<?
ini_set("display_errors", "0");
//ini_set('session.save_path', '/var/www/vhosts/fip.org/temp/sessions');
//error_reporting(E_ALL & ~E_NOTICE);
//error_reporting( error_reporting() & ~E_NOTICE );
//error_reporting(E_ERROR | E_WARNING | E_PARSE );
error_reporting( error_reporting() & ~E_NOTICE  & ~E_DEPRECATED  &  ~E_WARNING);//~E_STRICT);//
//Notice: Undefined index:

if (1)
{
 
    $item = $_REQUEST['item']??'';
    $action = $_REQUEST['action']??'';
    
    if (!empty($item) && $action=='addfavorite')
    {
        if (strstr($item,'%') || !ctype_digit($item))
        {
            http_response_code(403);
            exit;
        }
    }
    
    if ($action == 'addfavorite' || $action=='generatePdf')
    {
        http_response_code(404);
        exit;
    }
    
    $arrCheck = array_merge($_GET ?? [], $_POST ?? []);
   
    if (1) if (is_array($arrCheck))
    {
        $arrForbiddenWords = array(
            "SELECT *", "information_schema", "table_schema", "table_name",
            'FANALYSE', 'fip.org/././', 'UPDATEXML',
            '/**/', 'CAST(', 'SELECT/', '/CASE/', '/WHEN/',
            '/THEN/', '/ELSE/', '/END)', 'AS/*', '||', 'INTEGER)',
            'PROCEDURE ANALYSE', 'ANALYSE(',
        );
        foreach ($arrCheck as $value)
        {
            if (!is_array($value))
            foreach ($arrForbiddenWords as $val)
            {
               
                if (stristr($value, $val))
                {
                    http_response_code(403);
                    exit;
                }
            }
        }
    }
}

$GLOBALS['members.viewonly'] = true;

$GLOBALS['config.compatibility.v2.15_v2.2'] = true;

//$_REQUEST = mysqlEscapeRequest($_REQUEST);

ini_set('memory_limit', '-1');
date_default_timezone_set('Europe/Amsterdam');

$sitedesqPrefix = "sitedesq_";

$GLOBALS['config']['site']=1;
$GLOBALS['memberdb'] = true;


$GLOBALS['test.server'] = ($_SERVER['HTTP_HOST']=='test.fip.org');
//die($GLOBALS['test.server']);
$GLOBALS['membersdb.prefix'] = ($GLOBALS['test.server']) ? "membership_test" : "membership";

if (strstr($_SERVER['HTTP_HOST'],"192.168.134.214")) { 
	$GLOBALS['config.server'] = "test";
} else if (strstr($_SERVER['HTTP_HOST'],"10.66.12.") || strstr($_SERVER['HTTP_HOST'],"192.168.1") || strstr($_SERVER['HTTP_HOST'],"192.168.14.67") || strstr($_SERVER['HTTP_HOST'],"localhost") || strstr($_SERVER['HTTP_HOST'],"192.168.134.12"))  {
	$GLOBALS['config.server'] = "development";
} else {
	$GLOBALS['config.server'] = "production";
}

if ($GLOBALS['config.server']=="development") {
    $GLOBALS['base.dir'] = "http://localhost:10088/zendworkspace/fip2018/";
	$db_name = "fip";
	//$db_name = "webdudesdb";
	$db_host = "localhost";
	$db_user = "root";
 	$db_pass = "root";
 	
 	$GLOBALS['config']['config.cms.files.root'] = '/Users/developer/Zend/workspaces/DefaultWorkspace/fip2018/uploads/files';  // Directory where the protected files are stored
 	
 	$GLOBALS['debuginfo'];
} else if ($GLOBALS['config.server']=="test") { 
	$db_name = "fip-test";
	//$db_name = "webdudesdb";
	$db_host = "localhost";
	$db_user = "root";
 	$db_pass = "root";	
 	$GLOBALS['config']['config.cms.files.root'] = '/var/www/files/fip'; // Directory where the protected files are stored
 	$GLOBALS['debuginfo'];
} else {
	//$db_name = 'fip-testforum'; //
	$GLOBALS['base.dir'] = "https://".$_SERVER['HTTP_HOST']."/";
	$db_name = 'fip'; 
	$db_host = 'localhost';    // MySQL hostname
	$db_user = 'fip_user';          // MySQL user (only needed with basic auth)
	$db_pass= 'zu3sypi3ga4tuv'; 

