PageRenderTime 49ms CodeModel.GetById 21ms RepoModel.GetById 0ms app.codeStats 0ms

/public_html/old/phorum/common.php

https://gitlab.com/thejuskrishna/xmec
PHP | 469 lines | 431 code | 19 blank | 19 comment | 4 complexity | 08709e635febfe6b8ce073583a3cec16 MD5 | raw file
  1. <?php
  2. if ( defined( "_COMMON_PHP" ) ) return;
  3. define("_COMMON_PHP", 1 );
  4. // These variables may be altered as needed:
  5. // location where settings are stored
  6. $settings_dir="/usr163/home/x/m/xmec/settings/phorum_settings"; // no ending slash
  7. // If you have dynamic vars for GET and POST to pass on:
  8. // AddGetPostVars("dummy", $dummy);
  9. // Get all XMEC stuff...
  10. include_once ("../xmec.inc");
  11. XMEC::authenticate_user();
  12. $xmec_user =& XMEC::getUser();
  13. if ($xmec_user->isLoggedIn()) {
  14. $phorum_auth = $xmec_user->get('id');
  15. } else {
  16. $phorum_auth = NULL;
  17. }
  18. //////////////////////////////////////////////////////////////////////////////////////////
  19. // End of normally user-defined variables
  20. //////////////////////////////////////////////////////////////////////////////////////////
  21. // See the FAQ on what this does. Normally not important.
  22. // **TODO: make this a define and figure out where we really need it.
  23. $cutoff = 800;
  24. $phorumver="3.3.2a";
  25. // all available db-files
  26. $dbtypes = array(
  27. 'mysql' => "MySQL",
  28. 'postgresql65' => "PostgreSQL 6.5 or newer",
  29. 'postgresql' => "PostgreSQL (older than 6.5)"
  30. );
  31. // handle configs that have register_globals turned off.
  32. // we use $PHP_SELF as the test since it should always be there.
  33. // We might need to consider not using globals soon.
  34. if(!isset($PHP_SELF)) {
  35. include ("./include/register_globals.php");
  36. }
  37. // *** Some Defines ***
  38. // security
  39. define("SEC_NONE", 0);
  40. define("SEC_OPTIONAL", 1);
  41. define("SEC_POST", 2);
  42. define("SEC_ALL", 3);
  43. // signature
  44. define("PHORUM_SIG_MARKER", "[%sig%]");
  45. // **TODO: move all this into the admin
  46. $GetVars="";
  47. $PostVars="";
  48. function AddGetPostVars($var, $value){
  49. global $GetVars;
  50. global $PostVars;
  51. $var=urlencode($var);
  52. $value=urlencode($value);
  53. $GetVars.="&";
  54. $GetVars.="$var=$value";
  55. $PostVars.="<input type=\"hidden\" name=\"$var\" value=\"$value\">\n";
  56. }
  57. function AddPostVar($var, $value){
  58. AddGetPostVars($var, $value);
  59. }
  60. function AddGetVar($var, $value){
  61. AddGetPostVars($var, $value);
  62. }
  63. // **TODO: switch to get_html_translation_table
  64. function undo_htmlspecialchars($string){
  65. $string = str_replace("&amp;", "&", $string);
  66. $string = str_replace("&quot;", "\"", $string);
  67. $string = str_replace("&lt;", "<", $string);
  68. $string = str_replace("&gt;", ">", $string);
  69. return $string;
  70. }
  71. function htmlencode($string){
  72. $ret_string="";
  73. $len=strlen($string);
  74. for($x=0;$x<$len;$x++){
  75. $ord=ord($string[$x]);
  76. $ret_string .= "&#$ord;";
  77. }
  78. return $ret_string;
  79. }
  80. function my_nl2br($str){
  81. return str_replace("><br />", ">", nl2br($str));
  82. }
  83. function bgcolor($color){
  84. return ($color!="") ? " bgcolor=\"".$color."\"" : "";
  85. }
  86. // **TODO: replace with wordwrap soon. Will require some changes to the calls.
