PageRenderTime 51ms CodeModel.GetById 22ms RepoModel.GetById 0ms app.codeStats 0ms

/web/trunk/forum/common.php

#
PHP | 421 lines | 381 code | 21 blank | 19 comment | 2 complexity | 0420603986b15f0d479b2d33b64b0347 MD5 | raw file
Possible License(s): GPL-2.0 
    

  1. <?php
    2. 

  2.   if ( defined( "_COMMON_PHP" ) ) return;
    3. 

  3.   define("_COMMON_PHP", 1 );
    4. 

  4. 

  5.   // These variables may be altered as needed:
    6. 

  6. 

  7.   // location where settings are stored
    8. 

  8.   $settings_dir="/home/groups/e/ex/exult/.phorum";  // no ending slash
    9. 

  9. 

  10.   // If you have dynamic vars for GET and POST to pass on:
    11. 

  11.   // AddGetPostVars("dummy", $dummy);
    12. 

  12. 

  13. 

  14. 

  15. //////////////////////////////////////////////////////////////////////////////////////////
    16. 

  16. // End of normally user-defined variables
    17. 

  17. //////////////////////////////////////////////////////////////////////////////////////////
    18. 

  18. 

  19. 

  20.   // See the FAQ on what this does.  Normally not important.
    21. 

  21.   // **TODO: make this a define and figure out where we really need it.
    22. 

  22.   $cutoff = 800;
    23. 

  23. 

  24.   $phorumver="3.3.2c";
    25. 

  25. 

  26.   // all available db-files
    27. 

  27.   $dbtypes = array(
    28. 

  28.            'mysql' => "MySQL",
    29. 

  29.            'postgresql65' => "PostgreSQL 6.5 or newer",
    30. 

  30.            'postgresql' => "PostgreSQL (older than 6.5)"
    31. 

  31.            );
    32. 

  32. 

  33.   // handle configs that have register_globals turned off.
    34. 

  34.   // we use $PHP_SELF as the test since it should always be there.
    35. 

  35.   // We might need to consider not using globals soon.
    36. 

  36.   if(!isset($PHP_SELF)) {
    37. 

  37.      include ("./include/register_globals.php");
    38. 

  38.   }
    39. 

  39. 

  40.   // *** Some Defines ***
    41. 

  41. 

  42.   // security
    43. 

  43.   define("SEC_NONE", 0);
    44. 

  44.   define("SEC_OPTIONAL", 1);
    45. 

  45.   define("SEC_POST", 2);
    46. 

  46.   define("SEC_ALL", 3);
    47. 

  47. 

  48.   // signature
    49. 

  49.   define("PHORUM_SIG_MARKER", "[%sig%]");
    50. 

  50. 

  51.   // thread flags
    52. 

  52.   define("FLG_FROZEN", 1);
    53. 

  53.   define("FLG_MODERATED", 2); //not yet implemented
    54. 

  54.   define("FLG_UNMODERATED", 4); //not yet implemented
    55. 

  55.   define("FLG_KEEPONTOP", 8); //not yet implemented
    56. 

  56. 

  57. 

  58.   // **TODO: move all this into the admin
    59. 

  59.   $GetVars="";
    60. 

  60.   $PostVars="";
    61. 

  61.   function AddGetPostVars($var, $value){
    62. 

  62.     global $GetVars;
    63. 

  63.     global $PostVars;
    64. 

  64.     $var=urlencode($var);
    65. 

  65.     $value=urlencode($value);
    66. 

  66.     $GetVars.="&";
    67. 

  67.     $GetVars.="$var=$value";
    68. 

  68.     $PostVars.="<input type=\"hidden\" name=\"$var\" value=\"$value\">\n";
    69. 

  69.   }
    70. 

  70. 

  71.   function AddPostVar($var, $value){
    72. 

  72.     AddGetPostVars($var, $value);
    73. 

  73.   }
    74. 

  74. 

  75.   function AddGetVar($var, $value){
    76. 

  76.     AddGetPostVars($var, $value);
    77. 

  77.   }
    78. 

  78. 

  79.   // **TODO: switch to get_html_translation_table
    80. 

  80.   function undo_htmlspecialchars($string){
    81. 

  81. 

  82.     $string = str_replace("&amp;", "&", $string);
    83. 

  83.     $string = str_replace("&quot;", "\"", $string);
    84. 

  84.     $string = str_replace("&lt;", "<", $string);
    85. 

