<?php
/*=====================================================================*\
|| ###################################################################
|| # Iris Studios Shared Object Framework [#]version[#]
|| # Copyright Š2002-[#]year[#] Iris Studios, Inc.
|| #
|| # This program is free software; you can redistribute it and/or modify
|| # it under the terms of the GNU General Public License as published by
|| # the Free Software Foundation; version [#]gpl[#] of the License.
|| #
|| # This program is distributed in the hope that it will be useful, but
|| # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|| # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
|| # more details.
|| #
|| # You should have received a copy of the GNU General Public License along
|| # with this program; if not, write to the Free Software Foundation, Inc.,
|| # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
|| ###################################################################
\*=====================================================================*/

/**
* Iris Studios Shared Object Framework Kernel
* kernel.php
*
* @package	ISSO
*/

if (!function_exists('version_compare'))
{
	trigger_error('You need PHP version 4.1.0 or newer to run ISSO', E_USER_ERROR);
	exit;
}

if (version_compare(PHP_VERSION, '5.0.0', '>='))
{
	if (ini_get('error_reporting') & E_NOTICE)
	{
		error_reporting(ini_get('error_reporting') - E_NOTICE);
	}
	if (ini_get('error_reporting') & E_USER_NOTICE)
	{
		error_reporting(ini_get('error_reporting') - E_USER_NOTICE);
	}
}

$oldlevel = ini_get('error_reporting');
$newlevel = $oldlevel;
$levels = array(E_ERROR => E_USER_ERROR, E_WARNING => E_USER_WARNING, E_NOTICE => E_USER_NOTICE);
foreach ($levels AS $php => $isso)
{
	if ($oldlevel & $php)
	{
		if (!($oldlevel & $isso))
		{
			//echo "increasing newlevel by $isso; ";
			$newlevel += $isso;
		}
	}
	else
	{
		if ($oldlevel & $isso)
		{
			//echo "decreasing newlevel by $isso; ";
			$newlevel -= $isso;
		}
	}
}
error_reporting($newlevel);

if ((bool)ini_get('register_globals') === true)
{
	$superglobals = array('_GET', '_COOKIE', '_FILES', '_POST', '_SERVER', '_ENV');
	foreach ($superglobals AS $global)
	{
		if (is_array(${$global}))
		{
			foreach (${$global} AS $_key => $_val)
			{
				if (isset(${$_key}))
				{
					unset(${$_key});
				}
			}
		}
	}
}

/**#@+
* Input cleaning type constant
*/
/**
* Integer type
*/
define('TYPE_INT', 1);

/**
* Unsigned integer
*/
define('TYPE_UINT', 2);

/**
* Float type
*/
define('TYPE_FLOAT', 4);

/**
* Boolean type
*/
define('TYPE_BOOL', 8);

/**
* String - cleaned
*/
define('TYPE_STR', 16);

/**
* String - deliberate unclean
*/
define('TYPE_STRUN', 32);

/**
* No cleaning - here for use in API
*/
define('TYPE_NOCLEAN', 64);
/**#@-*/

/**
* Iris Studios Shared Object Framework (ISSO)
*
* This framework allows a common backend to be used amongst all Iris
* Studios applications and is built to be abstract and flexible.
* The base framework handles all loading and module management.
*
* @author		Iris Studios, Inc.
* @copyright	Copyright Š2002 - [#]year[#], Iris Studios, Inc.
* @version		$Revision$
* @package		ISSO
* 
*/
class Shared_Object_Framework
{
	/**
	* ISSO version
	* @var	string
	*/
	var $version = '[#]version[#]';
	
	/**
	* Location of ISSO, used for internal linking
	* @var	string
	*/
	var $sourcepath = '';
	
	/**
	* Path of the current application
	* @var	string
	*/
	var $apppath = '';
	
	/**
	* Web path used to get the web location of the installation of ISSO; only used for Printer module
	* @var	string
	*/
	var $webpath = '';
	
	/**
	* Name of the current application
	* @var	string
	*/
	var $application = '';
	
	/**
	* Version of the current application
	* @var	string
	*/
	var $appversion = '';
	
	/**
	* Whether debug mode is on or off
	* @var	bool
	*/
	var $debug = false;
	
	/**
	* List of all active debug messages
	* @var	array
	*/
	var $debuginfo = array();
	
	/**
	* List of loaded modules
	* @var	array
	*/
	var $modules = array();
	
