home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
PC World 2005 April
/
PCWorld_2005-04_cd.bin
/
akce
/
web
/
phpbb2plus
/
phpBB2_plus_1.52.exe
/
phpBB2
/
common.php
< prev
next >
Wrap
PHP Script
|
2004-11-18
|
8KB
|
288 lines
<?php
/***************************************************************************
* common.php
* -------------------
* begin : Saturday, Feb 23, 2001
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
* $Id: common.php,v 1.74.2.10 2003/06/04 17:41:39 acydburn Exp $
*
*
***************************************************************************/
/***************************************************************************
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
***************************************************************************/
if ( !defined('IN_PHPBB') )
{
die("Hacking attempt");
}
//
error_reporting (E_ERROR | E_WARNING | E_PARSE); // This will NOT report uninitialized variables
set_magic_quotes_runtime(0); // Disable magic_quotes_runtime
// The following code (unsetting globals) was contributed by Matt Kavanagh
// PHP5 with register_long_arrays off?
if (!isset($HTTP_POST_VARS) && isset($_POST))
{
$HTTP_POST_VARS = $_POST;
$HTTP_GET_VARS = $_GET;
$HTTP_SERVER_VARS = $_SERVER;
$HTTP_COOKIE_VARS = $_COOKIE;
$HTTP_ENV_VARS = $_ENV;
$HTTP_POST_FILES = $_FILES;
// _SESSION is the only superglobal which is conditionally set
if (isset($_SESSION))
{
$HTTP_SESSION_VARS = $_SESSION;
}
}
if (@phpversion() < '4.0.0')
{
// PHP3 path; in PHP3, globals are _always_ registered
// We 'flip' the array of variables to test like this so that
// we can validate later with isset($test[$var]) (no in_array())
$test = array('HTTP_GET_VARS' => NULL, 'HTTP_POST_VARS' => NULL, 'HTTP_COOKIE_VARS' => NULL, 'HTTP_SERVER_VARS' => NULL, 'HTTP_ENV_VARS' => NULL, 'HTTP_POST_FILES' => NULL);
// Loop through each input array
@reset($test);
while (list($input,) = @each($test))
{
while (list($var,) = @each($$input))
{
// Validate the variable to be unset
if (!isset($test[$var]) && $var != 'test' && $var != 'input')
{
unset($$var);
}
}
}
}
else if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on')
{
// PHP4+ path
// Not only will array_merge give a warning if a parameter
// is not an array, it will actually fail. So we check if
// HTTP_SESSION_VARS has been initialised.
if (!isset($HTTP_SESSION_VARS))
{
$HTTP_SESSION_VARS = array();
}
// Merge all into one extremely huge array; unset
// this later
$input = array_merge($HTTP_GET_VARS, $HTTP_POST_VARS, $HTTP_COOKIE_VARS, $HTTP_SERVER_VARS, $HTTP_SESSION_VARS, $HTTP_ENV_VARS, $HTTP_POST_FILES);
unset($input['input']);
while (list($var,) = @each($input))
{
unset($$var);
}
unset($input);
}
//
// addslashes to vars if magic_quotes_gpc is off
// this is a security precaution to prevent someone
// trying to break out of a SQL statement.
//
if( !get_magic_quotes_gpc() )
{
if( is_array($HTTP_GET_VARS) )
{
while( list($k, $v) = each($HTTP_GET_VARS) )
{
if( is_array($HTTP_GET_VARS[$k]) )
{
while( list($k2, $v2) = each($HTTP_GET_VARS[$k]) )
{
$HTTP_GET_VARS[$k][$k2] = addslashes($v2);
}
@reset($HTTP_GET_VARS[$k]);
}
else
{
$HTTP_GET_VARS[$k] = addslashes($v);
}
}
@reset($HTTP_GET_VARS);
}
if( is_array($HTTP_POST_VARS) )
{
while( list($k, $v) = each($HTTP_POST_VARS) )
{
if( is_array($HTTP_POST_VARS[$k]) )
{
while( list($k2, $v2) = each($HTTP_POST_VARS[$k]) )
{
$HTTP_POST_VARS[$k][$k2] = addslashes($v2);
}
@reset($HTTP_POST_VARS[$k]);
}
else
{
$HTTP_POST_VARS[$k] = addslashes($v);
}
}
@reset($HTTP_POST_VARS);
}
if( is_array($HTTP_COOKIE_VARS) )
{
while( list($k, $v) = each($HTTP_COOKIE_VARS) )
{
if( is_array($HTTP_COOKIE_VARS[$k]) )
{
while( list($k2, $v2) = each($HTTP_COOKIE_VARS[$k]) )
{
$HTTP_COOKIE_VARS[$k][$k2] = addslashes($v2);
}
@reset($HTTP_COOKIE_VARS[$k]);
}
else
{
$HTTP_COOKIE_VARS[$k] = addslashes($v);
