PageRenderTime 29ms CodeModel.GetById 7ms app.highlight 16ms RepoModel.GetById 1ms app.codeStats 1ms

/web/trunk/forum/common.php

#
PHP | 421 lines | 381 code | 21 blank | 19 comment | 2 complexity | 0420603986b15f0d479b2d33b64b0347 MD5 | raw file
  1<?php
  2  if ( defined( "_COMMON_PHP" ) ) return;
  3  define("_COMMON_PHP", 1 );
  4
  5  // These variables may be altered as needed:
  6
  7  // location where settings are stored
  8  $settings_dir="/home/groups/e/ex/exult/.phorum";  // no ending slash
  9
 10  // If you have dynamic vars for GET and POST to pass on:
 11  // AddGetPostVars("dummy", $dummy);
 12
 13
 14
 15//////////////////////////////////////////////////////////////////////////////////////////
 16// End of normally user-defined variables
 17//////////////////////////////////////////////////////////////////////////////////////////
 18
 19
 20  // See the FAQ on what this does.  Normally not important.
 21  // **TODO: make this a define and figure out where we really need it.
 22  $cutoff = 800;
 23
 24  $phorumver="3.3.2c";
 25
 26  // all available db-files
 27  $dbtypes = array(
 28           'mysql' => "MySQL",
 29           'postgresql65' => "PostgreSQL 6.5 or newer",
 30           'postgresql' => "PostgreSQL (older than 6.5)"
 31           );
 32
 33  // handle configs that have register_globals turned off.
 34  // we use $PHP_SELF as the test since it should always be there.
 35  // We might need to consider not using globals soon.
 36  if(!isset($PHP_SELF)) {
 37     include ("./include/register_globals.php");
 38  }
 39
 40  // *** Some Defines ***
 41
 42  // security
 43  define("SEC_NONE", 0);
 44  define("SEC_OPTIONAL", 1);
 45  define("SEC_POST", 2);
 46  define("SEC_ALL", 3);
 47
 48  // signature
 49  define("PHORUM_SIG_MARKER", "[%sig%]");
 50
 51  // thread flags
 52  define("FLG_FROZEN", 1);
 53  define("FLG_MODERATED", 2); //not yet implemented
 54  define("FLG_UNMODERATED", 4); //not yet implemented
 55  define("FLG_KEEPONTOP", 8); //not yet implemented
 56
 57
 58  // **TODO: move all this into the admin
 59  $GetVars="";
 60  $PostVars="";
 61  function AddGetPostVars($var, $value){
 62    global $GetVars;
 63    global $PostVars;
 64    $var=urlencode($var);
 65    $value=urlencode($value);
 66    $GetVars.="&";
 67    $GetVars.="$var=$value";
 68    $PostVars.="<input type=\"hidden\" name=\"$var\" value=\"$value\">\n";
 69  }
 70
 71  function AddPostVar($var, $value){
 72    AddGetPostVars($var, $value);
 73  }
 74
 75  function AddGetVar($var, $value){
 76    AddGetPostVars($var, $value);
 77  }
 78
 79  // **TODO: switch to get_html_translation_table
 80  function undo_htmlspecialchars($string){
 81
 82    $string = str_replace("&amp;", "&", $string);
 83    $string = str_replace("&quot;", "\"", $string);
 84    $string = str_replace("&lt;", "<", $string);
 85    $string = str_replace("&gt;", ">", $string);
 86
 87    return $string;
 88  }
 89
 90  function htmlencode($string){
 91    $ret_string="";
 92    $len=strlen($string);
 93    for($x=0;$x<$len;$x++){
 94      $ord=ord($string[$x]);
 95      $ret_string .= "&#$ord;";
 96    }
 97    return $ret_string;
 98  }
 99
100  function my_nl2br($str){
101    return str_replace("><br />", ">", nl2br($str));
102  }
103
104  function bgcolor($color){
105    return ($color!="") ? " bgcolor=\"".$color."\"" : "";
106  }
107
108  // **TODO: replace with wordwrap soon. Will require some changes to the calls.