	$GLOBALS['config']['config.cms.files.root'] = '/var/www/vhosts/fip.org/httpdocs/uploads/files'; // Directory where the protected files are stored
}

// FIP DB tables
$GLOBALS["tables"]["modules"] 	= "fip_website_module";
$GLOBALS["tables"]["cmsmodules"] = "fip_website_module";		
$GLOBALS["tables"]["menus"] 	= "fip_website_menu";
$GLOBALS["tables"]["pages"] 	= "fip_website_page";
$GLOBALS["tables"]["files"] 	= "fip_website_files";
$GLOBALS["tables"]["pictures"] 	= "fip_website_pictures";
$GLOBALS["tables"]["statements"] = "fip_website_statements";
$GLOBALS["tables"]["events"] 	= "fip_website_events";
$GLOBALS["tables"]["countries"] = "fip_website_countries";
$GLOBALS["tables"]["country_price"] = "fip_website_country_price";
$GLOBALS["tables"]["countriesnew"] = "fip_website_countries";
$GLOBALS["tables"]["news"] = "fip_website_news";
$GLOBALS["tables"]["memberorganizations"] = "fip_website_memberorganizations";
$GLOBALS["tables"]["membership"] = "{$GLOBALS['membersdb.prefix']}".".fip_website_membership";

$GLOBALS["tables"]["congress"] = "fip_mod_congress";
$GLOBALS["tables"]["congresslocation"] = "fip_mod_congresslocation";
$GLOBALS["tables"]["congressroom"] = "fip_mod_congressroom";
$GLOBALS['tables']['congresssection'] = "fip_mod_congresssection";
$GLOBALS['tables']['congresssectionxsession'] = "fip_mod_congresssectionxsession";
$GLOBALS["tables"]["press"] = "fip_website_press";
$GLOBALS["tables"]["congress_files"] = "fip_mod_congress_files";
$GLOBALS["tables"]["congress_presentations"] = "fip_mod_congress_presentations";
$GLOBALS["tables"]["statements_section"] = "fip_website_statements_section";

$GLOBALS["tables"]["members_congress_presentations"] = "fip_members_congress_presentations";
$GLOBALS['tables']['membership_extrapayments']  = "fip_membership_extrapayments";

$GLOBALS['tables']['member'] = "{$GLOBALS['membersdb.prefix']}.fip_website_member_test"; // PDV "fip_website_member"
$GLOBALS['tables']['memberxmembergroup'] = "fip.fip_website_memberxmembergroup_test";
$GLOBALS['tables']['membergroup'] = "fip.fip_website_membergroup";
$GLOBALS['tables']['menuxmembergroup'] = "fip_website_menuxmembergroup";
$GLOBALS['tables']['memberpicture'] = "{$GLOBALS['membersdb.prefix']}.fip_website_memberpicture";
$GLOBALS['tables']['memberprofile'] = "{$GLOBALS['membersdb.prefix']}.fip_website_memberprofile";
$GLOBALS['tables']['memberfriend'] = "fip_website_memberfriend";
$GLOBALS['tables']['memberdiscuss'] = "fip_website_memberdiscuss";

// Membership DB tables
$GLOBALS['tables']['auth']['user'] = "membership.fip_mo_members";
$GLOBALS['tables']['auth']['group'] = "membership.tblDirectories";
$GLOBALS['tables']['auth']['userxgroup'] = "membership.fip_mo_accdir";
$GLOBALS['tables']['auth']['countries'] = "membership.fip_website_countries";


// Member Organisations Review Comments tables
$GLOBALS['tables']['review_comments']  = "fip_members_review_comments";
$GLOBALS['tables']['review_document']  = "fip_members_review_document";
$GLOBALS['tables']['review_files']  = "fip_members_review_files";

$GLOBALS['tables']['members_news'] = "fip_members_news";
$GLOBALS['tables']['newsblock'] = "fip_website_newsblock";
$GLOBALS['tables']['sites'] = "fip_website_site";
$GLOBALS['tables']['congress_track'] = "fip_mod_congress_track";

// Tell-a-friend
$GLOBALS['tables']['subscription'] = "fip_website_subscription";


$GLOBALS['tables']['download_action'] 	= $sitedesqPrefix. "download_action";
$GLOBALS['tables']['download_file'] 	= $sitedesqPrefix. "download_file";
$GLOBALS['tables']['download_user'] 	= $sitedesqPrefix. "download_user";