  85.     $string = str_replace("&gt;", ">", $string);
    86. 

  86. 

  87.     return $string;
    88. 

  88.   }
    89. 

  89. 

  90.   function htmlencode($string){
    91. 

  91.     $ret_string="";
    92. 

  92.     $len=strlen($string);
    93. 

  93.     for($x=0;$x<$len;$x++){
    94. 

  94.       $ord=ord($string[$x]);
    95. 

  95.       $ret_string .= "&#$ord;";
    96. 

  96.     }
    97. 

  97.     return $ret_string;
    98. 

  98.   }
    99. 

  99. 

  100.   function my_nl2br($str){
    101. 

  101.     return str_replace("><br />", ">", nl2br($str));
    102. 

  102.   }
    103. 

  103. 

  104.   function bgcolor($color){
    105. 

  105.     return ($color!="") ? " bgcolor=\"".$color."\"" : "";
    106. 

  106.   }
    107. 

  107. 

  108.   // **TODO: replace with wordwrap soon. Will require some changes to the calls.
    109. 

  109.   function textwrap ($String, $breaksAt = 78, $breakStr = "\n", $padStr="") {
    110. 

  110. 

  111.     $newString="";
    112. 

  112.     $lines=explode($breakStr, $String);
    113. 

  113.     $cnt=count($lines);
    114. 

  114.     for($x=0;$x<$cnt;$x++){
    115. 

  115.       if(strlen($lines[$x])>$breaksAt){
    116. 

  116.         $str=$lines[$x];
    117. 

  117.         while(strlen($str)>$breaksAt){
    118. 

  118.           $pos=strrpos(chop(substr($str, 0, $breaksAt)), " ");
    119. 

  119.           if ($pos == false) {
    120. 

  120.             break;
    121. 

  121.           }
    122. 

  122.           $newString.=$padStr.substr($str, 0, $pos).$breakStr;
    123. 

  123.           $str=trim(substr($str, $pos));
    124. 

  124.         }
    125. 

  125.         $newString.=$padStr.$str.$breakStr;
    126. 

  126.       }
    127. 

  127.       else{
    128. 

  128.         $newString.=$padStr.$lines[$x].$breakStr;
    129. 

  129.       }
    130. 

  130.     }
    131. 

  131.     return $newString;
    132. 

  132. 

  133.   } // end textwrap()
    134. 

  134. 

  135.   // **TODO: replace with a better function that optionally checks the MX record
    136. 

  136.   function is_email($email){
    137. 

  137.     $ret=false;
    138. 

  138.     if(function_exists("preg_match") && preg_match("/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*$/i", $email)){
    139. 

  139.       $ret=true;
    140. 

  140.     }
    141. 

  141.     elseif(eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*$", $email)){
    142. 

  142.       $ret=true;
    143. 

  143.     }
    144. 

  144. 

  145.     return $ret;
    146. 

  146.   }
    147. 

  147. 

  148.   // passed to array_walk in read.php and list.php
    149. 

  149.   // **TODO: replace using array_flip
    150. 

  150.   function explode_haveread($var){
    151. 

  151.     global $haveread;
    152. 

  152.     $haveread[$var]=true;
    153. 

  153.   }
    154. 

  154. 

  155.   // these two function would be better served as a class.
    156. 

  156.   function addnav(&$var, $text, $url){
    157. 

  157.     $var[$text]=$url;
    158. 

  158.   }
    159. 

  159. 

  160.   function getnav($var, $splitter="&nbsp;&nbsp;|&nbsp;&nbsp;", $usefont=true){
    161. 

  161.     global $default_nav_font_color, $ForumNavFontColor;
    162. 

  162.     if(isset($ForumNavFontColor)){
    163. 

  163.       $color=$ForumNavFontColor;
    164. 

  164.     }
    165. 

  165.     else{
    166. 

  166.       $color=$default_nav_font_color;
    167. 

  167.     }
    168. 

  168.     $menu=array();
    169. 

  169.     while(list($text, $url)=each($var)){
    170. 

  170.       if($usefont) $text="<FONT color='$color' class=\"PhorumNav\">$text</font>";
    171. 

  171.       $menu[]="<a href=\"$url\">$text</a>";
    172. 

  172.     }
    173. 

  173.     $nav=implode($splitter, $menu);
    174. 

  174.     if($usefont)
    175. 

  175.       $nav="<FONT color='$color' class=\"PhorumNav\">&nbsp;".$nav."&nbsp;</font>";
    176. 