109  function textwrap ($String, $breaksAt = 78, $breakStr = "\n", $padStr="") {
110
111    $newString="";
112    $lines=explode($breakStr, $String);
113    $cnt=count($lines);
114    for($x=0;$x<$cnt;$x++){
115      if(strlen($lines[$x])>$breaksAt){
116        $str=$lines[$x];
117        while(strlen($str)>$breaksAt){
118          $pos=strrpos(chop(substr($str, 0, $breaksAt)), " ");
119          if ($pos == false) {
120            break;
121          }
122          $newString.=$padStr.substr($str, 0, $pos).$breakStr;
123          $str=trim(substr($str, $pos));
124        }
125        $newString.=$padStr.$str.$breakStr;
126      }
127      else{
128        $newString.=$padStr.$lines[$x].$breakStr;
129      }
130    }
131    return $newString;
132
133  } // end textwrap()
134
135  // **TODO: replace with a better function that optionally checks the MX record
136  function is_email($email){
137    $ret=false;
138    if(function_exists("preg_match") && preg_match("/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*$/i", $email)){
139      $ret=true;
140    }
141    elseif(eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*$", $email)){
142      $ret=true;
143    }
144
145    return $ret;
146  }
147
148  // passed to array_walk in read.php and list.php
149  // **TODO: replace using array_flip
150  function explode_haveread($var){
151    global $haveread;
152    $haveread[$var]=true;
153  }
154
155  // these two function would be better served as a class.
156  function addnav(&$var, $text, $url){
157    $var[$text]=$url;
158  }
159
160  function getnav($var, $splitter="&nbsp;&nbsp;|&nbsp;&nbsp;", $usefont=true){
161    global $default_nav_font_color, $ForumNavFontColor;
162    if(isset($ForumNavFontColor)){
163      $color=$ForumNavFontColor;
164    }
165    else{
166      $color=$default_nav_font_color;
167    }
168    $menu=array();
169    while(list($text, $url)=each($var)){
170      if($usefont) $text="<FONT color='$color' class=\"PhorumNav\">$text</font>";
171      $menu[]="<a href=\"$url\">$text</a>";
172    }
173    $nav=implode($splitter, $menu);
174    if($usefont)
175      $nav="<FONT color='$color' class=\"PhorumNav\">&nbsp;".$nav."&nbsp;</font>";
176    return $nav;
177  }
178
179  // These functions exist in PHP 4.0.3 and up.
180  // **TODO: This will go away when we move to PHP4 only.
181  if(!function_exists("is_uploaded_file")){
182
183    function is_uploaded_file($filename) {
184      $ret=false;
185      if(dirname($filename)==dirname(tempnam(get_cfg_var("upload_tmp_dir"), ''))){
186        $ret=true;
187      }
188      return $ret;
189    }
190
191    function move_uploaded_file($old_filename, $new_filename) {
192      $ret=false;
193      if(is_uploaded_file($old_filename) && rename($old_filename,$new_filename)) {
194        $ret=true;
195      }
196      return $ret;
197    }
198
199  }
200
201  function phorum_login_user($sessid, $userid=0){
202    global $DB, $q, $pho_main;
203    if(!isset($_COOKIE["phorum_auth"])){
204      AddGetPostVars("phorum_auth", "$sessid");
205    }
206    // **TODO: We should make this time configurable
207    SetCookie("phorum_auth", "$sessid", time()+86400*365);
208    if($userid){
209      $SQL="update $pho_main"."_auth set sess_id='$sessid' where id=$userid";
210      $q->query($DB, $SQL);
211    }
212  }
213
214  function phorum_get_file_name($type)
215  {
216    global $PHORUM;
217    settype($PHORUM["ForumConfigSuffix"], "string");
218    switch($type){
219        case "css":
220            $file="phorum.css";
221            $custom="phorum_$PHORUM[ForumConfigSuffix].css";
