<?
/* connect to DB */
($GLOBALS['db'] = mysqli_connect()) || internal_error('unable to connect to database: '.mysqli_connect_error());
mysqli_set_charset($GLOBALS['db'], 'utf8') || internal_error('unable to set character set: '.mysqli_error($GLOBALS['db']));
mysqli_select_db($GLOBALS['db'], 'ffvaDB') || internal_error('unable to select database: '.mysqli_error($GLOBALS['db']));

/* get rid of slashes produced by a moronic default setting on which
 * some software still relies... */

function cleanup_magic_quotes($array) {
	foreach ($array as $key => $value) {
		if (is_array($value)) cleanup_magic_quotes($value);
		else $array[$key] = stripslashes($value);
	}
}

if (get_magic_quotes_gpc()) {
	cleanup_magic_quotes($_GET);
	cleanup_magic_quotes($_POST);
}

// som van indices is graad van verwantschap
// verschil van de indices is generatieverschil
$familierelaties = array(
	array("proband",           "kind",                     "kleinkind",                   "achterkleinkind (3e graad)",   "achterkleinkind (4e graad)", "achterkleinkind (5e graad)", "achterkleinkind (6e graad)",   "achterkleinkind (7e graad)", "achterkleinkind (8e graad)",  "achterkleinkind (9e graad)", "achterkleinkind (10e graad)"),
	array("ouder",             "broer/zus",                "neef/nicht (3e graad)",       "achterneef/nicht (4e graad)",  "achterneef/nicht (5e graad)", "achterneef/nicht (6e graad)"),
	array("grootouder",        "oom/tante",                "neef/nicht (4e graad)",       "achterneef/nicht (5e graad)",  "achterneef/nicht (6e graad)", "achterneef/nicht (7e graad)"),
	array("overgrootouder",    "oudoom/tante",             "achterneef/nicht (5e graad)", "achterneef/nicht (6e graad)",  "achterneef/nicht (7e graad)", "achterneef/nicht (8e graad)"),
	array("betovergrootouder", "oudgrootoom/tante",        "achterneef/nicht (6e graad)", "achterneef/nicht (7e graad)",  "achterneef/nicht (8e graad)", "achterneef/nicht (9e graad)"), 
	array("oudouder",          "oudovergrootoom/tante",    "achterneef/nicht (7e graad)", "achterneef/nicht (8e graad)",  "achterneef/nicht (9e graad)",  "achterneef/nicht (10e graad)"),
	array("oudgrootouder",     "oudbetovergrootoom/tante", "achterneef/nicht (8e graad)", "achterneef/nicht (9e graad)",  "achterneef/nicht (10e graad)",  "achterneef/nicht (11e graad)"),
	array("oudovergrootouder", "stamoom/tante",            "achterneef/nicht (9e graad)", "achterneef/nicht (10e graad)", "achterneef/nicht (11e graad)",  "achterneef/nicht (12e graad)"),
	array("oudbetovergrootouder", "stamgrootoom/tante",            "achterneef/nicht (10e graad)", "achterneef/nicht (11e graad)", "achterneef/nicht (12e graad)",  "achterneef/nicht (13e graad)"),
	array("stamouder", "stamovergrootoom/tante",            "achterneef/nicht (11e graad)", "achterneef/nicht (12e graad)", "achterneef/nicht (13e graad)",  "achterneef/nicht (14e graad)"),
	array("stamgrootouder", "stambetovergrootoom/tante",            "achterneef/nicht (12e graad)", "achterneef/nicht (13e graad)", "achterneef/nicht (14e graad)",  "achterneef/nicht (15e graad)"),
	array("stamovergrootouder", "stambetovergrootoom/tante",            "achterneef/nicht (13e graad)", "achterneef/nicht (14e graad)", "achterneef/nicht (15e graad)",  "achterneef/nicht (16e graad)"),
);

/* convenience functions */
function mysqli_escape_data($string) {
	return mysqli_real_escape_string($GLOBALS['db'], $string);
}

function internal_error($string) {
	header('Content-Type: text/plain');
	echo('Internal error: '.$string);
	exit;
}

function dec_signed_data($data) {
	if (!isset($data)) return NULL;
	$sigdata = explode(';', $data);
	if (count($sigdata) != 2) internal_error('error paramater malformed');
	$hmac_key = sprint_singular("SELECT value FROM config WHERE `key` = 'HMAC_KEY'");
	if (hash_hmac('sha256', $sigdata[1], $hmac_key) != $sigdata[0]) internal_error('invalid signature');
	$timeoutdata = explode(',', $sigdata[1]);
	if (count($timeoutdata) != 2) internal_error('signed data malformed?!?!?!?');
	if (time() > $timeoutdata[0]) return NULL;
	return unserialize(urlsafe_b64decode($timeoutdata[1]));
}

function enc_signed_data($data) {
	$hmac_key = sprint_singular("SELECT value FROM config WHERE `key` = 'HMAC_KEY'");
	$timeout = sprint_singular("SELECT value FROM config WHERE `key` = 'HMAC_TIMEOUT'") + time();
	$timeoutdata = $timeout.','.urlsafe_b64encode(serialize($data));
	$sig = hash_hmac('sha256', $timeoutdata, $hmac_key);
	return $sig.';'.$timeoutdata;
}