  87. function textwrap ($String, $breaksAt = 78, $breakStr = "\n", $padStr="") {
  88. $newString="";
  89. $lines=explode($breakStr, $String);
  90. $cnt=count($lines);
  91. for($x=0;$x<$cnt;$x++){
  92. if(strlen($lines[$x])>$breaksAt){
  93. $str=$lines[$x];
  94. while(strlen($str)>$breaksAt){
  95. $pos=strrpos(chop(substr($str, 0, $breaksAt)), " ");
  96. if ($pos == false) {
  97. break;
  98. }
  99. $newString.=$padStr.substr($str, 0, $pos).$breakStr;
  100. $str=trim(substr($str, $pos));
  101. }
  102. $newString.=$padStr.$str.$breakStr;
  103. }
  104. else{
  105. $newString.=$padStr.$lines[$x].$breakStr;
  106. }
  107. }
  108. return $newString;
  109. } // end textwrap()
  110. // **TODO: replace with a better function that optionally checks the MX record
  111. function is_email($email){
  112. $ret=false;
  113. if(function_exists("preg_match") && preg_match("/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*$/i", $email)){
  114. $ret=true;
  115. }
  116. elseif(eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*$", $email)){
  117. $ret=true;
  118. }
  119. return $ret;
  120. }
  121. // passed to array_walk in read.php and list.php
  122. // **TODO: replace using array_flip
  123. function explode_haveread($var){
  124. global $haveread;
  125. $haveread[$var]=true;
  126. }
  127. // these two function would be better served as a class.
  128. function addnav(&$var, $text, $url){
  129. $var[$text]=$url;
  130. }
  131. function getnav($var, $splitter="&nbsp;&nbsp;|&nbsp;&nbsp;", $usefont=true){
  132. global $default_nav_font_color, $ForumNavFontColor;
  133. if(isset($ForumNavFontColor)){
  134. $color=$ForumNavFontColor;
  135. }
  136. else{
  137. $color=$default_nav_font_color;
  138. }
  139. $menu=array();
  140. while(list($text, $url)=each($var)){
  141. if($usefont) $text="<FONT color='$color' class=\"PhorumNav\">$text</font>";
  142. $menu[]="<a href=\"$url\">$text</a>";
  143. }
  144. $nav=implode($splitter, $menu);
  145. if($usefont)
  146. $nav="<FONT color='$color' class=\"PhorumNav\">&nbsp;".$nav."&nbsp;</font>";
  147. return $nav;
  148. }
  149. // These functions exist in PHP 4.0.3 and up.
  150. // **TODO: This will go away when we move to PHP4 only.
  151. if(!function_exists("is_uploaded_file")){
  152. function is_uploaded_file($filename) {
  153. $ret=false;
  154. if(dirname($filename)==dirname(tempnam(get_cfg_var("upload_tmp_dir"), ''))){
  155. $ret=true;
  156. }
  157. return $ret;
  158. }
  159. function move_uploaded_file($old_filename, $new_filename) {
  160. $ret=false;
  161. if(is_uploaded_file($old_filename) && rename($old_filename,$new_filename)) {
  162. $ret=true;
  163. }
  164. return $ret;
  165. }
  166. }
  167. /* ***********************
  168. * removed as part of xmec changes
  169. * *********************************
  170. function phorum_login_user($sessid, $userid=0){
  171. global $DB, $q, $pho_main, $HTTP_COOKIE_VARS;
  172. if(!isset($HTTP_COOKIE_VARS["phorum_auth"])){
  173. AddGetPostVars("phorum_auth", "$sessid");
  174. }
  175. // **TODO: We should make this time configurable
  176. SetCookie("phorum_auth", "$sessid", time()+86400*365);
  177. if($userid){
  178. $SQL="update $pho_main"."_auth set sess_id='$sessid' where id=$userid";
  179. $q->query($DB, $SQL);
  180. }
  181. }
  182. * xmec changes - END
  183. ************************/
  184. function phorum_get_file_name($type)
  185. {
  186. global $PHORUM;
  187. settype($PHORUM["ForumConfigSuffix"], "string");
  188. switch($type){
  189. case "css":
  190. $file="phorum.css";
  191. $custom="phorum_$PHORUM[ForumConfigSuffix].css";
  192. break;
  193. case "header":
  194. $file="$PHORUM[include]/header.php";
  195. $custom="$PHORUM[include]/header_$PHORUM[ForumConfigSuffix].php";
  196. break;
  197. case "footer":
  198. $file="$PHORUM[include]/footer.php";
  199. $custom="$PHORUM[include]/footer_$PHORUM[ForumConfigSuffix].php";
  200. break;
  201. }
  202. return (file_exists($custom)) ? $custom : $file;
  203. }
  204. /* ***********************
  205. * removed as part of xmec changes
  206. * *********************************
  207. function phorum_check_login($user, $pass)
  208. {
  209. global $q, $DB, $PHORUM;
  210. if(!get_magic_quotes_gpc()) $user=addslashes($user);
  211. $md5_pass=md5($pass);
  212. $id=0;
  213. $SQL="Select id from $PHORUM[auth_table] where username='$user' and password='$md5_pass'";
  214. $q->query($DB, $SQL);
  215. if($q->numrows()==0 && function_exists("crypt")){
  216. // check for old crypt system
  217. $crypt_pass=crypt($pass, substr($pass, 0, CRYPT_SALT_LENGTH));
  218. $SQL="Select id from $PHORUM[auth_table] where username='$user' and password='$crypt_pass'";
  219. $q->query($DB, $SQL);
  220. if($q->numrows()>0){
  221. // update password to md5.
