/web/trunk/forum/common.php
PHP | 421 lines | 381 code | 21 blank | 19 comment | 2 complexity | 0420603986b15f0d479b2d33b64b0347 MD5 | raw file
1<?php 2 if ( defined( "_COMMON_PHP" ) ) return; 3 define("_COMMON_PHP", 1 ); 4 5 // These variables may be altered as needed: 6 7 // location where settings are stored 8 $settings_dir="/home/groups/e/ex/exult/.phorum"; // no ending slash 9 10 // If you have dynamic vars for GET and POST to pass on: 11 // AddGetPostVars("dummy", $dummy); 12 13 14 15////////////////////////////////////////////////////////////////////////////////////////// 16// End of normally user-defined variables 17////////////////////////////////////////////////////////////////////////////////////////// 18 19 20 // See the FAQ on what this does. Normally not important. 21 // **TODO: make this a define and figure out where we really need it. 22 $cutoff = 800; 23 24 $phorumver="3.3.2c"; 25 26 // all available db-files 27 $dbtypes = array( 28 'mysql' => "MySQL", 29 'postgresql65' => "PostgreSQL 6.5 or newer", 30 'postgresql' => "PostgreSQL (older than 6.5)" 31 ); 32 33 // handle configs that have register_globals turned off. 34 // we use $PHP_SELF as the test since it should always be there. 35 // We might need to consider not using globals soon. 36 if(!isset($PHP_SELF)) { 37 include ("./include/register_globals.php"); 38 } 39 40 // *** Some Defines *** 41 42 // security 43 define("SEC_NONE", 0); 44 define("SEC_OPTIONAL", 1); 45 define("SEC_POST", 2); 46 define("SEC_ALL", 3); 47 48 // signature 49 define("PHORUM_SIG_MARKER", "[%sig%]"); 50 51 // thread flags 52 define("FLG_FROZEN", 1); 53 define("FLG_MODERATED", 2); //not yet implemented 54 define("FLG_UNMODERATED", 4); //not yet implemented 55 define("FLG_KEEPONTOP", 8); //not yet implemented 56 57 58 // **TODO: move all this into the admin 59 $GetVars=""; 60 $PostVars=""; 61 function AddGetPostVars($var, $value){ 62 global $GetVars; 63 global $PostVars; 64 $var=urlencode($var); 65 $value=urlencode($value); 66 $GetVars.="&"; 67 $GetVars.="$var=$value"; 68 $PostVars.="<input type=\"hidden\" name=\"$var\" value=\"$value\">\n"; 69 } 70 71 function AddPostVar($var, $value){ 72 AddGetPostVars($var, $value); 73 } 74 75 function AddGetVar($var, $value){ 76 AddGetPostVars($var, $value); 77 } 78 79 // **TODO: switch to get_html_translation_table 80 function undo_htmlspecialchars($string){ 81 82 $string = str_replace("&", "&", $string); 83 $string = str_replace(""", "\"", $string); 84 $string = str_replace("<", "<", $string); 85 $string = str_replace(">", ">", $string); 86 87 return $string; 88 } 89 90 function htmlencode($string){ 91 $ret_string=""; 92 $len=strlen($string); 93 for($x=0;$x<$len;$x++){ 94 $ord=ord($string[$x]); 95 $ret_string .= "&#$ord;"; 96 } 97 return $ret_string; 98 } 99 100 function my_nl2br($str){ 101 return str_replace("><br />", ">", nl2br($str)); 102 } 103 104 function bgcolor($color){ 105 return ($color!="") ? " bgcolor=\"".$color."\"" : ""; 106 } 107 108 // **TODO: replace with wordwrap soon. Will require some changes to the calls. 109 function textwrap ($String, $breaksAt = 78, $breakStr = "\n", $padStr="") { 110 111 $newString=""; 112 $lines=explode($breakStr, $String); 113 $cnt=count($lines); 114 for($x=0;$x<$cnt;$x++){ 115 if(strlen($lines[$x])>$breaksAt){ 116 $str=$lines[$x]; 117 while(strlen($str)>$breaksAt){ 118 $pos=strrpos(chop(substr($str, 0, $breaksAt)), " "); 119 if ($pos == false) { 120 break; 121 } 122 $newString.=$padStr.substr($str, 0, $pos).$breakStr; 123 $str=trim(substr($str, $pos)); 124 } 125 $newString.=$padStr.$str.$breakStr; 126 } 127 else{ 128 $newString.=$padStr.$lines[$x].$breakStr; 129 } 130 } 131 return $newString; 132 133 } // end textwrap() 134 135 // **TODO: replace with a better function that optionally checks the MX record 136 function is_email($email){ 137 $ret=false; 138 if(function_exists("preg_match") && preg_match("/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*$/i", $email)){ 139 $ret=true; 140 } 141 elseif(eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*$", $email)){ 142 $ret=true; 143 } 144 145 return $ret; 146 } 147 148 // passed to array_walk in read.php and list.php 149 // **TODO: replace using array_flip 150 function explode_haveread($var){ 151 global $haveread; 152 $haveread[$var]=true; 153 } 154 155 // these two function would be better served as a class. 