query("SET NAMES utf8"); $mdb2->query("SET CHARACTER SET utf8"); if (PEAR::isError($mdb2)){ $msg .= $mdb2->getMessage() ; $msg .= "\n"; $i=0; while ($data[$i]) { $msg .= $data[$i]."\n\n\n"; $i++; } $msg .= 'Standard Message: ' . $mdb2->getMessage() . "
\n"; $msg .= 'Standard Code: ' . $mdb2->getCode() . "
\n"; $msg .= 'DBMS/User Message: ' . $mdb2->getUserInfo() . "
\n"; $msg .= 'DBMS/Debug Message: ' . $mdb2->getDebugInfo() . "
\n"; //Email::SystemEmail("chris.ropokis@gmail.com","dconnect error",$msg); //die($msg); die(""); }else{ // check if transaction are supported by this driver if (!$mdb2->supports('transactions')) { die("DATABASE DOES NOT SUPPORT TRANSACTIONS"); } return $mdb2; }//end if }//end function connect function convertISO($body){ $bodys = iconv("UTF-8","ISO-8859-7",$body); return $bodys; } function convertUTF8($body){ $bodys = iconv("ISO-8859-7","UTF-8",$body); return $bodys; } function checkURL($restos){ // here you can put your suspicions chains at your will. Just be careful of // possible coincidences with your URL's variables and parameters $inyecc='/script|http|<|>|%3c|%3e|SELECT|UNION|UPDATE|AND|cmd|sh|exe|exec|INSERT|tmp/i'; // detecting if (preg_match($inyecc, $restos)) { // make something, in example send an e-mail alert to administrator $forwarded = $_SERVER['QUERY_STRING']; $remoteaddress = $_SERVER['REMOTE_ADDR']; $message = "attack injection in $mi_url nnchain: $restos nn from: (ip-forw-RA):- $ip - $forwarded - $remoteaddress --------- end --------------------"; mail("chris.ropokis@gmail.com", "Attack injection", $message, "From: host@{$_SERVER['SERVER_NAME']}", "-fwebmaster@{$_SERVER['SERVER_NAME']}"); // message and kill execution echo 'illegal url'; die(); } }//ebd function chekurl function preparefilename($str="pastilies"){ $temp = $str."_".time(); return $temp; } function friendlyURL($string){ $string = preg_replace("`\[.*\]`U","",$string); $string = preg_replace('`&(amp;)?#?[a-z0-9]+;`i','-',$string); $string = htmlentities($string, ENT_COMPAT, 'utf-8'); $string = preg_replace( "`&([a-z])(acute|uml|circ|grave|ring|cedil|slash|tilde|caron|lig|quot|rsquo);`i","\\1", $string ); $string = preg_replace( array("`[^a-z0-9]`i","`[-]+`") , "-", $string); return strtolower(trim($string, '-')); } function fix_cat_name_for_url($str){ $str = stripslashes($str); $str = trim($str); $fixcatname = str_replace(" ","-",$str); $fixcatname = str_replace("&","",$fixcatname); $fixcatname = str_replace("?","",$fixcatname); $fixcatname = str_replace("-","",$fixcatname); $fixcatname = str_replace("/","",$fixcatname); $fixcatname = str_replace("\\","",$fixcatname); $fixcatname = str_replace("(","",$fixcatname); $fixcatname = str_replace(")","",$fixcatname); $fixcatname = str_replace("=","",$fixcatname); $fixcatname = str_replace(",","",$fixcatname); $fixcatname = str_replace(".","",$fixcatname); $fixcatname = str_replace(";","",$fixcatname); $fixcatname = str_replace(":","-",$fixcatname); $fixcatname = str_replace("'","",$fixcatname); $fixcatname = str_replace("΄","",$fixcatname); $fixcatname = str_replace("__","",$fixcatname); $fixcatname = str_replace("___","",$fixcatname); return $fixcatname; } function findexts ($filename){ $ext = pathinfo($filename, PATHINFO_EXTENSION); return $ext; } function cleanpost($string){ $string = strip_tags($string); $string = addslashes($string); $string = htmlspecialchars($string); //$inyecc='/script|http|<|>|%3c|%3e|SELECT|UNION|UPDATE|AND|cmd|sh|exe|exec|INSERT|tmp/i'; $string = str_replace("script","",$string); $string = str_replace("SELECT","",$string); $string = str_replace("%3c","",$string); $string = str_replace("%3e","",$string); $string = str_replace("UNION","",$string); $string = str_replace("UPDATE","",$string); $string = str_replace("INSERT","",$string); // $string = htmlentities($str, ENT_QUOTES, 'UTF-8'); // $string = preg_replace('~&([a-z]{1,2})(acute|cedil|circ|grave|lig|orn|ring|slash|th|tilde|uml);~i', '$1', $string); // $string = preg_replace(array('~[^0-9a-z]~i', '~-+~'), ' ', $string); return trim($string); } function fix_filename($str){ $str = stripslashes($str); $str = trim($str); $fixcatname = str_replace(" ","",$str); $fixcatname = str_replace("&","",$fixcatname); $fixcatname = str_replace("?","",$fixcatname); $fixcatname = str_replace("-","",$fixcatname); $fixcatname = str_replace("/","",$fixcatname); $fixcatname = str_replace("\\","",$fixcatname); $fixcatname = str_replace("(","",$fixcatname); $fixcatname = str_replace(")","",$fixcatname); $fixcatname = str_replace("=","",$fixcatname); $fixcatname = str_replace(",","",$fixcatname); $fixcatname = str_replace(";","",$fixcatname); $fixcatname = str_replace(":","-",$fixcatname); $fixcatname = str_replace("'","",$fixcatname); $fixcatname = str_replace("΄","",$fixcatname); $fixcatname = str_replace("__","",$fixcatname); $fixcatname = str_replace("___","",$fixcatname); return $fixcatname; } function generateMerchantRef(){ $rand =rand(1,40000); return "SPAKIPSELI".time().$rand; } function returnGreekMonth($month){ switch ($month){ case "01": case "1": return "Ιανουάριου"; break; case "02": case "2": return "Φεβρουάριου"; break; case "03": case "3": return "Μάρτιου"; break; case "04": case "4": return "Απρίλιου"; break; case "05": case "5": return "Μάιου"; break; case "06": case "6": return "Ιούνιου"; break; case "07": case "7": return "Ιούλιου"; break; case "08": case "8": return "Αύγουστου"; break; case "09": case "9": return "Σεπτέμβριου"; break; case "10": return "Οκτώβριου"; break; case "11": return "Νοέμβριου"; break; case "12": return "Δεκέμβριου"; break; } } class SaveSingleVar{ function storePass($varname) { $varname =urlsafe_b64encode($varname); return $varname; } function restorePass($varname) { $varname =urlsafe_b64decode($varname); return $varname; } function store($varname) { $eHex = rc4crypt::encrypt(ENCRYPT_KEY, $varname, 1); // Assuming the key is hexadecimal $varname =urlsafe_b64encode($eHex); return $varname; } function storeurl($varname) { $eHex = rc4crypt::encrypt(ENCRYPT_KEY_URL, $varname, 1); // Assuming the key is hexadecimal $varname =urlsafe_b64encode($eHex); return $varname; //return $eHex; } function restore($stored) { $name = urlsafe_b64decode($stored); $dHex = rc4crypt::decrypt(ENCRYPT_KEY, $name, 1); // Assuming the key is hexadecimal return $dHex; } function restoreurl($stored) { $name = urlsafe_b64decode($stored); $dHex = rc4crypt::decrypt(ENCRYPT_KEY_URL, $name, 1); // Assuming the key is hexadecimal return $dHex; } }//end class SaveSingleVar function urlsafe_b64encode($string) { $data = base64_encode($string); $data = str_replace(array('+','/','='),array('-','_',''),$data); return $data; } function urlsafe_b64decode($string) { $data = str_replace(array('-','_'),array('+','/'),$string); $mod4 = strlen($data) % 4; if ($mod4) { $data .= substr('====', $mod4); } return base64_decode($data); } function calculatePriceBeforeTax($price){ if(isset($price)){ $finalprice = (floatval($price)/1.23); $tax = 0; $tax = $price-$finalprice; return $tax; }else{ return false; } } function printError($str){ print "

$str

"; } function printDBError(){ print "

".$_SESSION["_xData"][SESSION_MESSAGE_DB]."
".$_SESSION["_xData"][SESSION_MESSAGE_ERROR]."