  176.     return $nav;
    177. 

  177.   }
    178. 

  178. 

  179.   // These functions exist in PHP 4.0.3 and up.
    180. 

  180.   // **TODO: This will go away when we move to PHP4 only.
    181. 

  181.   if(!function_exists("is_uploaded_file")){
    182. 

  182. 

  183.     function is_uploaded_file($filename) {
    184. 

  184.       $ret=false;
    185. 

  185.       if(dirname($filename)==dirname(tempnam(get_cfg_var("upload_tmp_dir"), ''))){
    186. 

  186.         $ret=true;
    187. 

  187.       }
    188. 

  188.       return $ret;
    189. 

  189.     }
    190. 

  190. 

  191.     function move_uploaded_file($old_filename, $new_filename) {
    192. 

  192.       $ret=false;
    193. 

  193.       if(is_uploaded_file($old_filename) && rename($old_filename,$new_filename)) {
    194. 

  194.         $ret=true;
    195. 

  195.       }
    196. 

  196.       return $ret;
    197. 

  197.     }
    198. 

  198. 

  199.   }
    200. 

  200. 

  201.   function phorum_login_user($sessid, $userid=0){
    202. 

  202.     global $DB, $q, $pho_main;
    203. 

  203.     if(!isset($_COOKIE["phorum_auth"])){
    204. 

  204.       AddGetPostVars("phorum_auth", "$sessid");
    205. 

  205.     }
    206. 

  206.     // **TODO: We should make this time configurable
    207. 

  207.     SetCookie("phorum_auth", "$sessid", time()+86400*365);
    208. 

  208.     if($userid){
    209. 

  209.       $SQL="update $pho_main"."_auth set sess_id='$sessid' where id=$userid";
    210. 

  210.       $q->query($DB, $SQL);
    211. 

  211.     }
    212. 

  212.   }
    213. 

  213. 

  214.   function phorum_get_file_name($type)
    215. 

  215.   {
    216. 

  216.     global $PHORUM;
    217. 

  217.     settype($PHORUM["ForumConfigSuffix"], "string");
    218. 

  218.     switch($type){
    219. 

  219.         case "css":
    220. 

  220.             $file="phorum.css";
    221. 

  221.             $custom="phorum_$PHORUM[ForumConfigSuffix].css";
    222. 

  222.             break;
    223. 

  223.         case "header":
    224. 

  224.             $file="$PHORUM[include]/header.php";
    225. 

  225.             $custom="$PHORUM[include]/header_$PHORUM[ForumConfigSuffix].php";
    226. 

  226.             break;
    227. 

  227.         case "footer":
    228. 

  228.             $file="$PHORUM[include]/footer.php";
    229. 

  229.             $custom="$PHORUM[include]/footer_$PHORUM[ForumConfigSuffix].php";
    230. 

  230.             break;
    231. 

  231.     }
    232. 

  232. 

  233.     return (file_exists($custom)) ? $custom : $file;
    234. 

  234.   }
    235. 

  235. 

  236. 

  237.   function phorum_check_login($user, $pass)
    238. 

  238.   {
    239. 

  239.     global $q, $DB, $PHORUM;
    240. 

  240. 

  241.     if(!get_magic_quotes_gpc()) $user=addslashes($user);
    242. 

  242. 

  243.     $md5_pass=md5($pass);
    244. 

  244. 

  245.     $id=0;
    246. 

  246.     $SQL="Select id from $PHORUM[auth_table] where username='$user' and password='$md5_pass'";
    247. 

  247.     $q->query($DB, $SQL);
    248. 

  248.     if($q->numrows()==0 && function_exists("crypt")){
    249. 

  249.         // check for old crypt system
    250. 

  250.         $crypt_pass=crypt($pass, substr($pass, 0, CRYPT_SALT_LENGTH));
    251. 

  251.         $SQL="Select id from $PHORUM[auth_table] where username='$user' and password='$crypt_pass'";
    252. 

  252.         $q->query($DB, $SQL);
    253. 

  253.         if($q->numrows()>0){
    254. 

  254.             // update password to md5.
    255. 

  255.             $SQL="Update $PHORUM[auth_table] set password='$md5_pass' where username='$user'";
    256. 

  256.             $q->query($DB, $SQL);
    257. 

  257.         }
    258. 

  258.     }
    259. 

  259. 

  260.     if($q->numrows()>0){
    261. 