  222. $SQL="Update $PHORUM[auth_table] set password='$md5_pass' where username='$user'";
  223. $q->query($DB, $SQL);
  224. }
  225. }
  226. if($q->numrows()>0){
  227. $id=$q->field("id", 0);
  228. }
  229. return $id;
  230. }
  231. function phorum_session_id($username, $password)
  232. {
  233. return md5($username.$password.microtime());
  234. }
  235. * xmec changes - END
  236. *****************************/
  237. // variable initialization function
  238. // **TODO: need to scrap this function and just use settype()
  239. function initvar($varname, $value=''){
  240. global $$varname;
  241. if(!isset($$varname))
  242. $$varname=$value;
  243. return $$varname;
  244. }
  245. function xmec_user_to_phorum_user($xuser)
  246. {
  247. global $q, $DB, $PHORUM;
  248. $phorum_user = array();
  249. $phorum_user["id"] = $xuser->get('id');
  250. $phorum_user["sess_id"] = "Not Used";
  251. $phorum_user["name"] = $xuser->get('full_name');
  252. $phorum_user["username"] = $xuser->get('id');
  253. $phorum_user["password"] = "Needed ???";
  254. $phorum_user["email"] = $xuser->get('personal_email');
  255. $phorum_user["email1"] = $xuser->get('official_email');
  256. if (empty($phorum_user["email"]))
  257. $phorum_user["email"] = "noemail@xmec.net";
  258. $phorum_user["webpage"] = $xuser->get('webpage');
  259. if (empty($phorum_user["webpage"]))
  260. $phorum_user["webpage"] =
  261. "http://www.xmec.net/".$xuser->get('alias');
  262. $phorum_user["image"] = $xuser->get('image');
  263. $phorum_user["icq"] = $xuser->get('icq');
  264. $phorum_user["aol"] = $xuser->get('aol');
  265. $phorum_user["yahoo"] = $xuser->get('yahoo');
  266. $phorum_user["msn"] = $xuser->get('msn');
  267. $phorum_user["jabber"] = $xuser->get('jabber');
  268. $phorum_user["signature"] = $xuser->get('signature');
  269. if ($xuser->isAdmin())
  270. $phorum_user["forums"][0]=true;
  271. $SQL="Select forum_id from $PHORUM[mod_table] where user_id='".$phorum_user["id"]."'";
  272. $q->query($DB, $SQL);
  273. while($rec=$q->getrow()){
  274. $phorum_user["forums"][$rec["forum_id"]]=true;
  275. }
  276. if(is_array($phorum_user["forums"])){
  277. $phorum_user["moderator"] = true;
  278. }
  279. return $phorum_user;
  280. }
  281. // set a sensible error level for including some stuff:
  282. $old_err_level = error_reporting (E_ERROR | E_WARNING | E_PARSE);
  283. // go ahead and unset/check these to evade hack attempts.