	/**
	* An array of sanitized variables that have been cleaned for HTML tag openers and double quotes
	* @var	array
	*/
	var $in = array();
	
	/**
	* If we are running with magic_quotes_gpc on or off
	* @var	int
	*/
	var $magicquotes = 0;
	
	/**
	* If we should automagically escape strings, mimicking magic_quotes_gpc
	* @var	bool
	*/
	var $escapestrings = false;
	
	/**
	* Constructor
	*/
	function Shared_Object_Framework()
	{
		// error reporting
		set_error_handler(array(&$this, '_error_handler'));
		
		// magic quotes
		$this->magicquotes = get_magic_quotes_gpc();
		set_magic_quotes_runtime(0);
		
		if (defined('ISSO_ESCAPE_STRINGS'))
		{
			$this->escapestrings = (bool)constant('ISSO_ESCAPE_STRINGS');
		}
		
		// start input sanitize using variable_order GPC
		if (!$this->escapestrings)
		{
			$this->exec_sanitize_data();
		}
		
		if (defined('ISSO_CHECK_POST_REFERER'))
		{
			$this->exec_referer_check();
		}
	}
	
	/**
	* Prepares a path for being set as the sourcepath
	*
	* @param	string	Source path or URL
	*
	* @return	string	Prepared source path
	*/
	function fetch_sourcepath($source)
	{
		if (substr($source, strlen($source) - 1) != DIRECTORY_SEPARATOR)
		{
			$source .= DIRECTORY_SEPARATOR;
		}
		return $source;
	}
	
	/**
	* Loads a framework module
	*
	* @param	string	Name of the framework file to load
	* @param	string	Internal variable to initialize as; to not instantiate (just require) leave it as NULL
	* @param	bool	Globalize the internal variable?
	*
	* @return	object	Instantiated instance
	*/
	function &load($framework, $asobject, $globalize = false)
	{
		// set the object interlock
		if ($GLOBALS['isso:null-framework'] === null)
		{
			$GLOBALS['isso:null-framework'] =& $this;
		}
		
		if ($this->is_loaded($framework))
		{
			return $this->getobj($framework);
		}
		
		if ($this->sourcepath == '')
		{
			trigger_error('Invalid sourcepath specified', E_USER_ERROR);
		}
		
		if (file_exists($this->sourcepath . $framework . '.php'))
		{
			require_once($this->sourcepath . $framework . '.php');
		}
		else
		{
			trigger_error('Could not find the framework ' . $this->sourcepath . $framework . '.php', E_USER_ERROR);
		}
		
		if ($asobject === null)
		{
			return;
		}
		
		if (isset($this->$asobject))
		{
			trigger_error('Cannot instantiate framework `' . $framework . '` into `' . $asobject . '`', E_USER_ERROR);
		}
		
		$this->$asobject = new $framework($this);
		
		$this->modules["$framework"] =& $this->$asobject;
		
		if ($globalize)
		{
			$GLOBALS["$asobject"] =& $this->$asobject;
		}
		
		return $this->$asobject;
	}
	
	/**
	* Prints a list of all currently loaded framework modules
	*
	* @param	bool	Return the data as an array?
	*
	* @return	mixed	HTML output or an array of loaded modules
	*/
	function show_modules($return = false)
	{
		foreach ($this->modules AS $object)
		{
			$modules[] = get_class($object);
		}

		if ($return)
		{
			return $modules;
		}
		else
		{
			$output = "\n\n<ul>\n\t<li>";
			$output .= implode("</li>\n\t<li>", $modules);
			$output .= "</li>\n</ul>\n\n";
			$this->_message('Loaded Modules', $output, 1);
		}
	}
	
	/**
	* Verifies to see if a framework has been loaded
	*
	* @param	string	Framework name
	*
	* @return	bool	Whether or not the framework has been loaded
	*/
	function is_loaded($framework)
	{
		if (isset($this->modules["$framework"]))
		{
			return true;
		}
		else
		{
			return false;
		}
	}
	
	/**
	* Prints an ISSO message
	*
	* @param	string	The title of the message
	* @param	string	The content of the message
	* @param	integer	Type of message to be printed
	* @param	bool	Return the output?
	*
	* @return	mixed	Output or null
	*/
	function _message($title, $message, $type, $return = false)
	{
		switch ($type)
		{
			// Message
			case 1:
				$prefix = 'Message';
				$color = '#669900';
				$font = '#000000';
			break;
			