156 function addnav(&$var, $text, $url){ 157 $var[$text]=$url; 158 } 159 160 function getnav($var, $splitter=" | ", $usefont=true){ 161 global $default_nav_font_color, $ForumNavFontColor; 162 if(isset($ForumNavFontColor)){ 163 $color=$ForumNavFontColor; 164 } 165 else{ 166 $color=$default_nav_font_color; 167 } 168 $menu=array(); 169 while(list($text, $url)=each($var)){ 170 if($usefont) $text="<FONT color='$color' class=\"PhorumNav\">$text</font>"; 171 $menu[]="<a href=\"$url\">$text</a>"; 172 } 173 $nav=implode($splitter, $menu); 174 if($usefont) 175 $nav="<FONT color='$color' class=\"PhorumNav\"> ".$nav." </font>"; 176 return $nav; 177 } 178 179 // These functions exist in PHP 4.0.3 and up. 180 // **TODO: This will go away when we move to PHP4 only. 181 if(!function_exists("is_uploaded_file")){ 182 183 function is_uploaded_file($filename) { 184 $ret=false; 185 if(dirname($filename)==dirname(tempnam(get_cfg_var("upload_tmp_dir"), ''))){ 186 $ret=true; 187 } 188 return $ret; 189 } 190 191 function move_uploaded_file($old_filename, $new_filename) { 192 $ret=false; 193 if(is_uploaded_file($old_filename) && rename($old_filename,$new_filename)) { 194 $ret=true; 195 } 196 return $ret; 197 } 198 199 } 200 201 function phorum_login_user($sessid, $userid=0){ 202 global $DB, $q, $pho_main; 203 if(!isset($_COOKIE["phorum_auth"])){ 204 AddGetPostVars("phorum_auth", "$sessid"); 205 } 206 // **TODO: We should make this time configurable 207 SetCookie("phorum_auth", "$sessid", time()+86400*365); 208 if($userid){ 209 $SQL="update $pho_main"."_auth set sess_id='$sessid' where id=$userid"; 210 $q->query($DB, $SQL); 211 } 212 } 213 214 function phorum_get_file_name($type) 215 { 216 global $PHORUM; 217 settype($PHORUM["ForumConfigSuffix"], "string"); 218 switch($type){ 219 case "css": 220 $file="phorum.css"; 221 $custom="phorum_$PHORUM[ForumConfigSuffix].css"; 222 break; 223 case "header": 224 $file="$PHORUM[include]/header.php"; 225 $custom="$PHORUM[include]/header_$PHORUM[ForumConfigSuffix].php"; 226 break; 227 case "footer": 228 $file="$PHORUM[include]/footer.php"; 229 $custom="$PHORUM[include]/footer_$PHORUM[ForumConfigSuffix].php"; 230 break; 231 } 232 233 return (file_exists($custom)) ? $custom : $file; 234 } 235 236 237 function phorum_check_login($user, $pass) 238 { 239 global $q, $DB, $PHORUM; 240 241 if(!get_magic_quotes_gpc()) $user=addslashes($user); 242 243 $md5_pass=md5($pass); 244 245 $id=0; 246 $SQL="Select id from $PHORUM[auth_table] where username='$user' and password='$md5_pass'"; 247 $q->query($DB, $SQL); 248 if($q->numrows()==0 && function_exists("crypt")){ 249 // check for old crypt system 250 $crypt_pass=crypt($pass, substr($pass, 0, CRYPT_SALT_LENGTH)); 251 $SQL="Select id from $PHORUM[auth_table] where username='$user' and password='$crypt_pass'"; 252 $q->query($DB, $SQL); 253 if($q->numrows()>0){ 254 // update password to md5. 255 $SQL="Update $PHORUM[auth_table] set password='$md5_pass' where username='$user'"; 256 $q->query($DB, $SQL); 257 } 258 } 259 260 if($q->numrows()>0){ 261 $id=$q->field("id", 0); 262 } 263 264 return $id; 265 } 266 267 function phorum_session_id($username, $password) 268 { 269 return md5($username.$password.microtime()); 270 } 271 272 // variable initialization function 273 // **TODO: need to scrap this function and just use settype() 274 function initvar($varname, $value=''){ 275 global $$varname; 276 if(!isset($$varname)) 277 $$varname=$value; 278 return $$varname; 279 } 280 281 // set a sensible error level for including some stuff: 282 $old_err_level = error_reporting (E_ERROR | E_WARNING | E_PARSE); 283 284 // go ahead and unset/check these to evade hack attempts. 285 unset($phorum_user); 286 unset($PHORUM); 287 settype($f, "integer"); 288 settype($num, "integer"); 289 $num = (empty($num)) ? $f : $num; 290 $f = (empty($f)) ? $num : $f; 291 292 // include forums.php 293 294 // the most important variables 295 $PHORUM["settings"]="$settings_dir/forums.php"; 296 $PHORUM["settings_backup"]="$settings_dir/forums.bak.php"; 297 298 if(!file_exists($PHORUM["settings"])){ 299 echo "<html><head><title>Phorum Error</title></head><body>Phorum could not load the settings file ($PHORUM[settings]).