empty or
262 //contains only invalid characters.
263 //
264 //Unit-tested on 20060408.
265 //
266 function PAR_get_sddt()
267 {
268 global $PAR_sddt;
269
270 if ((! isset($_GET["sddt"])) && (! isset($_POST["sddt"])))
271 {
272 $PAR_sddt = FALSE;
273 return;
274 }
275 else if (isset($_POST["sddt"]))
276 {
277 $starting_point = $_POST["sddt"];
278 }
279 else if (isset($_GET["sddt"]))
280 {
281 $starting_point = $_GET["sddt"];
282 }
283
284 //Trim all disallowed characters.
285 $starting_point
286 = STRFUNC_force_into_subset($starting_point,
287 "0123456789");
288
289 //And assign to the global, which we may be just newly creating.
290 $PAR_sddt = $starting_point;
291 }
292 //
293 //
294 //--------------------------------------------------------------------------------
295 //Obtains the SDTIM and assigns it into a global variable. FALSE is
296 //assigned if the parameter is not passed. Invalid characters are removed,
297 //possibly leading to the empty string if the passed entity is empty or
298 //contains only invalid characters.
299 //
300 //Unit-tested on 20060408.
301 //
302 function PAR_get_sdtim()
303 {
304 global $PAR_sdtim;
305
306 if ((! isset($_GET["sdtim"])) && (! isset($_POST["sdtim"])))
307 {
308 $PAR_sdtim = FALSE;
309 return;
310 }
311 else if (isset($_POST["sdtim"]))
312 {
313 $starting_point = $_POST["sdtim"];
314 }
315 else if (isset($_GET["sdtim"]))
316 {
317 $starting_point = $_GET["sdtim"];
318 }
319
320 //Trim all disallowed characters.
321 $starting_point
322 = STRFUNC_force_into_subset($starting_point,
323 "0123456789");
324
325 //And assign to the global, which we may be just newly creating.
326 $PAR_sdtim = $starting_point;
327 }
328 //
329 //
330 //--------------------------------------------------------------------------------
331 //Obtains the TODAYNOW and assigns it into a global variable. TRUE is assigned
332 //if ANY value is present for the variable, or FALSE otherwise.
333 //
334 function PAR_get_todaynow()
335 {
336 global $PAR_todaynow;
337
338 if ((isset($_GET["todaynow"])) || (isset($_POST["todaynow"])))
339 {
340 $PAR_todaynow = TRUE;
341 }
342 else
343 {
344 $PAR_todaynow = FALSE;
345 }
346 }
347 //
348 //
349 //--------------------------------------------------------------------------------
350 //Obtains the MENULVLADJST and assigns it into a global variable as either:
351 // FALSE if the parameter is not passed.
352 // -1 if the menu level is to be decremented.
353 // 1 if the menu level is to be incremented.
354 //
355 function PAR_get_menulvladjst()
356 {
357 global $PAR_menulvladjst;
358
359 if ((! isset($_GET["menulvladjst"])) && (! isset($_POST["menulvladjst"])))
360 {
361 $PAR_menulvladjst = FALSE;
362 return;
363 }
364 else if (isset($_POST["menulvladjst"]))
365 {
366 $starting_point = $_POST["menulvladjst"];
367 }
368 else if (isset($_GET["menulvladjst"]))
369 {
370 $starting_point = $_GET["menulvladjst"];
371 }
372
373 //Trim all disallowed characters.
374 $starting_point = STRFUNC_force_into_subset($starting_point, "uUdD");
375
376 //And assign to the global, which we may be just newly creating.
377 if (($starting_point == "d") || ($starting_point == "D"))
378 $PAR_menulvladjst = -1;
379 else if (($starting_point == "u") || ($starting_point == "U"))
380 $PAR_menulvladjst = 1;
381 else
382 $PAR_menulvladjst = FALSE;
383 }
384 //
385 //
386 //--------------------------------------------------------------------------------
387 //Obtains the LOGOUT parameter. If this parameter is set to ANY value,
388 //it is a cue to log out the user.
389 //
390 function PAR_get_logout()
391 {
392 global $PAR_logout;
393
394 if ((! isset($_GET["logout"])) && (! isset($_POST["logout"])))
395 {
396 $PAR_logout = FALSE;
397 }
398 else
399 {
400 $PAR_logout = TRUE;
401 }
402 }
403 //
404 //
405 //--------------------------------------------------------------------------------
406 //Obtains the ACKLEVEL and assigns it into a global variable as an integer.
407 //FALSE is assigned if the parameter is not passed or if it is passed but is
408 //invalid.
409 //
410 function PAR_get_acklevel()
411 {
412 global $PAR_acklevel;
413
414 if ((! isset($_GET["acklevel"])) && (! isset($_POST["acklevel"])))
415 {
416 $PAR_acklevel = FALSE;
417 return;
418 }
419 else if (isset($_POST["acklevel"]))
420 {
421 $starting_point = $_POST["acklevel"];
422 }
423 else if (isset($_GET["acklevel"]))
424 {
425 $starting_point = $_GET["acklevel"];
426 }
427
428 //Trim all disallowed characters.
429 $starting_point = STRFUNC_force_into_subset($starting_point, "0123456789");
430
431 //Remove any leading zeros.
432 while ((strlen($starting_point) > 1) && (SubStr($starting_point, 0, 1) == "0"))
433 $starting_point = SubStr($starting_point, 1);
434
435 //At this point, the value can't help but syntactically be an integer or the
436 //empty string.
437 if (strlen($starting_point) == 0)
438 {
439 $PAR_acklevel = FALSE; //Empty string.
440 }
441 else if (strlen($starting_point) > 2)
442 {
443 $PAR_acklevel = FALSE; //Too big as an integer.
444 }
445 else
446 {
447 $starting_point = (int)$starting_point;
448 if (($starting_point >= 0) && ($starting_point <= 100))
449 {
450 $PAR_acklevel = $starting_point;
451 }
452 else
453 {
454 $PAR_acklevel = FALSE; //Out of range as an integer.
455 }
456 }
457 }
458 //
459 //
460 //--------------------------------------------------------------------------------
461 //End of $RCSfile: par.inc,v $.
462 //--------------------------------------------------------------------------------
463 ?>

dashley@gmail.com
ViewVC Help
Powered by ViewVC 1.1.25