			// Warning
			case 2:
				$prefix = 'Warning';
				$color = '#003399';
				$font = '#FFFFFF';
			break;
			
			case 3:
				$prefix = 'Error';
				$color = '#990000';
				$font = '#EFEFEF';
			break;
		}
		
		$output = "\n<br />\n<table cellpadding=\"4\" cellspacing=\"1\" border=\"0\" width=\"500\" style=\"background-color: $color; color: black; font-family: Verdana, sans-serif; font-size: 12px;\">";
		$output .= "\n<tr style=\"color: $font; text-align: left\">\n\t<td><strong>$prefix: $title</strong></td>\n</tr>";
		$output .= "\n<tr style=\"background-color: #FFFFFF; text-align: left\">\n\t<td>$message</td>\n</tr>\n</table>\n<br />\n";
		
		if ($return)
		{
			return $output;
		}
		else
		{
			print($output);
		}
	}
	
	/**
	* Custom error handler for ISSO
	* We only handle E_WARNING, E_NOTICE, E_USER_ERROR, E_USER_WARNING, E_USER_NOTICE
	*
	* @param	integer	Error number
	* @param	string	Error message string
	* @param	string	File that contains the error
	* @param	string	The line number of the error
	* @param	string	The active symbol table at which point the error occurred
	*/
	function _error_handler($errno, $errstr, $errfile, $errline)
	{
		switch ($errno)
		{
			// Fatal
			case E_USER_ERROR:
				$title = 'Fatal';
				$level = 3;
				if (!(ini_get('error_reporting') & E_USER_ERROR))
				{
					return;
				}
			break;
			
			// Error
			case E_USER_WARNING:
				$title = 'Warning';
				$level = 2;
				if (!(ini_get('error_reporting') & E_USER_WARNING) AND !(ini_get('error_reporting') & E_WARNING))
				{
					return;
				}
			break;
			
			// Warning
			case E_USER_NOTICE:
			default:
				$title = 'Notice';
				$level = 1;
				if (!(ini_get('error_reporting') & E_USER_NOTICE) AND !(ini_get('error_reporting') & E_NOTICE))
				{
					return;
				}
			break;
		}
		
		$errfile = str_replace(array(getcwd(), dirname(getcwd())), '', $errfile);
		
		$errstr .= " in <strong>$errfile</strong> on line <strong>$errline</strong>";
		
		$this->_message($title, $errstr, $level);
		
		if ($errno == E_USER_ERROR)
		{
			exit;
		}
	}
	
	/**
	* Logs a debug message for verbose output
	*
	* @param	string	Message
	*/
	function debug($message)
	{
		$this->debuginfo[] = $message;
	}
	
	/**
	* Recursive XSS cleaner
	*
	* @param	mixed	Unsanitized REQUEST data
	*
	* @return	mixed	Sanitized data
	*/
	function _sanitize_input_recursive($data)
	{
		foreach ($data AS $key => $value)
		{
			if (is_array($value))
			{
				$data["$key"] = $this->_sanitize_input_recursive($value);
			}
			else
			{
				if ($this->escapestrings)
				{
					$data["$key"] = $this->escape($this->sanitize($value), false, false);
				}
				else
				{
					$data["$key"] = $this->sanitize($value);
				}
			}
		}
		return $data;
	}
	
	/**
	* Simple way to protect against HTML attacks with Unicode support
	*
	* @param	string	Unsanitzed text
	*
	* @return	string	Properly protected text that only encodes potential threats
	*/
	function sanitize($text)
	{
		if ($this->magicquotes)
		{
			return str_replace(array('<', '>', '\"', '"'), array('&lt;', '&gt;', '&quot;', '&quot;'), $text);
		}
		else
		{
			return str_replace(array('<', '>', '"'), array('&lt;', '&gt;', '&quot;'), $text);
		}
	}
	
	/**
	* Unicode-safe entity encoding system; similar to sanitize()
	*
	* @param	string	Unsanitized text
	*
	* @return	string	Unicode-safe sanitized text with entities preserved
	*/
	function entity_encode($text)
	{
		$text = str_replace('&', '&amp;', $text);
		$text = $this->sanitize($text);
		return $text;
	}
	