<br />If you are just installing Phorum, please go to the admin to complete the install. Otherwise, see the faq for other reasons you could see this message.</body></html>"; 300 exit(); 301 } 302 303 include ($PHORUM["settings"]); 304 305 // set some PHORUM vars 306 $PHORUM["auth_table"]=$PHORUM["main_table"]."_auth"; 307 $PHORUM["mod_table"]=$PHORUM["main_table"]."_moderators"; 308 $PHORUM["settings_dir"]=$settings_dir; 309 $PHORUM["include"]="./include"; 310 311 // **TODO: remove legacy code 312 $include_path=$PHORUM["include"]; 313 $pho_main=$PHORUM['main_table']; 314 315 // include abstraction layer and check if its defined 316 if(!defined("PHORUM_ADMIN") && (empty($PHORUM["dbtype"]) || !file_exists("./db/$PHORUM[dbtype].php"))){ 317 echo "<html><head><title>Phorum Error</title></head><body>Something is wrong. You need to edit common.php and select a database.</body></html>"; 318 exit(); 319 } 320 321 include ("./db/$dbtype.php"); 322 323 324 // create database classes 325 $DB = new db(); 326 327 // check if database is already configured or if we are in the admin 328 if ( defined( "_DB_LAYER" ) && $PHORUM["DatabaseName"]!=''){ 329 // this code below has to be this way for some weird reason. Otherwise\n"; 330 // connecting on a different port won't work.\n"; 331 $DB->open($PHORUM["DatabaseName"], implode(':', explode(':', $PHORUM["DatabaseServer"])), $PHORUM["DatabaseUser"], $PHORUM["DatabasePassword"]); 332 } elseif(!defined("PHORUM_ADMIN")) { 333 echo "<html><head><title>Phorum Error</title></head><body>You need to go to the admin and fix your database settings.</body></html>"; 334 exit(); 335 } 336 337 //dummy query for generic operations 338 $q = new query($DB); 339 if(!is_object($q)){ 340 echo "<html><head><title>Phorum Error</title></head><body>Unkown error creating $q.</body></html>"; 341 exit(); 342 } 343 344 345 if(!empty($f)){ 346 if(file_exists("$PHORUM[settings_dir]/$f.php")){ 347 include "$PHORUM[settings_dir]/$f.php"; 348 if($ForumLang!=""){ 349 include ("./".$ForumLang); 350 } else { 351 include ("./".$default_lang); 352 } 353 } 354 else{ 355 header("Location: $forum_url/$forum_page.$ext"); 356 exit(); 357 } 358 } 359 else { 360 include ("./".$default_lang); 361 include ($include_path."/blankset.php"); 362 } 363 364 if(!$PHORUM["started"] && !defined("PHORUM_ADMIN")){ 365 Header("Location: $forum_url/$down_page.$ext"); 366 exit(); 367 } 368 369 if(!defined("PHORUM_ADMIN") && $DB->connect_id){ 370 // check security 371 if($ForumFolder==1 || $f==0){ 372 $SQL="Select max(security) as sec from $pho_main"; 373 $q->query($DB, $SQL); 374 $max_sec=$q->field("sec", 0); 375 } 376 if(($ForumSecurity!=SEC_NONE || (($ForumFolder==1 || $f==0) && $max_sec>0)) && isset($phorum_auth)){ 377 $SQL="Select * from $PHORUM[auth_table] where sess_id='$phorum_auth'"; 378 $q->query($DB, $SQL); 379 $phorum_user=$q->getrow(); 380 if(isset($phorum_user["id"])){ 381 $SQL="Select forum_id from $PHORUM[mod_table] where (forum_id=$f or forum_id=0) and user_id=$phorum_user[id]"; 382 $q->query($DB, $SQL); 383 $phorum_user["moderator"] = ($q->numrows()>0) ? true : false; 384 if(!isset($_COOKIE["phorum_auth"])){ 385 AddGetPostVars("phorum_auth", "$phorum_auth"); 386 } 387 } 388 } 389 390 if(!isset($phorum_user["id"]) && isset($phorum_auth)) unset($phorum_auth); 391 392 if($ForumSecurity==SEC_ALL && empty($phorum_auth)){ 393 header("Location: $forum_url/login.$ext?target=".urlencode($REQUEST_URI)); 394 exit(); 395 } 396 397 // load plugins 398 unset($plugins); 399 $plugins = array( 400 "read_body" => array(), 401 "read_header" => array() 402 ); 403 404 if(isset($PHORUM["plugins"])){ 405 $dir = opendir("./plugin/"); 406 while($plugindirname = readdir($dir)) { 407 if($plugindirname[0] != "." && @file_exists("./plugin/$plugindirname/plugin.php") && !empty($PHORUM["plugins"][$plugindirname])){ 408 include("./plugin/$plugindirname/plugin.php"); 409 } 410 } 411 } 412 } 413 414 // set the error level back to what it was. 415 error_reporting ($old_err_level); 416 417 // work-around SourceForge automatically sending an Expires header 418 // two days in the future 419 Header("Expires: Sat, 01 Jan 2000 00:00:00 GMT"); 420 421?>