"; } function printSuccess($str){ print "

$str

"; } function printArray($data){ print "
";
	print_r($data);
	print "
"; } function databaseTimestamp(){ $temp = date("Y-m-d h:m:s"); return $temp; } function truncate_string_x ($string, $maxlength, $extension) { // Set the replacement for the "string break" in the wordwrap function $cutmarker = "**cut_here**"; // Checking if the given string is longer than $maxlength if (strlen($string) > $maxlength) { // Using wordwrap() to set the cutmarker // NOTE: wordwrap (PHP 4 >= 4.0.2, PHP 5) $string = wordwrap($string, $maxlength, $cutmarker); // Exploding the string at the cutmarker, set by wordwrap() $string = explode($cutmarker, $string); // Adding $extension to the first value of the array $string, returned by explode() $string = $string[0] . $extension; } $string= strip_tags($string, '

'); // returning $string return $string; } function getRealIPAddress(){ $ip=""; if (!empty($_SERVER["HTTP_CLIENT_IP"])) { //check for ip from share internet $ip = $_SERVER["HTTP_CLIENT_IP"]; } elseif (!empty($_SERVER["HTTP_X_FORWARDED_FOR"])) { // Check for the Proxy User $ip = $_SERVER["HTTP_X_FORWARDED_FOR"]; } else { $ip = $_SERVER["REMOTE_ADDR"]; } // This will print user's real IP Address // does't matter if user using proxy or not. return $ip; } function cleanpostGlobal($string){ if (is_array($string)) { foreach ($string as $keyP => $valueP) { $string[$keyP] = cleanpost($string[$keyP]); } return $string; } else { //$string = cleanHex($string); $string = strip_tags($string); $search = array( '@]*?>.*?@si', // Strip out javascript '@<[\/\!]*?[^<>]*?>@si', // Strip out HTML tags '@]*?>.*?@siU', // Strip style tags properly '@@' // Strip multi-line comments ); $string = preg_replace($search, '', $string); //$string = addslashes($string); $string = htmlspecialchars($string); //$inyecc='/script|http|<|>|%3c|%3e|SELECT|UNION|UPDATE|AND|cmd|sh|exe|exec|INSERT|tmp/i'; $string = str_replace("script", "", $string); $string = str_replace("SELECT", "", $string); // $string = str_replace("%3c","",$string); // $string = str_replace("%3e","",$string); $string = str_replace("UNION", "", $string); $string = str_replace("UPDATE", "", $string); $string = str_replace("INSERT", "", $string); // $string=mysql_real_escape_string($string); // $string = htmlentities($str, ENT_QUOTES, 'UTF-8'); // $string = preg_replace('~&([a-z]{1,2})(acute|cedil|circ|grave|lig|orn|ring|slash|th|tilde|uml);~i', '$1', $string); // $string = preg_replace(array('~[^0-9a-z]~i', '~-+~'), ' ', $string); return trim($string); } } function cleanpostHTMLGlobal($string){ //$string = cleanHex($string); $search = array( '@]*?>.*?@si', // Strip style tags properly '@@' // Strip multi-line comments ); $string = preg_replace($search, '', $string); //$string = addslashes($string); return trim($string); } function sanitizeGlobalFront(){ #SANITIZE all POST , GET, $REQUEST variables************************************************************START if(isset($_REQUEST)){ foreach ($_REQUEST as $keyP => $valueP) { $_REQUEST[$keyP] =cleanpostGlobal($_REQUEST[$keyP]); } } if(isset($_POST)){ foreach ($_POST as $keyP => $valueP) { $_POST[$keyP] =cleanpostGlobal($_POST[$keyP]); } } if(isset($_GET)){ foreach ($_GET as $keyP => $valueP) { $_GET[$keyP] =cleanpostGlobal($_GET[$keyP]); } } #SANITIZE all POST , GET, $REQUEST variables************************************************************END } sanitizeGlobalFront(); // DO SANITIZATION //NIT DB $db = connect(); #Prevent any possible XSS attacks via $_REQUEST.