/* * Helper functions. Originally located in common.php * moved on 4/30/2026 */ /* * This function checks to see if we have a valid user logged in, and if not, * redirects the end user to the login page after storing their original request * so that they can be redirected to their original destination post-authentication */ function RequireAuthentication() { // if this is run from the commandline, short circuit if(! isset($_SERVER['HTTP_HOST'])) { return; } if(! isset($_SESSION['loggedin_email']) && $_SERVER['PHP_SELF'] != "/login.php") { $_SESSION["target_url"] = (isset($_SERVER['HTTPS']) ? "https" : "http") . "://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]"; $_SESSION['saved_post'] = $_POST; header("Location: /login.php"); exit(); } } /* * This function checks to see if we have a valid user logged in, and if that * user is also flagged as an admin. If the user is not logged in they will be * redirected. If the user is not an admin, they will recieve an error message. */ function RequireAdmin() { if(! isset($_SESSION["loggedin_email"])) { RequireAuthentication(); } if(! isset($_SESSION["user_is_admin"]) || $_SESSION["user_is_admin"] == 0) { die("Permission denied."); } } /* * This function potentially hides a page behind a captcha to discourage bots. * If an integer between 0 and 100 is passed in, that will determine the % * change of prompting for a captcha. * This rate defaults to 100%, so RequireCaptcha() will always display it. */ function RequireCaptcha($percent_chance = 100) { return; // Generate a random percent between 0 and 100 // if the percent is less than the boundary (20 at this time), require captcha to continue $chance = random_int(0, 100); $boundary = 20; if($change <= $boundary) { unset($_SESSION['captcha_passed']); } // If CAPTCHA hasn't been passed yet if (empty($_SESSION['captcha_passed'])) { $_SESSION['redirect_after_captcha'] = $_SERVER['REQUEST_URI']; header("Location: /captcha.php"); exit; } } /* * cycle through all the companies in memory until we either get a hit or run out of companies */ function userOwnsCompany($company_id) { if(! isset($_SESSION['user']['companies'])) { return false; } for($i = 0; $i < count($_SESSION['user']['companies']); $i++) { if($_SESSION['user']['companies'][$i]['companyid'] == $company_id) { return true; } } return false; } /* * Turn on some extra debugging information */ function DebugOn() { ini_set('display_errors', 1); error_reporting(E_ALL); } function NoCacheHeaders() { // Send custom headers to browser header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0"); header("Cache-Control: post-check=0, pre-check=0", false); header("Pragma: no-cache"); } /* * Utility Function to get a value from the global request object and return either the value or the specified default */ function getRequest($key, $defaultValue = null) { return ($_REQUEST[$key] ?? $defaultValue); } /* * Utility Function to display a status message */ function displayMessage($severity, $title, $msg) { global $smarty; $smarty->assign("title", $title); $smarty->assign("severity", $severity); $smarty->assign("msg", $msg); $smarty->display("message.tpl"); } /* * Utility Function to display a fatal error message */ function die2($msg) { global $smarty; $smarty->assign("msg", $msg); $smarty->display("error.tpl"); die(); } /* * Utility Function that attempts to determine if the require is coming from * a bot based on the user agent and ip address */ function isBot($user_agent, $ip_addr) { /* filter by user agent strings */ $bot_strings = [ 'Googlebot', 'Bingbot', 'Slurp', // Yahoo! Slurp -- apparently thats a thing 'DuckDuckBot', 'Baiduspider', // china search engine 'facebot', 'facebookexternalhit', 'ia_archiver', // amazon 'Exabot', // french 'Sogou', // china; potentially bad player 'YandexBot' // russians ]; foreach($bot_strings as $bot) { if($pos = strpos($user_agent, $bot)) { return true; } } /* filter by ip address */ $bot_ip_addr = [ '72.94.249.34' => true, /* DuckDuckGo */ '72.94.249.35' => true, '72.94.249.36' => true, '72.94.249.37' => true, '72.94.249.38' => true, //'45.131.192.136' => true ]; if(isset($bot_ip_addr[$ip_addr])) { return $bot_ip_addr[$ip_addr]; } return false; } /* * Utility Function that attempts to determine the actual IP the request is coming from */ function getRealIPAddress() { //check ip from share internet if (!empty($_SERVER['HTTP_CLIENT_IP'])) { $ip = $_SERVER['HTTP_CLIENT_IP']; } //to check ip is pass from proxy elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { $ip = $_SERVER['HTTP_X_FORWARDED_FOR']; } else { $ip = $_SERVER['REMOTE_ADDR']; } return $ip; } // Simple router function function handleCompanyRedirect() { // Get the full URL path $requestUri = $_SERVER['REQUEST_URI']; // Check if the path matches /companies/{companyid} if (preg_match('#^/companies/([a-zA-Z0-9-]+)/?$#', $requestUri, $matches)) { // Extract the company ID $companyId = $matches[1]; // Construct the new URL for the redirect $redirectUrl = "https://thebizpost.thebizscore.com/companyview_bare.php?companyid=" . urlencode($companyId); // Redirect to the new URL header("Location: $redirectUrl", true, 301); exit(); } } // compares the specified CSRF token to the one stored in the session function validateCsrfToken(string $token): bool { // Validate the CSRF token if(! $_SESSION['csrf_token']) return false; return $token === $_SESSION['csrf_token']; } // return true if the user_is_admin flag is set function isAdmin() { return (isset($_SESSION["user_is_admin"]) && $_SESSION["user_is_admin"] === 1); } // TBD: true if the user has a verified email and phone number function isVerified() { } // returns true if there is a user logged in, otherwise false function isAuthenticated() { return (isset($_SESSION["user"])); } // TBD: determine if the user is me or jason function isInternalUser() { } // a special function to help me debug w/o disturbing the users function isMatt() { return (isset($_SESSION['user']) && $_SESSION['user']['userid'] === 1); }