  261.         $id=$q->field("id", 0);
    262. 

  262.     }
    263. 

  263. 

  264.     return $id;
    265. 

  265.   }
    266. 

  266. 

  267.   function phorum_session_id($username, $password)
    268. 

  268.   {
    269. 

  269.     return md5($username.$password.microtime());
    270. 

  270.   }
    271. 

  271. 

  272.   // variable initialization function
    273. 

  273.   // **TODO: need to scrap this function and just use settype()
    274. 

  274.   function initvar($varname, $value=''){
    275. 

  275.     global $$varname;
    276. 

  276.     if(!isset($$varname))
    277. 

  277.       $$varname=$value;
    278. 

  278.     return $$varname;
    279. 

  279.   }
    280. 

  280. 

  281.   // set a sensible error level for including some stuff:
    282. 

  282.   $old_err_level = error_reporting (E_ERROR | E_WARNING | E_PARSE);
    283. 

  283. 

  284.   // go ahead and unset/check these to evade hack attempts.
    285. 

  285.   unset($phorum_user);
    286. 

  286.   unset($PHORUM);
    287. 

  287.   settype($f, "integer");
    288. 

  288.   settype($num, "integer");
    289. 

  289.   $num = (empty($num)) ? $f : $num;
    290. 

  290.   $f = (empty($f)) ? $num : $f;
    291. 

  291. 

  292.   // include forums.php
    293. 

  293. 

  294.   // the most important variables
    295. 

  295.   $PHORUM["settings"]="$settings_dir/forums.php";
    296. 

  296.   $PHORUM["settings_backup"]="$settings_dir/forums.bak.php";
    297. 

  297. 

  298.   if(!file_exists($PHORUM["settings"])){
    299. 

  299.     echo "<html><head><title>Phorum Error</title></head><body>Phorum could not load the settings file ($PHORUM[settings]).<br />If you are just installing Phorum, please go to the admin to complete the install.  Otherwise, see the faq for other reasons you could see this message.</body></html>";
    300. 

  300.     exit();
    301. 

  301.   }
    302. 

  302. 

  303.   include ($PHORUM["settings"]);
    304. 

  304. 

  305.   // set some PHORUM vars
    306. 

  306.   $PHORUM["auth_table"]=$PHORUM["main_table"]."_auth";
    307. 

  307.   $PHORUM["mod_table"]=$PHORUM["main_table"]."_moderators";
    308. 

  308.   $PHORUM["settings_dir"]=$settings_dir;
    309. 

  309.   $PHORUM["include"]="./include";
    310. 

  310. 

  311.   // **TODO: remove legacy code
    312. 

  312.   $include_path=$PHORUM["include"];
    313. 

  313.   $pho_main=$PHORUM['main_table'];
    314. 

  314. 

  315.   // include abstraction layer and check if its defined
    316. 

  316.   if(!defined("PHORUM_ADMIN") && (empty($PHORUM["dbtype"]) || !file_exists("./db/$PHORUM[dbtype].php"))){
    317. 

  317.     echo "<html><head><title>Phorum Error</title></head><body>Something is wrong.  You need to edit common.php and select a database.</body></html>";
    318. 

  318.     exit();
    319. 

  319.   }
    320. 

  320. 

  321.   include ("./db/$dbtype.php");
    322. 

  322. 

  323. 

  324.   // create database classes
    325. 

  325.   $DB = new db();
    326. 

  326. 

  327.   // check if database is already configured or if we are in the admin
    328. 

  328.   if ( defined( "_DB_LAYER" ) && $PHORUM["DatabaseName"]!=''){
    329. 

  329.     // this code below has to be this way for some weird reason.  Otherwise\n";
    330. 

  330.     // connecting on a different port won't work.\n";
    331. 

  331.     $DB->open($PHORUM["DatabaseName"], implode(':', explode(':', $PHORUM["DatabaseServer"])), $PHORUM["DatabaseUser"], $PHORUM["DatabasePassword"]);
    332. 

  332.   } elseif(!defined("PHORUM_ADMIN")) {
    333. 

  333.     echo "<html><head><title>Phorum Error</title></head><body>You need to go to the admin and fix your database settings.</body></html>";
    334. 

  334.     exit();
    335. 

  335.   }
    336. 

  336. 

  337.   //dummy query for generic operations
    338. 

  338.   $q = new query($DB);
    339. 

  339.   if(!is_object($q)){
    340. 