222            break;
223        case "header":
224            $file="$PHORUM[include]/header.php";
225            $custom="$PHORUM[include]/header_$PHORUM[ForumConfigSuffix].php";
226            break;
227        case "footer":
228            $file="$PHORUM[include]/footer.php";
229            $custom="$PHORUM[include]/footer_$PHORUM[ForumConfigSuffix].php";
230            break;
231    }
232
233    return (file_exists($custom)) ? $custom : $file;
234  }
235
236
237  function phorum_check_login($user, $pass)
238  {
239    global $q, $DB, $PHORUM;
240
241    if(!get_magic_quotes_gpc()) $user=addslashes($user);
242
243    $md5_pass=md5($pass);
244
245    $id=0;
246    $SQL="Select id from $PHORUM[auth_table] where username='$user' and password='$md5_pass'";
247    $q->query($DB, $SQL);
248    if($q->numrows()==0 && function_exists("crypt")){
249        // check for old crypt system
250        $crypt_pass=crypt($pass, substr($pass, 0, CRYPT_SALT_LENGTH));
251        $SQL="Select id from $PHORUM[auth_table] where username='$user' and password='$crypt_pass'";
252        $q->query($DB, $SQL);
253        if($q->numrows()>0){
254            // update password to md5.
255            $SQL="Update $PHORUM[auth_table] set password='$md5_pass' where username='$user'";
256            $q->query($DB, $SQL);
257        }
258    }
259
260    if($q->numrows()>0){
261        $id=$q->field("id", 0);
262    }
263
264    return $id;
265  }
266
267  function phorum_session_id($username, $password)
268  {
269    return md5($username.$password.microtime());
270  }
271
272  // variable initialization function
273  // **TODO: need to scrap this function and just use settype()
274  function initvar($varname, $value=''){
275    global $$varname;
276    if(!isset($$varname))
277      $$varname=$value;
278    return $$varname;
279  }
280
281  // set a sensible error level for including some stuff:
282  $old_err_level = error_reporting (E_ERROR | E_WARNING | E_PARSE);
283
284  // go ahead and unset/check these to evade hack attempts.
285  unset($phorum_user);
286  unset($PHORUM);
287  settype($f, "integer");
288  settype($num, "integer");
289  $num = (empty($num)) ? $f : $num;
290  $f = (empty($f)) ? $num : $f;
291
292  // include forums.php
293
294  // the most important variables
295  $PHORUM["settings"]="$settings_dir/forums.php";
296  $PHORUM["settings_backup"]="$settings_dir/forums.bak.php";
297
298  if(!file_exists($PHORUM["settings"])){
299    echo "<html><head><title>Phorum Error</title></head><body>Phorum could not load the settings file ($PHORUM[settings]).<br />If you are just installing Phorum, please go to the admin to complete the install.  Otherwise, see the faq for other reasons you could see this message.</body></html>";
300    exit();
301  }
302
303  include ($PHORUM["settings"]);
304
305  // set some PHORUM vars
306  $PHORUM["auth_table"]=$PHORUM["main_table"]."_auth";
307  $PHORUM["mod_table"]=$PHORUM["main_table"]."_moderators";
308  $PHORUM["settings_dir"]=$settings_dir;
309  $PHORUM["include"]="./include";
310
311  // **TODO: remove legacy code
312  $include_path=$PHORUM["include"];
313  $pho_main=$PHORUM['main_table'];
314
315  // include abstraction layer and check if its defined
316  if(!defined("PHORUM_ADMIN") && (empty($PHORUM["dbtype"]) || !file_exists("./db/$PHORUM[dbtype].php"))){
317    echo "<html><head><title>Phorum Error</title></head><body>Something is wrong.  You need to edit common.php and select a database.</body></html>";
318    exit();
319  }
320
321  include ("./db/$dbtype.php");