function html_head($title, $script = '') {
	header('Content-Type: text/html; charset=UTF-8');
	echo('<?xml version="1.0" encoding="UTF-8"?>'."\n"); ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<meta charset="UTF-8">
<title><? echo($title) ?></title>
<script type="text/javascript" src="js/jquery-1.4.2.min.js"></script>
<link href="css/style.css" rel="stylesheet"/>
<link href="css/ui-lightness/jquery-ui-1.8.6.custom.css" rel="stylesheet"/>
<script type="text/javascript" src="js/jquery-ui-1.8.6.custom.min.js"></script>
<script type="text/javascript">
//<![CDATA[
$(function(){
<?  echo($script); ?>
});
//]]>
</script>
</head>
<body>
<?  }

function html_tail() { ?>
</body>
</html><?
}

function entenc($string) {
	return htmlspecialchars($string, ENT_QUOTES, 'UTF-8');
}

function mysqli_field_name($result, $field_offset) {
    $properties = mysqli_fetch_field_direct($result, $field_offset);
    return is_object($properties) ? $properties->name : null;
}

function sprint_table($result) {
        if (mysqli_num_rows($result) == 0) return '<table></table>';
        $no_fields = mysqli_num_fields($result);

        $html_table = '<table><tr>';
        for ($i = 0; $i < $no_fields; $i++) {
                $html_table .= '<th>'.entenc(mysqli_field_name($result, $i)).'</th>';
        }
        $html_table .= "\n";

	while ($row = mysqli_fetch_array($result, MYSQLI_NUM)) {
                $html_table .= '<tr>';
                for ($i = 0; $i < $no_fields; $i++) {
                        //if (isset($row[$i])) $html_table .= '<td>'.entenc($row[$i]).'</td>';
                        if (isset($row[$i])) $html_table .= '<td>'.$row[$i].'</td>';
                        else $html_table .= '<td><i>NULL</i></td>';
                }
                $html_table .= "</tr>\n";
        }

        $html_table .= "</table>\n";
        mysqli_data_seek($result, 0);
        return $html_table;
}

function sprint_parms($array) {
	if (!is_array($array)) return;

	foreach ($array as $key => $value)
		$ret .= urlencode($key).'='.urlencode($value).'&';

	return substr($ret, 0, -1);
}

function is_date($date) {
	if (!isset($date) || !preg_match('/^(\d\d\d\d)-(\d\d)-(\d\d)$/', $date, $matches) ||
			!checkdate($matches[2], $matches[3], $matches[1])) return 0;
	return 1;
}

// format characters
// %% -> %
// %q -> string to be escaped, must already be insides 's in $format
// %d -> integer
// %u -> nonnegative integer
// %D -> SQL date
function mysqli_query_safe($format) {
	$out = '';
	$arg = 1;

	while (($pos = strpos($format, '%')) !== FALSE) {
		$out .= substr($format, 0, $pos);
		switch ($format[$pos + 1]) {
			case '%':
				$out .= '%';
				break;
			case 'q':
				if (func_num_args() <= $arg) internal_error('te weinig argumenten');
				$out .= mysqli_escape_data(func_get_arg($arg));
				$arg++;
				break;
			case 'd':
				if (func_num_args() <= $arg) internal_error('te weinig argumenten');
				$val = (int)func_get_arg($arg);
				if ($val != func_get_arg($arg)) internal_error('SQL argument is geen integer');
				$out .= $val;
				$arg++;
				break;
			case 'u':
				if (func_num_args() <= $arg) internal_error('te weinig argumenten');
				$val = (int)func_get_arg($arg);
				if ($val != func_get_arg($arg)) internal_error('SQL argument is geen integer');
				if ($val < 0) internal_error('SQL argument een negatieve integer');
				$out .= $val;
				$arg++;
				break;
			case 'D':
				if (func_num_args() <= $arg) internal_error('te weinig argumenten');
				$val = func_get_arg($arg);
				if (!is_date($val)) internal_error('SQL argument is geen datum');
				$out .= $val;
				$arg++;
				break;
			default: 
				internal_error('onzinnig format character');
				break;
		}

		$format = substr($format, $pos + 2);
	}

	if ($arg != func_num_args()) internal_error('te veel argumenten voor format string');

	$out .= $format;

	if (!($result = mysqli_query($GLOBALS['db'], $out))) internal_error("mysqli_query(\"$out\"):".mysqli_errno($GLOBALS['db']).':'.mysqli_error($GLOBALS['db']));

	return $result;
}

function sprint_singular() {
        $args = func_get_args();
        $row = mysqli_fetch_array($result = call_user_func_array('mysqli_query_safe', $args), MYSQLI_NUM);
        mysqli_free_result($result);
        return $row[0];
}

function urlsafe_b64encode($string) {
	$data = base64_encode($string);
	$data = str_replace(array('+','/','='),array('-','_',''),$data);
	return $data;
}

function urlsafe_b64decode($string) {
	$data = str_replace(array('-','_'),array('+','/'),$string);
	$mod4 = strlen($data) % 4;
	if ($mod4) $data .= substr('====', $mod4);
	return base64_decode($data);
}

?>