********************************************************START $forwarded=""; $ip=""; $ipReal=""; $check_url=""; $reasonBan=""; $ipReal= getRealIPAddress(); //$hostname=gethostbyaddr($ipReal); if(is_array($_REQUEST) && count($_REQUEST)>0){ $hacktrue=0 ; $message=""; foreach ($_REQUEST as $check_key =>$check_url){ // print $check_url; // die(); if(is_array($check_url)){ foreach ($check_url as $check_key2 =>$check_url2){ //'[<]script.*?/script[>]'is //'[<]object.*?/object[>]'is //'[<]iframe.*?/iframe[>]'is //'[<]applet.*?/applet[>]'is //'[<]meta.*?/meta[>]'is //'[<]style.*?/style[>]'is //'[<]form.*?/form[>]'is //'[<]embed.*?/embed[>]'is if ((preg_match("'[<]script.*?/script[>]'is", $check_url2)) || (preg_match("'[<]object.*?/object[>]'is", $check_url2)) || (preg_match("'[<]iframe.*?/iframe[>]'is", $check_url2)) || (preg_match("'[<]applet.*?/applet[>]'is",$check_url2)) || (preg_match("'[<]meta.*?/meta[>]'is", $check_url2)) || (preg_match("'[<]style.*?/style[>]'is", $check_url2)) || (preg_match("'[<]form.*?/form[>]'is",$check_url2)) || (preg_match("'[<]embed.*?/embed[>]'is",$check_url2))) { $hacktrue++ ; $forwarded .=" ". $_SERVER['QUERY_STRING'].","; $ip .= $_SERVER['REMOTE_ADDR'].","; $message.="$check_url2 \n"; } } }else{ if ((preg_match("'[<]script.*?/script[>]'is", $check_url)) || (preg_match("'[<]object.*?/object[>]'is", $check_url)) || (preg_match("'[<]iframe.*?/iframe[>]'is", $check_url)) || (preg_match("'[<]applet.*?/applet[>]'is",$check_url)) || (preg_match("'[<]meta.*?/meta[>]'is", $check_url)) || (preg_match("'[<]style.*?/style[>]'is", $check_url)) || (preg_match("'[<]form.*?/form[>]'is", $check_url)) || (preg_match("'[<]embed.*?/embed[>]'is",$check_url))) { $hacktrue++ ; $forwarded .=" ". $_SERVER['QUERY_STRING'].","; $ip .= $_SERVER['REMOTE_ADDR'].","; $message.="$check_url \n"; } } } if($hacktrue>0){ $message .= "attack injection in $check_url nnchain: nn from: (ip-forw-RA):- $ip - $forwarded - $ip"; unset($check_url); Email::SystemEmail(DEVELOPER_EMAIL,"someone is trying to hack into pastilies.gr",$message); Attack::logItem($ipReal, $hostname, $cookie,$message); die("You are trying an illegal request and your IP ($ip) has been logged!. System admin has been notified and a trace to your pc has been started."); } } if ($_SERVER["REQUEST_URI"]) { $hacktrue = 0; $message = ""; $check_url=urldecode ($_SERVER["REQUEST_URI"]); if ((preg_match("'[<]script.*?/script[>]'is", $check_url)) || (preg_match("'[<]object.*?/object[>]'is", $check_url)) || (preg_match("'[<]iframe.*?/iframe[>]'is", $check_url)) || (preg_match("'[<]applet.*?/applet[>]'is", $check_url)) || (preg_match("'[<]meta.*?/meta[>]'is", $check_url)) || (preg_match("'[<]style.*?/style[>]'is", $check_url)) || (preg_match("'[<]form.*?/form[>]'is", $check_url)) || (preg_match("'[<]embed.*?/embed[>]'is", $check_url))) { $hacktrue++; $forwarded .=" " . $_SERVER['QUERY_STRING'] . ","; $ip .= $_SERVER['REMOTE_ADDR'] . ","; $message.="$check_url \n"; } if ($hacktrue > 0) { $message .= "attack injection in $check_url nnchain: nn from: (ip-forw-RA):- $ip - $forwarded - $ip"; unset($check_url); Email::SystemEmail(DEVELOPER_EMAIL, "someone is trying to hack into pastilies.gr", $message); Attack::logItem($ipReal, $hostname, $cookie,$message); die("You are trying an illegal request and your IP ($ip) has been logged!. System admin has been notified and a trace to your pc has been started."); } } if(is_array($_SESSION) && count($_SESSION)>0){ $hacktrue=0 ; $message=""; foreach ($_SESSION as $check_key =>$check_url){ // print $check_url; // die(); if(is_array($check_url)){ foreach ($check_url as $check_key2 =>$check_url2){ if(is_array($check_url2)){ foreach ($check_url2 as $check_key3 =>$check_url3){ if ((preg_match("'[<]script.