$GLOBALS["tables"]["abstracts"] = "fip_website_abstracts";
$GLOBALS["tables"]["abstracts_countries"] = "fip_website_abstracts_countries";
$GLOBALS["tables"]["abstracts_categories"] = "fip_website_abstracts_categories";

//File checker
$GLOBALS['tables']['files_tables'] = "fip_files_tables";
$GLOBALS['tables']['files_source'] = "fip_files_source";
$GLOBALS['tables']['files_filesystem'] = "fip_files_filesystem";

$GLOBALS['tables']['publicforum'] 			= $sitedesqPrefix. "publicforum";
$GLOBALS['tables']['publicforum_message'] 	= $sitedesqPrefix. "publicforum_message";
$GLOBALS['tables']['publicforum_topic'] 	= $sitedesqPrefix. "publicforum_topic";
$GLOBALS['tables']['publicforum_moderator'] = $sitedesqPrefix. "publicforum_moderator";

$GLOBALS['tables']['abstractcongresses'] = "fip_website_abstracts_congresses";
$GLOBALS['tables']['modulepermissions'] = "fip_website_module_permissions";
$GLOBALS['tables']['permissionvalues'] = "fip_website_permission_values";

$GLOBALS['tables']['forum'] = "fip.fip_website_forum";
$GLOBALS['tables']['forummessage'] = "{$GLOBALS['membersdb.prefix']}.fip_website_forummessage";
$GLOBALS['tables']['forumfiles'] = "fip.fip_website_forummessage_files";
$GLOBALS['tables']['forumtopic'] = "fip.fip_website_forumtopic";
$GLOBALS['tables']['forumxmembergroup'] = 'fip.fip_website_forumxmembergroup';

$GLOBALS['tables']['autoform'] = $sitedesqPrefix. "website_autoform";

$GLOBALS['tables']['membership_metainfo'] = "fip.fip_website_membership_metainfo";

$GLOBALS['tables']["poll"] 				= "{$db_name}.wp_poll";
$GLOBALS['tables']["poll_questions"] 	= "{$db_name}.wp_poll_question";
$GLOBALS['tables']["poll_options"] 		= "{$db_name}.wp_poll_option";
$GLOBALS['tables']["poll_option_save"]	= "{$db_name}.wp_poll_save";
$GLOBALS['tables']["poll_prizes"]		= "{$db_name}.wp_poll_prize";
$GLOBALS['tables']["poll_inputtype"]	= "{$db_name}.wp_poll_inputtype";

$GLOBALS['tables']['pending_login'] = "{$GLOBALS['membersdb.prefix']}.fip_website_pending_login";


$GLOBALS['tables']["salesforce_account"]	= "{$GLOBALS['membersdb.prefix']}.salesforce_Account";
$GLOBALS['tables']['salesforce_lastmodified'] = "{$GLOBALS['membersdb.prefix']}.salesforce_lastmodified";
$GLOBALS['tables']['pending_action'] = "{$GLOBALS['membersdb.prefix']}.fip_website_pending_action";
$GLOBALS['tables']['salesforce_membership'] = "{$GLOBALS['membersdb.prefix']}.salesforce_Membership__c";


//2019
$GLOBALS['tables']['press'] = 'fip2019_pressreleases';
$GLOBALS['tables']['congresses'] = 'fip2019_congresses';


$GLOBALS['tables']['faq'] = 'fip2019_faqs';
$GLOBALS['tables']['faq_category'] = 'fip2019_faq_categories';
$GLOBALS["tables"]["congress"] = 'fip2019_congresses';
$GLOBALS["tables"]["publication_category"] ='fip2019_publicationcategories';
$GLOBALS["tables"]["publication"] ='fip2019_publications';
$GLOBALS["tables"]["publication_translation"] ='fip2019_publicationtranslations';
$GLOBALS["tables"]["publication_type"] ='fip2019_publicationtypes';
$GLOBALS["tables"]["publicationxcategory"] ='fip2019_publicationxcategory';
$GLOBALS["tables"]["publicationxsig"] ='fip2019_publication_sig';
$GLOBALS["tables"]["sig"] ='fip2019_sigs';

$GLOBALS["tables"]["staff"] ='fip2019_staffs';
$GLOBALS["tables"]["staff_category"] ='fip2019_staffgroups';

$GLOBALS['tables']['event'] = 'fip2019_events';
$GLOBALS['tables']['event_category'] = 'fip2019_eventcategories';
$GLOBALS['tables']['event_type'] = 'fip2019_eventtypes';
$GLOBALS['tables']['event_programme'] = 'fip2019_event_programme';