}
}
@reset($HTTP_COOKIE_VARS);
}
}
//
// Define some basic configuration arrays this also prevents
// malicious rewriting of language and otherarray values via
// URI params
//
$board_config = array();
$plus_config = array();
$userdata = array();
$theme = array();
$images = array();
$lang = array();
$nav_links = array();
$gen_simple_header = FALSE;
include($phpbb_root_path . 'config.'.$phpEx);
if( !defined("PHPBB_INSTALLED") )
{
header("Location: install/install.$phpEx");
exit;
}
include($phpbb_root_path . 'includes/constants.'.$phpEx);
include($phpbb_root_path . 'includes/template.'.$phpEx);
include($phpbb_root_path . 'includes/sessions.'.$phpEx);
include($phpbb_root_path . 'includes/auth.'.$phpEx);
//-- mod : categories hierarchy --------------------------------------------------------------------
//-- add
include_once( $phpbb_root_path . './includes/functions_categories_hierarchy.' . $phpEx );
//-- fin mod : categories hierarchy ----------------------------------------------------------------
include($phpbb_root_path . 'includes/functions.'.$phpEx);
include($phpbb_root_path . 'includes/db.'.$phpEx);
//
// Obtain and encode users IP
//
// I'm removing HTTP_X_FORWARDED_FOR ... this may well cause other problems such as
// private range IP's appearing instead of the guilty routable IP, tough, don't
// even bother complaining ... go scream and shout at the idiots out there who feel
// "clever" is doing harm rather than good ... karma is a great thing ... :)
//
$client_ip = ( !empty($HTTP_SERVER_VARS['REMOTE_ADDR']) ) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : ( ( !empty($HTTP_ENV_VARS['REMOTE_ADDR']) ) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : $REMOTE_ADDR );
$user_ip = encode_ip($client_ip);
//
// Setup forum wide options, if this fails
// then we output a CRITICAL_ERROR since
// basic forum information is not available
//
$sql = "SELECT *
FROM " . CONFIG_TABLE;
if( !($result = $db->sql_query($sql)) )
{
message_die(CRITICAL_ERROR, "Could not query config information", "", __LINE__, __FILE__, $sql);
}
while ( $row = $db->sql_fetchrow($result) )
{
$board_config[$row['config_name']] = $row['config_value'];
}
$sql = "SELECT *
FROM " . PLUS_TABLE;
if( !($result = $db->sql_query($sql)) )
{
message_die(CRITICAL_ERROR, "Could not query Plus-Config information", "", __LINE__, __FILE__, $sql);
}
while ( $row = $db->sql_fetchrow($result) )
{
$plus_config[$row['config_name']] = $row['config_value'];
}
include($phpbb_root_path . 'attach_mod/attachment_mod.'.$phpEx);
if (file_exists('install') || file_exists('contrib'))
{
message_die(GENERAL_MESSAGE, 'Please ensure both the install/ and contrib/ directories are deleted');
}
//
// Show 'Board is disabled' message if needed.
//
if( $board_config['board_disable'] && !defined("IN_ADMIN") && !defined("IN_LOGIN") )
{
if ( $board_config['board_disable_msg'] != "" )
{
message_die(GENERAL_MESSAGE, $board_config['board_disable_msg'], 'Information');
}
else
{
message_die(GENERAL_MESSAGE, 'Board_disable', 'Information');
}
}
$sql = "SELECT user_id, user_color_group, username FROM " . USERS_TABLE;
if( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not read user color groups', '', __LINE__, __FILE__, $sql);
}
$colorusers = array();
$coloruname = array();
while ( $row = $db->sql_fetchrow($result) )
{
$userid = $row['user_id'];
$colorusers[$userid] = $row['user_color_group'];
$coloruname[$userid] = $row['username'];
}
$colorgroup = array();
$sql = "SELECT ug.user_id FROM " . USER_GROUP_TABLE . " ug, " . GROUPS_TABLE . " g
WHERE g.group_single_user = 0
AND g.group_id = ug.group_id
GROUP BY ug.user_id
ORDER BY ug.user_id";
if( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not read user color groups', '', __LINE__, __FILE__, $sql);
}
while ( $row = $db->sql_fetchrow($result) )
{
$colorgroup[] = $row['user_id'];
}
?>