*?/script[>]'is", $check_url3)) || (preg_match("'[<]object.*?/object[>]'is", $check_url3)) || (preg_match("'[<]iframe.*?/iframe[>]'is", $check_url3)) || (preg_match("'[<]applet.*?/applet[>]'is",$check_url3)) || (preg_match("'[<]meta.*?/meta[>]'is", $check_url3)) || (preg_match("'[<]style.*?/style[>]'is", $check_url3)) || (preg_match("'[<]form.*?/form[>]'is", $check_url3)) || (preg_match("'[<]embed.*?/embed[>]'is",$check_url3))) { $hacktrue++ ; $forwarded .=" ". $_SERVER['QUERY_STRING'].","; $ip .= $_SERVER['REMOTE_ADDR'].","; $message.="$check_url3 \n"; unset($check_url3); } } }else{ if ((preg_match("'[<]script.*?/script[>]'is", $check_url2)) || (preg_match("'[<]object.*?/object[>]'is", $check_url2)) || (preg_match("'[<]iframe.*?/iframe[>]'is", $check_url2)) || (preg_match("'[<]applet.*?/applet[>]'is",$check_url2)) || (preg_match("'[<]meta.*?/meta[>]'is", $check_url2)) || (preg_match("'[<]style.*?/style[>]'is", $check_url2)) || (preg_match("'[<]form.*?/form[>]'is", $check_url2)) || (preg_match("'[<]embed.*?/embed[>]'is",$check_url2))) { $hacktrue++ ; $forwarded .=" ". $_SERVER['QUERY_STRING'].","; $ip .= $_SERVER['REMOTE_ADDR'].","; $message.="$check_url2 \n"; unset($check_url2); } } } }else{ if ((preg_match("'[<]script.*?/script[>]'is", $check_url)) || (preg_match("'[<]object.*?/object[>]'is", $check_url)) || (preg_match("'[<]iframe.*?/iframe[>]'is", $check_url)) || (preg_match("'[<]applet.*?/applet[>]'is",$check_url)) || (preg_match("'[<]meta.*?/meta[>]'is", $check_url)) || (preg_match("'[<]style.*?/style[>]'is", $check_url)) || (preg_match("'[<]form.*?/form[>]'is", $check_url)) || (preg_match("'[<]embed.*?/embed[>]'is",$check_url))) { $hacktrue++ ; $forwarded .=" ". $_SERVER['QUERY_STRING'].","; $ip .= $_SERVER['REMOTE_ADDR'].","; $message.="$check_url \n"; } } } if($hacktrue>0){ $message .= "attack injection in $check_url nnchain: nn from: (ip-forw-RA):- $ip - $forwarded - $ip"; unset($check_url); Attack::logItem($ipReal, $hostname, $cookie,$message); Email::SystemEmail(DEVELOPER_EMAIL,"someone is trying to hack into pastilies.gr",$message); die("You are trying an illegal request and your IP ($ip) has been logged!. System admin has been notified and a trace to your pc has been started."); } } $resultAttack= Attack::areYouAttacker($ipReal); if($resultAttack){ die("Your IP ($ipReal) has been banned from our system! Please contact system admin to resolve this issue."); } $today=date("Y-m-d H:i:s"); $todayTime=strtotime($today); $friendsOnly=array(); $friendsString=""; $dataID=""; $access_token=""; $email=""; $likedFanPage = false; $endTime=mktime(23,59,59,5,31,2012); //$endTime=mktime(19,54,0,5,31,2012); $now=time(); $fbImagePath = SERVER_URL."_img/header_logo.jpg"; $metaKeywords="παστίλιες,καμπάνια,γιατροί χωρίς σύνορα,πρόσωπα,οδηγίες,medecins sans frontieres"; $metaURL=PAGE_TAB_URL; $canonicalURL=SERVER_URL."home"; $fbTitle=GENERAL_TITLE; $fbDescription=$metaDescription="Οι «Παστίλιες για τον πόνο του άλλου» είναι μια πλήρης εκστρατεία ευαισθητοποίησης και ανεύρεσης πόρων των Γιατρών Χωρίς Σύνορα. Με τη συμβολική αγορά ενός κουτιού με έξι καραμέλες από μέλι και θυμάρι από τα φαρμακεία σε ολόκληρη τη χώρα, κάθε αγοραστής συμβάλει στην προσπάθεια των Γιατρών Χωρίς Σύνορα να βοηθήσουν ευάλωτους ασθενείς, «ξεχασμένους», αποκλεισμένους από την ιατροφαρμακευτική περίθαλψη στην Ελλάδα και τον υπόλοιπο κόσμο."; ?>