<?php
/**
 * Helper Functions
 */
 
/**
 * Automated Asset Refresh
 *
 * Returns the full URL of a file, including appending the filemtime onto the URL
 * to break the cache when the file has been updated.
 *
 * @param string  Filename in question
 * @return string  Filename with base_url appended and the filemtime prepended
 */
function asset_url($filename) {
	$url = base_url() . $filename;
 
	/**
	 * Append file modified time to prevent unwanted caching
	 */
	if (file_exists(FCPATH . $filename)) {
 
		/**
		 * Check if there is already a querystring on URL to append appropriate character
		 */
		if (strpos($filename, '?') === FALSE) {
			$url .= '?';
		} else {
			$url .= '&';
		}
		$url .= filemtime(FCPATH . $filename);
	}
 
	echo $url;
}
 
/**
 * Generate (Password) Hash
 * 
 * Calling generateHash() with a single argument (the plain text password) will cause a 
 * random string to be generated and used for the salt. The resulting string consists of 
 * the salt followed by the SHA-1 hash - this is to be stored away in your database. 
 * When you're checking a user's login, the situation is slightly different in that you 
 * already know the salt you'd like to use. The string stored in your database can be 
 * passed to generateHash() as the second argument when generating the hash of a user-
 * supplied password for comparison.
 *
 * @param string  $plain_text string that we want to hash
 * @param string  $salt to compare with the provided $plain_text string
 * @return string  resulting has from provided values
 */
function generate_hash ($plain_text, $salt = null) {
 
	if ($salt === null) {
		$salt = substr(md5(uniqid(rand(), true)), 0, 12);
	} else {
		$salt = substr($salt, 0, 12);
	}
 
	return $salt . sha1($salt . $plain_text);
 
}
 
/**
 * Generate Random String
 * 
 * Generates a random string of characters
 *
 * @param int  $length the length of the random string returned
 * @param string  $valid_chars to compare with the provided $plain_text string
 * @return string  resulting has from provided values
 */
function random_string( $length = 8, $valid_chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890' ) {
    // Starter Variables
    $random_string = "";
 
    // count the number of chars in the valid chars string so we know how many choices we have
    $num_valid_chars = strlen($valid_chars);
 
    // repeat the steps until we've created a string of the right length
    for ($i = 0; $i < $length; $i++)
    {
        // pick a random number from 1 up to the number of valid chars
        $random_pick = mt_rand(1, $num_valid_chars);
 
        // take the random character out of the string of valid chars
        // subtract 1 from $random_pick because strings are indexed starting at 0, and we started picking at 1
        $random_char = $valid_chars[$random_pick-1];
 
        // add the randomly-chosen char onto the end of our string so far
        $random_string .= $random_char;
    }
 
    // return our finished random string
    return $random_string;
}
 
/**
 * General data sanitization
 * 
 * Useful for form submissions, this function will take a string or an array of strings 
 * and sanitize the data therein by stripping out script/html/style/comment tags. Also 
 * strips slashes and does a mysql_real_escape_string
 *
 * @param array|string  data to sanitize, can either be a single string or array
 * @return array|string  returns a sanitized version of the input
 */
function sanitize($input) {
 
	$search = array(
		'@<script[^>]*?>.*?</script>@si',   // Strip out javascript
		'@<[\/\!]*?[^<>]*?>@si',            // Strip out HTML tags
		'@<style[^>]*?>.*?</style>@siU',    // Strip style tags properly
		'@<![\s\S]*?--[ \t\n\r]*>@'         // Strip multi-line comments
	);
 
	if (is_array($input)) {
		foreach($input as $var=>$val) {
			$output[$var] = sanitize($val);
		}
	}
	else {
		if (get_magic_quotes_gpc()) {
			$input = stripslashes($input);
		}
		$input  = preg_replace($search, '', $input);
		$output = mysql_real_escape_string($input);
	}
	return $output;
}