	/**
	* Takes text that has been processed for HTML and unsanitizes it
	*
	* @param	string	Text that needs to be turned back into HTML
	* @param	bool	Force magicquotes off
	*
	* @return	string	Unsanitized text
	*/
	function unsanitize($text, $force = false)
	{
		if ($this->magicquotes AND !$force)
		{
			return str_replace(array('&lt;', '&gt;', '&quot;'), array('<', '>', '\"'), $text);
		}
		else
		{
			return str_replace(array('&lt;', '&gt;', '&quot;'), array('<', '>', '"'), $text);
		}
	}
	
	/**
	* Smart addslashes() that only applies itself it the Magic Quotes GPC is off
	*
	* @param	string	Some string
	* @param	bool	If the data is binary; if so it'll be run through DB::escape_stringing()
	* @param	bool	Force magic quotes to be off
	*
	* @return	string	String that has slashes added
	*/
	function escape($str, $binary = false, $force = true)
	{
		if ($this->magicquotes AND !$force)
		{
			if (isset($this->db) AND $binary)
			{
				if (is_resource($this->db->link_id))
				{
					return $this->db->escape_string(stripslashes($str));
				}
			}
			return $str;
		}
		else
		{
			if (isset($this->db) AND $binary)
			{
				if (is_resource($this->db->link_id))
				{
					return $this->db->escape_string($str);
				}
			}
			return addslashes($str);
		}
	}
	
	/**
	* Runs through all of the input data and sanitizes it.
	*/
	function exec_sanitize_data()
	{
		$this->in = $this->_sanitize_input_recursive(array_merge($_GET, $_POST, $_COOKIE));
		// we're now using magic quotes
		if ($this->escapestrings)
		{
			$this->magicquotes = 1;
		}
	}
	
	/**
	* Sanitize function for something other than a string (which everything is sanitized for if you use exec_sanitize_data().
	* Cleaned data is placed back into $isso->in; this makes it so you don't have to constantly intval() [etc.] data
	*
	* @param	array	Array of elements to clean as varname => type
	*/
	function input_clean_array($vars)
	{
		foreach ($vars AS $varname => $type)
		{
			$this->input_clean($varname, $type);
		}
	}
	
	/**
	* Sanitize function that does a single variable as oppoesd to an array (see input_clean_array() for more details)
	*
	* @param	string	Variable name in $isso->in[]
	* @param	integer	Sanitization type constant
	*/
	function input_clean($varname, $type)
	{
		$this->in["$varname"] = $this->clean($this->in["$varname"], $type);
	}
	
	/**
	* Cleaning function that does the work for input_clean(); this is moved here so it can be used to clean things that aren't in $isso->in[]
	*
	* @param	mixed	Data
	* @param	integer	Sanitization type constant
	*
	* @return	mixed	Cleaned data
	*/
	function clean($value, $type)
	{
		if ($type == TYPE_INT)
		{
			$value = intval($value);
		}
		else if ($type == TYPE_UINT)
		{
			$value = abs(intval($value));
		}
		else if ($type == TYPE_FLOAT)
		{
			$value = floatval($value);
		}
		else if ($type == TYPE_BOOL)
		{
			$value = (bool)$value;
		}
		else if ($type == TYPE_STR)
		{
			if (!$this->escapestrings)
			{
				$value = $this->escape($value);
			}
		}
		else if ($type == TYPE_STRUN)
		{
			$value = $this->unsanitize($value);
		}
		else if ($type == TYPE_NOCLEAN)
		{
			if ($this->escapestrings)
			{
				$value = $this->escape($value);
			}
		}
		else
		{
			trigger_error('Invalid clean type `' . $type . '` specified', E_USER_ERROR);
		}
		
		return $value;
	}
	
	/**
	* Checks to see if a POST refer is actually from us
	*/
	function exec_referer_check()
	{
		if ($_SERVER['REQUEST_METHOD'] == 'POST')
		{
			$host = ($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : $_ENV['HTTP_HOST'];
			
			if ($host AND $_SERVER['HTTP_REFERER'])
			{
				$parts = parse_url($_SERVER['HTTP_REFERER']);
				$ourhost = $parts['host'] . (($parts['port']) ? ":$parts[port]" : '');
				
				if ($ourhost != $host)
				{
					trigger_error('No external hosts are allowed to POST to this application', E_USER_ERROR);
				}
				$this->debug('remote post check = ok');
			}
			else
			{
				$this->debug('remote post check = FAILED');
			}
		}
	}
}

/*=====================================================================*\
|| ###################################################################
|| # $HeadURL$
|| # $Id$
|| ###################################################################
\*=====================================================================*/
?>