  340.     echo "<html><head><title>Phorum Error</title></head><body>Unkown error creating $q.</body></html>";
    341. 

  341.     exit();
    342. 

  342.   }
    343. 

  343. 

  344. 

  345.   if(!empty($f)){
    346. 

  346.     if(file_exists("$PHORUM[settings_dir]/$f.php")){
    347. 

  347.       include "$PHORUM[settings_dir]/$f.php";
    348. 

  348.       if($ForumLang!=""){
    349. 

  349.         include ("./".$ForumLang);
    350. 

  350.       } else {
    351. 

  351.         include ("./".$default_lang);
    352. 

  352.       }
    353. 

  353.     }
    354. 

  354.     else{
    355. 

  355.       header("Location: $forum_url/$forum_page.$ext");
    356. 

  356.       exit();
    357. 

  357.     }
    358. 

  358.   }
    359. 

  359.   else {
    360. 

  360.     include ("./".$default_lang);
    361. 

  361.     include ($include_path."/blankset.php");
    362. 

  362.   }
    363. 

  363. 

  364.   if(!$PHORUM["started"] && !defined("PHORUM_ADMIN")){
    365. 

  365.     Header("Location: $forum_url/$down_page.$ext");
    366. 

  366.     exit();
    367. 

  367.   }
    368. 

  368. 

  369.   if(!defined("PHORUM_ADMIN") && $DB->connect_id){
    370. 

  370.      // check security
    371. 

  371.     if($ForumFolder==1 || $f==0){
    372. 

  372.         $SQL="Select max(security) as sec from $pho_main";
    373. 

  373.         $q->query($DB, $SQL);
    374. 

  374.         $max_sec=$q->field("sec", 0);
    375. 

  375.     }
    376. 

  376.     if(($ForumSecurity!=SEC_NONE || (($ForumFolder==1 || $f==0) && $max_sec>0)) && isset($phorum_auth)){
    377. 

  377.       $SQL="Select * from $PHORUM[auth_table] where sess_id='$phorum_auth'";
    378. 

  378.       $q->query($DB, $SQL);
    379. 

  379.       $phorum_user=$q->getrow();
    380. 

  380.       if(isset($phorum_user["id"])){
    381. 

  381.         $SQL="Select forum_id from $PHORUM[mod_table] where (forum_id=$f or forum_id=0) and user_id=$phorum_user[id]";
    382. 

  382.         $q->query($DB, $SQL);
    383. 

  383.         $phorum_user["moderator"] = ($q->numrows()>0) ? true : false;
    384. 

  384.         if(!isset($_COOKIE["phorum_auth"])){
    385. 

  385.           AddGetPostVars("phorum_auth", "$phorum_auth");
    386. 

  386.         }
    387. 

  387.       }
    388. 

  388.     }
    389. 

  389. 

  390.     if(!isset($phorum_user["id"]) && isset($phorum_auth))  unset($phorum_auth);
    391. 

  391. 

  392.     if($ForumSecurity==SEC_ALL && empty($phorum_auth)){
    393. 

  393.       header("Location: $forum_url/login.$ext?target=".urlencode($REQUEST_URI));
    394. 

  394.       exit();
    395. 

  395.     }
    396. 

  396. 

  397.     // load plugins
    398. 

  398.     unset($plugins);
    399. 

  399.     $plugins = array(
    400. 

  400.              "read_body"   => array(),
    401. 

  401.              "read_header" => array()
    402. 

  402.              );
    403. 

  403. 

  404.     if(isset($PHORUM["plugins"])){
    405. 

  405.       $dir = opendir("./plugin/");
    406. 

  406.       while($plugindirname = readdir($dir)) {
    407. 

  407.         if($plugindirname[0] != "." && @file_exists("./plugin/$plugindirname/plugin.php") && !empty($PHORUM["plugins"][$plugindirname])){
    408. 

  408.           include("./plugin/$plugindirname/plugin.php");
    409. 

  409.         }
    410. 

  410.       }
    411. 

  411.     }
    412. 

  412.   }
    413. 

  413. 

  414.   // set the error level back to what it was.
    415. 

  415.   error_reporting ($old_err_level);
    416. 

  416. 

  417.   // work-around SourceForge automatically sending an Expires header
    418. 

  418.   // two days in the future
    419. 

  419.   Header("Expires: Sat, 01 Jan 2000 00:00:00 GMT");
    420. 

  420. 

  421. ?>
    422. 

  422.