  284. unset($phorum_user);
  285. unset($PHORUM);
  286. settype($f, "integer");
  287. settype($num, "integer");
  288. $num = (empty($num)) ? $f : $num;
  289. $f = (empty($f)) ? $num : $f;
  290. // include forums.php
  291. // the most important variables
  292. $PHORUM["settings"]="$settings_dir/forums.php";
  293. $PHORUM["settings_backup"]="$settings_dir/forums.bak.php";
  294. if(!file_exists($PHORUM["settings"])){
  295. echo "<html><head><title>Phorum Error</title></head><body>Phorum could not load the settings file ($PHORUM[settings]).<br />If you are just installing Phorum, please go to the admin to complete the install. Otherwise, see the faq for other reasons you could see this message.</body></html>";
  296. exit();
  297. }
  298. include ($PHORUM["settings"]);
  299. // set some PHORUM vars
  300. $PHORUM["auth_table"]=$PHORUM["main_table"]."_auth";
  301. $PHORUM["mod_table"]=$PHORUM["main_table"]."_moderators";
  302. $PHORUM["settings_dir"]=$settings_dir;
  303. $PHORUM["include"]="./include";
  304. // **TODO: remove legacy code
  305. $include_path=$PHORUM["include"];
  306. $pho_main=$PHORUM['main_table'];
  307. // include abstraction layer and check if its defined
  308. if(!defined("PHORUM_ADMIN") && (empty($PHORUM["dbtype"]) || !file_exists("./db/$PHORUM[dbtype].php"))){
  309. echo "<html><head><title>Phorum Error</title></head><body>Something is wrong. You need to edit common.php and select a database.</body></html>";
  310. exit();
  311. }
  312. include ("./db/$dbtype.php");
  313. // create database classes
  314. $DB = new phorum_db();
  315. // check if database is already configured or if we are in the admin
  316. if ( defined( "_DB_LAYER" ) && $PHORUM["DatabaseName"]!=''){
  317. // this code below has to be this way for some weird reason. Otherwise\n";
  318. // connecting on a different port won't work.\n";
  319. $DB->open($PHORUM["DatabaseName"], implode(':', explode(':', $PHORUM["DatabaseServer"])), $PHORUM["DatabaseUser"], $PHORUM["DatabasePassword"]);
  320. } elseif(!defined("PHORUM_ADMIN")) {
  321. echo "<html><head><title>Phorum Error</title></head><body>You need to go to the admin and fix your database settings.</body></html>";
  322. exit();
  323. }
  324. //dummy query for generic operations
  325. $q = new query($DB);
  326. if(!is_object($q)){
  327. echo "<html><head><title>Phorum Error</title></head><body>Unkown error creating $q.</body></html>";
  328. exit();
  329. }
  330. if(!empty($f)){
  331. if(file_exists("$PHORUM[settings_dir]/$f.php")){
  332. include "$PHORUM[settings_dir]/$f.php";
  333. if($ForumLang!=""){
  334. include ("./".$ForumLang);
  335. } else {
  336. include ("./".$default_lang);
  337. }
  338. }
  339. else{
  340. header("Location: $forum_url/$forum_page.$ext");
  341. exit();
  342. }
  343. }
  344. else {
  345. include ("./".$default_lang);
  346. include ($include_path."/blankset.php");
  347. }
  348. if(!$PHORUM["started"] && !defined("PHORUM_ADMIN")){
  349. Header("Location: $forum_url/$down_page.$ext");
  350. exit();
  351. }
  352. if(!defined("PHORUM_ADMIN") && $DB->connect_id){
  353. // check security
  354. if($ForumFolder==1){
  355. $SQL="Select max(security) as sec from $pho_main";
  356. $q->query($DB, $SQL);
  357. $max_sec=$q->field("sec", 0);
  358. }
  359. if(($ForumSecurity!=SEC_NONE || (($ForumFolder==1 || $f==0) && $max_sec>0)) && $xmec_user->isLoggedIn()){
  360. $phorum_user = xmec_user_to_phorum_user($xmec_user);
  361. }
  362. // if(!isset($phorum_user["id"]) && isset($phorum_auth)) unset($phorum_auth);
  363. if($ForumSecurity==SEC_ALL && (!$xmec_user->isLoggedIn())){
  364. header("Location: $forum_url/login.$ext?target=".urlencode($REQUEST_URI));
  365. exit();
  366. }
  367. // load plugins
  368. unset($plugins);
  369. $plugins = array(
  370. "read_body" => array(),
  371. "read_header" => array()
  372. );
  373. if(isset($PHORUM["plugins"])){
  374. $dir = opendir("./plugin/");
  375. while($plugindirname = readdir($dir)) {
  376. if($plugindirname[0] != "." && @file_exists("./plugin/$plugindirname/plugin.php") && !empty($PHORUM["plugins"][$plugindirname])){
  377. include("./plugin/$plugindirname/plugin.php");
  378. }
  379. }
  380. }
  381. }
  382. // set the error level back to what it was.
  383. error_reporting ($old_err_level);
  384. ?>