$GLOBALS['tables']['banner'] = 'fip2019_banners';


$GLOBALS['database']['link'] = null;
// Contains all generic includes
$include_path = "inc/";

// Contains all functionality
$action_path = "action/";

// Files path
//
// Store root for files and user pictures 
// 
// Files are stored in: $files_path."directories"
// Pictures are stored in: $files_path."pictures"
//
// Make sure this directory is R/W for the apache/php process 
$files_path = "D:\program files\Zend\Apache Group\Apache\htdocs\mo\files";
//$files_path = "/opt/guide/www.webdudes.nl/HTML/project/sos/files/";

//PDV file storage in database or filesystem
$files_storage = "database"; //other option = filesystem

// CSS Style location
$css = "styles/main.css";

// PDV protected mode  

$safemode = false;

// Email notification info (new files)
//
// Use %f for filename, %t for title and %d for description substitution.
// Alter sendEmail() in directory.handle.inc.php to add more substitutions!
//
// Set $email["bcc"] to true to make sure all recipients are put in the bcc field 
$notification["from_name"] = "FIP Members Only";
$notification["from_email"] = "info@fip.org";
$notification["subject"] = "[Members Only] '%f' has been uploaded!";
$notification["body"] = "Hello,\n\nThere's a new file on the server:\n\nFilename: %f\nLocation: %l\nTitle: %t\nDescription:\n%d\n\nBest regards,\n\n".$notification["from_name"];
$notification["bcc"] = true;

// Form quotum (max size for each upload) 
//
// Make sure that 'upload_max_filesize' in php.ini allows the amount stated in this variable (does 'post_max_size' also have any effect?)
$form_quotum = 5000000;
$row_color=0;
$aColors = Array ("white", "#e4ece3");	
$pColors = Array ("#d9cfd3", "#ece7e9");

// CMS settings
$GLOBALS['config.cms.prefix'] = "fip_cms_";
$GLOBALS['config.cms.usersession'] = $GLOBALS['config.cms.prefix']. "user";

function getForbiddenWords()
{
	if (!isset($GLOBALS['filtered.forbiddenWords']))
	{
		$arrForbiddenWords = array("SELECT *", "information_schema","table_schema", "table_name");
		$strQuery = "SELECT table_name FROM information_schema.tables WHERE TABLE_SCHEMA='fip'";
		$results = my_sql_query($strQuery) or die ("Error escape");
		//$results = null;
		if ($results && my_sql_num_rows($results)>0)
		{
			while (list($name) = my_sql_fetch_row($results))
				if (strstr($name, "_"))
					$arrForbiddenWords[] = $name;
		}
		return $arrForbiddenWords;
	} else 
		return $GLOBALS['filtered.forbiddenWords'];
}

function mysqlEscapeRequest($array)
{
	$arrForbiddenWords = getForbiddenWords(); 
	$arrFrom = array(";");
	$arrTo = array("&59#;");
	
	//print_r($arrForbiddenWords); die();
	foreach($array as $key => $var)
	{
		if(is_array($var) && !empty($var))
			$array[$key] = mysqlEscapeRequest($var);
		else
		{
			// die (addcslashes(my_sql_real_escape_string($var), "%") ."-- $var");
			if ($key == 'id' || strstr($key, '_id')) // cast ids to integer
				settype($var, 'integer');
			
			foreach ($arrForbiddenWords as $strWord)
			{
				if (strstr($var, $strWord))
				{
					$var = '';
					break;
				}
			}
			$var = str_replace($arrFrom, $arrTo, $var);
			$array[$key] = addcslashes(my_sql_real_escape_string($var), "%"); 
			//$array[$key] = my_sql_real_escape_string($var);
		}
	}
	
	
	return $array;
}

function fipDontSlash($string)
{	return $string;
}

function my_sqli_set_strict($mode = '', $link = null)
{
    if (! empty($mode) && $mode == 'strict') {
        //$result =  my_sql_query("SET SESSION sql_mode = 'STRICT_TRANS_TABLES, ERROR_FOR_DIVISION_BY_ZERO , NO_AUTO_CREATE_USER, NO_ENGINE_SUBSTITUTION'", $link);
        $result =  my_sql_query("SET SESSION sql_mode = 'TRADITIONAL'", $link);
        
    }  else // https://mariadb.com/kb/en/sql-mode/ MariaDB 10.2.4
        my_sql_query("SET SESSION sql_mode = ''", $link);
}
?>