322
323
324  // create database classes
325  $DB = new db();
326
327  // check if database is already configured or if we are in the admin
328  if ( defined( "_DB_LAYER" ) && $PHORUM["DatabaseName"]!=''){
329    // this code below has to be this way for some weird reason.  Otherwise\n";
330    // connecting on a different port won't work.\n";
331    $DB->open($PHORUM["DatabaseName"], implode(':', explode(':', $PHORUM["DatabaseServer"])), $PHORUM["DatabaseUser"], $PHORUM["DatabasePassword"]);
332  } elseif(!defined("PHORUM_ADMIN")) {
333    echo "<html><head><title>Phorum Error</title></head><body>You need to go to the admin and fix your database settings.</body></html>";
334    exit();
335  }
336
337  //dummy query for generic operations
338  $q = new query($DB);
339  if(!is_object($q)){
340    echo "<html><head><title>Phorum Error</title></head><body>Unkown error creating $q.</body></html>";
341    exit();
342  }
343
344
345  if(!empty($f)){
346    if(file_exists("$PHORUM[settings_dir]/$f.php")){
347      include "$PHORUM[settings_dir]/$f.php";
348      if($ForumLang!=""){
349        include ("./".$ForumLang);
350      } else {
351        include ("./".$default_lang);
352      }
353    }
354    else{
355      header("Location: $forum_url/$forum_page.$ext");
356      exit();
357    }
358  }
359  else {
360    include ("./".$default_lang);
361    include ($include_path."/blankset.php");
362  }
363
364  if(!$PHORUM["started"] && !defined("PHORUM_ADMIN")){
365    Header("Location: $forum_url/$down_page.$ext");
366    exit();
367  }
368
369  if(!defined("PHORUM_ADMIN") && $DB->connect_id){
370     // check security
371    if($ForumFolder==1 || $f==0){
372        $SQL="Select max(security) as sec from $pho_main";
373        $q->query($DB, $SQL);
374        $max_sec=$q->field("sec", 0);
375    }
376    if(($ForumSecurity!=SEC_NONE || (($ForumFolder==1 || $f==0) && $max_sec>0)) && isset($phorum_auth)){
377      $SQL="Select * from $PHORUM[auth_table] where sess_id='$phorum_auth'";
378      $q->query($DB, $SQL);
379      $phorum_user=$q->getrow();
380      if(isset($phorum_user["id"])){
381        $SQL="Select forum_id from $PHORUM[mod_table] where (forum_id=$f or forum_id=0) and user_id=$phorum_user[id]";
382        $q->query($DB, $SQL);
383        $phorum_user["moderator"] = ($q->numrows()>0) ? true : false;
384        if(!isset($_COOKIE["phorum_auth"])){
385          AddGetPostVars("phorum_auth", "$phorum_auth");
386        }
387      }
388    }
389
390    if(!isset($phorum_user["id"]) && isset($phorum_auth))  unset($phorum_auth);
391
392    if($ForumSecurity==SEC_ALL && empty($phorum_auth)){
393      header("Location: $forum_url/login.$ext?target=".urlencode($REQUEST_URI));
394      exit();
395    }
396
397    // load plugins
398    unset($plugins);
399    $plugins = array(
400             "read_body"   => array(),
401             "read_header" => array()
402             );
403
404    if(isset($PHORUM["plugins"])){
405      $dir = opendir("./plugin/");
406      while($plugindirname = readdir($dir)) {
407        if($plugindirname[0] != "." && @file_exists("./plugin/$plugindirname/plugin.php") && !empty($PHORUM["plugins"][$plugindirname])){
408          include("./plugin/$plugindirname/plugin.php");
409        }
410      }
411    }
412  }
413
414  // set the error level back to what it was.
415  error_reporting ($old_err_level);
416
417  // work-around SourceForge automatically sending an Expires header
418  // two days in the future
419  Header("Expires: Sat, 01 Jan 2000 00:00:00 GMT");
420
421?>